Time to FCP changes based on order of and tags

I was troubleshooting why one particular page took a full second longer to reach FCP compared to similar pages for mobile according to Google’s Page Insights. The difference ended up being the order of two tags at the beginning of the page.

3.4 seconds to FCP

<h2>heading</h2> <p>some paragraph</p> 

versus 2.5 seconds to FCP

<p>opening paragraph</p> <h2>heading</h2> 

In the first scenario, Google Page Insights gave a logo from the header as the FCP content. But with the second scenario, Google would display either text from the <p> or <h2> tag for the FCP content.

Why would the order of these two simple tags change the FCP content from text to an image header?

What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?

I’m currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.

In order to achieve this, I need to know what the constraints are for the TCP window size field in the TCP packet header. Imagine a client has just sent the last TCP-ACK packet to a server in order to complete the 3-way handshake. He then immediately proceeds to send a GET request to the server (these 2 packets are thus sent one after the other, and contain the same ACK-number).

What happens if the TCP window size in the TCP-ACK packet does not match the window size in the TCP packet containing the GET request? Will the receiver simply observe the last value for the window size that he obtained? Or will there be a violation in the TCP protocol in any way? You can assume that the change in window size is very small, and will not cause the buffer to be full.

More generally, if the client sends N uninterrupted packets (e.g. a heavy-load POST request), can he change the window size in each packet header without repercussions?

UTL_FILE direcotry name changes oracle 19c

I’ve scripts where UTL_FILE.FOPEN is used and the parameter passing for directory is an absolute path i.e., /asr/file/path and the corresponding oracle directory name as ASR_ABC but after up-gradation to oracle 19c the parameter is expected to be direcotry name ASR_ABC instead of absolute path /asr/file/path.

If I pass an absolute path I get error as Invalid path.

Do I have to change all the files from absolute path to directory name? or is there any work around which can be done from database to avoid changes in all files?

WE have made changes on TEST server but it is impacted on PROD SQL server

We have 2012 SQL SERVER(PROD), client cloned a Test server from PROD, For testing the Upgrade process.

While performing the SQl server upgrade we have restarted services on TEST, after restarting the services Report server schema version is changed from 163 to 164 on PROD. We got SSRS connection issues to fix the issues we have changed the report server schema version to 163 on PROD.

We are confused that we have restarted services on TEST but report server verion changed on PROD how it happens

Simultaneous state changes: Demilich Howl

A Demilich has the following action available to it:

Howl (Recharge 5-6). The demilich emits a bloodcurdling howl. Each creature within 30 feet of the demilich that can hear the howl must succeed on a DC 15 Constitution saving throw or drop to 0 hit points. On a successful save, the creature is frightened until the end of its next turn.

A party of adventurers faces a Demilich. One of them is a Paladin with the 10th level feature Aura of Courage:

Starting at 10th level, you and friendly creatures within 10 feet of you can’t be frightened while you are conscious.

The demilich gets close to the party (who are all within 10 feet of each other), and uses its Howl. The Paladin fails the save, while their friends succeed it. Are their friends frightened?

Relevant factors:

  • The Paladin will be dropped to 0 HP, and thus unconscious. When that happens, their Aura of Courage will stop working.
  • We know from Does a Paladin's Aura of Courage prevent or suspend frightened effects? that if the Aura of Courage is up when the frightened effect tries to apply itself, the Aura going down after that will not mean the effect resumes; it was initially prevented and so is not merely suspended.

So the only question that remains is: Will the Paladin still be conscious at the point the Howl attempts to apply the frightened condition to the party? Or will they already be unconscious?

What major changes will 5e bring in the Forgotten Realms campaign setting?

As I understand it 4e takes the Forgotten Realms storyline up to around 1469 DR. How far will 5e take it, if at all?

Will there be many changes to the story?

I am using many realms characters, such as Jarlaxle, in my campaign.. my campaign takes place in 1499 DR and I try to follow the Forgotten Realms Campaign Setting as closely as possible; will I expect drastic changes in things like deities come 5e? Or will 5e be more about mechanical changes, etc.?

What lore events marked the changes between editions?

It was mentioned in this answer that “Only two characters have ever managed to free themselves from Ravenloft, and the only one to actually manage to stay free, Vecna, broke reality so hard in the process that it changed the AD&D 2e rules into D&D 3e rules.” which made me wonder “what other lore events have caused editions to change?”

Did changes in Google Chrome 80 weaken cookie and password encryption?

According to Arun on StackOverflow “Starting Chrome 80 version, cookies are encrypted using the AES256-GCM algorithm, and the AES encryption key is encrypted with the DPAPI encryption system, and the encrypted key is stored inside the ‘Local State’ file.”. (https://stackoverflow.com/questions/60230456/dpapi-fails-with-cryptographicexception-when-trying-to-decrypt-chrome-cookies/60611673#60611673).

Now at first glance this looks like an improvement rather than passing cookies to Windows Data Protection API (DPAPI) directly they’re encrypted with a better algorithm and only the key is protected through the API. Stronger encryption is used and Windows Data Protection API encrypts the key. Unfortunately the protection scope is changed from LocalUser to LocalMachine.

It appears that this means if a user were to copy the hard drive by plugging it into another computer they would no longer need your Windows account password to decrypt this key in the local state file with the Windows Data Protection API. In theory this would allow another user on the system to steal passwords and cookies weakening security protections that existed further.

I put together a code demo with Brave Browser demonstrating this risk (see: https://github.com/irlcatgirl/BraveCookieReaderDemo). It’s easy enough to swap paths of SQLite and Local State files for Chrome.

According to https://docs.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata#parameters

Typically, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can only be done on the computer where the data was encrypted. However, a user with a roaming profile can decrypt the data from another computer on the network. If the CRYPTPROTECT_LOCAL_MACHINE flag is set when the data is encrypted, any user on the computer where the encryption was done can decrypt the data. The function creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted.

Due to a change in scope in Windows DPAPI did this change harm Chrome’s security or am I misinterpreting my findings?