OpenXR device not present in Start or Awake methods in Unity C# script

I’m developing a VR game using OpenXR in Unity (specifically developing on a Valve Index). When I try to access the input devices through the InputDevices.GetDevices() function, I get 0 devices back when I call this function from my script’s Awake() or Start() methods. But when I call the same function from my script’s Update() method, I see all the devices (e.g. head set, left controller, right controller).

Why can’t I see the devices in the Awake() or Start() methods?

Can’t access the website which is on and working with only one device (PC)

Around 2 weeks ago I suddenly became unable to use my university’s classroom website from my PC. My PC is the only device having problem, I can freely access it from my phone or laptop. Website url is, When I try to ping it form my PC it shows IP but from Laptop it shows which is correct one (cause I can access it from laptop). Some time ago I think i edited some dns settings from cmd or something like that, I was having problem and that solved it and I don’t know how to reverse/check it if its causing the problem.

Whenever I try to to go to the url it just does nothing in the browser (tried all of them similar result)

(I don’t know if I should be asking this question here so if something tell me where to move it)

Use Magic Device with Robe of Stars

I’m playing a Rogue, archetype Thief, approaching level 13 which is when I’ll gain the ability "Use Magic Device".
My character inherited a Robe of Stars as a family heirloom.
Can I use this?
I haven’t found any info online that approves or forbids it exactly, but no mention of this specific circumstance either.

What does it mean for a device to be hardwired?

Recently while reading about security cameras in Shadowrun 5e, I came across a forum post where someone suggested that if you don’t want a decker to be able to disable your security cameras, you can hardwire them. From what I understand this means that they are not connected to the matrix, but what is less clear is whether that’s all, which leads me to my question: What does it mean for a device to be hardwired in Shadowrun 5e?

(How) Can a Rogue use the Use Magic Device feature to cast spells from Spell Scrolls?

Thief rogues get the Use Magic Device feature at 13th level, which lets them ignore all class, race, and level requirements on the use of magic items.

Spell scrolls are an unintelligible cipher if the spell isn’t on your class’s spell list. If using a spell scroll to cast a spell higher than you’re normally capable of, you need to make an ability check using your spellcasting ability against a DC equal to 10 + spell level.

Since the Thief rogue ignores all class and level requirements on the use of magic items, does this mean they may use spell scrolls without an ability check regardless of their level (essentially allowing them to be able to fake being a high-level caster for any class as the situation warrants)?

Or does the ability just let them attempt to use the scroll, but because the spell’s not on their spell list (because they don’t have a spell list), they need to make the ability check? If so, what ability would they use to make the spellcasting ability check?

Is there a legitimate reason for a USB-ethernet hardware device to have been connected to my laptop?

There was an unknown network adapter in my device manager. I found out it was for a USB-RJ45 ethernet device, which I have never even seen before. This device was not present when I bought the machine. As far as I have researched, it is not installed by any software or devices I use.

I’m concerned because there is a known vulnerability in Windows that’s exploited using these devices. A malicious person with access to the device could have stolen my credentials and logged in. (Google Usb-ethernet windows vulnerability if you don’t believe me.)

I believe the police or another malicious party exploited that vulnerability, and they used it to install a keylogger and acquire my hardware info. Is the presence of this device suspicious enough, from an information security standpoint, to support my belief? What would you do if you discovered the same on an enterprise machine?

Security assessment of a legacy SSL/TLS implementtaion on an IoT device

I am doing a security aseesmment on communication security of a legacy IoT Device. So basically objective is to assess and find security gaps in curreny design/implementation. The mode of assessment is manual, primarily with the reference of existing design and code. This is only client side at device; while server is a cloud based server. The device is using a GSM module (SIMCom SIM900) and makes HTTPS communication to server over internet using GSM AT commands.

Based on my understanding on SSL/TLS, I am considering below parameters or criterias for this assessment:

a. TLS portocol version

b. Cipher suites used

c. certificate and key management

d. Root CAs installed on device

e. Embedded PKI aspect for device identity management

f. Hardware crypto aspect (SHE/TPM)

Am I doing it in a right way? Though I think above list of parameters are not specific to Device HW/SW platform; rather generic. but I guess that’s how it should be! I mean parameter list will be pretty much same; however actual assessment on these will depend on security requirements and other aspects like device footprint & its platform etc.

Is the assessment parameter list I am considering is good and adequate? I would appreciate your inputs to validate/correct my approach.

OAuth device code grant – JWT

I am looking at implementing an API Gateway for a system using WS02 as the IdP. Users will be signing in using OAuth via federated SSO with social providers (initially Google). The users will also need to pass access to a device with limited input, so I was looking to implement the OAuth device_code grant (WS02 is the only open source IdP that supports this grant, as far as I can see, please correct me if you know I am wrong). This will pass a JWT to the device which it should be able to use to access the API Gateway.

  1. Is it acceptable for a JWT to be used by a device in this way? I have been reading that using ‘opaque tokens’ is preferable but I don’t know how these could be assigned to a device using open standards. What are the risks of this approach and how can they be mitigated?
  2. The JWT would pass from ‘client device’ -> ‘API Gateway’ -> ‘service’. Is this delegation accpetable – is the Gateway impersonating the client?
  3. There will also be some JavaScript (React) web apps to use in browser, could these use the JWT also? Again what are the risks and how could they be mitigated?

How secure is the apple cross device copy and paste feature?

I can copy and paste between my iPhone and MacBook Pro it’s a great feature that I find myself using frequently. I am frequently copy and pasting from my password manager to log in to different sites. a few questions about the security of the cross device cut and paste.

  • Does apple get access to the clipboard?
  • How is apple securing this cross device copy and paste?
  • Can this feature be turned off?
  • Should I turn off this feature to improve my security?