How to send SQL or HTML data over HTTP without triggering WAF rules?

I’m working on securing an application that receives SQL and HTML-like information that is actually proprietry formulas in some cases, and parts of XML documents in other cases.

So the WAF thinks some HTTP requests are SQL or HTML injection attacks while they actually aren’t.

So how can I send these formulas and XML informaiton without triggering those WAF rules? I tried encoding the data but that didn’t work.

Why is it impossible to iterate over all TMs with $n$ states and $k$ symbols that halt after $m$ steps on $\epsilon$?

Define $ \{\sigma(n,k,m,i)\}_{i=1}^{l_m}$ an ordered set of all TMs with $ n$ states and $ k$ symbols that halt after $ m$ steps on $ \epsilon$

There are $ (2kn)^{kn}$ TMs with $ n$ states and $ k$ symbols, so $ l_m$ is always finite and so is the range of $ m$ .

If we could iterate over $ \sigma$ given $ n,k$ for all $ m,i$ , then we could decide the halting problem:

  1. Get $ n,k$ from input machine
  2. Iterate over $ \sigma$ for all $ m,i$ and check for each one if $ \sigma(n,k,m,i)$ equals the input machine, if they are equal accept.
  3. Reject.

This is odd because It seems very feasible to constract $ \{\sigma(n,k,m,i)\}_{i=1}^{l_m}$ using elementary combinatorics. Even settling on a (computable) combinatorial formula for $ l_m$ for all $ m$ given $ n,k$ will be enough to solve the haling problem since we will know how many machines are there that halt for each $ m$ , and we can simulate one step at a time for all the $ (2kn)^{kn}$ machines and compare each machine that halts with the input machine until reaching $ l_m$ for all $ m$ without a correct comparison and reject.

Is there a fact (independent of it contradicting the Halting problem) that makes it clear why there is no computable combinatorial formula for $ l_m(n,k)$ ? or am I missing some detail here?

Universality of $(+, \oplus)$ over $\mathbb{Z}_2^n$

Let $ \mathbb{Z}_2^n$ be the field of bitvectors of length $ n$ and define the xor operator $ \oplus$ and the addition operator $ +$ over this field, with $ +$ having the usual overflow semantics (take addition modulo $ 2^n$ ).

Is it possible to express any mapping $ f: \mathbb{Z}_2^n \rightarrow \mathbb{Z}_2^n$ entirely in terms of $ \oplus$ and $ +$ ? It seems like it might be possible due to the nonlinearity of $ +$ .

If my familiar is forced through my action, to drop a rock while over a target, is it an attack?

Here is the scenario:

My Familiar has a strength of two and can therefor carry 7lbs. (Str score X15 divided by 4 for being tiny (p176 PHB) )

I cast Reduce on a rock that weighs 56lbs making it weigh 7lbs.

I have my familiar fly over a target. Then as an action I cast Enlarge on the rock, cancelling out the reduce spell and enlarging the rock x8 making it weigh 448lbs. This is too much for the familiar to hold and it drops the rock. Not as an attack, but because it has no choice.

An alternative but similar thought for comparison. If I use an action to dismiss the familiar does it drop the rock? (ending concentration on the reduce spell and still dropping a 56lbs rock)

Does this count as an attack from the familiar, or because I used an action to cause it, is it my attack?

Connecting to a Postgres Database over SSL using Sockets in Python

I am trying to connect to a Postgres Database using sockets to enforce a particular TLS version from the client in order to verify that the Database does not accept connections from the client which uses an older version of TLS like tlsv1.1. The connection is failing on handshake with the following error :


Traceback (most recent call last): File "", line 12, in ssl_version=ssl.PROTOCOL_TLSv1_2) File "<>/python3.6/lib/python3.6/", line 1232, in get_server_certificate with context.wrap_socket(sock) as sslsock: File "<>/python3.6/lib/python3.6/", line 407, in wrap_socket _context=self, _session=session) File "<>/python3.6/lib/python3.6/", line 817, in init self.do_handshake() File "<>/python3.6/lib/python3.6/", line 1077, in do_handshake self._sslobj.do_handshake() File "<>/python3.6/lib/python3.6/", line 689, in do_handshake self._sslobj.do_handshake() ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:852)

The following is a snippet of the code:

    import socket     import ssl          hostname = <DB_Endpoint>     context = ssl.create_default_context()          with socket.create_connection((hostname, 8200)) as sock:         with context.wrap_socket(sock, server_hostname=hostname) as ssock:             print(ssock.version())      

PS: I am just trying to figure out a way to test if the Postgres Server rejects a connection from a client which only has

Are FaceID/passcode logins secure over public WiFi/hotspots?

Unfortunately, I find myself serving a 14d COVID-19 self-isolation period in a hotel which only offers unsecured public WiFi.

This has me wondering if all the financial apps on my iPhone with FaceID-enabled sign-ons are secure or not (e.g. Charles Schwab, American Express, etc.)

Can anyone comment on the typical security stack that would underly this category for app? Does everything boil down to a proper implementation of TLS access to the backend?

Is there any chance that using these Apps is still secure over public WiFi?

Is there a way to map the concatenation operation over strings to the addition operation over $\mathbb{N}$

Given an alphabet, say $ \Sigma = \{0,1\}$ , I can make a one-to-one mapping from all possible strings $ x \in \Sigma^*$ to $ \mathbb{N}$ . This could be done by ordering $ \Sigma^*$ lexicographically and assigning the $ i$ th string $ x_i$ to number $ i \in \mathbb{N}$ .

But given strings $ x_i,x_j \in \Sigma^*$ , is there any special mapping such that the concatenation operation $ f:\Sigma^* \rightarrow \Sigma^* | (x_i,x_j) \rightarrow x_ix_j$ is also related to the usual addition performed over the corresponding indices $ i,j \in \mathbb{N}$ to which $ x_i$ and $ x_j$ are mapped ?

For instance, if I assign the character $ \{1\}$ to the number $ 1$ , and string $ x$ is assigned the number $ 10$ , is there a mapping such that the string $ x1$ is assigned the number $ 11$ ? (i.e. $ 10 + 1$ )

How have the Shadar-kai changed over the editions and is there any consistency to be found in the lore between editions?

In D&D 5e, the Shadar-kai are a sub-race of elves. However, it seems that in 4e, the Shadar-kai were humans. In both cases, they lived in the Shadowfell and served the Raven Queen, so it doesn’t seem likely that they are two separate peoples; rather, they are supposed to be the same "race", despite being human in one edition and elven in the next.

I believe they were also in editions prior to 4e, but I’m only going by the Forgotten Realms wiki page, which seems to claim that they were a kind of neutral evil fey creature in 3.Xe (but generally the information on that page appears to be a mish-mash of conflicting lore from various editions, which is kinda the point of this question).

This is confusing to me; I’m not sure if it’s possible to extract any consistency out of this, but if it is possible, I want to ask:

  • For each edition of D&D that the Shadar-kai appeared in, what were they? Human? Elf? Something else?
  • I’d also be curious to know, briefly, what they were like, since in 4e/5e they live in the Shadowfell and serve the Raven Queen, but in previous editions the Shadowfell/Raven Queen didn’t exist, so what were they all about instead? Again, only very briefly, since this isn’t the main point of this question.
  • For each of these editions, is there any official lore justification for why the race changes? Or is it more like the previous lore was just disregarded and overwritten (such as in the case of 4e -> 5e, where 5e just seems to forget that they were ever human in 4e)? Again, I’m looking for in-universe lore, not designer-reasons.

Since the Forgotten Realms wiki has confused me, I would prefer people to cite from official source book and Dragon magazines and similar, rather than wiki websites like that one.