Why do 2019-era email clients [(+/-) a few years] often allow you to delete or enter new destination addresses, but not fully edit them?

Suppose that you are writing an email. You mistype someone’s address in the “To” field. For example, maybe you write, “john.reed@blah.com.” Before sending the email, you remember that that person spells their name in a funny way. You want to delete the letter “H” in “john.” The correct email address is “jon.reed@blah.com”

In a significant number of present-day email clients you cannot edit an email address already entered into the “To” field. Once you press enter or shift the keyboard focus to the body of the email, the “To”-address changes. The user interface changes what you have typed into something which can be deleted/removed, but not edited. This is also true of the carbon-copy fields. If you mistype someone’s email, you have to delete the address completely, and re-type it. For many email clients, left-clicking on the email address might delete it, but it does not enable text editing.

I am talking about the front-end of the interface, not what’s under the hood. What is weird is that in the years from 2000 to 2010, editing a destination email address was trivial. In most email clients, the “To” field was a text-box. You could click anywhere inside of the “To” field and type almost anything you liked. The backspace key worked fine; the delete key worked fine; anything.

Features do not become popular in multiple competing companies user-interfaces, unless those features are an improvement over the old way of doing things. There must be a rationale for disallowing users from editing email addresses previously typed into the “to” field. Technically, you can edit them by deleting and re-typing from scratch, but hopefully my meaning is apparent. What is the thinking behind this? Is it a matter of making “the common case” fast? Which user-cases are faster/easier using the (new or delete) style of design instead of the old (edit text) style of design?

Are most Linux systems that allow non-root users to execute code straightforwardly rootable?

long story short if you can execute code on a box it is usually straightforward to get root

(quote source)

The immediate implication of this quote (if it’s accurate) is that if you’re running a multi-user system and don’t try your darndest to prevent all users from creating files with x permission set, the system is as good as compromised. The corollary is that operating a multi-user system, such as ones typically found in universities, that by design allow all students to do exercises in C, C++, assembly etc, is pointless, since any student can straightforwardly root this system.

Since running computer systems intended to be used by more people than their owners is not considered pointless, and privilege limiting facilities (users’ rights management, sandboxing, etc etc) are not considered useless, I somehow doubt these kinds of comments. But what do I know?

Is it true that most Linux systems are straightforwardly rootable by anyone who can execute code on them?

Allow user to export data, what about security?

We developers of course try to create the most secure (web) application out there that will not be hacked. While we already know it’s impossible to know for certain that your application is secure, we at least do our best effort.

By choosing one of the big cloud platform solutions (Azure, AWS, Google) you at least know they do their best to keep hackers away from your web/database servers.

So, let’s pick e-commerce for example: A lot of customers, a lot of personal data stored in one database.

Let’s say Azure/AWS/Google does their job good at security and the developers do their job good at security. That means it actually comes down to your users.

You know, those users who use the same password everywhere, ending with their birthday and a ! because some password fields require a special icon. Those users that would click on any link they receive in their inbox.

Most, if not all, web applications allow to export data. “I want to analyse last year’s sales”, “I want to analyse stock inventory”. All valid reasons to get your data in Excel and play around with the data.

Now what I am wondering, how do small to large businesses deal with security?

In theory, a employee could export all customer data, have it stored on their personal computer, the personal computer gets stolen and 5 days later an awesome database pops up online containing all your users information. And these days it is not that uncommon for small and big businesses being hacked.

Do you:

  • Limit the user in how much data it can export?
  • Somehow allow or deny access to exporting certain fields?
  • Enforce to always upload to a cloud storage like Microsoft OneDrive and educate the user not downloading it?
  • Use Active Directory while employees use their personal computers?
  • No export at all and provide dashboard graphs on-request?

What else?

Many websites allow passwords equal to username or e-mail address. Is this not a security risk?

I’m currently testing password policies on websites to get a feeling for what might be an acceptable policy/trade-off that provides good protection for our users without frustrating them.

I was surprised to find out that each and every website I tested allowed me to set a password that was equal to my username or e-mail address. If it couldn’t be set to the username, it was only because it didn’t meet the minimum length requirement. Equal to e-mail address worked every time. Even on sites that had rather strict policies otherwise.

Instinctively, I would think that this is no more secure than using a stupid password, such as “1234” or “password”. I’m also pretty sure that NIST SP 800-63B advises against such context-specific passwords (i.e. containing application name, username or user e-mail address). Unfortunately, I cannot verify this claim, as the NIST publication seems to be currently unavailable due to the US government shutdown.

Am I wrong in thinking that such context-specific passwords should be treated in the same manner as “stupid” passwords? If yes, what am I not seeing?

Does the feat “Channel Ray” allow you to crit with Channel Energy?

The Feat Channel Ray allows you to make channel Energy as a Ray attack. This of course means that there is an attack roll involved in resolving the attack.

You must succeed at a ranged touch attack to hit an unwilling target; your target is then affected by the channeled energy as normal and receives a saving throw.

Would this allow the cleric to critical hit with Channel Energy? And if so, would this extend to any effect that converts an area of effect into a single target effect requiring an attack roll?

Only allow one checkbox to be selected

I have two checkboxes and I want them to start of unchecked. but if select one, and then choose to change your mind and select the other box, then the previous one goes unchecked. My code so far is below, I am so close. But when I run my app when you select one they both turn on or off. Please help.

    private void customer_IsCheckedChanged(object sender, EventArgs e)     {         if (business.IsChecked == true)         {             business.IsChecked = !customer.IsChecked;         }          if (business.IsChecked == false)         {             business.IsChecked = !customer.IsChecked;         }      }      private void business_IsCheckedChanged(object sender, EventArgs e)     {         if (customer.IsChecked == true)         {            customer.IsChecked = !business.IsChecked;         }          if (customer.IsChecked == false)         {             customer.IsChecked = !business.IsChecked;         }     } 

Validate Date Columns that allow for blanks

I have a list with three date columns, Start Date, Due Date and Extended Due Date. I need to have validation set so that the Due Date is no later than 14 days from the start date and the extended due date is no later than 30 days from the start date. But the validation also needs to ignore when either column is empty. I can get the formula so that it’ll validate one or the other but not both.

Trying to modify it I keep getting validation errors. Can anyone help?

My formula =IF(AND(ISBLANK [Permit End Date]>=[Permit Start Date],IF(DATEDIF([Permit Start Date],[Permit End Date],"d")<=14,True,False),False))IF(AND(ISBLANK IF([Extension End Date]>=[Permit Start Date],IF(DATEIF([Permit Start Date],[Extension End Date],"d")<=30,True,False),False)))

IPtables allow traffic from only an ip and one port to one port

I have this command for allow traffic to one port only from one ip:

iptables -I INPUT ! -s $  BUNGEE_IP -p tcp --dport $  PORT -j DROP 

But I would like allow only a single port of “$ BUNGEE_IP”, something like this, but dosen’t work:

iptables -I INPUT ! -s $  BUNGEE_IP:$  PORT -p tcp --dport $  PORT -j DROP 

How can i do this?