I want to use the output of Solve and/or Reduce in next steps. But the output comes in the form of a rule [duplicate]

In a program I want to use the output of Solve and/or Reduce in next steps. But the output comes in the form of a rule, where what I want is the numerical solution. Here is an example. Say I write s=Solve[x+2==5,x]. In the next step I want to use this solution, so I write: y=2 s +3. This returns {{3+2(x->3)}}. This is a very basic need, but hours combing through the documentation leads nowhere.

Sentinel’s last function. What comes first, the attack or the reaction?

Quick question of the order between enemy actions and friendly reactions.

Sentinel

• Whenever you hit a creature with an opportunity attack, its speed drops to 0 for the rest of the turn. This stops any movement they may have been taking.

• Creatures within your reach provoke opportunity attacks even if they took the Disengage action.

When a creature within your reach makes an attack against a target other than you (and that target doesn’t have this feat), you can use your reaction to make a melee weapon attack against the attacking creature.

Does this happen before the enemy’s attack goes through? So the player have a chance to kill the attacking creature before he attacks the players party member? Or does the enemy’s attack connect first, giving the player an opportunity to attack the enemy?

How do I make sure access token comes from authenticated user?

My problem boils down to the use of Okta’s access tokens to secure api endpoint.

I followed this okta guide to set up a react single-page application with their wiget.

When I log into the site I get a access token to use with my api.

I tried to access my api with the access token following this guide

On the api side Okta recommended to verify the access token. When I use their OktaJwtVerifier to verify the token I get faced with a question. How does this verifier know that I gave them the token from a authorized state and not from someone hijacking the token?

The verifier supposedly asserts that

  • Signature is valid
  • Access token is not expired
  • The aud claim matches any expected aud claim passed to verifyAccessToken().
  • The iss claim matches the issuer the verifier is constructed with.
  • Any custom claim assertions that you add are confirmed

But the validator does not know where the token came from.

I noticed that the access token gets saved into localStorage.

Does this not open up for a impersination attack on the access token? Suppose someone got access to the localStorage and used the access token on my api without authenticating. I tested if this would work and it did.

How can I prevent someone from stealing and using my access token without authenticating ???

Applying “principle of least privilege” when it comes to execs and owners of the company – should they automatically get all permissions if requested?

As an administrator of certain systems in a company I understand and adhere to the “principle of least privilege” — which I’m assuming I don’t need to repeat its definition here, so let’s just say people here get given access to systems only in accordance with what they need for their role and no more. I follow that principle and check carefully whether they can have read-only access in order to carry out the role and if so I give read access only, etc.

I had a request from an executive-level (C-suite) person (“Jack”, let’s say) who is actually one of the five co-owners of the company, to get blanket “sysadmin” level access to a particular system. (I am confident the request has come from Jack himself and isn’t a hacking or phishing attempt, as I verified it with Jack directly.)

Jack is far too important and involved with strategic stuff to need to carry out any day-to-day work with this system, especially anything that would need sysadmin level access, but occasionally wants to get involved in “poking around” in there, as he is technical by background.

I get the sense that he doesn’t like the idea that he is “walled off” from some system although he owns part of the company.

I’m not asking about the interpersonal aspects about this, just the info-sec ones.

Is it accepted info-sec practice to give an owner of the company “sysadmin” access and by doing bypass the “principle of least privilege”? — since, after all, Jack (partly) owns the company so it’s all his stuff anyway!

Or should that still apply, and even the CEO shouldn’t have write-access to a system when they don’t need it as part of their job function?

Can a spell be readied to trigger when its intended target comes into view?

Can I ready witch bolt, for instance, with the condition of attacking “the first goblin to come out of the cave” if I cannot see the goblin at the time of my (Ready) action? To be perfectly clear: at the time of the Ready action, the goblin is around a corner, in darkness: not targetable by witch bolt.

On the one hand: the Ready action states that (PHB p.193)

when you ready a spell, you cast it as normal but hold its energy….”

Part of casting a spell is targeting (inferred from “Targeting” as a sub-heading under “Casting a Spell”, PHB pp.202-204).

You can’t target something that you can’t see, so it would seem that since you can’t target the goblin at the time of the Ready action you can’t cast the spell in the first place.

On the other hand: isn’t this use of “Ready” the same as the “I’ll attack the first goblin to come out of the cave” that is the classic use-case for Ready? Picking a target is part of the Attack action, after all.

How do we know that input to TPMs actually comes from the measured code?

Suppose we’re using secure boot and remote attestation to prove to a server what client software is talking to it.

What stops an attacker from doing this:

  • Start a legitimate copy of the client software on machine A.

  • Get a remote attestation challenge from the server using a modified copy on machine B.

  • Send TPM_Quote to machine A’s TPM and forward the signature back via B.

I understand that if the attacker had code running on machine A, the PCR values would be wrong. But is code running on machine A really the only way to talk to its TPM? With physical access, can’t he put his own signals on the lines between machine A’s CPU and TPM?

Or even simpler, disconnect it from machine A’s board and send it arbitrary input from his own hardware, just imitating or replaying a legitimate boot? How do we know that the measurements given to TPM_Extend are actually the software that’s sending the messages vs. e.g. replay of something I observed with a logic analyzer?

Search Highlight comes with error on excerpt in search result

I’m not sure what’s going wrong. I’m using a “search highlight” on my wordpress website. I recently noticed 1 issue when doing a search on my site. How to say? Hmm…For example, either post excerpt or content contains active url(clickable), and the keyword is also in the url as well. The search result will become like as displayed in the image as per attached. The highlighted one suppose to be a proper url(www.properurl.com). But, it turned out this result. enter image description here

Below the PHP code of search highlight placed in the functions.php

function search_excerpt_highlight() {     $  excerpt = get_the_excerpt();     $  keys = implode('|', explode(' ', get_search_query()));     $  excerpt = preg_replace('/(' . $  keys .')/iu', '<span class="search-highlight"><u><b></b></u></span>', $  excerpt)."";      echo '<p class="excerpt">' . $  excerpt . '</p>'; } 

I need to know if there is any code i can put in functions.php to make it work correctly?

Need help in this. Thank you!

Do enchantments count as magic when it comes to magic immunity?

I was looking at a construct’s immunities and noticed “immune to magic” in its list. Naturally, this means you can’t really cast spells at it. But what about weapon enchantments? Do enchancement bonuses have no effect when attacking these creatures? Do enchants like flaming and frost not do damage to it? Furthermore, would an alchemist’s bombs damage the creature at all? Since they explode using the alchemist’s own magical powers.

Are the Player’s Basic Rules the same as the Player’s Handbook when it comes to combat?

I have seen quite a few threads that compare the free basic rules with the Player’s Handbook for 5e, but none of them seem to mention combat. I have played a lot of 3.5, and I always felt the combat rules were a bit too much for me. After reading the basic combat rules, I was pleased they were simpler, but I don’t know if that is because it is a basic rule set.

Are the combat rules in the basic rules the same as in the full version (simpler grappling, fewer attacks of opportunity, fewer combat actions available, etc.)?