Category: Uncategorized

Allowing unverified HTTP Post’s by Elastalert

I am using Praeco as a frontend for the Elastalert API which relies on Elastalert.

The problem I faced was that sending unverified requests failed, as elastalert didn’t allow verfiy=False.

I searched the Elastalert code and found the place the request is being made, it is in file, the class HTTPPostAlerter.

I changed:

response =
               data=json.dumps(payload, cls=DateTimeEncoder),


response =
               data=json.dumps(payload, cls=DateTimeEncoder),

You will still get an insecure request warning, but the request is sent.

If you are using the Praeco docker containers, then you can use this post to figure out which version of the code to change.

Remember to first go into the container:

docker exec -it praeco_elastalert_1 sh

Testing this in reality

Outside of test function, the http post does not work.

In the alert log on the praeco frontend the slack alert shows, but the http post does not.

In the application logs the following error is shown:


  ProcessController:  ERROR:root:Error while running alert http_post: Error posting HTTP Post alert: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /st2/api/v1/webhooks/praeco (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

I had to restart the containers, docker container stop and start for it to read the updated files.

Do Not Use a.k.a Centaurus Trading to buy Kruger Rands

TLDR; is no longer a member of Rand Refinery, their membership has been suspended. Take a look at all rand refinery registered dealers and make sure to only buy from people on this list

Investing in gold you can actually hold can be a very prudent investment espescially when global debt continues to rise and money is being created through this debt. However buying real gold that you can hold is the only way to be sure that you actually own gold. Merely buying gold shares or a Gold ETF will mean nothing in a global financial collapse. It is important to read the fine print of the contracts if you do prefer paper gold.

Nonetheless getting actual Kruger Rands can be tough because they are of high value and with high value comes risk. Certainly there will be a scammer for every legitimate coin dealer.

I had dealt with Centuarus Trading by buying through their website before and didn’t have much of an issue except that the order did take quite long to be fulfilled. This was in mid 2017. I had checked and they were a registered dealer.

A month ago I made another purchase, however this time it took 2 weeks without contact. I had to call the owner of Centaurus and ask him what was going on and he gave me the run around.

I then called Rand Refinery and was told that their membership was being reviewed after I noticed they were no longer on the registered coin dealers list. The next week I called Rand Refinery again and they told me that management had decided to suspend their account and I was to ask for a refund.

I asked for a refund and again a bit of a run around. It was not processed immediately I was told to wait 48 hours and then again for the following day.

The whole ordeal took 28 daysf from the day I EFT’ed into their account until I received the refund. Unfortunately it has left a bitter taste in my mouth and a dent in my growth prospects as Gold has rallied about R500 since the time of purchase.

When you are dealing with relatively large transactions it is important that everyone feels safe and secure but in this case I was worried by the shady activity and that it could be a scam.

At the end of the day it all worked out ok but I want to warn other people to avoid dealing with the following companies when it comes to Kruger Rands (Gold Bullion):

  • Centaurus Trading
  • MetalNexus

Also always ensure you test the authneticity of KrugerRands using the methods descrobe in the Rand Refinery Testing Guide.

You can contact the owner Paul Blundell Gibson on 0835026312.

Chantelle Pretorious also works for the company.

Lets talk about Postgres…

Postgres queries are CaSeSensitivE unlike in MySQL. So when a simple Model.objects.get(field='hello') would get the record. In postgres you would need to use field__iexact='hello'

In fact,unique doesn’t work was different cases with standard postgres. That is why django has the CIText Mixin and postgres has the citext extension

Unfortunately this won’t help for a unique_together field. The case sensitivity will still come into play.

So you can make the field lowercase by overriding the model’s save method:

    def save(self, **kwargs):
        '''Override save to enforce project name is lowercase''' =

Nope you don’t need to do the above. Just ensure the field is a CICharField

Ran into another problem:

crowdminder=# create extension citext;
ERROR:  extension "citext" already exists

So citext is already there but when running a django migration I get:

django.db.utils.ProgrammingError: type "citext" does not exist
LINE 1: ...llink" ("id" serial NOT NULL PRIMARY KEY, "email" citext NUL...

FFFFFFFFFFFuck you postgres

This is flippen weird.

So I go into psql and raise hell:

drop extension citext cascade;

Then the migrate works. It’s crazy. If this shit happens on production, I will be pissed at pg.