I’m facing unsupported or invalid protocol error in google disavow tool while replacing an old file?

I’m facing unsupported or invalid protocol error in google disavow tool while replacing an old file? – Webmasters Stack Exchange

blockchain – Bitcoin Fraud/Recovery Protocol Proposals

Does Bitcoin plan to implement any Fraud/Loss Prevention in their protocol? I just read a story of how Brokerage Exchange Shapeshift, and Internal Employee stealing private keys from their customers. https://news.bitcoin.com/looting-fox-sabotage-shapeshift/

Also heard about Bitfinex and Binance having similar issues.

  1. Maybe allowing nodes to create new/recover Bitcoins that were stolen? And expiring tokens from the thief?

  2. Restricting consumption of any bitcoins with a certain publickeys/IP address?

When using credit card, I had thousands of dollars charged. My credit card company said not worry, and reverted the charges.

I can see SEC or FDIC having something similar come to Crypto, and hopefully bitcoin community can address issues in their next protocol. Otherwise, government regulators may interfere.

amazon web services – Postfix behind AWS NLB with Proxy Protocol does not send banner until CRLF is sent

I’ve redeployed my mail stack as a Kubernetes pod. This pod is on an EKS cluster in the private subnet, behind an NLB. Postfix and the NLB are configured to speak proxy protocol v2.

Originally I had this setup without proxy protocol, and the Postfix ports responded as expected, immediately sending the Postfix banner upon connect, however Postfix could not identify the remote server sending mail to it correctly, and it marked everything as spam. So I’ve decided to go the proxy protocol route.

When connecting via telnet, the connection opens, but Postfix does not send it’s banner. It’s banner is not sent until a CRLF is sent (enter key is pressed) – You can send any other character and nothing will happen until the CRLF is sent. This affects the submission port on (587) and breaks client connections, as SMTP protocol declares the receiving server must respond first.

Initial connection:

❯ telnet mx01.example.com 587
Trying x.x.x.x...
Connected to mx01.example.com.
Escape character is '^)'.

After CRLF is sent:

❯ telnet mx01.example.com 587
Trying x.x.x.x...
Connected to mx01.example.com.
Escape character is '^)'.

220 mx01.example.com ESMTP Postfix (Ubuntu)
500 5.5.2 Error: bad syntax

And this is without the Proxy Protocol configuration:

❯ telnet mx01.example.com 587
Trying x.x.x.x...
Connected to mx01.example.com.
Escape character is '^)'.
220 mx01.example.com ESMTP Postfix (Ubuntu)


OS: Ubuntu 20.10

Postfix version: 3.5.6-1

Postfix master.cf

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
# Do not forget to execute "postfix reload" after editing this file.
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o cleanup_service_name=header_cleanup
  -o smtpd_upstream_proxy_protocol=haproxy
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
header_cleanup unix n   -       -       -       0       cleanup
 -o header_checks=regexp:/etc/postfix/submission_header_cleanup.cf
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# ====================================================================
# See the Postfix UUCP_README file for configuration details.
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# Other external delivery methods.
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Adjective for being okay to send via an unreliable protocol?

UDP is an example of an unreliable protocol. Is there a single word that means "okay to send via an unreliable protocol?" Sort of like "unimportant", but that’s too strong a word.

The context would be the name of a message property where the application cares that certain messages are delivered reliably, but is otherwise agnostic about the delivery method. I’m looking for a word that means "unreliable okay" rather than "reliable required" because reliable should be the default and booleans conventionally default to false.

protocol – (How/Why) – Work vs Block Size Limit and Leading Zeros

How did Satoshi/the community decide an appropriate block-size-limit?
Why does the protocol increase mining difficulty by adding zeros?

I’ve some limited experience with some of the cryptographic concepts underlying bitcoins protocols.
I have two questions.
Given the fact that there is an upper limit on block size, perhaps the easiest way to breach this is to arrive at an some exceedingly large nonce which will become necessary due to other block contents. The question is, how do you set an appropriate limit for arbitrary blocks?
Would you need to know about inverting the hashing-algorithm in order to prove the efficacy of a given limit for an arbitrary ledger/header/nonce set?

Second question is about the relevance of increasing the leading zeros over time. Would it not be equivalent (wrt work done) to set a total number of zeros? That is, would you need to know about inverting the hash algorithm in order to prove that difficulty is increasing by adding leading zeros as opposed to any other “pattern” of any other hex character of the same cardinality?

Please forgive and correct my understanding of the issues in question.

(ANSWERED) Can my ISP see which VPN protocol I am using?

Yes, probably. Most VPN protocols are not designed to hide the fact that they’re VPN protocols, nor what kind of protocol they are. See for instance this paper which details fingerprinting OpenVPN.

If you run all your traffic through a VPN, the fact that you’re using a VPN is quite easily visible – as all traffic will be destined for a single destination – which is quite unlike normal usage patterns.

If you’re interested in hiding the fact that you’re using a VPN, and what VPN, you should probably look into what’s used in totalitarian states, such as China, which routinely blocks all attempts at VPNs out of China. Tor is one such system.

sso – CAS Protocol ticket sent via GET request

From CWE598 sensitive information should be sent using POST request. Why CAS protocol sends the ticket value using a GET request as illustrated below? Should it be considered safe in this scenario? From the image:

“Set the session cookie and forward the browser back to the application with the service ticket stripped off. This optional step prevents the browser address bar from displaying the ST”

My doubt is: if the browser already sent a GET request including the ticket value in the URL, the ticket could be already logged somewhere or am I wrong?

enter image description here

c# – How is a Challenge implemented for a game networking protocol?

Working on an authoritative online game using LiteNetLib. I’ve been reading about building a game network protocol and I’m feeling stuck with the “challenge” implementation.

  • The client requests a connection with the server.
  • The server then returns some sort of challenge (that only the client should be able to solve?).
  • The client returns the solution and the server allows the connection.

The first thing that I don’t get is how to have a “pending” connection without accepting it to begin with. With LiteNetLib, this is how the server handles incoming connections:

listener.ConnectionRequestEvent += request =>
    if(server.ConnectedPeersCount < 10 /* max connections */)

From the looks of it, the server must decide whether to allow the client or not at this very instant. If I want to send or receive a challenge, I need to accept the connection first don’t I? But that would defeat the point of the challenge implementation.

Is there a resource with an example of how this is done? The article doesn’t really go into detail, and when I google things like “online game protocol challenge request packet” the results aren’t quite related (almost as if the concept was coined by that article).

uri – Drupal and reverse proxy: How to make Drupal aware that it’s protocol is HTTPS?

I have a reverse proxy Docker container in front a Drupal container on a Docker host.

My reverse proxy container is https://hub.docker.com/r/jwilder/nginx-proxy

The public site URL is https://ahora-stage2.dcycleproject.org

When a request is made to https://ahora-stage2.dcycleproject.org, drupal receives the following headers. I ran dpm(Drupal::request()->headers); using devel/php on a backend web interface:

stdClass Object ( (__CLASS__) => SymfonyComponentHttpFoundationHeaderBag (headers:protected) => Array ( (authorization) => Array ( (0) => ) (host) => Array ( (0) => ahora-stage2.dcycleproject.org ) (connection) => Array ( (0) => close ) (x-real-ip) => Array ( (0) => ) (x-forwarded-for) => Array ( (0) => ) (x-forwarded-proto) => Array ( (0) => https ) (x-forwarded-ssl) => Array ( (0) => on ) (x-forwarded-port) => Array ( (0) => 443 ) (content-length) => Array ( (0) => 212 ) (accept) => Array ( (0) => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 ) (content-type) => Array ( (0) => application/x-www-form-urlencoded ) (origin) => Array ( (0) => https://ahora-stage2.dcycleproject.org ) (accept-language) => Array ( (0) => en-ca                 ) (user-agent) => Array ( (0) => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 ) (referer) => Array ( (0) => https://ahora-stage2.dcycleproject.org/devel/php ) (accept-encoding) => Array ( (0) => gzip, deflate, br ) (cookie) => Array ( (0) => SESS06c9cc57c2abbd62a4b35358c6967749=zmOe3Gexxxxxxxx7238990ldZb50rMxl35yPOeM ) (x-php-ob-level) => Array ( (0) => 0 ) ) (cacheControl:protected) => Array ( ) ) 

Based on that information, https://x-team.com/blog/base_url-drupal-8/, https://medium.com/@lmakarov/drupal-8-and-reverse-proxies-the-base-url-drama-c5553cbc9a3e, and comments in the settings.php file, I put these custom settings in my Drupal settings.php file:

$settings('reverse_proxy') = TRUE;
$settings('reverse_proxy_addresses') = ('','');

Nonetheless, Drupal always keep believing that the protol is HTTP, not HTTPS.

See enclosed image.

enter image description here

I’m wondering how I could set it up so that Drupal understands that it’s behind a reverse proxy and that it’s public URL should be served using the https protocol.

Why isn’t U2F’s CTAP protocol forwards-compatible with FIDO2’s CTAP protocol?

I’ve been trying to find the major differences between “U2F” versus “FIDO2” two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impression that the main work of the FIDO2 standard was the WebAuthn API, and that both U2F and FIDO2 are based on the “CTAP” protocol which at least one source (perhaps not a good one) claimed:

In the same release, FIDO also introduced CTAP2, which is basically the same as U2F but relaxes its requirements to also include mobile devices as acceptable external authenticators.

(Source: https(:)//doubleoctopus(.)com/blog/your-complete-guide-to-fido-fast-identity-online/)

So they’re claiming the only thing CTAP2 did was “relax requirements” and the big changes were all in the browser side, i.e. exposing a new WebAuthn interface to JavaScript?

If that’s the case then why can’t all existing U2F keys be used as FIDO2 authenticators? Rationale:

  1. We had Protocol A which said “you must X/Y/Z and your device can only be a USB dongle” — we called that “U2F”.
  2. We introduce Protocol A′ which says “this is Protocol A, still X/Y/Z except now your device can be a USB dongle or a mobile phone”. At the same time say “hey btw we’re giving websites a way to access to Protocol A′ devices”. We called this all “FIDO2”.

Now, if the only change (supposedly!) to Protocol A itself was “you’re allowed to implement this protocol on mobile devices, now, too” then it would logically follow that any U2F device would be forward-compatible as a FIDO2 device:

  • it already does “X/Y/Z” (because those were required by the old rules too)
  • it already satisfies “must be a USB dongle or a mobile phone” (because the old rules were “must be a USB dongle”).

But… not all U2F devices work as FIDO2 devices! For example, the Feitian K13 authenticator supports “FIDO U2F” but not “FIDO2”. So the logic above must be incorrect — and I suspect the reason is that CTAP2 made more changes than the “Your Complete Guide to FIDO, FIDO2 and WebAuthn” article claims.

What specifically does the CTAP2 specification include beyond the “U2F” functionality that makes “FIDO2” possible?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123