Can I opt out of checking carry-on at the gate?

The other day I was one of the last passengers to board a (domestic US) flight, and my carry-on bag was checked at the gate without asking. I suppose this was due to lack of space in overhead bins (however there was room right above my seat). What if my carry-on consisted entirely of fragile items? For example some kind of neatly packed set of wine glasses or something similar? Could I refuse to check the bag?

Can I start Apache without checking directories?

I use Apache to run some sites on my localhost for development, but some of them are on a removable hard drive. It can run just fine if I eject the drive (the sites just won’t load), but for some reason Apache refuses to start up if the drive is not plugged in, so if I don’t have it with me I need to open the config and comment out the directories on it.

Is it possible to somehow tell it to start up regardless?

Checking baggage through to final destination, Canada to US?

I’m a Canadian citizen, traveling from Canada to the US. I have a 5-hour layover in Toronto where I will continue to Minneapolis. Will I need to claim my baggage to take it through customs at YYZ? If so, will I need to claim it as soon as I arrive? Not looking to carry around my bags for 5 hours if I can avoid it, and I can’t find a clear answer online. I’m transferring from WestJet to Delta at Toronto, and the whole itinerary was booked through WestJet. I called them and they just told me the ticket agent would tell me what to do.

form field checking not working

my name is frank(ferenc in hungarian), I have quite a big headache, checking form fields with functions click, each, works untill fields are empty, if I just complete filling partially it doesn't work. at the first ok, the checking stops. please help me, thank you, frank
the faulty code:
$ (".button1").click(function(){
var emptyfield = true;
$ (".input-check").each(function(){

//$ ("span").text(inpattr)
var inputattr = $ (this).attr("id");
if (…

form field checking not working

Checking an interesting result for a sum

This question is related to this post, but I am fairly sure this is a computer job to disprove it. The following result is given: $ $ \sum_{n=1}^{\infty}\left(\frac{\sin(22n)}{7n}\right)^3=\frac{1}{2}\left(\pi-\frac{22}{7}\right)^3$ $ It can be rewritten as: $ $ S=\sum_{n=1}^{\infty}\left(\frac{\sin(22n)}{7n}\right)^3=\frac{3}{4\cdot 7^3}\sum_{n=1}^\infty \frac{\sin(22n)}{n^3}-\frac{1}{4\cdot 7^3}\sum_{n=1}^\infty \frac{\sin(66n)}{n^3}$ $ $ $ =\frac{1}{1372}\left(3\text{Cl}_3(22)-\text{Cl}_3(66)\right)$ $ Where $ \text{Cl}$ is the Clausen function of order $ 3$ :

Can someone with a more advanced computer check if this result matches?

I could only verify up to $ 100$ decimal places.

Why is not checking the origin of postMessage insecure?

Typically, within the onmessage handler, you would have something like this:

window.onmessage = function(e) {     if (e.origin != "")         return;     //Do stuff }; 

The check for e.origin is meant to ensure that only that site can access whatever is after the check. However, if my understanding is correct, one cannot send a postMessage to a page unless it is either an IFrame within the page, or through an IFrame on the page to the top level.

However, most of the risks I can think of would hardly make any sense. For example, even if I had something like this:

var superSecretToken = Math.random(); window.onmessage = function(e) {     e.source.postMessage("Hey, my SUPER SECRET TOKEN is " + superSecretToken + "!", "*"); } 

How would this give any important information to an attacker? If I open the page in an IFrame, the superSecretToken varies each time. If it were always the same, XSS would be pointless since I could just open up the page and read it from the source code.

From my understanding, only an IFrame within the page could send a postMessage and steal the token. However, unless you happen to embed some random page/ad in an IFrame without sandboxing it, and the owner of the site/ad decided to steal a bunch of tokens, this hardly seems like a threat.

So: if a site were to not check the origin of a message before replying, how could an attacker even affect a user of the page?

Checking authenticity of a mobile app (digital staff card)

I’ve been asked to implement a digital card for member’s of our organisation, to replace the old plastic ones. Members would install our app on their phone and setup a “card” with their photo on it within the app. Once setup they could not change the photo.

Then when coming onsite they may get asked to show their card by opening the app and showing the security team the card screen in their app.

The security team of course needs some way to check that they are looking at the real app and not a photo-shopped screenshot or another app made to look like ours if they get suspicious.

I was thinking perhaps using the TOTP algorithm like Google Authenticator does to display a series of codes on the staff members card screen might work. Security staff could then enter the codes on their phone to verify them against the server and see if it was legit.

This wouldn’t be completely secure though of course as I’m sure there are ways for someone to steal the secret key from the phone and make use of it but perhaps it would be difficult enough? This isn’t super top secret stuff so just making it hard enough should suffice.

Does anyone have experience or ideas with ways to ensure authenticity of a digital card (app) that might work?