I just realized my tax filer does not encrypt my password. Can I anything do for the financial data (eg SSN) that I gave?

Last year due to a complicated tax scenario (for my skills), I used an online tax website recommended by a friend to do my taxes. They were efficient in their job and I wanted to use their services again this year to save time. I had forgotten my password so tried to reset it. Turns out, they stored my password in plain text. Apparently that was to enable their staff to update any information that I provided in case it was incorrect.

I am worried about the financial data that I have already provided to them. I think as a user I have to consider it compromised. But I am a bit optimist so wondering if I can do anything to protect my data.

They don’t seem to be GDPR compliant so I don’t think they will simply delete my data but I definitely am going to request for it.

Restrict CA to issue certficates for one domain or to be able to sign just one server certificate

I have a server and I want my iPhone to connect to it securely. However, I cannot just install the self-signed server certificate on my iPhone. When I install the profile (that’s what they call the certificate), it says "Not verified".

Normally, you would go to CA Trust settings and enable full trust for the certificate. BUT I deliberately made the certificate with critical,CA:false constraint. That’s the reason it does not show in the CA Trust settings.

Why did I do it — I just need to install the single certificate and I don’t want to totally compromise my iPhone security, if my CA credentials got stolen.

Do this have a solution? iOS probably requires a CA to trust a certificate, but I don’t want a possibility to create certificates at all (beside the one), or at least for another domains.


One potential "solution" might be to create the CA, sign the server certificate and then delete the CA key, as it would not be needed and would live for a shorter time (lower chance to get stolen).

However, people except me wouldn’t be stoked to install it. (I don’t want to buy a certificate as its a home project and I don’t even have a domain name, just the IP address.)

The certificate complies with apple’s current requirements for server certificates. (https://support.apple.com/en-us/HT210176)

[ Politics ] Open Question : Is the BLM movement an excuse to riot, loot, burn, and just act like animals?

The “peaceful” protesters are just virtue signalers looking for a pat on the back. One bad cop in a thousand is no reason to burn down someone’s property, steal what isn’t yours. Eric is the pretty boy? Ivanka is the pretty one and very sexy.

Does a monk’s Step of the Wind affect High Jump or just Long Jump?

At 2nd level, monks can spend a ki point to use Step of the Wind:

Step of the Wind

You can spend 1 ki point to take the Disengage or Dash action as a bonus action on your turn, and your jump distance is doubled for the turn.

What is meant by “jump distance”, exactly?

The rules on Jumping state:

Long Jump. When you make a long jump, you cover a number of feet up to your Strength score if you move at least 10 feet on foot immediately before the jump. When you make a standing long jump, you can leap only half that distance. Either way, each foot you clear on the jump costs a foot of movement. […]

High Jump. When you make a high jump, you leap into the air a number of feet equal to 3 + your Strength modifier (minimum of 0 feet) if you move at least 10 feet on foot immediately before the jump. When you make a standing high jump, you can jump only half that distance. Either way, each foot you clear on the jump costs a foot of movement. […]

You can extend your arms half your height above yourself during the jump. Thus, you can reach above you a distance equal to the height of the jump plus 1 1/2 times your height.

Both Long Jump and High Jump mention distance, so does that mean a monk who uses Step of the Wind can jump twice as high? I ask because my DM and other players in the group who spoke up are under the impression it only affects the Long Jump, and that a High Jump is unaffected by Step of the Wind…

Windows wants to install an old version even though i have the latest one, already downloaded it just needs restart, how do i know if it’s safe?

Here is the screenshot of my updates history/status.

https://www.dropbox.com/s/n0x2zvix5nh99zg/Screenshot%20%281%29.png?dl=0

Here in this dropbox picture there are 2 comments with all the info.

Prove little o with just the definition

I have been searching for a while now but couldn’t find anything about this exact pair of functions with the little $ \mathcal{o}$ notation.

Given the functions $ f(n) = 2^{n}$ and $ g(n) = n!$ I am supposed to prove, or disprove, the following statement: $ f(n) \in \mathcal{o}(g(n))$ .

I am fairly sure that it’s true but now I need an idea of how to show this. We have just started out with this whole concept and this is the second exercise, the first one being a relatively easy big $ \mathcal{O}$ task. But this exercise is just beyond me right now. The only definition I am allowed to use (meaning: NO LIMITS) is $ \mathcal{o}(g(n)) = \{f(n)|\forall C > 0 \exists n_{0} \forall n\geq n_{0}:f(n) < C * g(n)\}$ . This means other than with big $ \mathcal{O}$ , where it suffices to show that there’s at least one pair $ C$ and a $ n_{0}$ so that $ f(n) \leq C * g(n)$ $ \forall n \geq n_{0}$ , I now have to prove that for every $ C > 0$ , there is such a $ n_{0}$ so that the condition stated in the set is true.

I first have been thinking about the functions, and I would have an answer for $ \mathcal{O}$ , because you can prove with induction that $ 2^{n} < n!, \forall n\geq 4$ . Meaning my C would be 1 here. However, I have no idea how to prove it for every C and would be grateful for any guidance! (It would already help to know how to start. Probably like, let $ C$ be greater 0, and then I have to show that for any Value of this $ C$ , there is… because… My biggest struggle is to find meaningful estimations to get a chain of inequalities.)

What do you do when avoiding railroading just gives you stuck players?

I’m seeking some newbie GM advice. I’m an experienced rpg player, but am much less experienced as a GM

I was recently running an D&D 5e adventure, where the players would be investigating in a town that had some problems with trade caravans being attacked. They started at the local Sheriffs office who tipped them that a local relatively new thieving guild was active in the area. The thieving guild wasn’t raiding the caravans, but I thought it might add a little plot twist to get the guild involved. My thought was to have the PCs eventually figure out that the guild wasn’t behind the problem and would need to investigate the local country-side to discover the problem. I had a few encounters written out, but I wasn’t fully sure how the PCs would reach their end goal of figuring out the source of the problem. I guess I thought that over-planning would be railroading and I wanted to give the players some freedom.

The players were often confused and unsure what to do. There wasn’t quite the excitement I was hoping for. They were eventually invited to a parley with the thieves guild but were not sure what to do with the thieves, so eventually just attacked them. It was ok, but not spectacular.

What do you do when your players seem stuck?

get_the_author_meta( ‘ID’ ) just return 1

I’ve a custom post type, and I want to get the author ID inside a condition in my function.php, and it just return 1 – as I can see with var_dump and print_r. If I use the same function directly inside the single-teste.php, it return the author ID. But in this function, just zero. I’ve tried all the ways to get the Author Id inside this function, but nothing works. The “substract” function is working normally.

function example_ajax_request() {     if ( isset($  _REQUEST) ) {         $  fruit = $  _REQUEST['fruit'];         if ( $  fruit == 'Banana' ) {            $  user_id = get_current_user_id();           $  disponivel = mycred_get_users_balance($  user_id);           $  author_id = get_the_author_meta('ID');           while(isset($  disponivel) && $  disponivel >= 0){             $  descontou = mycred_subtract( 'penalty', $  user_id, -10, 'Tipo de Compra');             $  pay_modelo = mycred_add('approved_comment', $  author_id, 10, 'Teste');             return $  descontou;             return $  pay_modelo;           }          }     }    wp_die(); } add_action( 'wp_ajax_example_ajax_request', 'example_ajax_request' ); add_action( 'wp_ajax_nopriv_example_ajax_request', 'example_ajax_request' ); 

I call this function via ajax. I’ve no idea what can be the reason of it. Maybe someone has an idea?

IT security audit : is threat modelling key to reproducible success of just following a methodology (ex : ethical hacking)

To sum up the methodology of ethical hacking, what you do is :

  • Information gathering (gets the IP, domains, etc…)
  • Fingerprint the IP (what OS, what services are running, etc…)
  • Vulnerability assessment (are any services or vulnerable application found to be vulnerable ?)
  • Exploitation : verify the result of the step above

But, I came to realize during my security audit that end up either asking google questions like “what should I do to hack system A ?” or questions like “what are the tools to assess the security of system A ?”

It’s like looking for a looking for a needle in a haystack.

Then I read a paper in which the audit started with threat modelling. I was just asking myself how would a hacker (either a script kiddy or an ethical hacker) should perform threat modelling in order to have results meaningful to integrate and follow the methodology (info gathering, fingerprinting, vuln assessement, etc…)

I’m starting to believe this would make the security audit more professional and its results more reproducible. What do you think ?