I’ve been able to transfer files from this device to any PC since I’ve owned it, up until a few days ago. Usually when it is connected by a USB to a PC I will see the drop down notification that will allow me to change the USB connection settings. After restarting my phone, this notification will only stay for about 30 seconds. All the while, the USB continues to charge. When I do get the chance to see this menu, I choose MTP but the changes don’t apply and the screen generally doesn’t respond, going dark and unresponsive until I press the home icon. In my developer options I’ve allowed USB debugging, and my USB Configuration as MTP and PTP but that doesn’t seem change anything. I’ve triple checked my USB cords, which have worked in the past and work with other phones. I’m at wit’s end! I need help!
Given these ufw rules :
ufw status verbose 2001:nnn:0:400b::12 DENY IN Anywhere (v6) 2001:nnn:0:400b::12 DENY OUT Anywhere (v6)
Why is this ping out and response in allowed :
ping6 2001:nnn:0:400c::12 PING 2001:nnn:0:400c::12(2001:4e8:0:400c::12) 56 data bytes 64 bytes from 2001:nnn:0:400c::12: icmp_seq=1 ttl=60 time=15.9 ms
There must be some basic concept about firewall rules that I’m not getting. To my learner’s mind, the ping request out should be denied. And even if that slips by, the response should be denied.
Is there any security risk for an application allowing a user to register multiple TOTP devices for a single account?
I’ve noticed that with many popular accounts (gmail, github) you have the ability to register multiple security tokens, but not register multiple TOTPs, and I’ve been pondering why.
To me, it looks beneficial for applications to allow for multiple TOTP registrations as the shared secret is less likely to be saved outside of the app (to allow ad-hoc registrations for the same account), or a workflow in which a user completely turns off MFA in order to re-register all devices with a new shared key.
I’m trying to understand the history of why there are so many implementations of only having a single TOTP registration per account at any given time. Is there a security recommendation against allowing multiple registrations?
I am not looking for an opinion about semantics but simply for a case where having getters sensibly used is an actual impediment. Maybe it throws me into a never-ending spiral of relying on them, maybe the alternative is cleaner and handles getters automatically, etc. Something concrete.
I’ve heard all the arguments, I’ve heard that they’re bad because they force you into treating objects as data sources, that they violate an object’s “pure state” of “don’t give out too much but be prepared to accept a lot”.
But absolutely no sensible reason for why a
getData is a bad thing, in fact, a few people argued that it’s a lot about semantics, getters as fine per-se, but just don’t name them
getX, to me, this is at least funny.
What is one thing, without opinions, that will break if I use getters sensibly and for data that clearly the object’s integrity doesn’t break if it puts it out?
Of course that allowing a getter for a string that’s used to encrypt something is beyond dumb, but I’m talking about data that your system needs to function. Maybe your data is pulled through a
Provider from the object, but, still, the object still needs to allow the
Provider to do a
$ provider[$ object]->getData, there’s no way around it.
Why I’m asking: To me, getters, when used sensibly and on data that is treated as “safe” are god-sent, 99% of my getters are used to identify the object, as in, I ask, through code
Object, what is your name? Object, what is your identifier?, anyone working with an object should know these things about an object, because nearly everything about programming is identity and who else knows better what it is than the object itself? So I fail to see any real issues unless you’re a purist.
I’ve looked at all the StackOverflow questions about “why getters / setters” are bad and though I agree that setters are really bad in 99% of the cases, getters don’t have to be treated the same just because they rhyme.
A setter will compromise your object’s identity and make it very hard to debug who’s changing the data, but a getter is doing nothing.
We are in a mid-sized enterprise environment and are looking at forcing specific passwords for all users. I’ve found nothing recent or relevant about this.
1) The main reason is to ensure personal passwords (often compromised) are not used in our environment. Go ahead and use your LinkedIn password for your bank account, just keep it out of my environment.
2) IT is familiar with generating long, full charset, but still highly memorable passphrases. Whereas a user facing a 14 character minimum might immediately forget what they just entered. correct horse battery staple, baby!
3) Entropy. What’s better than generating your own passphrase? Having a password nerd admin who knows what “random” actually means do it for you.
4) The company culture supports it. Users are coddled. Help Desk staff keeps an encrypted list of passwords because users assume we can log in as them on a whim. In our case, the risk of someone in IT setting the world on fire doesn’t lessen by setting passwords. That risk is inherited by the trust bestowed upon us by users. They want (ugh, need) IT to have their password.
5) Microsoft has just changed their tune about password expiration policies, placing more weight on length and charset. More of a selling point to the change. “Ok you don’t have to change your password as often, but in exchange we’re going to set a secure one for you”
6) All accounts still sit behind MFA, maximum login attempt policies, etc. No reason to stop using common sense now.
This all wreaks of a “we know better than you” mentality but other than that, what are the pros and cons?
I am planning to start a new asp.net core MVC web application. One of the features we are having is that anonymous users can register inside our web application by entering their email addresses. then our system will send them a confirmation email, to activate their accounts.
Now by default the system will show error message, in-case a user try to register using existing email address, even if the existing email address was not confirmed. now this will pose a major problem in our system, is that hackers can use others’ email addressees, and prevent them from registering inside our web application. Our web application is a CRM-like for real estate companies, and hackers can try to add as many email addresses has they want, they can get these email addresses from the companies’ web sites such as
admin@.. , etc. So is there any problem if I do the following modifications:-
- If the user did not confirm the email address in 1 hour, then the system will automatically remove his email address?
- When I want to check if an email address is unique to check only the approved email addresses.
I’m playing an eladrin wizard in a homebrew game of a friend. After hitting level 6 I’m thinking of multiclassing into sorcerer, because it fits thematically. I’m an accidental traveler from The Feywild and, through adventuring and study, I’m slowly learning more about my origins while getting more in touch with my “instinctive” side of understanding the weave.
Party composition at level 5 (currently): dwarf barbarian, half elf assassin/fighter, wood elf ranger, high elf arcane archer.
Other possibly relevant details about my wizard:
- I’m a Conjurer who focusses on utility and crowd control over blasting.
- I have +5 Intelligence and +3 Charisma.
- Thinking of multiclassing into Dragonic Bloodline or Divine Soul.
According to Can a multiclass Wizard copy any Wizard spell they find into their spellbook?
You determine what spells you know and can prepare for each class individually, as if you were a single-classed member of that class.
If you have more than one spellcasting class, this table might give you spell slots of a level that is higher than the spells you know or can prepare. You can use those slots, but only to cast your lower level spells.
So by RAW, a wizard12/sorcerer8 would have one 9th level spell slot but would not be able to prepare and cast spells of that level.
How would it imbalance gameplay at the table when allowing a multiclassed wizard12/sorcerer8 to cast spells for which one has spell slots? Please include player and DM perspective in your answer, and support it with first hand experience. I’m not looking for “just” opinions.
I’m mostly interested in how it would imbalance play at my table. For other tables, it’s good to include how this example of wizard12/sorcerer8 compares to a wizard20 or sorcerer20.
The DM is thinking about whether to allow it or not, so I’m helping in acquiring information. I’m asking about the multiclass of wizard and sorcerer specifically because their spell options seem quite similar, which doesn’t sound game breaking to us. As always, please support your answer with (similar) experience(s) at your table.
Is there a file system standard (like LUKS) that allows anyone who can plug in the hard drive to read files, but requires a passphrase to modify or write? For example, I can do something similar by signing an unencrypted file with
gpg whenever I save it.
I admit it’s impossible to prevent a malicious OS from modifying the files anyway. Therefore I’m looking for a file system that can detect malicious changes in such a way that an attacker without the passphrase cannot simulate an authorized change without breaking a modern cryptographic function.
I’ve recently bought some cheap vps, and would like to open some ports, i already done that on server with ufw. btw I’m connecting to a VPN that allows me to forward ports to my local machine via OpenVPN since my local provder is blocking ports.
OpenVPN works fine on my pc all connected and working but it shows me only TCP ports are open,all UDP ports closed when i connected on VPN, but when i check on some webiste port checker and paste ip of server it tells its open..
i guess it has somehing with iptables or something like that..? Could anyone help me? THANKS
Following up on Can Sneak Attack be used when hitting with an improvised weapon?
Not unless you have an ability that allows Sneak Attack with an improvised weapon
Or, at DM’s discretion:
Maybe – if it’s similar enough to a qualifying weapon
This means I’m entering homebrew terrain when I’ll continue allowing improvised weapons – thrown flasks of Holy Water in this case – to trigger Sneak Attack. And that’s exactly my plan. My reasoning for doing so is because of my interpretation of Sneak Attack: it’s the placement and skill of the wielder that sets circumstances for dealing extra deadly damage, not the weapon wielded.
Party composition, at level 11: minotaur paladin, animated armor eldritch knight/wizard, undead high elf mastermind rogue, undead tabaxi ranger/assassin/warlock, tiefling warlock.
This question is not about whether it’s a good idea to allow this mechanic, or whether my interpretation is “right”. I’m mostly interested in how it would imbalance the gameplay for the table, and if there’s known issues that I should be aware of as a DM. Please support your statements by experience at your own table. Both player and DM perspectives are much appreciated.