How to manage page caching to serve different AdSense units for Mobile and Desktop

I’m trying to cache the pages of my website, which are responsive and show the same contents for Desktop and for Mobile, with the exception of the location of the AdSense units if the visit is from Desktop or from Mobile:

  • for Desktop, I place the first ad (a 728×90 banner) just under the page title
  • for Mobile, the first ad is a below-the-fold 300×250 unit

The rest of the HTML contents are identical, except the AdSense code for the first ad. So I cannot cache the pages and I must query the database with the consequent load increment.

I wondered if any of you had similar experiences. Would you place the same AdSense code (e.g. responsive units) for the first ad (for both Desktop and Mobile), just in the below-the-fold of the mobile pages?

How effectively can a trancing Elf serve night watch?

Experienced DM, new to 5e. Dealing with a party that includes two Elves. Party did not establish a night watch. Dice dictated an overnight raid of the party’s provisions. Seems fair to give the Elves a chance of hearing the activity, although being situated 50′ away, it would not be great. However, having two of them should boost the math a little.

What is fair to do here, given 5e rules?

Nginx not able to serve subdomain on same server as domain

On my nginx server (ubuntu 18.04), I want to host domain.com and apis.domain.com, where domain.com is one index.html file and apis.domain.com is a proxy to my node js api, which is running on port 3001.

I have 2 files in /etc/nginx/sites-available folder called domain.com and apis.domain.com and here are the contents from those files.

// domain.com server {         listen 80;         listen [::]:80;          root /var/www/domain.com/html/production;         index index.html          server_name domain.com www.domain.com;          location / {                 try_files $  uri $  uri/ =404;         } }  // apis.domain.com upstream domain_apis {         server 127.0.0.1:3001;         keepalive 64; }  server {     listen 80;     server_name apis.domain.com;   location / {         proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;         proxy_set_header X-Real-IP $  remote_addr;         proxy_set_header Host $  http_host;          proxy_http_version 1.1;         proxy_set_header Upgrade $  http_upgrade;         proxy_set_header Connection "upgrade";          proxy_pass http://domain_apis/;         proxy_redirect off;         proxy_read_timeout 240s;     } } 

when I hit domain.com, things are working fine. But when I hit apis.domain.com, it serves the page from domain.com root folder. I have replaced reverse proxy with simple server with another subdomain, but it always serves the root domain.

Any ideas on how to debug this and how to check if requests are hitting the correct block?

With the existance of CORS, what further purpose does same origin policy serve?

I’ve been using CORS for a while and I think I understand it. But as far as I can tell, because the allow-origin header is provided by the server being called, which an attacker can control as they see fit, same origin policy cannot prevent an injected script from calling an attackers server.

Furthermore, by using my own server as a proxy, and spoofing headers, I can essentially make any HTTP call to any server in the world, regardless of their CORS settings.

Assuming an attacker can do whatever they want with their server, does this mean that same origin policy is dead?

Serve all pages over https not just homepage

I want to serve all of my website pages over https, but currently my htaccess only serves the homepage over https.

This is the code I have in my htaccess file:

<IfModule mod_rewrite.c>   RewriteEngine on   RewriteCond %{HTTPS} !on   RewriteRule ^(.*)$   https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> 

If you go to the following page it is served still over http: http://www.coerll.utexas.edu/spintx/video/1506

But the homepage is served over https: http://www.coerll.utexas.edu/spintx/

What am I doing wrong?

How did a malicious website managed to serve me the app that is running on my local apache server?

Today I accidentally miss-typed a popular’s website domain, which led me to a malicious website. I realized immediately but before I had time to close the tab, I was surprised to be presented with the web app that I am running locally on apache. The webpage was identical to my webapp but all links were pointing to the malicious website.

I do not understand how this can happen. Here is some relevant info:

OS:

Ubuntu 16.04 LTS 

Apache version:

Server version: Apache/2.4.18 (Ubuntu) Server built:   2019-09-16T13:13:53 

The web app is a PHP7.0 Symphony web application.

Netstat:

u@u:~$   sudo netstat -apn | grep apache tcp6       0      0 :::80                   :::*                    LISTEN      9711/apache2   

If I am understanding the netstat command correctly, apache is bound and listening to all ipv6 interfaces (I am not sure why IPv4 is missing?)

However I am behind a router which should block incoming connections (I have checked in my router that there are no port forwardings/open ports)

I am very confused (and alarmed) by this. Anybody has some idea how this could happen?

I am happy to provide more info/clarification. I imagine it is not allowed so I will not post the link to the malicious site, although some security professionals might be interested in checking it out?

What function does the “light” weapon property serve on the hand crossbow?

In the equipment section of the D&D basic rules, it lists “light” as a weapon property of the hand crossbow.

The “light” property offers the following attributes:

Light. A light weapon is small and easy to handle, making it ideal for use when fighting with two weapons. See the rules for two-weapon fighting in chapter 9.

So, this would mean I can use my hand crossbow in two weapon fighting… Great! However, in the TWF rules in chapter 9 it says the following:

When you take the Attack action and attack with a light melee weapon that you’re holding in one hand, you can use a bonus action to attack with a different light melee weapon that you’re holding in the other hand.

Two weapon fighting only applies to melee weapons! Why does the hand crossbow have the light property? What purpose is it serving?

Now with the addition of the Feats in the players handbook my question still remains. The feat for crossbow expert says the following:

Crossbow Expert
Thanks to extensive practice with the crossbow, you gain the following benefits:

  • You ignore the loading quality of crossbows with which you are proficient.
  • Being within 5 feet of a hostile creature doesn’t impose disadvantage on your ranged attacked rolls.
  • When you use the Attack action and you attack with a one-handed weapon, you can use a bonus action to attack with a loaded hand crossbow you are holding.

As you can see the feat replaces the Two weapon fighting rules, and so the light keyword is still not needed.

Can the network serve malware?

I had a infected device on the network so i took all the machines besides the router offline and reinstalled the operating system from a clean copy and then scanned each one after bringing them back online without internet once i thought they were all clean i brought them back on the network applied updates downloaded and configured my firewall setup the DNS servers applied full disk encryption once again created new limited user accounts and setup new passwords and emails and setup my antivirus software i also configured automatic updates for both the operating system and antivirus i am also starting to monitor network requests is there anyway my network can get reinfected? Could the router serve malware? If so how could i detect if the router is serving malware and remove it? One more question related to Android security let’s say i have a Android phone and i click on a malicious website and download malware and i boot the phone into recovery and reset the phone could the phone still be infected some how? If so how do i detect the infection and remove it? Also how can i better secure my computers/phones and the network in general

php serve command error in laravel project

I just installed laravel with all the requirements (php,composer,nodejs) and created a new broject called blog, now when i run php artisan serve it returns an error sayingsutoload.php does not exist in the directory. see error below…

PHP Warning:  require(/home/tibsis/.config/composer/vendor/laravel/installer/blogg/vendor/autoload.php): failed to open stream: No such file or directory in /home/tibsis/.config/composer/vendor/laravel/installer/blogg/artisan on line 18 PHP Fatal error:  require(): Failed opening required '/home/tibsis/.config/composer/vendor/laravel/installer/blogg/vendor/autoload.php' (include_path='.:/usr/share/php') in /home/tibsis/.config/composer/vendor/laravel/installer/blogg/artisan on line 18 

I tried copying the autoload.php file from the vendor folder and pasting into my “blogg” projects folder and still it did not work.

how do i fix this, would I have to reinstall everything from scratch?