I'm trying to configure my eSight auto-discovery service over SNMP v3 but can not find SHA2-* on my switch.
The Huawei eSight service only has SHA2-256, SHA2-384, and SHA2-512 options for authentication however I only can find MD5 and SHA methods on my Huawei s5720 switch.
I want to know is there any difference between SHA and other versions or system automatically will get the correct result?
and I wonder if there is any solution to overcome this issue.
Related
I looking for a 2FA centralized solution, on Linux (Ubuntu) and Windows, who can use Data USB key as token, for example using UUID device for the token. (I read it's not that much secure but for start it will be fine for us).
The idea is to us it for a user authentication at OS login and after on other web application.
I install LinOTP for try but I don't found a way to do it. The best should be a Open Source solution.
Thank's for help
You could use the yubikey. It might be the most expensive solution, but it probably gets the job done, what you are looking for.
The yubikey 4 is a smartcard. You can simple create PGP keys on the yubikey and use this crypto to authenticate at your Linux login using pam_poldi. Simple and effective.
We also use the yubikey in HOTP mode and have initialized them with privacyIDEA. I wrote a blog article, how you could setup an enrollment stations.
This way you can use the same device for offline local login and for authentication at webinterfaces (using HOTP).
Note: You only need a backend like LinOTP or privacyIDEA for using the OTP part. If you want to use local authentication like PGP, neither LinOTP nor privacyIDEA does currently support this.
Disclaimer: Please note that I was involved with LinOTP and am the project founder of privacyIDEA.
I'm currently living in a country in which YouTube website is banned and you'll need a VPN or a proxy to be able to access the YouTube website and videos using a web browser, but surprisingly, I've found that sometimes (most of the times actually) I can access YouTube and watch YT videos without using any VPN or proxies by using the YouTube Android application on my phone/tablet. This is related to my ISP as far as I know.
How does the YouTube Android application can connect to YouTube servers without the need of any proxies or VPN while at the same time I have to use a proxy program like "Freegate" to be able to watch YouTube on my computer? Is there a trick to do on my computer to be able to watch YT in web browsers without using any proxies?
I used an app called "Packet Capture" which captured the following IP addresses:
74.125.173.200:443
216.58.208.42:443
172.217.22.34:443
173.194.188.70:443
When I type them into a web browser, they redirect to google.com.
Android Oreo 8.1.0 and the latest version of Youtube.
My main goal is to be able to use youtube-dl without any proxies.
My question is similar to this.
Thank you.
The censors can block in a number of ways:
By modifying the ISP's DNS server to make youtube.com resolve to an IP address of their own (or just 0.0.0.0). Due to its minimal impact on the Internet infrastructure, this tends to be the preferred way in democratic countries. It can be easily evaded by using a DNS server not under the censor's control, e.g. 8.8.8.8 or 1.1.1.1.
By blocking ranges of IP addresses, for example 172.217.0.0/16. This is very likely to overblock, especially if the target is a smaller website which shares its IP range (or even IP address with others). Even in this case, outright blocking the whole /16 subnet would prevent access to google.com as well. This involves a lot of work on the censor's part, as IP addresses are routinely and automatically changed.
By reading traffic and blocking it if specific content is included. Since everything is encrypted these days, only DNS names and SNI are in the clear. There are already ongoing works to close these loopholes. The downside for the censor is that they have to read and parse every single packet, i.e. need large equipment, although if restricting to only DNS it is far more feasible. This is also likely to introduce problems for unrelated services which may occasionally be misdiagnosed.
(There are a couple of other ways and finer distinctions I'm listing in my PhD thesis on the topic of censorship, but they don't apply here).
No matter which ways the censors choose, they must feed a list of forbidden items into their equipment. In case 1&3, that's domain names, in case 2, that's IP address (ranges).
Modern services like YouTube are internally split into multiple smaller services. For instance, YouTube may internally consist of:
The web frontend, youtube.com / 172.217.22.46
The thumbnail service, ytimg.l.google.com / 172.217.21.206
The API googlevideo.com / 172.217.22.68
The video service, in multiple subdomains like r3---sn-i5onxoxu-q0n.googlevideo.com / 92.226.0.78
All domain names and addresses are examples; in practice, every service uses many IP addresses and different domain names (for instance there's www.youtube.co.uk .
If the censors in your country block only web frontend, the Android app will continue to work. The censors may also forget some domains - i.e. block youtube.com and youtube.pk and their subdomains, but not youtube.fr.
Alternatively, the censors may have tried to block the Android app by IP address, but the IP address may have been changed by YouTube, either as part of automatic internal reassignment or by explicit censorship avoidance.
The Android app contacts the internal google API, since it wants machine-readable information. So why does youtube-dl use the web interface and not the Android API?
I can't speak for all developers, but as the long-time lead developer of youtube-dl I know why I mostly focused on the web interface: It was simply a matter of convenience, as the tools to debug and observe web applications are far better than those for Android (or iOS apps). Therefore, when I added features, I would observe how the web JavaScript app realizes them, and reimplement that in youtube-dl.
So far, mainly using the web API was sufficient, but you are very welcome to add alternative code that uses the calls the Android app makes. Beware that this relief may be temporary though, as the censors may notice that the YouTube app is unblocked, and update their domain name and IP range lists to include that service as well.
I'm building a Twitter crawler system. Requirement is to crawl both Twitter Profile and Twitter Streaming. There's a project manager which puts all projects (1 project is a Twitter profile, or a keyword for Twitter Streaming) into Kafka. Then Storm will read from Kafka to get project metadata and start to run. The project manager will check all projects periodically and eventually restart the project (by putting data into Kafka), so every project has the latest data. I have a couple of questions:
Since we need to keep a connection to Twitter Streaming, we cannot let a Bolt run for a very long time for the Twitter streaming project. Can you suggest a good way to do this, like implement a separate process for crawling?
Another question is about tokens. We want each access token to run on one server only in order to improve stability and prevent reaching the rate limit too soon. When a project (tuple) starts to be processed in Storm, it would be assigned an access token of its supervisor IP. Is there any good solution for this? Someone recommends me to use Zookeeper to assign access token but I'm not sure if it's a good way and how to implement?
My iOS app uses a single hard-code URL api.xyz.com to find our REST service. At the moment there are just two servers running this service, and we use Amazon Route 53 DNS. But I've found that the timeout of an hour (or more) is too long incase one of our servers fails; don't want to leave users in the dark that long.
The alternative would be to implement a failover mechanism in the app. To be honest, I don't like the idea of pulling this low level DNS-related logic in the app, but I don't see another solution at the moment.
So my question is: How do I implement such a failover mechanism on iOS? I'm using AFNetworking for my REST API.
Or, are there better alternatives on server side? At the moment the servers are individually rented ones, so no Amazon, Google, ... cloud service.
BACKGROUND
I have a number of Ruby plugins for SiriProxy I have either written myself or use others for voice control of my home (https://github.com/elvisimprsntr?tab=repositories). SiriProxy is basically a MITM proxy which allows one to interject your own actions and responses into the Siri protocol. Unfortunately, Apple made some extensive changes to the Siri protocol which breaks SiriProxy in iOS 7. Siri in iOS 7 uses MPTCP, a new ACE protocol, and possibly different certificates. We have been unsuccessful getting SiriProxy to work with iOS 7. (https://github.com/plamoni/SiriProxy/issues/542)
ALTERNATIVE TO SIRI
Since it is highly unlikely that Apple will ever release a public API for Siri, or automator apps like AutoVoice and Tasker on iOS, I thought an alternative would be use the Google voice search app which is available for both iOS and Android, which there are a number of advantages:
- Speech to Text is performed on the device.
- Does not use MPTCP, HTTPS, or require a login
- The Google voice search simply builds an HTTP GET google search query URL. In some cases the app will speak the response.
- I think the google search uses cookies, but not sure if that is critical.
REQUIREMENTS
I have read a number of posts, forums, etc. looking for the best way to approach this, unfortunately there seems to be a number of ways to approach this.
- Must be implemented in Ruby in order to maximize reuse of existing SiriProxy plugins.
- A proxy which would allow me to parse the URL for keywords in the search query.
- Allow me to simply pass the results of the google query when a keyword match is not made.
- Allow me to replace the google search results my own response.
QUESTION
What I am struggling with in where to begin. I can’t be the first one to have a need for a similar proxy in Ruby. Any suggestions would be welcome.
UPDATE: REF POSTS
Help with HTTP Intercepting Proxy in Ruby?
accessing a website through a proxy using Net::HTTP proxy in ruby
Ruby Eventmachine & HTTP requests via proxy
How to create proxy server in ruby that accepts HTTPS
Ruby MITM proxy
best today is mitmproxy (python) and then communicate between python and ruby somehow (RPC-style) and python runs with mitmdump -s your-script.py