Crossing US border with music files I’m legally allowed to possess

Apart from directly buying digital music files, there are a few ways in which you could possess such files legally (at least in my country):

  1. Creating them from CDs you legally own, to make listening on the go more convenient. I believe this is legal in the U.S.
  2. Receiving them from a close acquaintance, who have a legal right to possess those files. This is legal in my country, but I’m not so sure it is in the U.S.

While at least the first category (as far as I know) is legal in the U.S. as well, there really is no way for border agents to know, for any given music file, whether I’m legally allowed to have it or not.

If I, a foreign national from a visa waiver program country, were to arrive from overseas at a U.S. airport while carrying a phone, laptop or other storage device containing files in either of these two categories, how likely am I to get in trouble (as in, getting held up or detained, having devices confiscated, etc.) with the CBP?

Hetzner & allowed MAC addresses

I have installed proxmox node on hetzner serever in order to host vps, & i installed a newsubnet ip addresses & added VPS to the node Now hetzner starts to complain & send the following message: We have noticed that you have been using other MAC addresses in addition to the allowed at your Robot account.

Here are contents of “/etc/network/interfaces” auto lo iface lo inet loopback iface lo inet6 loopback auto enp0s31f6

iface enp0s31f6 inet6 static address xx.xx.xxx netmask 64 gateway xxx.xxx.xx.xx

auto vmbr0 iface vmbr0 inet static address 178.63.43.xxx netmask 255.255.255.192 gateway 178.63.xx.xx bridge_ports enp0s31f6 bridge_stp off bridge_fd 0 bridge_maxwait 0 up route add -net 178.63.43.xx netmask 255.255.255.192 gw 178.63.xx.xx dev vmbr0 up ip route add 46.4.246.xx01/32 dev vmbr0 up ip route add 46.4.246.xx02/32 dev vmbr0 up ip route add 46.4.246.xx03/32 dev vmbr0 up ip route add 46.4.246.xx04/32 dev vmbr0 up ip route add 46.4.246.xx05/32 dev vmbr0 up ip route add 46.4.246.xx06/32 dev vmbr0

I also enable masqurading iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERAD

How could i solve this issue ?

Why are optimization variables exceeding their allowed regions?

In the optimization of a function, shown below, why are the variables xi, yi not adhering to their specified allowed regions {variable, 0, 5}?

{sol, pts} = Reap[ NMaximize[fitness[x2, y2, x3, y3, x4, y4], {{x2, 0, 5}, {y2, 0, 5}, {x3, 0, 5}, {y3, 0, 5}, {x4, 0, 5}, {y4, 0, 5}}, Integers,  Method -> {"SimulatedAnnealing","SearchPoints" -> 20, "PerturbationScale" -> 1, "RandomSeed" -> 1},  EvaluationMonitor :> Sow[{{x2, y2}, {x3, y3}, {x4, y4}}]]] //AbsoluteTiming  {0.56064, {{-2., {x2 -> -6, y2 -> -4, x3 -> -17, y3 -> 7, x4 -> 8, y4 -> 6}},  {{{{0, 2}, {0, 2}, {1, 3}}, {{2, 2}, {1, 4}, {4,        3}}, {{1, 0}, {2, 5}, {3, 5}}, {{1, 1}, {4, 2}, {4, 4}}, {{4,        2}, {2, 1}, {4, 4}}, {{5, 5}, {4, 3}, {1, 2}}, {{2, 3}, {2,        4}, {0, 1}}, {{4, 4}, {0, 4}, {1, 4}}, {{2, 2}, {5, 3}, {4,        0}}, {{2, 2}, {4, 5}, {1, 0}}, OutputSizeLimit`Skeleton[     2001], {{4, 11}, {-1, 3}, {12, 4}}, {{4, 11}, {-1, 3}, {12,        4}}, {{4, 11}, {-1, 3}, {12, 4}}, {{4, 11}, {-1, 3}, {12,        4}}, {{3, 11}, {-1, 3}, {12, 4}}, {{4, 11}, {0, 3}, {12,        4}}, {{4, 11}, {-1, 3}, {12, 4}}, {{3, 11}, {-1, 3}, {12,        4}}, {{3, 11}, {-1, 3}, {12, 4}}}}}} 

Is “Reject Someone’s Influence” allowed against “Take Advantage Of Your Influence Over Someone”?

There are three normal ways to use existing Influence over someone,

  • +1 ongoing for all moves targeting them
  • “Telling them who they are or how the world works” to shift their Labels
  • “Taking advantage of your influence,” which expends the Influence, but gives you either another +1 after your roll, them a -2 after their roll, or gives them a Condition.

In the book (p80 (original edition?)) it says that you can Reject Someone’s Influence either “on your own, unprompted, or you might do it in response to a move of theirs.”

If that were all it said anywhere, I’d assume one could risk a Reject Someone’s Influence roll against any of those three—after all, it’s an option both “unprompted” or after “a move of theirs.” But the (p78 & Basic Moves sheet) description of “When someone with Infuence over you tells you who you are or how the world works” says, (emphasis mine):

accept what they say or reject their Influence. If you accept what they say, the GM will adjust your Labels accordingly; if you want to keep your Labels as they are, you must reject their Influence.

So it is spelled out there, whereas Rejecting Their Influence is not mentioned attached to the descriptions of the other two common uses of Influence, +1 ongoing and Taking Advantage.

Anything I missed in The Book that would cover this? Any outside sources? I don’t know any related games; are there clues from related Powered by the Apocalypse games, their own Epyllion or Urban Shadows, etc.?

I’m new to TTRPGs overall, but have a vague understanding there’s some unwritten rule resembling, “if it’s not in the rules, it’s not in the rules” —which would apply here if all else fails.

nginx: [emerg] “user” directive is not allowed here in /etc/nginx/sites-enabled/nginx.conf:1

I’m trying to install Oxidized on an Ubuntu 18.04 LTS server. I use Nginx as wab server and at a moment, it is said that I have to modify the file “/etc/nginx/nginx.conf”, which I did by correctly following the documentation provided on the github page of the software. But, when I want to run the command sudo nginx -t the server raises this :

nginx: [emerg] "user" directive is not allowed here in /etc/nginx/sites-enabled/nginx.conf:1 

So I’ve already tried to do sudo chown -R /etc/nginx/sites-enabled hoping that this might change anything. Here is my nginx.conf:

user oxidized oxidized; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;  events {         worker_connections 768;         # multi_accept on; }  http {          ##         # Basic Settings         ##          log_format main '$  remote_addr - $  remote_user [$  time_local]    "$  request"'                     '$  status $  body_bytes_sent "$  http_referer"'                     '"$  http_user_agent" "$  http_x_forwarded_for"';      access_log /var/log/nginx/access.log main;      sendfile on;     tcp_nopush on;     tcp_nodelay on;     keepalive_timeout 65;     types_hash_max_size 2048;     # server_tokens off;      # server_names_hash_bucket_size 64;     # server_name_in_redirect off;      include /etc/nginx/mime.types;     default_type application/octet-stream;              ##     # SSL Settings     ##      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE     ssl_prefer_server_ciphers on;      ##     # Logging Settings     ##      access_log /var/log/nginx/access.log;     error_log /var/log/nginx/error.log;      ##     # Gzip Settings     ##      gzip on;      # gzip_vary on;     # gzip_proxied any;     # gzip_comp_level 6;     # gzip_buffers 16 8k;     # gzip_http_version 1.1;     # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/ja$        ##     # Virtual Host Configs     ##      include /etc/nginx/conf.d/*.conf;             include /etc/nginx/sites-enabled/*;      server {         listen      80;         server_name oxidized.test.com www.oxidized.test.com;         return      301 https://$  server_name$  request_uri;         root        /usr/share/nginx/html;          auth_basic "Restricted Access";         auth_basic_user_file /etc/nginx/.htpasswd;          # Load configuration files for the default server block.         include /etc/nginx/default.d/*.conf;          location / {            proxy_pass http://127.0.0.1:8888/;         }          error_page 404 /404.html;             location = /40x.html {         }          error_page 500 502 503 504 /50x.html;             location = /50x.html {         }     } } 

I don’t that I did any mistakes but if anybody can help me to find where the problem is, it would be nice. Please answer me as soon as possible.

Whats should be TRACE response of an API (if it is not allowed on server)?

I am testing a website and noticed that when I change the GET method of the API request to TRACE, it returns an error 405-Method not allowed in Burp repeater. That’s fine.

The problem is, lots of other information is also coming in response like below:


HTTP/1.1 405 Method Not Allowed Expires: 0 Expires: 0 Cache-Control: no-cache, no-store, must-revalidate Cache-Control: no-cache, no-store, must-revalidate Keep-Alive: timeout=300 Keep-Alive: timeout=300 Set-Cookie: JSESSIONID=******************; path=/; secure; HttpOnly X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block Pragma: no-cache Pragma: no-cache X-Frame-Options: sameorigin X-Frame-Options: sameorigin MS-Node-Instance: MS_node_1.8100 MS-Node-Instance: MS_node_1.8100 Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline';font-src 'self' data:; img-src 'self' data: https: blob:; connect-src 'self' wss:; Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline';font-src 'self' data:; img-src 'self' data: https: blob:; connect-src 'self' wss:; Date: Mon, *********** GMT Allow: HEAD, POST, GET, OPTIONS, PUT Connection: close Content-Length: 0 

Does this constitute as a vulnerability?

Kubernetes aggregation certificates – apiserver client authentication allowed names

Definitions I’m using in this question:

  • Main apiserver: the core kube-apiserver
  • Extension apiserver: an addon like metrics-server

I am reading through the configure aggregation layer guide and I don’t understand the main apiserver’s use of --requestheader-allowed-names. In section Kubernetes Apiserver Client Authentication it says:

The connection must be made using a client certificate whose CN is one of those listed in –requestheader-allowed-names. Note: You can set this option to blank as –requestheader-allowed-names=””. This will indicate to an extension apiserver that any CN is acceptable.

It makes it sound like the main apiserver is responsible for setting this. Surely the extension apiserver would be in control of this and determine what is acceptable? Why configure this on the main apiserver at all? I.e. The client certificate common names are what they are and it’s up to the extension apiserver to accept/reject these?

Or is that doc section mixing options that are passed to both the main and extension apiservers?