How to restrict CPU consumption of CPU intensive applicaiton with Db2 Workload Manager?

in Db2 v11.1 on Linux I would like to have control over applications that consumes too much CPU resources. For every application that consumes too much CPU for more then 3 seconds I want to lower CPU resources to max 5%.

In Db2 Workload Manager I created two subclasses. First without restrictions and second with 5%-CPU restriction. The trouble I have now is at "create threshold" command (bellow). CPUTIMEINSC actually means time spend in sub-class, but I am looking for option to only trigger threshold when SQL consumes a lot of CPU power.

How to restrict CPU consumption to "aggressive" applications?

Regards

-- Create super-class. CREATE SERVICE CLASS SC_APPS;  -- Create default subclass that all applications start with. CREATE SERVICE CLASS SC_APPS_100 UNDER SC_APPS SOFT CPU SHARES 1000 CPU LIMIT 100 PREFETCH PRIORITY DEFAULT BUFFERPOOL PRIORITY DEFAULT;  -- Create subclass with CPU, disk I/O and memory restrictions. CREATE SERVICE CLASS SC_APPS_05  UNDER SC_APPS HARD CPU SHARES   50 CPU LIMIT   5 PREFETCH PRIORITY LOW    BUFFERPOOL PRIORITY LOW;  -- Move application that consumes CPU for more then 3 seconds from non-restricting subclass to resource restricting subclass CREATE THRESHOLD TR_APPS_GOTO_05     FOR SERVICE CLASS SC_APPS_100 UNDER SC_APPS ACTIVITIES     ENFORCEMENT MEMBER     WHEN CPUTIMEINSC > 3 HOURS CHECKING EVERY 1 SECOND         REMAP ACTIVITY TO SC_APPS_05;  -- Crete workload restrictions for one user only CREATE WORKLOAD WL_APPS_05  SYSTEM_USER ('USER1') SERVICE CLASS SC_APPS_05  UNDER SC_APPS;  -- Grant access to public GRANT USAGE ON WORKLOAD WL_APPS_05 TO PUBLIC; 

Restrict CA to issue certficates for one domain or to be able to sign just one server certificate

I have a server and I want my iPhone to connect to it securely. However, I cannot just install the self-signed server certificate on my iPhone. When I install the profile (that’s what they call the certificate), it says "Not verified".

Normally, you would go to CA Trust settings and enable full trust for the certificate. BUT I deliberately made the certificate with critical,CA:false constraint. That’s the reason it does not show in the CA Trust settings.

Why did I do it — I just need to install the single certificate and I don’t want to totally compromise my iPhone security, if my CA credentials got stolen.

Do this have a solution? iOS probably requires a CA to trust a certificate, but I don’t want a possibility to create certificates at all (beside the one), or at least for another domains.


One potential "solution" might be to create the CA, sign the server certificate and then delete the CA key, as it would not be needed and would live for a shorter time (lower chance to get stolen).

However, people except me wouldn’t be stoked to install it. (I don’t want to buy a certificate as its a home project and I don’t even have a domain name, just the IP address.)

The certificate complies with apple’s current requirements for server certificates. (https://support.apple.com/en-us/HT210176)

What is the best way to restrict /proc fs from malicious users (linux)?

I am trying to make a restriction to procfs like only a certain groups of members can perform read and write actions.

kernel document says we can do that by setting hidepid and gid in /etc/fstab. It will restrict the malicious user from making read and write on procfs but I have a doubt whether it is possible for malicious user (restricted in the /etc/fstab) to access content in profs using syscall instead of fs operation like read and write.

Can MDM on an iPhone restrict custom keyboard usage?

I have an iPhone that runs 13.3.1 (latest at this time). It’s a corporate phone and has an MDM profile installed. I’ve been using the phone for almost 2 years now with a custom keyboard (Google Keyboard). However, after recently traveling to the States, I noticed that my phone is forcing me to use the default Apple keyboard every time I try to type something. It’s been happening since 3 weeks now and this change was not caused by a system upgrade, I remember not changing/installing anything around the time when this started. It’s almost like my iPhone woke up one day and did not want me to use another keyboard, even after I had been using one for years now (jealous much?). The MDM profile installed doesn’t mention having control over keyboard. The moment I start typing, I get force switched to the Apple keyboard (without suggestions). And while I can switch to the Apple keyboard with suggestions, I can’t use my other keyboard even though it’s set as default.

This behavior began very randomly and at this point I wonder if it’s just paranoia or legit. I work in this field and so it probably isn’t irrational paranoia but I’m just looking for a logical answer. Does anyone know what this is about or has experienced similar?

Restrict crawling of region/lang combinations other than the provided ones in robots.txt

I want to allow crawling of my website only if the URL starts with accepted region/language combinations which are us/en, gb/en and fr/fr. Other language combinations must be restricted. On the other hand crawler should be able to crawl / or /about, etc. For example:

example.com/us/en/videos  # should be allowed example.com/de/en/videos  # should be blocked example.com/users/mark    # should be allowed 

Again, it should be blocked only if it starts with unaccepted region/language combinations. What I did so far does not work:

Disallow: /*? Disallow: /*/*/cart/ Disallow: /*/*/checkout/ Disallow: /*/*/ Allow: /*.css? Allow: /*.js? Allow: /us/en/ Allow: /gb/en/ Allow: /fr/fr/ 

I tested it with google’s online robots.txt tester.

Why would you restrict these characters within a password? [duplicate]

A website restricts these characters from passwords: # * ( ) %

At a casual glance, it looks like they’re not sanitizing data input to the database or hashing passwords, but I’m a hobbyist.

Should I contact the IT maintainer? This is a new site that was just launched to replace an old one within my industry.

Should a DNS server restrict reverse lookups from external hosts?

What risks are there in allowing external clients to resolve internal IPs to their domain names? The server is used internally for clients, as well as for external clients needing to resolve a web server’s domain. Couldn’t allowing these reverse lookups allow an attacker to gather a wide array of information if the domain names contain usable information?

How to completely restrict a postgres role to a single schema

I’d like to create a readonly role for a third party to access a handful of tables from the public schema without being able to view the rest of the tables in public.

My initial idea was to create a new schema ‘readonly’ and then create views in that schema:

create view readonly.table1 as select * from public.table1 

Then alter the search path for the readonly user to limit it only to the ‘readonly’ schema. However, it looks like I can still view the public schema as that role (though I can’t select anything from any tables in schema public).

Is there a way to remove all visibility into the public schema from a role? Unfortunately, moving everything to a different schema is not possible.