How can I lock rows for update without returning data over the connection?

I want to do something like this:

begin select * from foos where owner_id=123 and unread=true for update update foos set unread=false where owner_id=123 end 

In the statement where I acquire the lock, I don’t need any info about the rows. I just want to lock those particular rows. Is there a way to do this (elegant or hacky) which tells postgres to not do any of the work of actually giving me the data?

How to circumvent an isolated domestic internet connection?

Perhaps this is off-topic or too broad to answer but I’m thinking that there must be solutions.

Some countries are talking about unplugging from the internet and creating their own isolated domestic internet. Russia, recently, ran their own tests about doing this and it has seemed successful.

How could this, essentially, large LAN network be circumvented?

Can I test ssl connection locally with a valid certificate (CA) with local dns?

I have a wildcard valid certificate signed by Certificate Authority. Is it possible to test the https locally from the server without a registered DNS?

My idea is to bind the domain name with 127.0.0.1 in /etc/hosts.

The HTML is running on Nginx container and I am using centos 7.

Is it possible to make an SSL handshake with curl https://<dnsname>.<name>.com:443 or it needs to be public DNS?

Note: ICMP is disabled but the server is connected to internet

I keep getting this notification from Bitdefender: chrome.exe attempted establish a connection relying on an expired certificate to logs.gettoby.com

Every two fucking minutes I get four notifications like this and it has been going on for two days. It’s driving me mad. Can anyone help me get rid of this? I don’t even own Toby, I didn’t even know what it was until this.

I also get a lot of this: chrome.exe attempted to establish a connection relying on an expired certificate to www.nottfo.com. We blocked the connection to keep your data safe since web pages must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk.

What even is Nottfo?

Https – how to enable secure connection with Jenkins?

Below is the cloud formation template that creates Elastic Load Balancer as public facing to jenkins(jenkins:ecs docker) running in VPC subnet:

{     "AWSTemplateFormatVersion": "2010-09-09",     "Description": "Jenkins Stack",     "Parameters":{         "VpcId": {             "Type": "AWS::EC2::VPC::Id",             "Description": "The target VPC Id"          },         "SubnetId": {             "Type": "AWS::EC2::Subnet::Id",             "Description": "The target subnet Id"         },         "KeyName": {             "Type": "String",             "Description": "The key pair that is allowed SSH access"         }     },     "Resources":{         "EC2Instance":{             "Type": "AWS::EC2::Instance",             "Properties":{                 "ImageId": "ami-05958d7635caa4d04",                 "InstanceType": "t2.micro",                 "SubnetId": { "Ref": "SubnetId"},                 "KeyName": { "Ref": "KeyName"},                 "SecurityGroupIds": [ { "Ref": "EC2InstanceSecurityGroup"} ],                 "IamInstanceProfile": { "Ref" : "EC2InstanceProfile"},                 "UserData":{                     "Fn::Base64": { "Fn::Join": ["", [                         "#!/bin/bash\n",                         "echo ECS_CLUSTER=", { "Ref": "EcsCluster" }, " >> /etc/ecs/ecs.config\n",                         "groupadd -g 1000 jenkins\n",                         "useradd -u 1000 -g jenkins jenkins\n",                         "mkdir -p /ecs/jenkins_home\n",                         "chown -R jenkins:jenkins /ecs/jenkins_home\n"                     ] ] }                 },                 "Tags": [ { "Key": "Name", "Value": { "Fn::Join": ["", [ { "Ref": "AWS::StackName"}, "-instance" ] ]} }]             }         },         "EC2InstanceSecurityGroup":{             "Type": "AWS::EC2::SecurityGroup",             "Properties": {                 "GroupDescription": { "Fn::Join": ["", [ { "Ref": "AWS::StackName" }, " ingress security group" ] ] },                 "VpcId": { "Ref": "VpcId" },                 "SecurityGroupIngress": [                     {                         "IpProtocol": "tcp",                         "FromPort": "8080",                         "ToPort": "8080",                         "SourceSecurityGroupId": { "Ref": "ElbSecurityGroup"}                     },                     {                         "IpProtocol": "tcp",                         "FromPort": "22",                         "ToPort": "22",                         "CidrIp": "0.0.0.0/0"                     }                 ],                 "Tags": [ { "Key": "Name", "Value": { "Fn::Join": ["", [ { "Ref": "AWS::StackName" }, "-ec2-sg" ] ] } } ]             }         },         "EC2InstanceProfile": {             "Type": "AWS::IAM::InstanceProfile",             "Properties": {                 "Path": "/",                 "Roles": [ { "Ref": "EC2InstanceRole" } ]             }         },         "EC2InstanceRole": {             "Type": "AWS::IAM::Role",             "Properties": {                 "AssumeRolePolicyDocument":{                     "Version": "2012-10-17",                     "Statement": [                         {                             "Effect": "Allow",                             "Principal": { "Service": [ "ec2.amazonaws.com" ] },                             "Action": [ "sts:AssumeRole" ]                         }                     ]                 },                 "Path": "/",                 "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" ]             }         },         "ElbSecurityGroup": {             "Type": "AWS::EC2::SecurityGroup",             "Properties": {                 "GroupDescription": { "Fn::Join": ["", [ { "Ref": "AWS::StackName" }, " ELB ingress security group" ] ] },                 "VpcId": { "Ref": "VpcId"},                 "SecurityGroupIngress": [                     {                         "IpProtocol": "tcp",                         "FromPort": "80",                         "ToPort": "80",                         "CidrIp": "0.0.0.0/0"                     }                 ],                 "Tags": [ { "Key": "Name", "Value": { "Fn::Join": ["", [ { "Ref": "AWS::StackName" }, "-elb-sg" ] ] } } ]             }         },         "ElasticLoadBalancer": {             "Type": "AWS::ElasticLoadBalancing::LoadBalancer",             "Properties": {                 "CrossZone": "false",                 "SecurityGroups": [ { "Ref": "ElbSecurityGroup" } ],                 "Listeners": [                     {                         "LoadBalancerPort": "80",                         "InstancePort": "8080",                         "Protocol": "http"                     }                  ],                 "Instances": [ { "Ref": "EC2Instance"} ],                 "Subnets": [ { "Ref": "SubnetId"} ]             }         },         "EcsCluster": {             "Type": "AWS::ECS::Cluster"         },         "EcsTaskDefinition": {             "Type": "AWS::ECS::TaskDefinition",             "Properties": {                 "ContainerDefinitions": [                     {                         "Name": "jenkins",                         "Image": "somedockeracct/jenkins:ecs",                         "Memory": 500,                         "PortMappings": [                              {                                  "ContainerPort": 8080,                                  "HostPort": 8080                              },                             {                                  "ContainerPort": 50000,                                  "HostPort": 50000                              }                         ],                         "MountPoints": [                             {                                 "SourceVolume": "docker",                                 "ContainerPath": "/var/run/docker.sock"                             },                             {                                 "SourceVolume": "jenkins_home",                                 "ContainerPath": "/var/jenkins_home"                             }                         ]                     }                   ],                 "Volumes": [                     {                         "Name": "jenkins_home",                         "Host": { "SourcePath": "/ecs/jenkins_home" }                     },                     {                         "Name": "docker",                         "Host": { "SourcePath": "/var/run/docker.sock" }                     }                 ]             }         },         "EcsService": {             "Type": "AWS::ECS::Service",             "Properties": {                 "Cluster": { "Ref": "EcsCluster" },                 "TaskDefinition": { "Ref": "EcsTaskDefinition" },                 "DesiredCount": 1             }         }     },     "Outputs":{         "ElbDomainName": {             "Description": "Public DNS name of Elastic Load Balancer",             "Value": {                 "Fn::GetAtt": [                     "ElasticLoadBalancer",                     "DNSName"                 ]             }         },         "EC2InstanceDomainName": {             "Description": "Public DNS name of EC2 instance",             "Value": {                 "Fn::GetAtt": [                     "EC2Instance",                     "PublicDnsName"                 ]             }         }     } } 

where the docker file of jenkins master(jenkins:ecs) is:

FROM jenkins/jenkins:2.190.2  MAINTAINER Developer team <devteam@abc.com>  # Suppress apt installation warnings # https://serverfault.com/a/227194/220043 ENV DEBIAN_FRONTEND=noninteractive  # Official Jenkins image does not include sudo, change to root user USER root  # Used to set the docker group ID # Set to 497 by default, which is the groupID used by AWS Linux ECS instance ARG DOCKER_GID=497  # Create Docker Group with GID # Set default value of 497 if DOCKER_GID set to blank string by Docker compose RUN groupadd -g $  {DOCKER_GID:-497} docker  # Install base packages for docker, docker-compose & ansible # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50 && \ RUN apt-get update -y && \     apt-get -y install bc \                     gawk \                     libffi-dev \                     musl-dev \                     apt-transport-https \                     curl \                     python3 \                     python3-dev \                     python3-setuptools \                     gcc \                     make \                     libssl-dev \                     python3-pip   # Used at build time but not runtime ARG DOCKER_VERSION=18.06.1~ce~3-0~debian  # Install the latest Docker CE binaries and add user `jenkins` to the docker group RUN apt-get update && \     apt-get -y install apt-transport-https \     ca-certificates \     curl \     gnupg-agent \     software-properties-common && \     curl -fsSL https://download.docker.com/linux/$  (. /etc/os-release; echo "$  ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \     add-apt-repository \       "deb [arch=amd64] https://download.docker.com/linux/$  (. /etc/os-release; echo "$  ID") \       $  (lsb_release -cs) \       stable" && \     apt-get update && \     apt-get -y install docker-ce=$  {DOCKER_VERSION:-18.06.1~ce~3-0~debian}  && \         # docker-ce-cli=$  {DOCKER_VERSION:-18.06.1~ce~3-0~debian} \         # containerd.io && \     usermod -aG docker jenkins  ARG DOCKER_COMPOSE=1.24.1  # Install docker compose RUN curl -L "https://github.com/docker/compose/releases/download/$  {DOCKER_COMPOSE:-1.24.1}/docker-compose-$  (uname -s)-$  (uname -m)" \     -o /usr/local/bin/docker-compose && \     chmod +x /usr/local/bin/docker-compose && \     pip3 install ansible boto3  # Change to jenkins user USER jenkins  # Add jenkins plugin COPY plugins.txt /usr/share/jenkins/plugins.txt RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/plugins.txt 

Master jenkins docker container runs in EC2(docker host).

In this scenario, ELB is not used for load balancing but to public face Jenkins. Currently ELB is connected using http


How to enable https secure connection to jenkins via ELB?

Who holds the responsibility to ensure secure connection? ELB or Jenkins

How to sniff direct websocket connection in android ( i.e. no HTTP Upgrade connections ) using BURP?

I’ve pentested a lot of websites and a few apps too but this app eludes them all. On the websites, when there’s a websocket upgrade the BURP proxy recognizes it and starts showing it in the websockets tab. Somewhat similar happens on the apps, but not on this one.

This app doesn’t do any such thing.

How this app works :

  1. Gets it’s websocket endpoints from a config, downloaded from a website. Then ‘mysteriously’ it makes a connection to the websocket server, which isn’t visible in the BURP proxy.

My Setup : 1. Rooted phone with frida running and objection framework for ssl unpinning ( although not needed here, as I am already able to see all the http(s) traffic from the app ).

FYI I’ve added my BURP cert as root authority in my android 7.0 phone.

I’ve also tried ‘invisible proxying’ ( not sure how it works ) didn’t work either.

Any ideas would help ?

Thanks.

How to set IP segment and connection string with IPv6?

For this PostgreSQL configuration example:

https://repmgr.org/docs/4.4/quickstart-authentication.html

    local   replication   repmgr                              trust     host    replication   repmgr      127.0.0.1/32            trust     host    replication   repmgr      192.168.1.0/24          trust      local   repmgr        repmgr                              trust     host    repmgr        repmgr      127.0.0.1/32            trust     host    repmgr        repmgr      192.168.1.0/24          trust 

I have two questions.

Question 1

This is IPv4 type: 192.168.1.0/24.

How to do with an IPv6 IP like: 230b:c010:103:5858:a6a3:3:0:1?

Question 2

If use jdbc to connect a PostgreSQL server can make string as 192.168.1.11:5432. How to do with IPv6? Is it like 230b:c010:103:5858:a6a3:3:0:1:5432?

How might we help customers get back on track from a connection timeout message

I’m designing ‘sad path’ scenarios for checkout and I’m trying to design for helping customers when a connection timeout occurs when the checkout hangs trying to connect to our 3rd party credit card payment form.

When this happens the credit payment form could not get loaded in our checkout environment.

A simple solution is to reload the page.

The UX/UI solution I’m putting forward is an alert message that appears on the page and asks the customer to reload the page.

This is my attempt at making the error message more ‘user-friendly’:


A connection error occurred

An error occurred when we were trying to connect to the system.

Please reload the page to try connecting again.

[ Reload page ] <— button


How do people feel about the above message? Any other solutions you can think of?

Thanks.

database mirror – A connection attempt failed because the connected party did not properly respond after a period of time

I have database mirror set up in one of my servers and all seems to be fine, however, from time to time I get this error message in the logs:

--Execute it on Primary/Secondary server EXEC xp_readerrorlog 0,1,"Error",Null, NULL, NULL, N'desc' 

Database mirroring connection error 2 ‘Connection attempt failed with error: ‘10060 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.)’.’ for ‘TCP://MIRROR_SERVER_DB01:5022’.

enter image description here

--============================================================================== -- query that shows the current state of each database in the mirroring --==============================================================================   SELECT   db_name(sd.[database_id])              AS [Database Name]           ,sd.mirroring_state                  AS [Mirror State]           ,sd.mirroring_state_desc             AS [Mirror State]            ,sd.mirroring_partner_name           AS [Partner Name]           ,sd.mirroring_role_desc              AS [Mirror Role]             ,sd.mirroring_safety_level_desc      AS [Safety Level]           ,sd.mirroring_witness_name           AS [Witness]           ,sd.mirroring_connection_timeout AS [Timeout(sec)]     FROM sys.database_mirroring AS sd     WHERE mirroring_guid IS NOT null     ORDER BY [Database Name]; 

enter image description here

question:

as it happens only sometimes, and I could not identify what else running at the same time – could have triggered this error,

what are possible things to look at while troubleshooting?

this server is hosted in the USA and I am not admin on the machine, only sysdba in the sql server world.

FUD payload connection over 443 (meterpreter behavior) still being detected by Windows Defender

I’ve managed to create a obfuscated shellcode that is compatible with windows/meterpreter/reverse_tcp and windows/shell/reverse_tcp (metasploit) payload’s handlers. When testing with metasploit listening with windows/shell/reverse_tcp payload the connection is not detected, when I test with metasploit listening with windows/meterpreter/reverse_tcp set the behavior is detected. The detection seems to post connection..

Is there additional options/variables I can set in the windows/meterpreter/reverse_tcp payload handler to evade antivirus (windows defender) detecting meterpreter behavior?

I’m looking to evade detection server side (metasploit listener options), not client side I’ve done that.