How do VPN providers exactly encrypt traffic from client to their server?

I’m thinking to build a VPN for personal use on a VPS but am unable to understand one thing. How exactly VPN providers encrypt data from client to their server? Suppose if I simply configure IP of my VPS and port in my browser it would be simple proxy it won’t encrypt traffic that originates from my machine or browser.

If I use OpenVPN would it solve the purpose?

One more thing which I can’t understand is, how do VPN providers exactly restricts usage to a few devices. Do they save device information? If by few devices they mean only X devices can run this VPN in parallel then how do the exactly restrict usage to only X devices because they have limited IPs and tons of users routing their traffic through them and there’s no way to know to know who is using how many devices. If this is mapped to user account and they figure this out via his unique account then technically they are maintaining logs right?

Can you explain what is exactly Gap Theorem?

I’m reading this paper, titled, “Complexity Classes” by E. Allender, M. C. Loui, and K. W. Regan.

Theorem 2.1 (Gap Theorem) There is a computable time bound t(n) such that $$DTIME[t(n)] = DTIME[2^{2^{t(n)}}]$$.

He tries to explain to say,

That is, there is an empty gap between time t(n) and time double-exponentially greater than t(n), in the sense that anything that can be computed in the larger time bound can already be computed in the smaller time bound. That is, even with much more time, you can’t computed more.

How can a task that has an exponential running time, let’s say it is in class $$EXP$$ can be computed in smaller time bound, let’s say $$P$$. i.e., If I give you more time, we can solve many problems, i.e. $$P \subsetneq EXP$$.

Note that I looked for Arrora and Barak’s textbook about ‘Gap Theorem’ and I didn’t find any, the same with Sipser’s textbook. I’m trying to find a textbook that can explain it. In Fortnow and Homer’s paper, they wrote the following:

Independently Borodin [Bor72] and Trakhtenbrot [Tra64] proved the gap theorem: For any computable unbounded $$r(n)$$ there exist a computable time bound $$t(n)$$ such that any language computable in time $$t(n)$$ is also computable in time $$r(t(n))$$.

Is there a different between ‘unbounded’ and ‘bounded computable function? I mean all finite computable functions are computable, and therefore they are bounded, it is not clear why they say ‘unbounded’?

What exactly are you getting when you buy an Emblem Holy Symbol?

The description for the Emblem Holy Symbol is as follows (PHB, p. 151):

Holy Symbol. A holy symbol is a representation of a god or pantheon. It might an amulet depicting a symbol representing a deity, the same symbol carefully engraved or inlaid as an emblem on a shield, or a tiny box holding a fragment of a sacred relic. Appendix B lists the symbols commonly associated with many gods in the multiverse.

It weighs nothing and costs 5gp. The fact that it weighs nothing makes sense because it isn’t really an object that can exist by itself; it is an engraving or inlay on a shield.

So my question is, if you walk into a shop and “buy” an emblem (it costs 5gp, so it must be possible to purchase it), what exactly are you buying?

• Are you buying some kind of “official pattern” that is required for a shield to count as having a proper “holy symbol” (as in, satisfies the material components for spellcasting) emblem on it? Almost like a “patented pattern”? Then why couldn’t you just buy one and replicate it yourself for free forevermore after that initial purchase?

• Are you buying the “manual labour” to actually engrave/inlay the thing onto your shield? Then would it make sense that this can only be purchased from a blacksmith rather than from the local temple (where one might expect the other holy symbols, amulet or reliquary, to be purchased)? And could someone with Smith’s Tools (and proficiency with them) not do it themselves for free?

• Are you effectively buying a shield that has already been made with that engraving/inlay “officially done”, so you’re basically buying a shield for 15gp (or a 5gp markup on whatever shield you’re buying), and you can’t actually buy just the emblem by itself for 5gp?

What I’m really getting at here, if I use my real example, is that in a game I am DMing, the party’s paladin (who has a shield with an emblem on it as per starting equipment) has raised concerns about having to buy a new holy symbol if they get a +1 shield in the future. This is unlike any other holy symbol, which you simply have forever (assuming you don’t lose or destroy it), since it is it’s own distinct object, so the emblem is a unique case here.

Just following the rules of what is required for a shield to satisfy the material components for spellcasting, I would say that they could just “buy” a new emblem and apply it to their new shield. But that got me thinking, what exactly would the paladin be buying at that point, and would it be possible to simply transfer the symbol over from their old shield to the new shield at no cost? This is a unique case, as for the other holy symbols, replacing some other piece of equipment would not impact them like this.

So, what exactly is an Emblem with regards to what a PC would be buying in-universe?

Note that I’m not looking for opinions, and if the answer is simply “this is not explained anywhere, as DM you have to decide what this means”, then that’s the answer.

How exactly works this SQL injection example related to the DVWA application?

I am a software developer converting do application security and I have some doubts about SQL injection example.

I am following a tutorial related the famous DVWA: http://www.dvwa.co.uk/

So I have the following doubt (probably pretty trivial).

I have this PHP code defining the query and the code to perform it:

<?php  if( isset( $_GET[ 'Submit' ] ) ) { // Get input$  id = $_GET[ 'id' ]; // Check database$  getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";$  result = mysqli_query($GLOBALS["___mysqli_ston"],$  getid ); // Removed 'or die' to suppress mysql errors      // Get results     $num = @mysqli_num_rows($  result ); // The '@' character suppresses errors     if( $num > 0 ) { // Feedback for end user$  html .= '<pre>User ID exists in the database.</pre>';     }     else {         // User wasn't found, so the page wasn't!         header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' ); // Feedback for end user$  html .= '<pre>User ID is MISSING from the database.</pre>';     }      ((is_null($___mysqli_res = mysqli_close($  GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); } ?>  As you can see the query is definied as string concatenation: $  getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";  So I can inject what I want into the$ id variable and perform extra SQL code as:

\$  id = 1 OR 1=1 

that will be always true. Ok this is clear.

My doubt is different:

Inserting a valid value (such as 1) into the form) I obtain this URL: http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1&Submit=Submit#

The query is performed correctly and I am obtaining the following message result: User ID exists in the database.

If I try to insert a totally wrong ID in the form, for example “ABC” I am obtaining the following message error: User ID is MISSING from the database.. Ok, and this is ok

But if I try to insert a “wrong” value such as 1′ in the form, the following URL is generated: http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1%27&Submit=Submit#

And I obtain a valid message: User ID is MISSING from the database.

So it seems that the query was correctly executed searching for the user with ID=1.

Why the char is not brocking the query? I was thinking that it have to search a user with ID=1′ that is not existing in the database (as the case of ID=ABC).

Why? What am I missing? Probably it is a trivial question but I want to understand it in deep

What exactly is the Management Key on a yubikey?

The yubico documentation mentions that a Management Key can be set manually, or it can be inferred in the SoC when setting a PIN for the first time.

What exactly is that management key and how does it play any role on the CCID flow? What are the consequences of a compromise of that key?

How to present boolean options along with selecting exactly 1 of them as “primary”?

I have a situation in a web browser where I have a number (let’s say 3-10) of alternatives to present to the user.

• The end user must choose at least one of these options to be enabled
• The end user must choose exactly one of the enabled options to be the “primary” option.

I’m not sure how best to do this, though. Here’s a contrived situation about a stew that might help illustrate this better:

There are 7 potential ingredients, the user has to enable or disable each of them (cries out for a checkbox) but at least one of them has to be enabled; and exactly one of them must be the primary ingredient (cries out for a radio button).

• If I choose a dumb form with no constraint checking, this is easy to implement, but they could choose Beef, Pork, and Carrots as the enabled ingredients and then Potatoes as the primary ingredient (which is a problem since they did not check the Potatoes box among the enabled ingredients)

• Or I could put the primary ingredient first, then allow them to select secondary ingredients, and force the primary ingredient to be selected in the list of secondary ingredients (beef in the example below) and not allow it to be unselected. Not too hard to implement in HTML / Javascript, but then there’s some trickiness… what if I start with the UI state below, then select the primary ingredient as Onions, then as Chicken, and then Pork? What happens to the checkboxes for Onions, Chicken, and Beef?

Both of these options require duplicating the list twice.

• Or I could try to use some kind of multichoice slider to select the primary ingredient… which would eliminate the need to duplicate the list… but this isn’t a built-in HTML feature and I’d have to roll my own or try to apply some 3rd-party UI element.

• Or I could place a radiobutton and a checkbox in front of each ingredient (radiobutton for primary ingredient, checkbox to enable non-primary ingredients) which is compact and simple in presentation, but most likely confusing in semantics.

Any suggestions?

I have been running Google ads for a few months now where I track the conversion goals using tags.

Now, I’m experimenting with Bing Ads and I have enabled tagging + conversion goals.

I have got a conversion goal on Bing Ads which has been recorded in Google Analytics too. How to know if I got this goal only through Bing Ads and not through Google Ads?

How exactly the “Tearing” property works?

There is some ambiguity in Tearing property.
Dark Heresy Rulebook states that:

These weapons roll two dice for Damage and choose the highest.

Rogue Trader, Deathwatch and Only War are agreed that:

These weapons roll one extra die for damage, and the lowest result is discarded.

For most weapons it’s quite simple because of damage like 1d10+something. But, what if we have more dice in damage? Should I roll additional die for every base damage die, or only for entire damage roll?

For example, Angelus bolter from Dark Heresy supplement Inquisitor’s Handbook has 2d10 damage and (like all bolt weapons) Tearing quality. Lets presume that my character shot a heretic with this bolter, and now I must determine inflicted damage. Should I roll 2d10 twice, and discard lowest in both, or I should roll 3d10, and discard the lowest one?

How do we cross-verify if the device is doing exactly what it is supposed to do?

I am very sorry for misleading and confusing title as this was best I could think of.

What i meant to ask is, how do we know any device is doing what it is supposed to do? like for example, Android is an open source OS (ignore google libraries for now) and they do claim that all passwords will be store on device only, but what if they are storing it on their servers and this piece of code is not there in the open source version but it is there only in pre-compiled libraries so, How do we check that the same code is there in the actual phone and open source version? same goes for other devices like iphone, routers, desktops etc.

Also most manufactures now a days have encryption enabled which makes it impossible to monitor the actual content on the tcp/ip packet.

We can always remove existing os and install the open source version but thats not possible in all cases as in some, it might be really confusing and might even need lot of extra stuff that people dont have usually.

So my general question is how do we verify if the same code is there in the open source version and pre-compiled binaries? I can think of reverse engineering but that would require great knowledge and skills which most people dont have.

Is {a^n: n is a product of exactly two primes} regular?

I am struggling to prove the following question.

$$L_1 = \{a^n: n \text{ is a product of exactly two primes}\}$$

I feel like the language is not regular but I am having trouble proving it. I tried using pumping lemma but got stuck at the end. Here’s how I did it:

Assume that the language is regular and $$m$$ is a constant of Pumping Lemma. Now let $$w = a^M$$ where $$M > m$$ and $$M$$ is a co-prime number. Clearly $$w$$ is in the language and $$|w| > m$$.

Now let $$y=a^j$$ where $$j$$ is between $$1$$ and $$m$$, with $$|xy| \leq m$$ and $$|y| \geq 1$$.

This is where I am getting stuck. I feel like we should pump up but I don’t know by “how much”. Also, I feel like I have to know what is the next co-prime number after $$M$$, but can’t figure it out.