Reusing Bearer Tokens in Test System

We are integrating into a system and I have some concerns over the security. As a test, I have taken a bearer token that was issued in a request 2 months ago and managed to perform a successful, authenticated request to the test system.

The live system blocks requests using older tokens, which is good. However, it suggests that the live system has the potential to be either storing older tokens or the potential (with maybe an unintentional change) to accept older tokens.

I’m quite concerned that the test system would be developed in a way that allows reuse of tokens. Should this be a concern and what are the potential implications?

Thanks in advance

reusing a used usb thumbdrive which formerly had a Xubuntu live system on it

I have an USB thumbdrive (16 GiB) which I recovered after I had a Xubuntu live system on it. First I wanted to change the partitions on it with gparted, but that did not work: The driver descriptor told that the physical blocksize was 2048 Bytes, however Linux told it were 512 Bytes.

I got out of this trouble by using sudo fdisk /dev/sdb1. Then I used the commands g, F, n, p, w of fdisk.

After this, stick still was not as I wanted it to be: there was an unknown file system on it. At least the thumbdrive had become accessible to gparted. Therefore I partitioned the thumbdrive anew and made a big fat32-partition with the partition name WinBoot on it, since I want to use it to make it a Windows bootstick. After I had defined the partition layout with 9 MiB unassigned at the beginning and another 9 MiB unassigned at the end and everything else in between one big fat32 partition. I clicked on the green hook to have it patitioned and formatted.

Now blkid tells about this thumbdrive

/dev/sdb1: UUID=”B242-0351″ TYPE=”vfat” PARTLABEL=”WinBoot” PARTUUID=”8025f481-3d3e-4038-a57b-f32200c5cfa7″

However, if I attach this thumbdrive to my computer, it mounts as

/media/username/Xubuntu 18.04.3 LTS amd64/

Thunar displays this directory as empty, as expected. Formerly, there was a Xubuntu 18.04.3 live system on this stick. But how does Xubuntu 16.04 (the operating system version with which this happens) know what was on the stick before? Why does it not mount it as /media/user/WinBoot?

What must I do to get rid of the old livestick name and let it automatically mount as /media/user/WinBoot?

Reusing binary assets using Git

We have multiple projects that are using common binary assets (e.g. images, sounds, 3D models etc.) stored in a folder on a server. Right now, each project adds these assets to their git repository. The result is that we have multiple copies of the same asset across different repositories, and if the asset changes, each of the teams must update them manually from the folder on the server.

We would like to better organize this asset pool, so that each repository stores a reference to a specific asset, such that they can be updated more easily, and thus prevent asset duplication.

How to do this best using git? We thought about submodules, but this would mean creating a submodule for each asset, which doesn’t scale well (we have thousands of assets, and each project uses 10-100 of them). Is there a way of creating a single repository with all assets, then selectively cloning some of them in each project repository, but maintaining the references to the asset repository so that they get updated when the original asset changes?

Re-using home partition from Ubuntu after I wipe and reinstall Debian

I wanted to install debian but not loose any of my data, was wondering if I could retain the same username meta and the home folder and wipe only my OS partitions.

I know this works when installing ubuntu over ubuntu, just wondering if this could be achieved when switching to debian as well.

I have tried re installing ubuntu by wiping only the OS partitions and leaving the home dir intact.

P.S.: I intend to create the exact same user meta and machine meta to bypass any file ownership and permission issues.

Best practice for re-using single view file for multiple pages with slightly different content

If you have a view file which you want to re-use for different pages which have, for example, slightly different page headings, is there a ‘best approach’ of the three below? (Considering separation of concerns, business/presentation logic, etc.)

As an example, if I have the same ‘What is your address’ page but for a number of different account types e.g. charity account, personal account, business account, etc. which need different page headings respectively.

(a) Pass in the specific page heading in the controllers

  • CharityAccountController: return h.view({ pageHeading: "What is the charity's registered address?"})
  • PersonalAccountController: return h.view({ pageHeading: "What is your address?"})
  • View file: <pageHeading>{{ pageHeading }}</pageHeading>

(b) Pass in an account type flag in the controller and have some conditional logic in the view to set the heading:

  • CharityAccountController: return h.view({ isCharityAccount: true })
  • PersonalAccountController: return h.view({ isPersonalAccount: true })
  • View file: <pageHeading> { if isCharityAccount } What is the charity's registered address? { else if isPersonalAccount } What is your address? { else … } </pageHeading>

(c) Use separate view files for each page, abstracting as much as possible to common ‘partials’

There may also be other page elements specific to account types e.g. hint text, validation error messages. And certain elements may need to be shown/hidden depending on the account type.

Re-using a google form sent data, avoiding entering all data

I am building a Google form to manage summer camp subscriptions. Each request must enclose parents and child data. The problem is, if a family wants to subscribe more than one child, the process must start from scratch and all parents data must be entered again. Could there be a way to reload (also with a Google Apps script) to form with partially prefilled data based on the previously sent data? Such as “do you want to send another request” question right before the submit, if yes, reload the form with pre-filled data… Keep in mind that the response sheet must contain one row per each child…. Any idea?

Reusing adopted storage

I have sdcard formated as adopted storage. I have also root and make a copy of encryption key which is in /data/misc/vold dir. I’m using it to access files on sdcard on PC with Linux. I’m planning to format /data partition and set up everything from beginning. Question is if I place same sdcard, with same content (formated previously as adopted storage) in phone and key file in /data/misc/vold from TWRP can I be able to access files on fresh system?

Squid ssl-bump not reusing server connections

I’m trying to do use HTTP connection pooling for a PHP app served by Nginx and fastcgi. Because of the fastcgi request lifecycle, I can’t easily reuse outbound HTTP connections between requests.

My thought was to use a local Squid proxy for this, configuring it to ssl-bump outgoing requests and set https_proxy= in the PHP env. When I tried this, following the example on the Squid wiki, Squid correctly handles the requests, but the request times are the same, and looking in Wireshark, it looks like there’s a new SSL connection handshake for each request, even though Squid should be able to reuse the connection.

This thread suggests that there are circumstances where the connection should be reused but wasn’t(?).

This is with Squid 3.5.27.

Should Squid support this? Are there other proxy servers that can ssl-bump and pool outgoing connections? Is there another approach I should look into?