tcp – Exposing different services on the same port

My current project contains multiple heterogeneous TCP servers, but our IT guys have clearly declared that they will give me only one 443 port, which is fair enough.

Two options are on the table now. One is VPN. We can set up a VPN server inside our cooperation and implement the access control. The other one is to implement some kind of software switch, which peeks the recognizable features of any (S) packet and then route the connection to responsible service. Our IT guys are neutral to both approaches for now before any evidence shows that one is superior than the other.

The pros of VPN are that it is a well-established technology and widely used in practice. In our scenario, it ensures sensitive information to be encrypted. The cons are the effort we will need to implement access control policies and mechanisms. The number of services will possibly grow, and the service will go multi-tenant, so it will become more complex.

The pros of the software switch are that it is simple to implement because the features/protocols of the sub-services are well known to us. The cons are that no such practices are heard before (I might be ignorant here), and we are not so confident if exposing such an in-house solution to the Internet is a good idea.

If you were me, what approach do you prefer? Why? Details can be clarified if needed and allowed.

I really appreciate any comments and answers.

Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could “hide” the data.

Exposing problems with OVH | Web Hosting Talk


Whenever a company tries to push me around, I have to expose the situation on online communities, they always do the right thing when exposed.

So here is the deal with OVH …

– I ordered a VPS, I tested it for some days, I was not happy with it, I took my data off it and moved to another provider.

– I then tried to cancel it, but it said there is nothing to cancel as there is no auto-renewal and unless I renew it, the service will be terminated at the end of the period.

– Next month on 1st of June, I received a new invoice for it

– I created a ticket and asked for invoice to be canceled, as I am not using that server and I had no auto-renewal

– I am asked to first use the “delete” function, it was deeper in the menus, I deleted the server that day and informed them.

– I get no reply for 10 days, I ask them again about this

I am told I should pay that invoice and I might receive OVH credit (no refund)

So why pay if I never used it and I am 100% it said auto-renewal was NOT enabled ?! I asked to cancel it hours after invoice, I never used it.

OVH Ticket number 3829965690

As a side note, here is why I was not happy with their VPS:

Every 4-5 hours they would take the server offline for exactly 15 minutes and claim it was under DDOS attack.

The server was never under attack, they do this whenever your site generates traffic, this is ridiculous and excuse me but PATHETIC.

After I moved all my data, server was unused, I downloaded a file from the server with WGET and I instantly got the “under attack” email and server blocked.

I was the only client on the server then, their anti-DDOS system is fully broken, many people saying exact same thing on TrustPilot.

Whenever they claimed I was “under DDOS attack” I asked them to show me sample IPs, they claimed they don’t have any

The VPS could be decent without the broken “anti-DDOS” and broken “support” staff.

webserver – How to protect web server private keys on Ubuntu with Nginx without exposing any plain text credentials?

I’m developing a set of internal websites and services for a customer who has high levels of bureaucracy and strict formal rules about many things, one of them being “not storing passwords in plain text”.

So, when they inspected my system configuration manual, they immediately pointed out that they could not accept storing private key passwords in a text file for Nginx to load on startup. It doesn’t matter that the file is readable only by root.

My arguments, such as “if someone got root access to your server then you have bigger problems than leaked private keys”, “The attacker could extract the keys from server process RAM anyway, no matter what encryption is being used”, “It’s a recursive problem because if I encrypt the password file, Nginx will need the password to decrypt the password file to decrypt the keys” did not work.

It seems, the customer is just used to how IIS works – the private keys are protected by CNG mechanisms and you don’t have to store plain text passwords or keys or API tokens anywhere.

How do I achieve that on Ubuntu and Nginx without making things too messy?

I really don’t want to migrate everything to Windows and then explain the customer why they need one more Windows Server licence when the initial idea was to use free Ubuntu server.

tracing – Type by exposing on the frame label

I have a frame to label as such:

FrameLabel -> {{Style(Row({"Ln(R)", " (a. u)"}), 18, "TR"), 
None}, {Style(Row({"Inverse of T", " (K^-1)"}), 18, "TR"), None}}

The units of "Inverse of T" are K ^ -1. How can I put the -1 by exposing in the framelabel?

python – thrown an exception of __init __ () VS leaving an invalid object and exposing the .problem property

So let's say we have a simple SourceURL class that represents a file and is defined something like this (lets call it is Option1),

class SourceURL:
    """Class for a URL of object"""

    scheme: str
    bucket: str
    key: str

    def __init__(self, url: str):
        scheme, netloc, path, params, query, fragment = urlparse(url)
        if scheme not in ("s3", "gcs", "file"):
            raise InvalidURL(url)

        path = path.lstrip("https://codereview.stackexchange.com/")

        self.scheme = scheme
        self.bucket = netloc
        self.key = path

And Option2:

class SourceURL:
    """Class for a URL of object"""

    scheme: str
    bucket: str
    key: str

    def __init__(self, url: str):
        scheme, netloc, path, params, query, fragment = urlparse(url)
        path = path.lstrip("https://codereview.stackexchange.com/")

        self.scheme = scheme
        self.bucket = netloc
        self.key = path

    @property
    def problem(self):
        """Return None if valid, else return detailed explanation"""
        if self.scheme not in ("s3", "gcs", "file"):
            return "Invalid scheme provided"

    @property
    def is_valid(self):
        return self.problem is None

Here, the SourceURL objects will be passed to many different functions which can work on them to get / publish / delete / update / or perform other functions on these sources.

Which option is best? Both options have advantages and disadvantages.
I have a preference for an option, but first I want to hear from you. I think the answers could be different if it was written in C ++, java or any other language.

data tables – Is it worth exposing the score of a relevance search to the user as a feature or function?

So our main search tool will get a relevance search, which means that the output is sorted somewhat by the importance of an entry. Before that, the entries were sorted by date and if two entries had the same date, the order of the entries was not specified.

If a customer is going to search for elements with the relevance search, the table is ordered according to the number of words struck in several fields, the date also has a certain influence.

The order of entries is calculated by the backend (or db, I don't know) and could be exposed in the user table as a clean column, which could also be used to filter entries with low relevance aka low score.

I think this should not be done, as I mainly think that it is wrong to charge the user with the complexity used to give elegant behavior.
But the rest of the team insists on doing it, to give the user the power to filter out irrelevant entries.

So is there a general council? Is this a good idea? Does anyone do it?

apache – Hosting multiple websites with the help of MAMP without exposing sensitive files?

So here is the problem, I created 3 projects that I would like to somehow host simultaneously so that each of them can be viewed at any time. Currently, I host them myself with MAMP. However, I did it by proceeding as follows:

  • I've placed all the projects in the folder htdocs
  • I defined htdocs as the root of the document C: MAMP htdocs

This means that when I access my IP, I receive a list of folders from all projects. To open the website, I need to access the public folder where each project's index is located. This means that all projects can be viewed if the user accesses the public folder. However, it also means that all files and files that are not supposed to be public are in fact public and visible.

This means that when I go to:

Obviously, I could just define the root of the document to be

C: MAMP htdocs Project1 public
But then, I will only present one project. As you can see, using my methods, I could submit one project at a time or expose them all at the cost of the exhibition of all the files and folders that should not be exposed, which is far from # To be ideal.

So I was wondering if there was a way to ensure that when a user accesses http://99.999.99.999/1 (the IP address is just one example), the first project appears (which means that the root of the document is the public folder of the first project) and if the user accesses http://99.999.99.999/2, the second project appears (that is, the root of the document is the public record of the second project).

All alternatives are welcome.

polaroid – Exposing a film on a screen

In summary, I would like to "map" a 5.5 "LCD to check the light distribution, see where the light is the most intense and the weakest.

This is a 3D LCD printer with a UV LED light source at the bottom, projected on an LCD screen whose pixels light up to let the light through and generate images for each layer of the current model. impression.

So, as the projected light comes from a single point, it will go further to reach the sides of the screen, theoretically 30% lower on the sides.

I would like to use a photographic film on a 5.5 inch screen, expose a picture in full screen for 0.1 second and be able to see on the film the transitions from the strongest points to the weakest points.

Would that be possible? Can I use a polaroid movie? What would be the easiest way to do it?

Thank you in advance.

linear algebra – exposing a matrix of complex elements

$$ exp (i pi / 4 *
begin {matrix}
0 & 0 & 0 & 1 \
0 & 0 & -1 & 0 \
0 & -1 & 0 & 0 \
1 & 0 & 0 & 0 \
end {matrix}
) $$

pretty sure the answer is in the form:
$$ (a + bi) * begin {matrix}
1 & 0 & 0 & 1 \
0 & 1 & -1 & 0 \
0 & -1 & 1 & 0 \
1 & 0 & 0 & 1 \
end {matrix} $$

where a and b are infinite sums that I can not solve. I think that they are:
$$ a = sum_ {n = 1} ^ infty (-1) ^ n ( pi / 4) ^ {2n} / (2n)! $$
$$ b = sum_ {n = 1} ^ infty (-1) ^ {n-1} ( pi / 4) ^ {2n-1} / (2n-1)! $$
try to make sense of an article on quantum game theory.
(Jens Eisert, Martin Wilkens and Maciej Lewenstein, "Quantum Quantum Games and Strategies." Phys Rev. Lett 83, 3077 – published October 11, 1999.)

Thanks in advance!