How can I gain resistance to poison and/or necrotic damage?

I’m about to start a campaign that I suspect will be filled with poisonous & necrotic monsters due to the setting. I have been thinking of playing a stout halfling, but would prefer to play one with a wisdom bonus. Are there any other ways to gain resistance to at least one of these types?

I will likely be a squishy cleric in a caster role, so I should be able to avoid most of it – but I’m wondering if there’s anything else I can do.

XSS filter bypass &lt and/or

On a homepage I can inject HTML-text in the URL. After som T-and-E I was able to send in this thing; ?type=<script<script>>alert(1)</script<script>> Which gave me a homepage which presented me with the headline-text: <script>alert(1)</script> So I am pretty close.

The Page Source had the following HTML: <h1>&lt;script>alert(1)&lt;/script></h1> So for some reason only the Less-than is transformed into &lt. As soon as I send in the &-sign the whole html-injection is filtered out.

Any suggestion on how I can bypass this. I have tried double encoding to get the real “<“-sign. Any “<“-sign sent into the URL gets converted into &lt.

I have tried suggestions from OWASPs checklist, Portswagger, Stackoverflow etc. The injection is out-of-tags. It is not in a script or html-tags, so I need to put it between tags according to me.

Chkrootkit and Rkhunter – What other tools are capable and proper to diagnose risks and/or infections?

PREAMBLE

I’m on the internet for a while looking for the right security tools to locate and diagnose malware on Linux servers. Tools capable of doing system scans on Linux. Tools with capabilities and characteristics similar to Chkrootkit and Rkhunter.

I know that there are many tools to find malware like ClamAV, Linux Malware Detect (maldet), Sophos and Lynis. But most of these tools are intended for system hardening, file servers, email servers or shared hosted environments…

The only tools capable or proper to do system scans on Linux systems that I have found so far are Chkrootkit and Rkhunter, as we can see in a successful detection made by Chkrootkit in this thread https://unix.stackexchange.com/a/567413/61742 .

That is, the other tools are not able to deal with risks for the Linux system itself, such as detecting if the system is infected. In general they are only able to scan specific folders and tell you whether a file is dangerous or not and remove it.

Contrary to what is thought by many people, Linux is vulnerable to malware. Tools like Chkrootkit and Rkhunter play a very important role!

According to the good experiences I had with my servers in my infrastructure, the best way to find malware on Linux is to use several tools together as done in this tool that I made available to the community https://github.com/eduardolucioac/private_tux (BSD-3-Clause license) and that I use on my infrastructure daily.

Finally, I think this question is very relevant to the community, it needs to be done and it was done in the right place!

NOTE: I’m the author of Private_Tux and it has no commercial purposes (BSD-3-Clause license).


QUESTION

What other tools are capable and proper to diagnose risks and/or infections (malware) in the Linux system?

What’s a quick test to see if an $n \times n$ matrix is diagonal and/or proporitional to the identity matrix?

As the title indicates, I want to test whether an $ n \times n$ matrix (numeric, symbolic,..) is diagonal and/or proportional to the $ n \times n$ identity matrix. I, of course, can test whether the $ n^2-n$ individual off-diagonal entries are zero–but that’s, it would seem, is inefficient.

Why aren’t distributed computing and/or GPU considered non-deterministic Turing machines if they can run multiple jobs at once?

So we know a nondeterministic Turing machine (NTM) is just a theoretical model of computation. They are used in thought experiments to examine the abilities and limitations of computers. Commonly used to dicuss P vs NP, and how NP problems cannot be solved in polynomial time UNLESS the computation was done on the hypothetical NTM. We also know an NTM would use a set of rules to prescribe more than one action to be performed for any given situation. In other words, attempt many different options simultaneously.

Isn’t this what distributed computing does across commodity hardware? Run many different possible calculations in parallel? And the GPU, does this within a single machine. Why isn’t this considered an NTM?

What message/instruction should be given for downloading an image for browser and/or tablet

I need users to download an image from my web app. For browsers that support the HTML 5 ‘download’ attribute my Download button automatically opens the browser download window. However, users on the remaining browsers need to download the image the old fashioned way.

To save an image from a browser on a non-touch device, one right clicks and selects “Save Image As…” and on a touch device, one can usually tap and hold the image and select the save image option.

What concise message/instruction will tell the user to perform the above mentioned actions to download the image? Since we cannot tell with 100% accuracy what device a user is using we would need a combined message (handling touch and non-touch devices)? Though seems that might be unwieldy and long.

Also is asking user’s to “right click” on OSX valid? While there are a number of ways to right click, for the average OSX user, is it something one can expect knowledge of?

Is relational algebra a procedural, imperative, and/or declarative language?

In Database System Concepts 6ed,

6.2 The Tuple Relational Calculus

When we write a relational-algebra expression, we provide a sequence of procedures that generates the answer to our query.

The tuple relational calculus, by contrast, is a nonprocedural query language. It describes the desired information without giving a specific procedure for obtaining that information. A query in the tuple relational calculus is expressed as: {t | P(t)}. That is, it is the set of all tuples t such that predicate P is true for t.

Does the above mean that relational algebra is a procedural language?

Is relational algebra a declarative language?

Is the tuple relational calculus a declarative language?

Is the tuple relational calculus more declarative than relational algebra is?

Is a procedural language an imperative language? (This is always what I heard, but I also heard that SQL is a declarative language (so is relational algebra) so is not imperative.)

What is the correct or most reasonable or most accepted definition of procedural languages, imperative languages, and declarative languages?

Thanks.