Security pattern for third party uploads to Azure blob container

Scenario:

  • Vendor 1 needs to upload data to an Azure blob storage container owned by Vendor 2
  • Vendor 1 is issued a limited duration SAS token each day to use
  • Azure does no scanning of incoming blobs (therefore content is untrusted when it lands)
    • Microsoft recommends pre-scanning all files before uploading

Questions:

  • What is a repeatable pattern for Vendor 2 to secure this type of content unpload against malware threats?

Hooking into the HTML header container

I’m trying to hook into the header.php of wordpress theme(s) more specifically, right before the closing header tag </header>. I’d like to do this in a programmatic way so when I switch themes I don’t have to remember to go include the method of a custom hook <?php my_cool_hook(); ?>

Is there a way to accomplish this? I’ve tried looking through the available actions but so far I haven’t found any that would suite my needs.

Thanks.

Can the Destructive Wave spell be triggered on a ship by striking the deck or an open container of earth (“ground”)?

My 9th-level Tempest Domain cleric is about to embark on a sea voyage to the ice sea. I realized that my new destructive wave domain spell requires that “You strike the ground” to trigger it.

Is there a way to trigger this spell while on a ship?

We have been warned there will be encounters on the journey at sea.

I am trying to head off a debate with my DM when I try to use this spell at sea.

  • Since we walk on the deck, can that be considered ground (i.e. can I strike the deck)?
  • Like vampires that take dirt along to survive sea voyages, can a bucket of dirt (ground) be used (I strike the ‘ground’ in the bucket!) to trigger the spell?
  • Or if I walk onto an iceberg, since I have a ring of water walking, can that be considered ground?

Tempest gods are followed by seafaring people as storms impact them greatly. So it would seem kind of odd not to be able to use a unique Tempest Domain spell at sea.

Is the container used for Magic Jar still “nonmagical object”?

As the title says, I would like to understand if the container used to cast Magic Jar should be considered as a magical item and can’t be used for other spells/abilities that require a “nonmagical object”, such as True Polymorph. I would say no because the Sage Advice Compendium (pp. 17-18) lists some criteria that do not seem to match with this case, but I am not totally sure.

Proof for LeetCode: 11. Container With Most Water problem

I’m new to algorithm correctness proof-writing but am keen to improve my skill there.

I have a first attempt here, but I think I’m missing a final step. The algorithm is for the LeetCode: 11. Container With Most Water problem.

I’ve shown to my satisfaction that only an “advance the lesser” move at any given point can possibly result in a greater area (water volume), but it feels like I’m missing the part where I can say “therefore this algorithm will always find the maximum”.

Any pointers on process, notation, or formalisms is also greatly appreciated. This proof strikes me a bit as “workshop-grade” and I wouldn’t mind getting a bit more elegant about it as I do others.

Problem Statement:

Given an array of non-negative integers hs (heights) where each represents a point at coordinate (i, hs[i]), n vertical lines are drawn such that the two endpoints of line i is at (i, hs[i]) and (i, 0). Find two lines, which together with the x-axis form a container, such that the container contains the most water.

Notation:

  • H – Height
  • W – Width
  • A – Area
       |--W--|         |           ___          |     |      |        |  |  |  |   H     |  |  |  |  |   |     +--+--+--+--+  ---     0  1  2  3  4 

For example, a maximal cross-section A of H ✕ W = 3 ✕ 2 = 6 is between offsets 1 and 3. Note there’s another one of area 6 for range [1..4], so the maximum is not necessarily unique.

The solution approach which seems to work is the following:

  1. Create index variables left (L) and right (R) initially positioned at the extreme left (0) and right (|hs|-1) of array hs.

  2. Calculate the area as A = H ✕ W where H = min(hs[L], hs[R]) and W = R – L and record it as the maximal area so far.

  3. Move the lesser of L or R toward the other.

  4. Repeat until R == L, then return the maximum recorded.

Code would look something like this in Python

def max_water(hs):     L, R = 0, len(hs) - 1     max_A = 0      while L < R:         A = min(hs[L], hs[R]) * (R - L)         max_A = max(max_A, A)         if hs[L] <= hs[R]:             L += 1         else:             R -= 1      return max_A 

My proof approach is to show that only advancing the lesser-height index can possibly increase the current area. The thing I don’t quite get is whether this proves correctness; my sense is I’m missing a last step:

Proof

There are four possible cases produced by choosing to advance the lesser or greater-height index (toward the middle) and whether the “advanced-to” height is greater or lesser that the prior. For concise expression, I use L and R to represent the heights of those two positions:

Case 1: Advance greater, new height is greater

    |-----W-----|               |                   |  |  ___     |        |  |   |  H     |  ...   |  |   |      +--+--------+  ---     L  ...   R' R        L < R, advance R to R', R' > R      then:      * H' = H -- because L is unchanged and L = H is still the upper bound.     * W' < W     * => H' ✕ W' < H ✕ W     * => A' < A 

Case 2: Advance greater, new height is lower (or equal).::

    |-----W-----|                  |                |  |  ___     |        |  |   |  H     |  ...   |  |   |      +--+--------+  ---     L  ...   R' R        L < R, advance R to R', R' <= R      then:      * H' <= H -- H' cannot be greater than it was because L = H is still an upper bound.     * W' < W     * => H' ✕ W' < H ✕ W     * => A' < A 

Case 3: Advance lesser, new height is lower (or equal).::

    |-----W-----|                  |                   |  ___     |           |   |  H     |  |  ...   |   |      +--+--------+  ---     L  L' ...   R        L < R, advance L to L', L' <= L      then:      * H' <= H     * W' < W     * => H' ✕ W' < H ✕ W     * => A' < A 

Case 4: Advance lesser, new height is higher.::

    |-----W-----|                  |          |        |  ___     |  |        |   |  H     |  |  ...   |   |      +--+--------+  ---     L  L' ...   R        L < R, advance L to L', L' <= L      then:      * H' > H     * W' < W     * => H' ✕ W' is either <, =, or > H ✕ W     * => A' <, =, or > A 

So the only way an area greater than the current area can possibly be found is by following the “advance the lesser” policy. All the other cases lead to a reduction in area.

What I’m not seeing is how that necessarily guarantees this algorithm will find the maximum.

Is accessing /proc/ inside docker container a security breach?

In a docker container I am reading the files /proc/stat and /proc/meminfo. As I understand they are the ones of the host. (Not local to the docker container) In a meeting, a co-worker said that this is a security breach and must be vetted by internal security consultants. The container does neither run privileged, nor as root. My program inside the container does neither.

Question 1: is he right in saying, that this is a security breach? Question 2: What if I bind-mounted the host’s /proc directory to some folder of the container. Would that then be a security breach?

Is it safe to run a Kubernetes container as a root user? [on hold]

I run my Spring Boot (Java) application in the Kubernetes environment as a root user and with JMX authentication turned on.

My k8s containers are being flagged as a security risk by the security professionals in my company. Is it really a security risk or just plain old housekeeping?

Will it make a difference if the JMX is unauthenticated?

P.S. I’ve asked this question in Stack Overflow but didn’t get a response that I was looking for.

Is the Outlook bar still a reasonable container for a list of lists?

(This assumes that it ever was, so please feel free to comment if you disagree!)

For years, our development team have designed data-centric desktop applications where the main window has an Outlook bar on the left, and clicking one of the tabs shows the associated list in the rest of the window…

Common (for us) main window UI layout

Double-clicking an item (or single-clicking and then clicking the Edit button) would open a child window with details for the customer, product, etc.

We’re just about to start a new application, and it made me wonder if we are behind the times. UIs have changed a lot over the years, and maybe people don’t do it this way any more.

As we have a licence for their controls, I had a look at Telerik’s demo applications, and they seem to be variations on the same theme, using treeviews and the like on the left…

Telerik sample UI

Anyone any comments? Do I carry on doing pretty much the same, or is there a more modern way to do it?

Thanks

Highlighting text in a selectable container

We have an issue where a user can click into the cell of a table, and the table will sort based on that selection. But, we also have research that shows users want to be able to select the content of those cells to be able to copy/paste.

The issue is once the user clicks into the cell, the table sorts, so they are no longer on the same content, and are unable to select.

I am trying to explain to the developers that maybe we can do something where if the user clicks into it and moved the cursor, it doesn’t change based on sorting. But of course, we’d need a slight affordance so that users with twitchy mouses can also sort.

Does anyone know of anything that fits this pattern that I can use as an example to show the developers and producer what I am talking about when I explain this?

Does the explanation of what is happening and the solution even make sense here? Is there another solution that I am not thinking about (without just getting rid of the feature completely as dev suggested).