Browser Exploiting – Using SyncManager to keep Service Workers alive forever

I just read this paper: https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01B-2_Papadopoulos_paper.pdf

The authors claim to use the SyncManager Interface in order to keep Service Workers alive forever and thus turning the victim’s browser into a slave.

Is that really possible? I thought the sync process was always initiated by the client and there was no way for a server to force synchronization.

Thanks

How to disable service workers in Safari 12.1? (Mac)

In Safari 12.1 Service workers can’t be disabled anymore via Develop > Experimental Features. I guess it’s not an experimental feature anymore.

Is there any other way to disable them? Sometimes the whatsapp service worker seems to have a hiccup and uses 100% cpu utilization.

earlier solution for safari versions pre 12.1: How to disable service workers in Safari?

How does explicitly defining proxy workers relate to MaxRequestWorkers in Apache?

I have the exact setup and question which was asked and answered here:

Apache mod_proxy_fcgi: One proxy worker per vhost?

However, I do not fully understand the answer, which suggests that each explicitly defined proxy worker is an “mpm worker”.

How do the 2 built-in forward/reverse proxy workers and the explicitly defined proxy workers relate to the event mpm worker configuration options?

Should each vhost define its own proxy worker by using a unique name?

How to hide a construction site without hindering the workers?

Let’s say you have a building site that could fit in a roughly 100 feet square. And you want to hide it without hindering workers.

Now you could use the mirage arcane spell to hide the building but, a.) the workers would not be hidden, and b.) even the workers would not see the building (which seems counter-productive).

Or, you could use Mordenkainen’s private sanctum, which would hide the build site in a not at all conspicuous 100 feet square fog (insert sarcasm sign here).

So, can you use hallucinatory terrain to hide the fog, by making the original terrain there? If yes, how would that work for the workers? Or could you create a terrain that hides the fog and is even more inconspicuous? Or am I thinking too much into that and there is a completely different approach to this? Is it even possible in 5e?

AWS ELB – downstream connections higher than workers count

This might be something I fundamentally don’t understand about AWS application elastic load balancer set up.

It’s very simple. The load balancer is a public front end, forwarding all traffic to a single target group.

There are N containers in a target group. Each container running some number of workers, say X. Per Amazon documentation it is suggested to have containers with keep-alive enabled and set to a higher value than ELB inbound timeout.

But that essentially means that there is absolutely no point in creating more than N*X connections from ELB to targets, because requests coming on extra connections would just wait in the queue on the target, potentially forever.

From my experiments that is exactly what is happening. ELB opens as many connections to targets as it receives, and during spikes in traffic these extra requests fail.

Kind of defeats the purpose of ELB, does not it?

Ideally there would be an option that would limit how many connections to open per target and ELB would keep extras in a wait queue on its side, before forwarding to targets on their open connections (or by new targets launched by auto-scaling).

I’ve read all of Amazon ELB documentation and FAQs, and searched extensively here, but did not find any solution other than disabling keep-alives.

Am I missing something basic?

[ Politics ] Open Question : I’m supposed to feel sorry for Government workers when they didn’t have any savings or a good enough credit score to get a loan?

Don’t cry when hard times come and you didn’t have anything saved up and never paid your bills so now you can’t get a loan. When you’re screwed you’re screwed