Pass environment variables to .desktop file Exec entry [duplicate]

This question already has an answer here:

  • How to execute a command with “=” sign in a desktop shortcut? 1 answer

I want to create a shortcut that executes a program with an environment variable set, for example:

[Desktop Entry] Version=1.0 Name=Chromium test UTC Exec=TZ=UTC chromium-browser 

The syntax above doesn’t work (the shortcut is invalid) and I can’t find anything about passing env vars in the spec.

Is that just not possible and I need to create a launcher script?

Ubuntu 18.

Securing DEV Environment

I have not been able to find an answer online so I thought I would ask here. I have setup an Amazon Lightsail instance to act as a development platform for my website. I have setup SSH for accessing administrative tools such as PHPMyAdmin. Would this be sufficent in terms of being able to securly access PHPMYAdmin and upload files or should I be using SSL aswell?

Using distributed locks in microservice environment

I’m developing distributed system and trying to use best practices of microservice architecture. I was faced with a situation when I think I need something like distributed locks. Since I have not so many experience in microservices and still not sure about the final solution. I need any suggestions, thoughts, best practices, possible articles that can help me (now I’m investigating the issue and already have possible solutions).

I’m using Azure Service Bus to organize pub \ sub communication and Redis as shared cache in my system.

Here is an abstract schema of what I actually trying to do . Explanation: I have queue with incoming data (dataFlow). The format is the following {dataOwnerId: “1”, dataOwnerSubId: “1”, data: “status”} The dataOwnerId is an aggregator for a 1-n sub owners. So it’s 1 to many relationship.

The owners periodically (let say each 1 minute) push new status (data) to the queue related to certain sub-owner. So if the dataOwnerId related to dataOwnerSubIds [1, 2, 3]. The message can be {1, 1, status} or {1, 2, status} or {1, 3, status} and after 1 minutes {1, 1, status2} or {1, 2, status2} or {1, 3, status3} etc

The queue has 1-n consumers (dataConsumers) which processed data from queue and storing to DB. Data order is non-deterministic, the first available consumer takes the first message from queue. So the dataConsumer1-N can handle the data from owner1-N and sub-owner1-N.

For example in one time the dataConsumer1 can handle the data from owner1 and sub-ownerN the next time he can handle the data from ownerN and sub-owner1.

Requirements: The possibility of auto adding new data owners and data sub-owners to the system during queue processing required.

Possible solution: I can have situation when the dataOwnerN + 1 (new customer) already push data to the queue but he is still not in the system. In this case the dataConsumers will skip this new owner (skip storing the data) and push message NewOwnerEvent to ServiceBus.

The messages will be handled by dataOwnerManagers which working with dataOwners. The dataOwnerManagers responsibilities are creating the new dataOwners and related dataSubOwners

Problem: In one time dataConsumers can process data of two (for example) the same NEW (should be added to the system before processing) dataOwners with same or different dataSubOwners for example: {1, 1, status} or {1, 2, status} . In this case the two NewOwnerEvent will be created and dataOwnerManagers can start creating the same NEW dataOwner record. Same situation can be for dataSubOwners but here we have at least 1 minute delay for creation. So if the first event will be {1, 1, status}, the second event {1, 1, status2} will be after 1 minute and it almost impossible that those 2 events will be handled in one time in dataConsumers.

So I need to prevent the resending NewOwnerEvent related to the same dataOwner – if the dataConsumer1 already send the NewOwnerEvent related to NEW owner1, I must notify (add possibility to check that the same event already exists) all other dataConsumers, that the owner1 have already been added to the queue and will be created soon. So I need some shared list of already sent/processed NewOwnerEvent events/dataOwners

Possible implementation: I tried using Redis to solve this problem. I’m adding the key each time I’m pushing the NewOwnerEvent event, so all other data processors can check this key to understand was the event already pushed or not. But the problem here is that in one time different dataConsumers can take the message from the same owner {1, 1, status} and {1, 2, status} and try to push event at the same time, because the key in Redis won’t be created yet(dataConsumer2 check faster then dataConsuer1 add the key in Redis). So I need distributed lock to be sure that the Redis key will be added only by one dataConsumers at one time. I know that Redis already have implementation for distributed lock but I still confusing and guess it will be very complex solution in my case.

Who should maintain the staging environment for a BI Project

For the following design,

Source –> Staging –> Golden Copy –> Dashboard.

I was wondering who should maintain the Staging Database. Should it be the vendor implementing the BI Project or should it be the customer (owner of the source systems).

I know this is rather a case-by-case decision, but I would like to see if there is any recommended from architectural point of view.

I see two ways to get this done: 1. Vendor manages the staging along with Golden Copy and the Dashboard. 2. Client manages the staging.

Both have their pros and cons. What I am looking for is any reference architecture or documents or views on what way to go forward.

can’t add value with sharp sign in environment variable

I need set a password to environment variable but the problem is password include sharp sign and when i want use this variable just show me till first sharp sign. for example assume he#l#lo is my password and when i set it to /etc/environment with PASSWORD_API = "he#l#lo" then i print it just show PASSWORDـAPI =he and leave the character after # . i can’t change the password so if you have any idea please help me . thank you

Does FedRAMP apply to the cloud hosting environment, the software being hosted, or both?

Our company is limited to using products that maintain FedRAMP compliance, and we are looking to implement a new data collection tool. We are interested in a product that utilizes Microsoft Azure, which I understand is FedRAMP compliant. Is FedRAMP something that applies to this new software (or company that develops it) that is being hosted in MS’s Azure environment? Or only to Azure itself?

As someone relatively new to the cybersecurity world, I want to be sure I understand the scope of FedRAMP and how it affects our options going forward.

uwsgi: Ubuntu Python3 version different to virtual environment

I followed this guide: https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html#before-you-start-setting-up-uwsgi All worked fine, until I tried to upgrade my python version from 3.6 to 3.7. Now uwsgi wont run my project anymore. I can run it fine through the virtual environment.

At this step: https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html#install-uwsgi-system-wide it says one has to install it system wide.

After messing around for a long time, I think the reason uwsgi wont start up is a mismatch between my python 3.7 (virtual environment), and the 3.6 of the apt-get installed uwsgi. My default python3 version is 3.6 (even though I have followed lots of guides to change it to 3.7, and even uninstalled/purged python 3.6, but if I type python… the shell shows python 3.6). I dont understand how my default python version affects the apt-get installed version of uwsgi.

When I try start it up it just says ini file error, but nothing about whats wrong with the ini file. It is the same ini file.

Security test within a staging environment. Is SOAPUI sufficient as a test tool?

Currently I am working on a project in which I am supposed to define the following aspects as a test manager:

  • Conception of a penetration test for a test staging environment
  • Planning security guidelines for REST API development
  • Use of REST API scans via SOAPUI (create security test cases)

So my planning within the staging environment includes functional test procedures, integration test, as well as test procedures on the RESTAPI level. I am however undecided whether the pure security test about the SOAPUI solution alone is enough to get a high security coverage.

Therefore I plan another possibility in the test environment with even more special tools which besides the RestAPI level also : Integration of W3af or Vooki into the staging environment.

Questions: Is a security test drive via SOAPUI sufficient ? Should I use a different tool in the Stage (Pre Production) and in the Production? Should I test Security Test with another tool within the staging environment?

Recording user actions and replay it automatically on ‘sterilize’ environment

I’m looking for a solution for recording and replaying user actions.

I copied all my sites in database to a fake database with all the sites we have on production. Afterwards I want to achieve being able to deploy new versions first to this ‘fake’ database, replaying all the recorded user activity on those ‘fake’ sites automatically, and then be able to see if I see ‘spikes’ of exceptions and bugs.

That way, we can of course avoid almost completely releasing buggy versions, as I will have a reliable real user actions. Just to mention – we do have a pretty good automation QA, but still want to raise the bar.

Thanks !!