python – Isolation Forest com Validação Cruzada

como posso utilizar um classificador do tipo One Class, como o Isolation Forest, com Validação Cruzada? Estou tentando fazer dessa forma:

columns = data.columns.tolist()
columns = (c for c in columns if c not in ("Class"))
target = "Class"
X = data(columns)
Y = data(target)
Fraud = data(data("Class")==1)
Valid = data(data("Class")==0)
outlier_fraction = 0.5

x_train,x_test,y_train,y_test = train_test_split(X,Y,test_size=0.2) 

 modelIF = IsolationForest(max_samples=100,contamination = outlier_fraction,random_state=1)
    modelIF.fit(X)
    scores_pred=modelIF.decision_function(X)
    y_pred=modelIF.predict(X)
    #0 for valid and 1 for Fraud    
    y_pred(y_pred==1)=0
    y_pred(y_pred==-1)=1
    #metrics without cv
    print(accuracy_score(Y,y_pred))
    print(classification_report(Y,y_pred))

Mas, mesmo seguindo a documentação oficial do sklearn, o resultado final está sendo nulo nan

from sklearn.model_selection import cross_val_score
scores = cross_val_score(modelIF, Y, y_pred, scoring='accuracy', cv=5)
print(scores)

(nan nan nan nan nan)

sql server – Read committed isolation questions

It’s well known that Read Committed isolation is prone to different anomalies. I read a great Paul White’s series on isolation levels (the one relevant to the discussion is this one: https://sqlperformance.com/2014/04/t-sql-queries/the-read-committed-isolation-level).
It states (again, it’s reasonably well known), that a statement running under locking read committed isolation:

Can encounter the same row multiple times;
Can miss some rows completely;

My question is about the ‘missing rows’ part. Examples that talk about missing rows usually demonstrate the problem using queries like

select count(*) from table.

My question is can the rows be missed in a ‘regular’ select query? Meaning, can a query like

select * from table

or even

select * from table where id = @id

also miss rows that are committed before the start of that query?
This question applies to Read committed with locking (not RCSI) only, as RCSI doesn’t allow these types of anomalies.

database – Do coherence and transactional isolation mean the same?

About coherence vs consistency, https://en.wikipedia.org/wiki/Consistency_model says

Coherence deals with maintaining a global order in which writes to a
single location or single variable
are seen by all processors.

Consistency deals with the ordering of operations to multiple
locations
with respect to all processors.

That reminds me of isolation in ACID in database systems vs consistency, from Design Data Intensive Applications:

Isolation

Most databases are accessed by several clients at the same time. That
is no problem if they are reading and writing different parts of the
database, but if they are accessing
the same database records, you can run into concurrency problems (race conditions). Isolation in the sense of ACID means that
concurrently executing transactions are isolated from each other:
they cannot step on each other’s toes. The classic database textbooks
formalize isolation as serializability, which means that each
transaction can pretend that it is the only transaction running on the
entire database. The database ensures that when the transactions have
committed, the result is the same as if they had run serially (one
after another), even though in reality they may have run concurrently.

Consistency Guarantees

There is some similarity between distributed consistency models and the hierarchy of
transaction isolation levels we discussed previously (4, 5) (see “Weak Isolation Levels” on page 233). But while there is some overlap, they are mostly independent concerns: transaction isolation is primarily about avoiding race conditions due to
concurrently executing transactions, whereas distributed consistency is mostly about
coordinating the state of replicas in the face of delays and faults.

Is it correct that

Thanks.

why not use remote desktop for a secure browsing, instead of remote browser isolation?

recently, to have a secure browsing, it is recommended to use browser isolation (https://en.wikipedia.org/wiki/Browser_isolation).

I want to know why should we use browser isolation for a secure browsing, while remote desktop can do the same?!

thanks.

database design – which isolation levels have a serialization failure?

The quote below from wiki says that read committed doesn’t have serialization failure, can you please explain the reason? Which isolation levels have serialization failure?

Under multiversion concurrency control, at the SERIALIZABLE isolation
level, both SELECT queries see a snapshot of the database taken at the
start of Transaction 1. Therefore, they return the same data. However,
if Transaction 2 then attempted to UPDATE that row as well, a
serialization failure would occur and Transaction 1 would be forced to
roll back.

At the READ COMMITTED isolation level, each query sees a snapshot of
the database taken at the start of each query. Therefore, they each
see different data for the updated row. No serialization failure is
possible in this mode (because no promise of serializability is made),
and Transaction 1 will not have to be retried.

network – Isolation AWS resources with multiple subnets vs multiple VPCs

I have AWS resources (e.g. EC2s, RDS instances) that I would like to isolate from each other so that if one is compromised, the potential damage is limited. I am most concerned about data leakage / exfiltration. I can group these resources into logical “areas”. Some of the resources need access to the public internet. Some of the resources need API access to other resources in different areas. Occasionally, developers will need to make SSH connections to the resources via OpenVPN, so those keys might also be a security risk.

My understanding is that I can split my resources in a few ways:

  • A single VPC and a single subnet with communication controlled by security groups (I understand this is not recommended, buy why?)
  • A single VPC with multiple subnets and controlled communication between them
  • Multiple VPCs each containing multiple subnets, with controlled communication between them

What are the security implications of each approach?

Memory isolation autochecker

I’m working on a project in which I’m putting everything in modules to make sure I can run multiple instances without them interfering with each other, however I’d like to have it automatically let me know if there are any variables that aren’t defined as local to a module.

e.g.

DynamicModule[
{a,b,c}
a=5;
b=6;
c=7;
d=8
//Some more code here
]

What code could I put in the "Some more code here" section or after the module that would let me know that
d
is not defined as being local?

international travel – Are temporary accommodations where non-resident foreigners carry out their Obligatory Preventive Isolation designated by the Ecuador authorities?

I read on https://www.aviacioncivil.gob.ec/que-debemos-saber-antes-durante-y-despues-de-un-viaje-en-tiempos-de-covid-19/ (mirror) (translated to English by Google):

Travelers will be asked for a negative result of a PCR test, performed up to 7 days before the trip. In the event that the PCR test cannot be performed in the country of origin, the passenger, upon arrival in Ecuador, will undergo the test to detect SARS-CoV-2.

Non-resident foreigners will carry out their APO (Obligatory Preventive Isolation) in temporary accommodation.

Are temporary accommodations where non-resident foreigners carry out their APO (Obligatory Preventive Isolation) designated by the Ecuadorian authorities, or can the non-resident foreigners choose them themselves (e.g., renting Airbnb)?

isolation – gitlab ci (self hosted), docker, access to other containers

Even if i’m not allowed to access a specific repo (or if i have low perms (cant see ci/cd vars)) i still can create one and do something like:

variables:
  USER: gitlab
build:
  stage: build
  image: docker:latest
  script:
    - docker ps -a
    - docker images

Then when i have what i need, i can:

variables:
  USER: gitlab
build:
  stage: build
  image: docker:latest
    - docker exec <container> /bin/cat /var/www/html/config.php
    - docker exec <container> /usr/bin/env

How to avoid this kind of stuff?

PS: This is on a self hosted gitlab server.

PS2: Originaly post on stackoverflow, but im asking here since i didnt have any answer.

threat mitigation – Can VPN hardware provide adequate isolation on a home network?

A properly configured VPN hardware box can provide adequate protection for the work PC against attacks from the local LAN in this configuration. It will also protect against attacks against the VPN tunnel from the Internet. It will also protect your local network against attacks from the working PC.

It does not protect against attacks that start after the VPN endpoint, i.e. from inside the workplace or from the Internet which is capable of reaching the VPN endpoint. Specifically, the VPN alone does not magically protect against malicious websites you visit on the work PC or malicious email. These threats are typically managed by certain security products located between the VPN endpoint and the Internet, but these products do not offer perfect protection.

Your VPN configuration will also not protect against physical access to the work PC by others.