Security concerns in JavaFX [on hold]

I’m building a cross platform application in JavaFX only for UI and reusing the existing backend code in C++ using JNI (all the libraries are in c++). I would like to know if there would be security issues in the application from the Java UI part?

And also, I would like to know if Qt is better in terms of security than Java ?(and this is only for UI)

java version "1.8.0_221" Java(TM) SE Runtime Environment (build 1.8.0_221-b11) Java HotSpot(TM) Client VM (build 25.221-b11, mixed mode, sharing) 

Do I face stability concerns updating to kernel v5.2.2 Stable?

Currently I’m using Ubuntu v19.04 and kernel version 5.0.0-22-generic. I’m using a brand new Laptop that has a Nvidia GeForce GTX 1650 dGPU (One of the major hardware support improvements in kernel version 5.2.2 Stable).

I’d like to upgrade to 5.2.2 stable kernel version but don’t want to experience significant complications with Ubuntu compatibility.

Questions:

1) Is there a high likelyhood of this breaking my system? (minor compatibility issues aren’t a problem)

2) Since my system uses generic, would I just have to install the 64 bit kernel version?

3) Since using apt-get isn’t an option yet, what would be the next recommended way to upgrade? Ukuu, download from kernel.org, etc

4) Will I still be able to use sudo apt update and sudo apt-get update normally if I force the kernel update?

How to handle major changes (cross-cutting concerns) in REST API?

Let’s say we have a REST API application A consumed by other 30 applications. Application “A” uses a cross-cutting security implementation using a Security NuGet package 1.0. All minor/major changes are properly versioned and backwards compatible (e.g. not breaking existing consumers with new changes).

The problem is, what happens if you need to upgrade your Security NuGet package to 2.0 and do major changes to your security across application A. Technically, the API contract between source and consumers don’t change but you may need a thorough regression testing to make sure app A with Security 2.0 is not breaking any existing functionality in any of the 30 consumers

Should you:

  1. Create a new source code base for Security 2.0 version of the app and Deploy and maintain old and new versions of the app? Then move the 30 consumers gradually to the new API? or
  2. Migrate app A to Security 2.0 and do thorough regression testing from all 30 consumers

What is the recommended approach to handle these type of changes that span across applications and cannot be handled through endpoint versioning? E.g. wide cross-cutting security implementation? In theory your source API (app A) should be agnostic of consumers as long as it’s not breaking them).

As this article points out, this is not a versioning problem but a change management problem: https://www.ben-morris.com/rest-apis-dont-need-a-versioning-strategy-they-need-a-change-strategy/

Length of Page Concerns

This is a reoccurring problem among clients I work with, so wanted to see if anyone else had some insight. Every client I design for tends to be hyper-aware of page length, with the tendency to fret over if the user will get “lost at the bottom of the page” or need help navigating back up. The pages are of average length, and I try to assure them that users will just scroll back up if they need to. I provide multiple CTAs along the page, including top and bottom. But still, the clients want to include “back to top” elements or fixed top navs. Does anyone have ways they combat this? Any data or articles?

Thanks!

Would this pure class theory about ordinals and their relations raise concerns about its arithmetic soundness?

The following theory is a class theory, where all classes are either classes of ordinals, or relations between classes of ordinals, i.e. classes of Kuratowski ordered pairs of ordinals, or otherwise classes of unordered pairs of ordinals. However, the size of its universe is weakly inaccessible. Ordinals are defined as von Neumann ordinals. The theory is formalized in first order logic with equality and membership.

Extensionality: $ \forall z (z \in x \leftrightarrow z \in y) \to x=y$

Comprehension: if $ \phi$ is a formula in which the symbol $ “x”$ is not free, then all closures of: $ $ \exists x \forall y (y \in x \leftrightarrow \exists z(y \in z) \land \phi)$ $ ; are axioms.

Ordinal pairing: $ \forall \text{ ordinals } \alpha \beta \ \exists x (\{\alpha,\beta\} \in x) $

Define: $ \langle \alpha \beta \rangle = \{\{\alpha\},\{\alpha,\beta\}\}$

Ordinal adjunction:: $ \forall \text { ordinal } \alpha \ \exists x (\alpha \cup \{\alpha\} \in x)$

Relations: $ \forall \text{ ordinals } \alpha \beta \ \exists x (\langle \alpha, \beta \rangle \in x)$

Elements: $ \exists y (x \in y) \to ordinal(x) \lor \exists \text{ ordinals } \alpha \beta \ (x=\langle \alpha,\beta \rangle \lor x=\{\alpha,\beta\})$

Size: $ ORD \text { is weakly inaccessible}$

Where $ ORD$ is the class of all element ordinals.

/Theory definition finished.

Now this theory clearly can define various extended arithmetical operations on element ordinals. Also it proves transfinite induction over element ordinals. In some sense it can be regarded as stretching arithmetic to the infinite world. Of course $ PA$ is interpretable in the finite segment of this theory.

In this posting Nik Weaver in his answer raised the concern of ZFC being arithmetically unsound.

My question: assuming this theory to be consistent, is the concern of it being arithmetically unsound is the same as that with ZFC?

The motive for this question is that it appears to me that the above theory is just a naive extension of numbers to the infinite world, it has no power set axiom nor the alike. One can say that this theory is in some sense purely mathematical in the sense that it’s only about numbers and their relations. Would this raise the same kind of suspicion about arithmetic unsoundness that is raised with ZFC.

My reasoning about that is that generally speaking when one raises the concern of arithmetic unsoundness of some theory, especially if that theory is well received by mathematicians working in set theory and foundations, then there must be some technical or intuitive argument behind that suspicion, otherwise that suspicion would be unfounded. The suspicion must not depend merely on the strength of the theory in question. Otherwise we’d not define any theory stronger than $ PA$ based on such concerns.

From Nik Weaver’s answer it appears to me that his concern is based on ZFC not capturing a clear concept intuitively speaking. Now this theory is based on an intuitive concept that is generally similar to the one behind defining arithmetic for finite sets. It extends it in a very clear intuitive manner, higher ordinals are defined from prior ones in successive manner, and it doesn’t generally feel to be so different from the intuitive underpinnings of arithmetic in the finite world. So the question here is about if this theory still fall a prey to the arguments upon which the concerns about arithmetic unsoundness of ZFC are based.

Networking Package for Unity design concerns

I wanted to float some design questions I had about a project I’m trying to build. I’m currently working on a package to allow any indie game developer to create a multi-player version of their game. I’m achieving arbitrary code by using Assembly.Load to load your Game’s object/types into the server, these get packaged at build of the game.

I’ve decided how to implement these in the back-end, and from a server perspective I have object serialization down, writing over TCP/UDP, as well as being able to call arbitrary messages on arbitrary server side objects.

On that last note is my question. I want to make this system somewhat platform dependent, so for unity I can’t serialize/send a gameobject. More importantly, I don’t think I should. I think a NetworkEntity/NetworkComponent shouldn’t have any strict dependencies on GameObject I think it should be a network-dependent way to represent a piece of an object in the gamespace. Some examples are a NetworkHealthController, or a NetworkPosition, both just represent some items that the server will manage updating/syncing the state of. Is this is a good design?

Some issues I forsee is, if you reference GameObject, like your network object does: GameObject.GetComponent<SomeType> We would fail. Do I just fail to build in this case? As I can’t really resolve things in the underlying C++ game-engine.

I hope I explained this well enough, and I appreciate any advice I can get.

Security concerns in disseminating database design?

I work for a government agency, and we’ve been requested via a freedom of information request for the layout of the tables of one of our systems, a data dictionary and schema design request.

What are the dangers in sharing this? My initial concerns are need to know concerns, making SQL injection attacks much easier, and a bunch of starting information for future vulnerabilities (ie, maybe a bug is introduced later that only affects varchar columns over 500 bytes in length… here’s a handy list of all of ours!).

What else is of concern? I don’t want to be an obstacle for the sake of being an obstacle, but as a DBA, this makes me REALLY nervous.

SOCKS proxy security concerns

As claimed, “A socks proxy simply transfers data from a client to a server, not penetrating into this data contents (therefore it can work with HTTP, FTP, SMTP, POP3, NNTP, etc.)”, I really can’t buy it, can’t a SOCKS proxy log data, analyze its content, redirect traffic, capture submitted forms, intercept SSL/TLS communications, “harvest” emails, or even spoof an IP address through a poisoned DNS?

I understand that SOCKS operates at lower level than HTTP proxies, and that it support authentication in its SOCKS5 version.

I found it risky to use proxies, but sometime its the most “feasible” as an exchange to privacy, when it come to region limitation and bandwidth allocation.

Can anybody clarify the above points?