nefarious | Web application for automatically downloading TV & Movies | Stream Processing library

I'm writing a coding competition grader, in which I want to use gcc to compile a contestant's code and link it with only a restricted subset of C standard library functions. For instance, I only want the contestants to be able to use functions from stdlib.h, string.h, and a handful of other stdlib header files, but not able to e.g. include sys/sysinfo.h, which could potentially allow them to do nefarious things.

I'm wondering if there's a way to pass in a flag, or configure ld to do so? My current idea is to play around with ld to only make it link selectively against a folder of static libraries containing the libc implementations I want.

I want to protect my users data as much as possible! In this scenario I'm trying to protect data-in-use/data-in-memory against certain memory attacks or at least make it more difficult for nefarious people to get at my users' data.

I do not really understand how Flutter & Dart handle memory or really any language for that matter. So I'm looking for some insight, direction or confirmation in what I'm trying to do here without needing a masters in computer science. While I'm using Flutter/Dart this is also a generalized question.

My modus operandi here is simple, when done with some sensitive data I want to:

1. Encrypt data for memory zero
2. Zero all encrypted memory

Does this do what I intend?

If this does not do what I intend or is pointless in any way, please explain why.

Although new Anaconda Environments shows base (root) latest Python 3.8.8, Visual Studio Code reports python 3.7.3 in Jupyter .ipynb notebook:

However, Settings -> Default Interpreter Path definitely points to C:\ProgramData\Anaconda3 (it was installed for all users) whose Python.exe is indeed 3.8.8150. And code verifies it does seem to be the 3.8.8:

Here's was appears to be an odd question at least from what I've been able to turn up in Google. I'm not trying to determine IF there's a UAC prompt (I've got a couple of reliably ways to do that, win32gui,GetForegroundWindow() returns a 0, or win32gui.screenshot returns exception OSError at least in my case)

I'm also not looking to BYPASS the UAC, at least from python, I have an update process that's kicking off automatically that I need to get through the UAC. I don't have control of the update process so I don't think it's a good candidate for disabling the UAC with Python. I could just disable the UAC in Win10, but I'd prefer not to if possible. I do have a couple of methods for bypassing the UAC, in one instance where I'm running this in vitualbox I believe I can use VBoxManage guestcontrol to sent keystrokes to the guest system, for a stand alone system I have a microcontroller connected as a USB HID Keyboard, with a basic deadman switch (using the scroll lock to pass data between the python and the microcontroller acting as the HID keyboard) if it doesn't get the signal it sends left arrow enter to bypass the UAC.

What I'm trying to do, and getting stymied with, is verifying that the UAC popup is actually from the update process that I want to accept the UAC prompt for, and not some other random, possibly nefarious application trying to elevate privileges. I can use the tasklist to verify the UAC is up, but I'm not seeing any way to see WHAT caused the UAC prompt. The update process is kicked off from an application that's always running, so I can't check to see if the process itself it running, because it's running under normal operation, I just want to accept the UAC when it's attempting to elevate privileges to update. I've been using a combination of using win32gui.GetWindowText and win32gui.EnumWindows to look for specific window titles, and for differentiating between windows with the same title, taking a screenshot and using OpenCV to match different object that appear in the windows. Both of those methods fail though when UAC is up, which is why I can use them to detect UAC as I mentioned before.

I suppose I could use a USB camera to take a screenshot of the system, but I'd like to be able to run this headless.

Anybody have an idea on a way to accomplish this, as the tree said to the lumberjack, I'm stumped.

Maybe I'm approaching this entirely in the wrong way, but there seems to be a rather large security hole in Azure Devops Pipelines.

Our devops team has historically managed our builds, all the way back to on-prem TFS and through our journey to CI/CD. This is done so that we can standardize our builds and releases, track environment and toolset upgrades, because devops folks have better domain knowledge in this area, and to generally make life easier for developers. This is all good practice.

Now with Azure Devops and yaml pipelines, we have the ability to template out our builds (a wonderful thing, about time Microsoft caught up to this). But even with templating, "extends" templates, and security restrictions preventing developers from creating their own pipelines, the root file of it all (azure-pipelines.yml) is still stored in the application's source code repository.

So a developer isn't allowed to create a new pipeline, but they can edit the azure-pipelines.yml file all they want, which means erasing the templating/extends code our devops team wrote, and potentially injecting nefarious or otherwise unmanaged changes. Or even deleting the file altogether and ruining the pipeline. This is coconuts.

And before you say, "well, slap some branch policies on there and force code reviews/pull requests," that is entirely goofball for 2 reasons:

1. The dev ops team should not have to approve every single change in the branch, because code changes are not their domain. They should only need to approve the azure-pipelines.yml file and be left off the rest.
2. This would require a branch policy created manually on all our dozens of repos, not to mention every single branch inside those repos. Devs can also create their own branches, which completely circumvents any policies we may have.

And yea, we may have change history now, but that only helps after the fact. Not before a build environment gets destroyed.

In short, by inserting pipeline definitions into application repositories and not providing any way to smartly protect them, Azure YAML Pipelines allows developers free reign to wreak havoc in the devops' world.

Am I missing something here? How have people gone about keeping their yaml pipelines protected and managed? Surely there are strategies for organizations who have separate devops teams that need to protect their work. How do we protect/secure azure-pipelines.yml?

Pardon any confused terminology in the title, but imagine I want to have a little macro to mark structs I create as usable for some nefarious purpose. I write this little module:

I have a foreground service that I launch via startForegroundService.

All works great.

The only thing I am unable to figure out is how to / if its possible to customize the "...is running in the background' notification.

The notification I am sending over to startForeground looks like this:

Using the DomSanitizer service in Angular 2+ is it possible to sanitize the html but leave in the css.

For example this :

Suppose I want to check that a particular H5 file is the one I think it is, and hasn't had some dataset altered while I wasn't looking. I've already turned on the Fletcher-32 filter. I'm wondering if there's some way to access the checksum stored in the H5 file.

To be clear, I don't want to recalculate the checksum, I'm assuming that the data is consistent with the checksum, and I'm not expecting anything nefarious; I just want a quick way to peek in and make a list of the checksums — then peek in later to make sure my list hasn't somehow gotten out of sync with the data. Ideally, I'd like to do this through the h5py interface, but the C interface would at least give me somewhere to start.

My use case is basically this: I have a database of my H5 files, and I want to be sure that none of the datasets have changed without the database knowing about it. I don’t care if — say — an attribute has been changed or added, which means file sizes, modification times, and MD5 sums are of no use. For example, I might realize that some scaling was off by a factor of 2, go in and change those bits in one dataset without changing the dataset's shape or even the number of bytes in the file — but then fail to update the database for one reason or another. I need to be able to detect such a change. And since Fletcher-32 is already being computed by HDF5 with every change to our data, it would be very convenient.

Basically, I'm just asking for the highest-level API calls that can achieve this.

I've found one place in the HDF5 source code here where it reads the stored checksum — evidently the last 4 bytes of the buffer.

Using this fact, it looks like there is an answer, as of HDF5 1.10.2 and h5py 2.10. But it's still not nearly as fast as I'd like — presumably because it's reading all the bytes in every chunk, possibly exacerbated by the need to be constantly allocating new buffers for all those reads.

Essentially, we want to bypass any filters (compression, etc.), read the last 4 bytes of the raw data chunk, and interpret them as an unsigned 32-bit integer. The read_direct_chunk in h5py was added in v 2.10, and corresponds to the HDF5 function H5D_READ_CHUNK.

Here's some simple example code, assuming test.h5 has a 2-dimensional dataset named data.