Uwsgi/nginx unix socket refusing connections

I have a python project that I am trying to serve with uWSGI and Nginx. I’m trying to connect the two with a Unix IPC socket (debian stretch), but the socket refuses connections whenever Nginx tries to connect to it. It’s not an issue of proper permissions or Nginx being pointed to the wrong location; I’ve already checked for that. What I believe may be the problem is that Nginx/the system does not see it as the proper socket file type to connect to. I considered this as a possibility when I did ls -l on the directory containing it, and it showed “-rw-rw-r–“. With all the sockets I’ve seen, they have some variation of that with a “s” where the first hyphen is. How can I fix this issue?

When the action of the gauge group on the space of connections is free?

Let $ G$ be a compact Lie group. Let $ \mathcal{A}$ be the space of connections on the principal trivial $ G$ -bundle $ G\times \mathbb{R}^4$ possibly with some growth condition (to specify it is a part of the question). The gauge group $ \mathcal{G}:=Maps(\mathbb{R}^4\to G)$ acts on $ \mathcal{A}$ in the usual ways.

Can the action of $ \mathcal{G}$ on $ \mathcal{A}$ be free? E.g. for $ G=SU(2)$ ? If not, is it true that the set of connections with non-trivial stabilizers (or infinitesimal stabilizers) is ‘very small’ in some sense?

Remark. If $ G=U(1)$ then the action of $ \mathcal{G}$ on $ \mathcal{A}$ is free provided we impose a growth condition on connections such that they should vanish at infinity at least along a given direction.

AD Import Connections in Multi-Domain Environment

I have a question regarding AD Import in a multi-domain environment. I currently have my SharePoint 2016 farm setup sync’ing users from the root domain in a forest. We also have a child domain under that. Now I’d like to modify the UPS to sync users from that domain as well.

All the guides and info I’ve found have indicated that only one User Profile Service Application is needed per forest, and furthermore, that one synchronization connection is good for an entire forest (i.e. no need to create a separate one for a subdomain in the same forest). However, I am having trouble setting mine up according to these guidelines.

Let me add that I have granted my AD sync account the necessary rights in both the parent and child domain already (it has “Replicating Directory Changes” rights at the root of both domains, plus membership in the Pre-Win2K Compatible group in both domains, and also “Replicating Directory Changes” rights on the Configuration partition in the root domain).

My research has indicated that all objects in a forest should show up when “Populate Containers” is clicked in the UPSA sync connection configuration, assuming the creds have the proper rights in all domains. However, in my testing, I’ve found this not to be the case. No matter what I do, I cannot get the subdomain containers to show up when I click “Populate Containers” in the existing synchronization connection. I’ve used my sync account creds, I’ve used domain admin creds from the root domain and even domain admin creds from the child domain, and in all cases, all I get back is the container list from the root domain.

I’m starting to think this is because my FQDN for this connection is specified as my root domain (lets call it “example.com”). Because if I go to create a new sync connection (under the same UPSA), and put in that domain, with any creds, I get the same results. However, if I go to create a new connection and put in the subdomain as the FQDN (e.g. “subdomain.example.com”), then I get the containers populated from the subdomain, as expected.

I have also read that problems can arise with multiple connections to the same forest, so I don’t want to create an additional sync connection unnecessarily. But based on the above experience its starting to seem like I indeed do need a second connection in order to sync users from a subdomain in an AD forest (using AD Import).

Is this the case? Is there something else I’m missing here?

Any help is much appreciated!

distribute traffic across multiple strongswan ikev2 connections

i would like a setup where a strongswan client connects to multiple endpoints with rightsubnet=0.0.0.0/0 that machine is then used as the default gateway for a few machines.

however i do not understand how strongswan sets up the routing, as iproute2 doesnt see any interfaces.

ideally this scenario would also be dynamic in that new uplinks can be torn up/down gracefully

Having two connections with different IP blocks (One is Global Protect VPN)

I have a wifi connection on a windows 10 Machine. It has the following conf

DEFAULT LOCAL SETTINGS

IP: 162.168.0.10  Subnet mask: 255.255.255.0  Default GW: 192.168.0.1 

When I connected to a VPN using Global Protect it creates a second network connection within a 10.x block

VPN CONNECTION TO 10.x network

IP: 10.170.170.10 Subnet mask: 255.255.255.255 Default Gateway: EMPTY 

The problem is when I connected to VPN I no longer can access internet even if the wifi connection is active. I only can access to VPN network.

The strange thing is when I connected to another VPN network having a 192.x IP block. Everthing runs perfect. No access problem.

VPN CONNECTION TO 192.x network

IP: 192.168.128.102 Subnet mask: 255.255.255.255 Default Gateway: EMPTY 

I think there is a conflict because of the different IP blocks. Any ideas to solve are welcome

Thanks

Are there security advantages to adding an OTP to SSH connections?

Are there any tangible improvements to gain from enabling TOTP (google-authenticator PAM plugin) over existing public key based SSH connections?

Does it make security sense to enable TOTP based Two-Factor auth for SSH into bastion servers? I get what advantages OTP offers for web applications, but what about SSH? Are there existing examples for infrastructure security that uses OTP that I can learn from?

What happens to network connections to the web app running in a pod, when a pod is down in a Kubernetes node?

Each pod represents single instance of the web application in a node of Kubernetes. Lets say 100 users are signed into a web app like Stackoverflow and connected to Pod1 of NodeA. Pod1 is down now. But Pod2, Pod3…. PodN are alive in NodeA.

What happens to the users who have logged in ? How does Kubernetes handle this? How should a software engineer handle this kind of situation?

Algorithm to assign producers to consumers with respect to connections

I am trying to analyze supply chains in a game and have come across this problem:

First, an informal description: I have producers and consumers. Each producer produces a certain amount of goods, each consumer requieres a certain amount of goods. Each producer is connected to some consumers (these connections have infinite capacity).

Is there a way to transport goods from producers to consumers so that each consumer has sufficiently many goods? Each producer can provide goods to multiple consumers and each consumer can accept goods from multiple producers. A producer also doesn’t have to deliver the entire production, as the rest can be discarted.

The connections form a bipartite graph with producers $ p \in P$ and consumers $ c \in C$ as vertices (so $ V = P \mathbin{\unicode{x228D}} C$ ) and edges $ E \subseteq (P \times C)$ . Each producer has a positive production rate and each consumer a positive consumption rate.

We model how much is transported over each connection with a weight function $ w: E -> \mathbb{R}$ . For each producer $ p$ , we get the required production by summing up the weights of all edges incident to $ p$ . This must not be higher than the production of $ p$ .

Similarly, for each consumer $ c$ , we get the total delivery by summing up the weights of all edges incident to $ c$ . This must not be lower than the consumption of $ c$ .

Does such a $ w$ exist for a given graph, production rate and consumption rate?

The left example has such a function, the right one does not:

Instance where such a weight function exists enter image description here

I am pretty sure that if we allow negative $ w(e)$ , the problem is very easy (for connected graphs, just compare total production to total consumption). Therefore, it probably makes sense to restrict $ w(e) \geq 0$ .

I have tried to find similar problems, but most flow problems have limited flow rates and sources with infinite capacity (whereas here, it’s exactly the other way around). I also know about the Assignment problem, but I don’t think it applies here.

Perhaps there is a way to slowly remove consumers and producers. In the first example, we know that the top producer can only supply the top consumer, so we could just remove the producer and reduce the consumption rate on the right. It might also be possible to merge multiple producers and consumers if they all supply each other. However, I don’t think that these operations alone suffice to solve the problem in all instances.

Perhaps there is no efficient algorithm, so I’ve also tried proving that the problem is NP-complete, but my attempt to reduce SAT to this problem wasn’t successful.

This probably isn’t the most enjoyable way to play Anno, but at this point, it don’t want to give up…

How can I get my LND node to make connections over Tor, IPv4, and IPv6?

I followed this guide (https://github.com/lightningnetwork/lnd/blob/master/docs/configuring_tor.md) to setup Tor on my LND node, but this forced all my traffic through Tor, and I was no longer reachable over Clearnet. I’ve looked through some issues on the LND github page, and it seems there is a way to have my node listen over Tor, IPv4, and IPv6, but I’m not sure how to set it up that way. Also, they mentioned there are risks to doing this, what are those risks? I don’t mind if people can correlate my IP address to my onion address (I’m just running servers in the cloud anyway). I just want to be able to connect and route payments with Tor nodes and clearnet nodes.