http – Using Digest Authentication to fix TLS / PKI? Patents?

TLS / PKI guarantees that the URL in the browser is the one with which it is communicating. Which is completely useless because users do not really confirm that the URL is correct.

Mybank.com looks like mybank.xyz.com. Heck, browsers do not even give the letters different forms, so "Mozilla.org" looks identical to "MoziIIa.org" (capital Is.)

This is how phishing works. Click on a link and enter your password. The number one mechanism to instigate security breaches.

The obvious solution, but never used, is to use the Digest Authentication. That way, only a summary is sent to any phishing site that is not equivalent to a password.

The implicit authentication is an old and broken protocol, considered as pre PKI. It uses MD5, has a poor user interface and is almost never used.

So we move to carry OTP tokens that can be used with the form authorization. Or customer certificates that are a pain to use.

QUESTION: Does anyone know why this big problem has never received attention? Why has the Digest authentication been allowed to rot? In particular, are there relevant patents that have killed this approach? (If so, this is something old, so they will probably expire very soon).

Is it really true that nobody realizes that TLS / PKI is based on an assumption (that users can verify URLs) that is clearly false?

Of course, I'm talking about digestion authentication used in combination with TLS. So the link is encrypted. (Originally, summary authentication was designed to be used instead of TLS (before TLS / SSL was created.))

How to fix / debug link responses without meaning

Suddenly, my link server was captivated when I returned NXDOMAIN for the .ch name servers. Other servers solve them well. This server solves most queries well, but this.

I have issued the following commands:

rndc color
rndc reload
tcpdump -vvvn -i eth0 udp port 53 &
dig c.nic.ch

and got the following:

18: 02: 36.002819 IP (up to 0x0, ttl 64, id 27843, offset 0, flags [none], proto UDP (17), length 56)
192.168.4.1.39276> 192.203.230.10.53: [bad udp cksum 0x6bb5 -> 0xf2b0!] 29864 [1au] NS? . ar :. OPT UDPsize = 4096 OD (28)
18: 02: 36.002834 IP (up to 0x0, ttl 64, id 28762, offset 0, flags [none], Proto UDP (17), length 65)
192.168.4.1.53256> 192.203.230.10.53: [bad udp cksum 0x6bbe -> 0x73b1!] 19961 [1au] A? c.nic.ch. ar :. OPT UDPsize = 4096 DO (37)
18: 02: 36.004518 IP (up to 0x0, ttl 57, id 5454, offset 0, flags [DF], Proto UDP (17), length 878)
192.203.230.10.53> 192.168.4.1.53256: [udp sum ok] 19961- q: A? c.nic.ch. 10/10/17 ns: ch. [2d] NS a.nic.ch., chap. [2d] NS b.nic.ch., chap. [2d] NS c.nic.ch., chap. [2d] NS d.nic.ch., chap. [2d] NS e.nic.ch., chap. [2d] NS f.nic.ch., chap. [2d] NS g.nic.ch., chap. [2d] NS h.nic.ch., chap. [1d] DS, ch. [1d] RRSIG ar: a.nic.ch. [2d] A 130.59.31.41, a.nic.ch. [2d] AAAA 2001: 620: 0: ff :: 56, b.nic.ch. [2d] A 130.59.31.43, b.nic.ch. [2d] AAAA 2001: 620: 0: ff :: 58, c.nic.ch. [2d] A 147.28.0.39, c.nic.ch. [2d] AAAA 2001: 418: 1 :: 39, d.nic.ch. [2d] A 200.160.0.5, d.nic.ch. [2d] AAAA 2001: 12ff: 0: a20 :: 5, e.nic.ch. [2d] A 194.0.17.1, e.nic.ch. [2d] AAAA 2001: 678: 3 :: 1, f.nic.ch. [2d] A 194.146.106.10, f.nic.ch. [2d] AAAA 2001: 67c: 1010: 2 :: 53, g.nic.ch. [2d] A 194.0.1.40, g.nic.ch. [2d] AAAA 2001: 678: 4 :: 28, h.nic.ch. [2d] A 85.119.5.230, h.nic.ch. [2d] AAAA 2a03: bd80: 36 :: 1: 203: 230 ,. OPT UDPsize = 1472 OD (850)

Where 192.168.4.1 is my link server, 192.203.230.10 is e.root-servers.net.
the bad udp cksum It is because it is done in hardware.

So the answer for 19961 has 0 replies / 10 additional NS / 17.

Following:

18: 02: 36.005091 IP (up to 0x0, 64 ttl, id 52528, offset 0, flags [none], Proto UDP (17), length 65)
192.168.4.1.49672> 194.0.1.40.53: [bad udp cksum 0x8810 -> 0x9473!] 7909 [1au] A? c.nic.ch. ar :. OPT UDPsize = 4096 DO (37)

18: 02: 36.030838 IP (up to 0x0, ttl 56, id 31615, offset 0, flags [DF], Proto UDP (17), length 179)
194.0.1.40.53> 192.168.4.1.49672: [udp sum ok] 7909 * - q: A? c.nic.ch. 2/0/1 c.nic.ch. [2d] A 147.28.0.39, c.nic.ch. [2d] RRSIG ar :. OPT UDPsize = 4096 DO (151)

Where 194.0.1.40 is g.nic.ch. Therefore, the authorized response (*) for 7909 has 2 responses / 0 additional NS / 1. I would say 147.28.0.39 is the consulted address of c.nic.ch. However, the excavation output is:

; << >> DiG 9.9.5-9 + deb8u17-Debian << >> c.nic.ch
;; Global options: + cmd
;; I have an answer:
;; - >> HEADER << - operation code: QUERY, status: NXDOMAIN, id: 49174
;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; SECTION OF QUESTION:
; c.nic.ch. IN A

;; Query time: 29 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: Mar 25 of June 18:02:36 CEST 2019
;; MSG SIZE rcvd: 37

Keep it up this morning. How can that be possible? What should I do to fix it?

angularjs – Fix li tag inside dropdown menu

I have a dropdown menu made with bootstrap 3 and ng-repeat of angularJs. It is a list obtained from an object and usually has many elements. My problem is that I want one of those elements to always appear. I have tried with position: fixed in the css and there is no way that works.

How to fix a dead iPad 3?

I got it from a garage sale. it will not turn on if it is plugged in, it shows the downloaded battery symbol, the Apple logo goes off and repeats. iTunes will not detect it unless it is in DFU mode. recovery fails to wait for iPad (unknown error).

Troubleshooting: How can I fix what appears to be a jammed Ricoh FF-3AF shutter?

At least, that's what it seems to be. When you want to advance the film on this model, you must load the film, close the door and press the shutter button once. After that, you should move forward until the counter shows a & # 39; 1 & # 39; When I turn on the camera, slide the lens cover backward, it automatically starts forward and takes pictures until the swing is over, at which time it sits and beeps until you rewind the movie or turn it off again to turn it off. Opening the top half where the shutter is located did not reveal anything unusual (at least, it seemed normal, I do not know anything about the cameras), and I could not open the lower half because a screw refused to come loose. Apart from making a hole around said screw, what can I do to solve this?

EDIT: The first time I bought this camera, I tried to use it before placing the film to make sure it worked. I do not remember if he started to move continuously just after that, but he started doing it before he completely eliminated the corrosion of the battery and added film. In addition, it seems that it takes pictures constantly when it advances and rewinds (the lens also tries to turn in one direction, but returns to its place at the same time as the noise).

EDIT 2: Without answers, I tried to find the problem myself after removing the last screw. While looking at the parts to try to find the problem, I accidentally hit a piece and now it is stuck somewhere inside. Probably, this will have to be sent to an experienced repair technician or simply be thrown away forever.

linux – Why my crontab does not work and how can I fix it?


This is a community wiki. If you notice something wrong with this answer or have additional information, then edit it.


First, basic terminology:

  • cron (8) It is the daemon that executes the programmed commands.
  • crontab (1) is the program used to modify the crontab files (5) of the user.
  • crontab (5) it is a file per user that contains instructions for cron (8).

Next, education about cron:

Each user in a system can have their own crontab file. The location of the root and the crontab files of the user depend on the system, but they are generally below / var / spool / cron.

There is a system-wide system. / etc / crontab file, the /etc/cron.d The directory can contain crontab fragments that are also read and executed by cron. Some Linux distributions (for example, Red Hat) also have / etc / cron. {per hour, daily, weekly, monthly} which are directories, scripts inside that will be executed every hour / day / week / month, with root privileges.

root can always use the crontab command; Regular users may or may not have access. When you edit the crontab file with the command crontab -e and save it, crond checks its basic validity but does not guarantee that its crontab file is correctly configured. There is a file called cron.deny which will specify which users can not use cron. the cron.deny the location of the file depends on the system and can be deleted, which will allow all users to use cron.

If the computer is not turned on or the crond daemon is not running, and the date / time for the execution of a command, crond will not recover and will execute past queries.

crontab details, how to formulate a command:

A crontab command is represented by a single line. You can not use to extend a command over multiple lines. The hash (#) the sign represents a comment that means that anything in that line is ignored by cron. The initial blank spaces and blank lines are ignored.

Be very careful when using the percentage (%) sign at your command. Unless they escape % They become new lines and everything after the first not escaped. % it is passed to your command in stdin.

There are two formats for crontab files:

  • Crontabs user

    # Example of job definition:
    # .---------------- minute (0 - 59)
    # | .------------- hour (0 - 23)
    # | | .---------- day of the month (1 - 31)
    # | | | .------- month (1 - 12) O jan, feb, mar, apr ...
    # | | | | .---- day of the week (0 - 6) (Sunday = 0 or 7)
    # | | | | |
    # * * * * * command to execute
    
  • The whole system / etc / crontab Y /etc/cron.d fragments

    # Example of job definition:
    # .---------------- minute (0 - 59)
    # | .------------- hour (0 - 23)
    # | | .---------- day of the month (1 - 31)
    # | | | .------- month (1 - 12) O jan, feb, mar, apr ...
    # | | | | .---- day of the week (0 - 6) (Sunday = 0 or 7)
    # | | | | |
    # * * * * * user name command to execute
    

Note that the latter requires a username. The command will be executed as the named user.

The first 5 fields of the line represent the time (s) in which the command should be executed.
You can use numbers or, where appropriate, the day / month names in the time specification.

  • The fields are separated by spaces or tabs.
  • A comma,) is used to specify a list, for example, 1,4,6,8, which means that it runs at 1,4,6,8.
  • The ranges are specified with a dash (-) and can be combined with lists, p. 1-3,9-12 which means between 1 and 3 then between 9 and 12.
  • the / The character can be used to enter a step, p. 2/5, which means starting from 2 then every 5 (2,7,12,17,22 …). They do not wrap themselves beyond the end.
  • An asterisk (*) in a field means the full range for that field (for example, 0-59 for the field of minutes).
  • Ranges and steps can be combined for example. * / two means starting at the minimum for the relevant field and then every 2 e.g. 0 per minute (0.2 … 58), 1 per month (1.3 … 11), etc.

Debugging cron commands

Check the mail! By default, cron will send any output of the command to the user who executes the command as. If there is no exit there will be no mail. If you want cron to send an email to a different account, you can configure the MAILTO environment variable in the crontab file, for example.

MAILTO=user@somehost.tld
1 2 * * * / path / to / your / command

Capture the output yourself

1 2 * * * / path / to / your / command &> / tmp / mycommand.log

that captures stdout and stderr to /tmp/mycommand.log

Look at the records; cron records its actions through syslog, which (depending on its configuration) often goes to / var / log / cron or / var / log / syslog.

If necessary, you can filter the cron statements with, for example,

grep CRON / var / log / syslog 

Now that we have analyzed the basic concepts of cron, where the files are and how to use them, let's look at some common problems.

Check that cron is running.

If cron is not running, its commands will not be programmed …

ps -ef | grep cron | grep -v grep

I should get you something like

root 1224 1 0 nov16? 00:00:03 cron

or

Root 2018 1 0 Nov14? 00:00:06 crond

If you do not restart it

/ sbin / service cron start

or

/ sbin / service crond start

There may be other methods; Use what your distro provides.

cron executes its command in a restricted environment.

It is likely that the available environment variables are very limited. In general, you will only get a few defined variables, such as $ LOGNAME, $ HOMEY $ PATH.

Of particular interest is the PATH is restricted to / bin: / usr / bin. The vast majority of "my cron script does not work" problems are caused by this restrictive path. If your command is in a different location, you can resolve it in several ways:

  1. Provide the complete path to your command.

    1 2 * * * / path / to / your / command
    
  2. Provide an appropriate PATH in the crontab file

    PATH = / usr: / usr / bin: / path / to / something / else
    1 2 * * * command 
    

If your command requires other environment variables, you can also define them in the crontab file.

cron executes his command with cwd == $ HOME

Regardless of where the program running on the file system is located, the current working directory of the program when cron is run will be user's home directory. If you access the files in your program, you should keep this in mind if you use relative routes, or (preferably) simply use fully qualified routes everywhere, and save everyone a lot of confusion.

The last command in my crontab does not execute

Cron generally requires that commands end with a new line. Edit your crontab; Go to the end of the line that contains the last command and insert a new line (press enter).

Check the crontab format

You can not use a crontab user with crontab format for / etc / crontab or the fragments in /etc/cron.d and vice versa. A crontab formatted by the user does not include a username in the sixth position of a row, while a crontab formatted by the system includes the username and executes the command as that user.

I put a file in / etc / cron. {per hour, daily, weekly, monthly} and does not run

  • Verify that the file name does not have an extension, see execution parts
  • Make sure that the file has execute permission.
  • Tell the system what to use when you run your script (for example, put #! / bin / sh to the top)

Cron data related errors

If a user or a system update, a time zone or another changed their date, crontab will start to behave erratically and show strange errors, sometimes working, sometimes not. This is crontab's attempt to "do what you want" when the time changes below it. The "minutes" field will become ineffective after the time is changed. In this scenario, only asterisks would be accepted. Restart cron and try again without connecting to the Internet (so that the date does not have the opportunity to restart on one of the time servers).

Percent signs, again

To emphasize the advice on percentage signs, here is an example of what cron does with them:

# cron entry
* * * * * cat> $ HOME / cron.out% foo% bar% baz

will create the file ~ / cron.out that contains the 3 lines

foo
Pub
baz

This is particularly intrusive when using the date I send. Make sure you escape the percentage signs

* * * * * / path / to / command - day "$ (date" + % Y % m % d ")"

visual studio – How to fix the error in Uploading images using ASP.NET VisualBasic and Acces

When you click send in the database, the system returns the following error:

System.IndexOutOfRangeException: & # 39; OleDbParameterCollection does not contain OleDbParameter with ParameterName & # 39; @imagem & # 39;. & # 39;

Follow the codes:

Protected Sub test_Inserting (sender As Object, and As SqlDataSourceCommandEventArgs) Handles test.Inserting
Dim fu As FileUpload
fu = FormView1.FindControl ("fileupload1")
e.Command.Parameters ("@ image"). DbType = DbType.Binary
e.Command.Parameters ("@ image"). Value = fu.FileBytes ()
End Sub

Shipping screen:

insert the description of the image here

Bank modeling:

insert the description of the image here

Environment: Visual Studio 2019, Visual Basic, Access

Active Directory: How to Fix the Azure Python API Error: msrestazure.azure_exceptions.CloudError: Azure Error: Failed Authorization

My code is:

def get_credentials ():
credentials = ServicePrincipalCredentials (
client_id = ID,
secret = SECRET_KEY,
tenant = TENANT_ID
)

return credentials

yes __name__ == "__main__":
credentials = get_credentials ()
compute_client = ComputeManagementClient (credentials,
SUBSCRIPTION_ID
)
compute_client.virtual_machines.get (GROUP_NAME, VM_NAME, expand = & # 39; instanceView & # 39;) 

which is the Python Azure SDK tutorial and I get this error:

msrestazure.azure_exceptions.CloudError: Azure error:
Authorization Message: Failed: The client& # 39; with item ID & # 39;& # 39; make
Not have authorization to take action.
& # 39; Microsoft.Compute / virtualMachines / read & # 39; about the scope
& # 39; / subscriptions // resourceGroups //providers/Microsoft.Compute/virtualMachines/newvm & # 39 ;.

I have started and AAD from the Azure portal through this tutorial https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal and I was assigned as owner , should I somehow attach this user to the resource group? It is attached to the subscription that is supposed to be above the resource group.
I installed Azure Cli through pip install blue
What is the mistake to suggest doing something else?

Possible way to fix luma Layout

enter the description of the image here
I find this problem (the design is wrong). What is the possible problem for this?

I tried dicompiling, clearing cache and reindexing. It still does not work

bootcamp – Bug fix "Bootable disk can not be partitioned or restored in a single partition" in a new installation of Mac OS

I have been working on this problem for more than 10 hours. First, I installed Mojave using the Mojave patch on an older MacBook. Delete my disk completely before installing Mojave. Here is the output from the diskutil list:

                / dev / disk0 (internal, physical):
#: SIZE IDENTIFIER NAME TYPE
0: GUID_partition_scheme * 1.0 TB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_CoreStorage Local Disk 999.3 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3

/ dev / disk1 (internal, virtual):
#: SIZE IDENTIFIER NAME TYPE
0: Apple_HFS Local Disk +999.0 GB disk1
Logical volume in disk0s2
17B0E440-563B-4759-B442-CC8FE78F58DB
Unencrypted

and sudo gpt -r show disk0:

                            Start size index content
0 1 PMBR
1 1 Pri GPT header
2 32 Pri GPT table
34 6
40 409600 1 piece GPT - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
409640 1951845952 2 GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
1952255592 1269536 3 GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
1953525128 7
1953525135 32 sec. GPT Table
1953525167 header of 1 sec. GPT

Why do I keep getting this error when I run the boot camp wizard? I have already followed a guide that included the removal of any hidden Microsoft file in the EFI EFI partition. But I do not think I've really done anything because, as I said, I completely erased this disk before installing Mojave. I'm completely lost here, and I'm desperate for help.

EDIT: I know this question has been asked before, but as far as I can tell, no one has had this exact problem. In the publications that I see related to this problem, you can clearly see the Microsoft partitions in the diskutil list. I do not have visible Microsoft partitions. I made a clean installation. So I do not understand why I keep getting the error.