Does the multilingual feat allow me to choose a language I don’t have access to?

The Pathfinder 2e multilingual feat says:

You easily pick up new languages. You learn two new languages, chosen from common languages, uncommon languages, and any others you have access to.

Uncommon character options, including languages, require some special feature to access. For example, Gnome Weapon Training grants access to Gnome weapons.

Does the multilingual feat allow a player to access an uncommon language that they don’t have access to? The text of the feat says you can choose from “uncommon languages”, it’s just surprising to me that a player could get carte blanche access to any language they want.

Should we allow email invitations sent to an email address to be used with another?

Let’s say I have a SaaS platform, like a B2B platform where there are company accounts.

In this platform users can invite other users to join the company account by sending them an invitation link in an email with a secure token (à la Google Drive or GitHub).

Should we then let the invited user subscribe using a different email from the one where they received the invitation ?

That question regards primarily UX experience, although some security concerns might also be raised (I couldn’t find a more appropriate site for that kind of questions).

Best UI pattern to allow the user to assign 1 level nested items to two groups

My issue is something similar to this one – Best UI pattern for letting a user assign items to groups

I am looking for a good UI design for mapping items between 2 groups (only one-to-one mapping). These items can be under a parent or by itself. I thought of drag-and-drop/ having checkboxes (or switch like) to turn on for any one group.

Items Group 1 Group 2

Item A
Item A1 checkbox checkbox

Item B checkbox checkbox

Does the Primal Awareness feature allow you to cast each spell once?

In the Unearthed Arcana – Class features article, Primal Awareness, a new variant feature for the ranger was introduced, replacing Primeval Awareness.

This feature lists a number spells as additional spells known that don’t count against the number of ranger spells you know. That part of the feature is fairly clear. However, it goes on to say:

You can cast each of these spells once without expending a spell slot. Once you cast a spell in this way, you can’t do so again until you finish a long rest.

To me, this section is unclear and has two possible interpretations:

  1. “You can cast each of these spells once…” – You can cast each of the spells lists 1/long rest without expending a spell slot. A total of 6 spells cast per day.
  2. You can cast any of these spells once. – Once you have cast one of these spells in this way, you cannot cast any of them until you finish a long rest. A total of 1 spell cast per day.

I can make a logical argument for both cases, one based on the first sentence, the other on the second.

Which of these interpretations is correct?

Would HTTP Header injection allow for an XSS vulnerability if content-type is application/force-download?

I am currently conducting a pentest and I found an application vulnerable to http header injection, where the user input is reflected after the Content-Type header, and the Content-Type is set to application/force-download. That is, the attacker can pass content in the GET parameter that is then reflected in the header. Imagine a request like so:


Which then yields a reponse like so:

HTTP/1.1 200 OK Date: Wed, 06 Nov 2019 22:14:22 GMT Server: [...] Content-Length: 2 Content-Type: application/force-download; charset=UTF-16 Content-Disposition: attachment; filename=reflected-header_malicious_payload Connection: close 

I am trying to asses the severity of this finding, in particular whether it would allow for an reflected XSS attack. It seems to me that there is no way to get around the Content-Type: application/force-download which leads me to believe that the severity is pretty low.

Allow the user to toggle between 2 ways to display content on mobile?

So I have some page for a mobile app that I want to display a list of products. I have two options and I don’t know what to choose:

  1. Show items in a grid with a large picture and a small description (Assuming the phone is portrait, you can fit 2 items side by side, 2-3 rows, so there may be 4-6 items shown in the screen)
  2. Show items in a list, with a small picture and a medium-sized description (Kind of like a playlist in Apple Music)

Seeing as how both options can be good, as the casual users may prefer form over function (preferring option 1) and that the more detail oriented users may prefer function over form (preferring option 2), I feel like I should offer an option for users to toggle between the two. That seems to be the most natural solution, given that I find it hard to pick between the two.

However, that would mean I would have some sort of toggle button on the page, which may take away from the experience itself, ruining the aesthetics of the page, and making it more complicated.

So what should I do?

  1. Show a grid of items, thus focusing on aesthetics and potentially ruining the small minority of users who prefer more information
  2. Show a list of items, thus focusing on practicality, benefiting the small amount of people that do want the information, but potentially making the app more uglier for everyone else

  3. Add a button to toggle between the two views (on the same page), focusing on practicality for everyone, but ruining aesthetics for everyone (extra unneccessary UI elements and cognitive overload)

  4. Add a button to toggle between the two views, but in the settings. This doesn’t ruin the page with an unnecessary additional toggle button, and gives users who wish to see more details, the option to do so, hidden in the settings, and gives the ordinary casual user the aesthetics that they prefer. However I feel as though this may confuse users even more, especially if there are situations where a user may look at/use another user’s device and have some sort of unfamiliar UI. But maybe I’m just overthinking.

Does timestamp protocol following thomas’s write rule allow non-view-serializable schedules in some cases?

I have came across following line in text book (Database System Concepts Textbook by Avi Silberschatz, Henry F. Korth, and S. Sudarshan $ 6e$ ) page no. 686:

Thomas’ write rule allows schedules that are not conflict serializable but are nevertheless correct. Those non-conflict-serializable schedules allowed satisfy the definition of view serializable schedules (see example box).

What I understood from above lines is that every schedule generated by timestamp protocol following thomas’s write rule is view serializable.

Now let’s take following little schedule: $ S: R_1(X), W_2(X), W_1(X)$ .

This schedule $ S$ is allowed under timestamp protocol which follows thomas’s write rule.

And serialization order is $ R_1(X), W_1(X).$

But I was not able to prove that it is view serializable.

Actually I think that it is non-view serializable because,

  1. Consider serial order as $ T_1, T_2$

    Now final value of $ X$ is being written by $ T_2$ . So not equivalent.

  2. Next alternative serial order is $ T_2, T_1$

    here, $ R_1(X)$ will read value of $ X$ written by $ T_1$ not original value which was there before start of both transaction. So this too is not view-equivalent.

What is going wrong here. please help me with this one.