service – linux capabilities to read environment variables?

I’d like to run a service as a non-privileged user, but it needs to bind to a system port number (i.e. less than 1024), so I give it setcap 'cap_net_bind_service=+ep' <path for service>, all good.

Problem is, on startup, the service reads environment vars and for some reason it can’t do that when it has cap_net_bind_service. So, with two copies of the executable, one with cap_net_bind_service, one without, only the one without can read environment vars.

It’s as though there’s a default set of capabilities that allows reading env vars, but the exe loses that capability when I give it cap_net_bind_service. Is that right, or is something else going on? What additional capability might I need to give to the service so that it can read env vars? There’s nothing in capability.h that jumps out as being “allow env var reading”?

What are Panda3D's capabilities?

2 questions:

1) Can the Panda3D game be served from the cloud as AWS?

2) Can Panda3D be used for the development of mobile games (iOS, Android)? I know Unity can be used, but what about Panda3D?

capabilities: restrict a specific private page to a specific user

Each user has a user meta named profile_url chosen during registration.
After user creation, a page is created with that slug and made private (the page author is the administrator).
The user in his front panel has the possibility of making this page public or private.
When the page is private, the owner user cannot see it.

I would like to make the private page visible to the owner user.

The only way I could think of was to add capabilities, like:

$ user = new WP_User ($ user_id);
$ user-> add_cap ('read_private_pages');

but i would like to specify the page id, and i dont know if it is possible.

Thank you

Camera – FUJIFILM X-T4 Live Streaming Capabilities

I am trying to figure out how useful FUJIFILM X-T4 will be as a streaming device.

According to the specs, it can record decent DCI4K at 60fps and 10bit.

It is also able to output it correctly through the HDMI interface.

It has a USB port that technically should be able to stream video while acting as UVC (Look Sigma fp for example)
Instead, it seems that only Tethering mode is available (either via usb or wifi). I found out it could be the PTP protocol.

So here are my questions:
What is "thethering mode"? What are the PTP image properties?

Please fix the labels, I couldn't find the correct one
Asked there too:

Large json file caching and streaming capabilities

We are looking for an optimal solution / platform to cache large json files that contain a multi-dimensional array structure. When the file is not compressed, it can reach a size of 175 mb in some cases.

We are currently storing the file in S3 cubes using file streams, this is great because the application responsible for the data does not have to contain all of that data at once, however we would like to achieve better performance without losing the ability to transmit the file.

So far we have reviewed performance-enhancing redis, however the transmission capabilities are based on the message map as far as we know the value cannot be transmitted like in S3.

Currently memcached and ignite are also on our list to investigate, but at first glance
They appear to have poorer or equivalent transmission capabilities like redis.

What is the correct way to add capabilities to user roles?

A third-party add-on adds the ability & # 39; edit_booked_appointments & # 39 ;. I would like to assign this capability to the user role & # 39; editor & # 39; it already exists. I created the following function in my son theme:

function add_booking_role_to_editor() {
    $role = get_role( 'editor' ); 
    $role->add_cap( 'edit_booked_appointments', true ); 
add_action( 'init', 'add_booking_role_to_editor');

As far as I understand the whole topic, user roles are written to the database, so it is not necessary to connect this function to the action & # 39; init & # 39 ;.
What would be the correct way to do this? Is there any way to fire this once, after the corresponding plug-in has been activated? I tried the action & # 39; plugins_loaded & # 39; But that didn't work at all.

camera: what are the optical zoom capabilities in phones?

I have a question about the optical zoom that is fashionable on phones right now …

I bought the Huawei p30 pro in May 2019 because thanks to Trump the phone fell like $ 300 in 2 weeks, so it was a great offer …

But one thing I don't like is the optical zoom: before buying it, I was impressed by the 5x optical zoom, which is still quite impressive 8 months later.

But the problem is: the optical zoom is only activated if I enlarge more than 5x.

In other words, a 3x optical zoom is much better if I only do a 3x or 4x zoom … This really disappointed me because I don't need 5x very often, but much more often 2x or 3x …

Now I read the rumors that the Samsung S20 will have a 10x optical zoom. Do you know if it will be the same problem?
Why then is a 10x zoom really less than a 3x zoom?

What about other phones that are already in the market? Do you also have the problem I described?

Capabilities: Attach with gdb after dropping privileges

Under Ubuntu 16.04 LTS, it seems that I cannot debug a process that was once privileged for love or money as an unprivileged user.

The file is configured (mode 2755). It forks, and the child:

  1. launches its capabilities
  2. calls setgid(getgid())

However, gdb cannot be attached when running under the same uid and gid.

$ cat /proc/sys/kernel/yama/ptrace_scope

$ echo $(id -nu) $(id -ng)
jklowden jklowden

$ ps -p 18272 -o user,group,euser,egroup
jklowden jklowden jklowden jklowden

$ gdb -q -p 18272
Attaching to process 18272
Could not attach to process.  If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user.  For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

What am i missing?

I have also tried to attack this by increasing my own abilities, with some success, although I am not sure that it is the "correct" answer.

$ cat /etc/security/capability.conf

$ sudo setcap CAP_SYS_PTRACE=pe  $(which gdb)

That allows gdb to be attached to the process. But it does so by increasing what gdb can do, not decreasing what the process requires.

If it is interesting, the setgid identification of the file is not root, but a group without privileges that gives you access to a group write directory. The users of the application also belong to the same group, but forked secondary processes do not require access to that directory.

scrum: should product requirements reflect the capabilities and limitations of vendor APIs?

This is not a question about requirements engineering and is independent of the role of Scrum and the product owner.

All requirements must be related to what the system does in design and not how it does it. This is simply one of the characteristics of a good requirement and does not change according to the methodology of its life cycle, its process or the system it is designing.

With respect to vendor APIs, there really are two ways of thinking about it.

You can use the requirements to select suppliers. That is, your requirements specify what you want the system to do in design. When evaluating suppliers, you ensure that the APIs they provide are capable of meeting those requirements. If the requirement is not met, the supplier will be disqualified from the selection.

Alternatively, you can use providers to handle the requirements. Your system will only provide widely available functionality through the vendor APIs. If certain functionality is not available, that would eliminate the system requirement in design, either in general or in the case of an integration with a particular API.

There is no single right way to do it. It depends on the type of product you are making. You can integrate with more APIs and have various levels of functionality based on external APIs or limit the APIs with which you interact with those that provide what you need to function. In the context of Scrum, that would be the decision of the Product Owner as part of the vision management and product management.

networks: look for a network switch with multi-network management, load balancing and web administration capabilities

I am looking for a network switch that offers some features:

1 – Manage multiple network ranges: I have 2 public / 27 ranges, which I would like to manage from the switch, for example, which IP addresses go to each server. I would also like the switch to handle one or more private network ranges, and to be able to tell the switch that the public IP X.X.X.X should be assigned to a server that is using a private IP Y.Y.Y.Y

2 – Web management: this is essential. The switch will be in a data center, so I need a way to manage it, as I would with an IPMI interface on a server. I would like to make all the switch configuration from that web interface. It would be great if the switch's web interface allowed me to see the bandwidth and other useful information about the network usage of each of the servers.

3 – Load balancing: I would like the switch to balance traffic between several servers, for example, round robin between 3 requests for private IP addresses that come to give a public IP address. Level 2 load balancing would be the best.

4 – Firewall: I would like to be able to forward all requests to a specific IP to a specific server, but I would like to have the option to block everything or leave only a specific port open at the switch level. I could manage individual server firewalls but I also have the ability to control this from the switch for a given server.

The idea is to be able to have the switch transfer requests to public IP addresses if I want a server to have its network card configured with a public IP address, but also to be able to configure a server with a private IP address and configure the switch to forward requests from One IP to another.

Is this possible? Or should I address this in a different way?

I am looking for advice from people who have used equipment that does this, since I have no experience with this type of equipment. Although I know this is not for opinion-based responses, if someone has experience with different brands and can shed some light on what works best, it would be great.

I am not looking for a specific brand, so Juniper, Cisco, FS or any other brand would be an option.