Why am i getting “missing right parenthesis” error when i try to LOG ERRORS when loading from an external table?

I’ve successfully created an error logging table

BEGIN     DBMS_ERRLOG.create_error_log(     dml_table_name  => 'enzyme',     skip_unsupported => TRUE); END; /  desc ERR$  _ENZYME; 
Name            Null? Type            --------------- ----- --------------  ORA_ERR_NUMBER$         NUMBER          ORA_ERR_MESG$           VARCHAR2(2000)  ORA_ERR_ROWID$          UROWID          ORA_ERR_OPTYP$          VARCHAR2(2)     ORA_ERR_TAG$            VARCHAR2(2000)  ENZ_NAME              VARCHAR2(4000)  

But i get an error when I try to run this query:

insert /*+ ignore_row_on_dupkey_index ( enzyme ( enz_name ) ) */ into enzyme SELECT enz_name FROM EXTERNAL ((   construct_id NUMBER(10),   n_term VARCHAR2 (50),   enz_name VARCHAR2 (3),   c_term VARCHAR2 (50),   cpp VARCHAR2 (50),   mutations VARCHAR2 (50),   mw_kda NUMBER (7, 3))      TYPE ORACLE_LOADER     DEFAULT DIRECTORY data_to_input     ACCESS PARAMETERS (         RECORDS DELIMITED BY NEWLINE         skip 1         FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'         MISSING FIELD VALUES ARE NULL          )      LOCATION ('CONSTRUCT.CSV')     LOG ERRORS INTO ERR$  _ENZYME ('INSERT') REJECT LIMIT UNLIMITED) ext     where not exists (         select * from enzyme e         where e.enz_name = ext.enz_name     ); 
Error at Command Line : 79 Column : 5 Error report - SQL Error: ORA-00907: missing right parenthesis 00907. 00000 -  "missing right parenthesis" *Cause:     *Action: 

Line 79 is the LOG ERRORS INTO line.

If i delete the LOG ERRORS INTO ERR$ _ENZYME ('INSERT') part, this command functions perfectly.

WebAuthn – What am I missing?

I’m trying to learn a bit about authentication and security protocols at a 10,000 foot level. I was reading about WebAuthn here: https://webauthn.guide/ and here: https://webauthn.io/

I’m sure what I’m about to ask has obvious answers, because this protocol has been developed by smart people with probably decades of experience. But, I don’t get the two questions in bold (or more likely, i don’t get at least, the two questions in bold…):

  1. What ties the user (i.e. the carbon based life form with some sort of uniquely ‘you’ property) to the key used in the registration attempt?

For instance, if the key is generated from an HSM, where is the step of providing something that only ‘you know’, rather than ‘you physically possess but couldn’t potentially be in the possession of others,’ to verify that is your carbon life form submitting the key from the HSM for this registration attempt? I.e. where is the passphrase, and how does needing to have that to tie ‘you’ to ‘the key’ in the whole registration process (and future login attempts) in anyway circumvent the use of passwords and all the management that goes along with them anyway? All this boils down to needing to present something that clearly ties your carbon based existence, to the presentation of a strong key….I presume this is why Yubikey and co are going for bio-metric HSM’s….(based on the security of many bio-metric implementations in the past and their relatively ‘spoofable’ nature, that prospect doesn’t really fill me with certainty that it’s fixing anything)…. And even then, why not just present the biometric data directly and do away with the middle ware of the WebAuthn crypto key in the process?… (presumably because there is too much data in the actual biometrics, to punch it directly over slow networks, and/or proving that it hasn’t been modified in transit requires key signing of the data anyway, so the keys are back on the table…?)

  1. What prevents a Man-In-The-Middle from hijacking the registration process with their own credentials and key material?…and then just monitoring the transactions and relaying information, or even just sitting in the middle and being an ‘evil proxy webauthn’ server, or just taking ownership of the ‘user representation’ that you tried to register?

Obviously the user would become aware when they attempted to use the given service over a network that ‘evil mitm proxy’ hasn’t managed to intercept, as the service that ‘they registered for’ with ‘their key’ will be reject the login attempt (since now the users actual key is being presented rather than ‘evil mitm key’)….but it’s all a bit late by then isn’t it? I mean someone else at that point would own (in a cryptographic-ally verifiable manner) the service account. So, you’d know you’ve been screwed, but what are you going to do about it, particularly if that service is a publicly attributable front-end to your carbon life form (think Twitter, email, social networks or some sort of social security style registration of nation state recognised credential like a drivers licence or passport etc).

I’m thinking these problems are presumed to be solved by layering external technologies outside of the WebAuthn protocol. For instance the HSM requires bio/passphrases, and the registration happens over HTTPS.

So, is the presumption that these external mechanisms (arguably) prevent the above two scenario’s, rather than the WebAuthn protocol itself? How much of a stack is being relied upon, to achieve the goal of binding ‘your carbon life form’ to ‘the registration for a service’ such that is apparently ‘your registration’?

Optional/Mandatory Requirement For ‘req’ Command Configuration File Options Missing In OpenSSL v1.1.1g Manual Pages?

The OpenSSL v1.1.1 manual page for the req command’s Configuration File Format options seems to be missing any mention about whether each option is mandatory or optional. The other OpenSSL command manual pages (ca and ts) that support configuration file usage do stipulate whether each configuration file option is mandatory or optional.

Does anyone know which req configuration file options are mandatory and which are optional?

Custom Taxonomy is Missing (Or Limiting) Items

I created a custom taxonomy; "places" using toolset

region>country>city with 12 Regions / All Countries and just a few cities; 12 parents, 260 children

Where I am using the taxonomy in a post, custom post type or the menu, only some of the items show and it is quite random. 1/2 of Europe shows up 3 from the Caribbean, etc

I used the plugin Toolset; this issue has repeated in 4 different installs. I have worked with hosting and they assure me it is a development issue. I have worked with toolset and am on Day 6 of no solution; I have tried with different themes (Hello & Astra), Using Elementor or not (no plugins other than toolset itself; there is no support over the weekend. Does anyone have any idea WHY I would be missing just some of the taxonomy?

I am not seeing any errors in debugging

Intelligent use of XOR operator to find missing number

I’ve come across the following problem on leetcode & tried to solve it with the following code however there seems to be an even better solution that takes advantage of XOR. Leetcode has a description for XOR solution however I can’t grasp it in its entirety.

I just can’t wrap my head around why we need to initialize missing variable with length of array, why not initialize it with Zero & when we do initialize it with Zero, why can’t this algo find the missing number? Can someone please explain it?

enter image description here

Following was my solution before I learned Leetcode suggested XOR solution is even better & faster

class Solution {     public int missingNumber(int[] nums) {         if(nums.length == 1)             return nums[0] == 0 ? 1 : 0;          int missing = 0;         boolean tempNums[] = new boolean[nums.length+1]; //cuz one is missing          for(int i:nums) {             tempNums[i] = true;         }          for(int i=0; i<tempNums.length; i++)             if(!tempNums[i]) {                 missing = i;                 break;             }         return missing;     } } 

Is missing idempotency in a GET request a security concern?

I am testing some mobile banking app.

They have a feature to fill in all info for a payment automatically. It does that with two requests:

  • A POST request to “POST paymentdata.php”, which submits all payment data (account no., name, amount, reason, etc.) in the request message body.
  • A GET request to “GET filledoutform.php”, which basically says: “show me the filled in payment-form, with whatever data I sent to you with request “POST paymentdata.php” last, in this session. Which responds with the HTML page content, with the pre-filled form in the response message body.

Apart from that there is only the session information (cookie), and literally NOTHING else in both requests.

I am trying to figure out whether or not there is a way to exploit this.

One apparant issue is that the “GET filledoutform.php” request is not idempotent.

Does missing idempotency in a GET request have any security implications?

Any ideas how to exploit this? I can only report security issues, not functional issues or bad practice (non-security related). I would like to point out to the customer, that this is bad design. So I am trying to see if there is any security impact, due to this strange method of generating a pre-filled form in the mobile app.

Using OpenVPN on Windows instead of VPN apps: missing certificate

Sorry this might be a noob question, but I subscribed to a VPN provider which ships its own app on Windows. Now I thought I’d prefer to use the OpenVPN client app instead.

I create a profile by providing it with a .ovpn file, which contains a block and a block as well.

Upon connecting, OpenVPN fails with “Connection Error. Missing external certificate“.

All those different certificates are quite abstract to me, but I think it needs a “client certificate”. Is it something created for my profile by the VPN provider when I registered? Or can I generate it myself? When trying to add a certificate in the Windows OpenVPN app, I am asked for .p12 files. Also, when hitting “continue” (without external certificate), the connection never establishes.

For comparison, when putting .ovpn file in Linux in Network-Manager, it works out of the box.

What is the missing step or package? It’s never made clear on the VPN provider help pages.

Kafka source code on github and from the apache website is missing the “org.apache.kafka.common.message.” package? [closed]

I tried downloading the source code of Kafka from Github as well as from Apache’s website. I found that both the sources were missing the “org.apache.kafka.common.message.” package. Can anybody kindly let me know why this might be the case.

Kindly note that I had downloaded the source of “AK RELEASE 2.5.0” from Apache’s website. Similarly I used “trunk” branch from the current github repository for kafka.

What are the missing proficiencies per level for the Oriental Adventures monk and yakuza?

Oriental Adventures on the class monk says

[T]he monk starts with proficiency in one style of unarmed combat and two of that style’s special maneuvers. The monk also has five other proficiency slots. Of these, one must be used for religion and another calligraphy. The remaining slots can be filled as the player sees fit within the restrictions of the class.” “All monks have the martial arts special maneuver Missile Deflection in addition to the other special maneuvers thay may have or gain. This is not considered part of any martial style and so does not use one of the special maneuver slots for the monk’s chosen martial art. (18)

And on the yakuza it says

Yakuza begin play with three proficiency slots available. In addition, they automatically have the gaming proficiency. (26)

Table 56 (Oriental Adventures 51) shows the proficiencies character classes gain when they advance levels except that the table omits the monk and the yakuza (51). What are these missing values?

For comparison

The Player’s Handbook Weapon Proficiency Table and Unearthed Arcana show the following monk proficiences:

Class of Character | Initial # of Prof | Add Proficiency per Level | Non-proficiency Weapon Penalty Monk               |            1      |  1/2 levels               |     -3   

The Dungeoneer’s Survival Guide on Table 10 (23) and Wilderness Survival Guide on Table 1 (12) have the same proficiency entries for the monk:

Class of Character | Initial # of Proficiencies Weapon/Nonweapon | Add Proficiency per Level Weapon/Nonweapon Monk               |                  1/1                        |   1/1 per 2 levels 

However, using Oriental Adventures, it seems like for the monk and yakuza this information is as follows:

Class of Character | Initial # of Prof | Add Proficiency per Level            | Non-proficiency Weapon Penalty Monk               |         5         | missing (possibly 1/1 per 2 levels?) | -3 from PHB and UA Yakuza             |         3         | missing                              | missing 

…And I’d like to fill in the missing information.