The Pathfinder 2e multilingual feat says:
You easily pick up new languages. You learn two new languages, chosen from common languages, uncommon languages, and any others you have access to.
Uncommon character options, including languages, require some special feature to access. For example, Gnome Weapon Training grants access to Gnome weapons.
Does the multilingual feat allow a player to access an uncommon language that they don’t have access to? The text of the feat says you can choose from “uncommon languages”, it’s just surprising to me that a player could get carte blanche access to any language they want.
Let’s say I have a SaaS platform, like a B2B platform where there are company accounts.
In this platform users can invite other users to join the company account by sending them an invitation link in an email with a secure token (à la Google Drive or GitHub).
Should we then let the invited user subscribe using a different email from the one where they received the invitation ?
That question regards primarily UX experience, although some security concerns might also be raised (I couldn’t find a more appropriate site for that kind of questions).
In general, how much detail can blind sight interpret? Is it like the Daredevil movie where they can make out an individuals facial details, or more of a “there is a humanoid/quadruped/tentacled horror shape in front of me” type of situation?
My issue is something similar to this one – Best UI pattern for letting a user assign items to groups
I am looking for a good UI design for mapping items between 2 groups (only one-to-one mapping). These items can be under a parent or by itself. I thought of drag-and-drop/ having checkboxes (or switch like) to turn on for any one group.
Items Group 1 Group 2
Item A1 checkbox checkbox
Item B checkbox checkbox
In the Unearthed Arcana – Class features article, Primal Awareness, a new variant feature for the ranger was introduced, replacing Primeval Awareness.
This feature lists a number spells as additional spells known that don’t count against the number of ranger spells you know. That part of the feature is fairly clear. However, it goes on to say:
You can cast each of these spells once without expending a spell slot. Once you cast a spell in this way, you can’t do so again until you finish a long rest.
To me, this section is unclear and has two possible interpretations:
- “You can cast each of these spells once…” – You can cast each of the spells lists 1/long rest without expending a spell slot. A total of 6 spells cast per day.
- You can cast any of these spells once. – Once you have cast one of these spells in this way, you cannot cast any of them until you finish a long rest. A total of 1 spell cast per day.
I can make a logical argument for both cases, one based on the first sentence, the other on the second.
Which of these interpretations is correct?
I am currently conducting a pentest and I found an application vulnerable to http header injection, where the user input is reflected after the
Content-Type header, and the
Content-Type is set to
application/force-download. That is, the attacker can pass content in the GET parameter that is then reflected in the header. Imagine a request like so:
Which then yields a reponse like so:
HTTP/1.1 200 OK Date: Wed, 06 Nov 2019 22:14:22 GMT Server: [...] Content-Length: 2 Content-Type: application/force-download; charset=UTF-16 Content-Disposition: attachment; filename=reflected-header_malicious_payload Connection: close
I am trying to asses the severity of this finding, in particular whether it would allow for an reflected XSS attack. It seems to me that there is no way to get around the
Content-Type: application/force-download which leads me to believe that the severity is pretty low.
So I have some page for a mobile app that I want to display a list of products. I have two options and I don’t know what to choose:
- Show items in a grid with a large picture and a small description (Assuming the phone is portrait, you can fit 2 items side by side, 2-3 rows, so there may be 4-6 items shown in the screen)
- Show items in a list, with a small picture and a medium-sized description (Kind of like a playlist in Apple Music)
Seeing as how both options can be good, as the casual users may prefer form over function (preferring option 1) and that the more detail oriented users may prefer function over form (preferring option 2), I feel like I should offer an option for users to toggle between the two. That seems to be the most natural solution, given that I find it hard to pick between the two.
However, that would mean I would have some sort of toggle button on the page, which may take away from the experience itself, ruining the aesthetics of the page, and making it more complicated.
So what should I do?
- Show a grid of items, thus focusing on aesthetics and potentially ruining the small minority of users who prefer more information
Show a list of items, thus focusing on practicality, benefiting the small amount of people that do want the information, but potentially making the app more uglier for everyone else
Add a button to toggle between the two views (on the same page), focusing on practicality for everyone, but ruining aesthetics for everyone (extra unneccessary UI elements and cognitive overload)
- Add a button to toggle between the two views, but in the settings. This doesn’t ruin the page with an unnecessary additional toggle button, and gives users who wish to see more details, the option to do so, hidden in the settings, and gives the ordinary casual user the aesthetics that they prefer. However I feel as though this may confuse users even more, especially if there are situations where a user may look at/use another user’s device and have some sort of unfamiliar UI. But maybe I’m just overthinking.
I have came across following line in text book (Database System Concepts Textbook by Avi Silberschatz, Henry F. Korth, and S. Sudarshan $ 6e$ ) page no. 686:
Thomas’ write rule allows schedules that are not conflict serializable but are nevertheless correct. Those non-conflict-serializable schedules allowed satisfy the definition of view serializable schedules (see example box).
What I understood from above lines is that every schedule generated by timestamp protocol following thomas’s write rule is view serializable.
Now let’s take following little schedule: $ S: R_1(X), W_2(X), W_1(X)$ .
This schedule $ S$ is allowed under timestamp protocol which follows thomas’s write rule.
And serialization order is $ R_1(X), W_1(X).$
But I was not able to prove that it is view serializable.
Actually I think that it is non-view serializable because,
Consider serial order as $ T_1, T_2$
Now final value of $ X$ is being written by $ T_2$ . So not equivalent.
Next alternative serial order is $ T_2, T_1$
here, $ R_1(X)$ will read value of $ X$ written by $ T_1$ not original value which was there before start of both transaction. So this too is not view-equivalent.
What is going wrong here. please help me with this one.
In a same fashion, is there a risk (for one’s privacy) that if someone shares a single photo somewhere on the web, then we can find all photos shared by the same person on internet?
Indeed, photos metadata (EXIF) are sometimes present on photos that people upload to their website (people sometimes don’t remove them), containing:
- name of the device (ok, many people in the world have the same device)
- maybe firmware version (then the number of people having the exact same version is lower) or OS version?
- sometimes geolocation
- other unique IDs?
Then won’t using a service like images.google.com (or a similar tool which offer metadata advanced search) allow anyone to find all photos uploaded by the same user?
More precisely: given a set of metadata coming from a photo, can people easily search all photos on internet made by the same device (thus creating a privacy risk)? Or do major image search engines prevent this to happen (by rejecting metadata search)?
Example for a photo:
---- File ---- FileName : ... Directory : ... FileSize : ... FileModifyDate : ... FilePermissions : ... FileType : JPEG MIMEType : image/jpeg ExifByteOrder : Little-endian (Intel, II) ImageWidth : ... ImageHeight : ... EncodingProcess : Baseline DCT, Huffman coding BitsPerSample : 8 ColorComponents : 3 YCbCrSubSampling : YCbCr4:2:0 (2 2) ---- EXIF ---- ImageWidth : ... ImageHeight : ... Make : ... Model : ... Orientation : Rotate 180 XResolution : 72 YResolution : 72 ResolutionUnit : inches Software : Ai0j1i567fs ModifyDate : ... YCbCrPositioning : Centered ExposureTime : ... FNumber : ... ExposureProgram : Program AE ISO : ... ExifVersion : 0220 DateTimeOriginal : ... CreateDate : ... ComponentsConfiguration : Y, Cb, Cr, - ShutterSpeedValue : 1/132 ApertureValue : ... BrightnessValue : ... ExposureCompensation : 0 MaxApertureValue : ... MeteringMode : Center-weighted average LightSource : Unknown Flash : Fired FocalLength : ... UserComment : ... FlashpixVersion : 0100 ColorSpace : sRGB ExifImageWidth : ... ExifImageHeight : ... InteropIndex : R98 - DCF basic file (sRGB) InteropVersion : 0100 SensingMethod : One-chip color area SceneType : Directly photographed ExposureMode : Auto WhiteBalance : Auto FocalLengthIn35mmFormat : 31 mm SceneCaptureType : Standard ImageUniqueID : H07RA02XP GPSVersionID : 220.127.116.11 ImageWidth : 512 ImageHeight : 288 Compression : JPEG (old-style) Orientation : Rotate 180 XResolution : 72 YResolution : 72 ResolutionUnit : inches ThumbnailOffset : ... ThumbnailLength : ... ---- MakerNotes ---- MakerNoteVersion : 0100
I have a MikroTik router. I want to allow only Youtube videos and block all other videos. I tried to write an extended ACL but I really have no idea. Maybe allow only Youtube videos source URL and block other URLs? Can you guys help me?