Text symbols in the navigation menu

Just faced the following issue. The problem is when I paste the font-awesome code in my navigation menu point I see the text <i class="fa fa-shopping-cart" aria-hidden="true"></i> (screenshot attached) instead of icon.

enter image description here

And I am faced with such a problem for the first time – I never faced this issue on all my previous websites. FontAwesome is successfully integrated – I can see all icons inside my website content.

I tried to:

  • deactivated my custom theme and activated WP default themes
  • deactivated all my plugins
  • cleaned cache etc
  • checked my .htaccess file

But unfortunately nothing helped.

How to hide Kernel Symbols in Linux Kernel Image? Recompliation?

Why hide kernel symbols?

Quote

Anyone with basic knowledge of kernel exploitation knows how important information gathering is to reliable exploitation. This protection hides the kernel symbols from various places that an attacker could use during information gathering in pre-exploitation stage. … This option also prevents leaking of kernel addresses through several /proc entries.

Bug Classes/Kernel pointer leak

Some places are obvious. /proc/kallsyms can be constrained through sysctl kernel.kptr_restrict=2. Access to folder /boot can be restricted through linux file permissions to root only and with apparmor even be hidden from root. AppArmor FullSystemPolicy (apparmor-profile-everything) Also other places such as /lib/modules, system.map, and the kernel source directory.

For the sake of asking a very specific question, please ignore other places where kernel symbols might leak. If want to enumerate them, please ask your own question, wait until I ask or add a comment.

My very specific question is around the following Quote:

The kernel […] is not precompiled by some distribution

This is because kernel symbols can be extracted from the kernel image. There are Open Source tools for that.

(That quote is about grsecurity but I am asking about non-grsecurity, i.e. the regular kernel from kernel.org here.)

Kernel images from public repositories such as packages.debian.org are well known by attackers. Attackers could simply hardcode the symbols addresses and thereby counter effort such as kernel.kptr_restrict=2.

To prevent kernel pointer leaks, the kernel image cannot be in a public known state. It needs to be unique, private as far as I understand. One needs to compile the kernel oneself.

Reproducible builds are an amazing effort of increasing the security for everyone. However, in this case reproducible builds would result in again ending up with a kernel with symbol addresses well predictable by attackers because the Debian linux kernel is already reproducible, mostly reproducible or in future fully reproducible (I didn’t follow up where development is regarding that).

How to hide kernel symbols of the linux kernel image (vmlinux) from an attacker? How to make sure my kernel has unique kernel symbols? Is there a kernel boot parameter for that? Or is it possible to somehow supply the kernel with a random file so it can randomize its symbols? Or is there some way to recompile the kernel in a way it would have unique symbol addresses?

HTML element: quotation symbols not selectable?

To include a quotation in HTML, one could simply use quotation symbols:

<p>“Yes,” he said.</p> 

Alternatively, one could use the inline quotation element:

<p><q>Yes,</q> he said.</p> 

Using the inline quotation element has some advantages, e.g., it provides additional semantic information to any person or machine reading the HTML code.

However, I noticed something that seems to me like a severe disadvantage of the inline quotation element. In all the browsers I’ve tried, although quotation symbols are rendered, it is not possible to select the quotation symbols. Screenshot of quotation symbols not being selected

In Chrome and Edge, predictably, this means that the quotation symbols are omitted if the user copies and pastes. In Firefox, interestingly, quotation symbols are inserted in the pasted text, even though they do not appear to be selected.

This behavior seems jarring for the user. Is it really the best practice for quotations in HTML? When, if ever, should developers use the inline quotation element?

Which symbols are safe with regards to SQL injection / XSS / other injections attacks?

I have an input field in web that is being saved to a storage via API. This field can be shown in other systems that I do not have control over and that’s why I would like to limit what is allowed to write in the field but allow some common special characters for convenience.

This is what I came up with:

  • Alphanumeric
  • Space
  • .,()-:

I would like to check if this is “safe” enough with regards to XSS injection, SQL injection and eventually any other things I did not think about.

P.S. I do know that this is not the right way to prevent an attack and I only need this because data use will be out of my control.

Is an error-correcting code where the parity symbols are interleaved with the data symbols considered systematic?

According to the Wikipedia entry, a systematic code is one

in which the input data is embedded in the encoded output. Conversely, in a non-systematic code the output does not contain the input symbols.

Further down on the same page, it says:

For a systematic linear code, the generator matrix, $ G$ , can always be written as $ G = [ I_k | P ]$ where $ I_k$ is the identity matrix of size $ k$ .

Consider a systematic code with 4 data symbols ($ D_i$ ) and 2 parity symbols ($ P_i$ ):

$ (D_0 D_1 D_2 D_3 \boldsymbol{P_0} \boldsymbol{P_1})$

If we re-order the output symbols such that the parity symbols are interleaved with the data symbols, we get an equivalent code, for example:

$ (D_0 D_1 \boldsymbol{P_0} D_2 D_3 \boldsymbol{P_1})$

Would that code still be considered systematic? Clearly, the output does contain the input symbols, but I think the generator matrix could not be written as $ G = [ I_k | P ]$ .

Is an error-correcting code where the parity symbols are interleaved with the data symbols considered systematic?

According to the Wikipedia entry, a systematic code is one

in which the input data is embedded in the encoded output. Conversely, in a non-systematic code the output does not contain the input symbols.

Further down on the same page, it says:

For a systematic linear code, the generator matrix, $ G$ , can always be written as $ G = [ I_k | P ]$ where $ I_k$ is the identity matrix of size $ k$ .

Consider a systematic code with 4 data symbols ($ D_i$ ) and 2 parity symbols ($ P_i$ ):

$ (D_0 D_1 D_2 D_3 \boldsymbol{P_0} \boldsymbol{P_1})$

If we re-order the output symbols such that the parity symbols are interleaved with the data symbols, we get an equivalent code, for example:

$ (D_0 D_1 \boldsymbol{P_0} D_2 D_3 \boldsymbol{P_1})$

Would that code still be considered systematic? Clearly, the output does contain the input symbols, but I think the generator matrix could not be written as $ G = [ I_k | P ]$ .

Whats the best naming convention for items inside a list/cell using Sketch symbols?

The symbols included in Sketch have this structure for cells (used in list/table):

  • Insert > Symbols > iOS UI Design > Cells > Table
  • Insert > Symbols > iOS UI Design > Overrides > Cells

Using the word “Overides” makes sense from a Sketch perspective as it explains the function in Sketch, though it does not explain well the placement and usage of the items in the table view cell. Ex. the chevron or toggle switch is usually inside a cell. Also, it pretty confusing having loads of different symbols used across different views under “Overrides”.

enter image description here

This what the cell looks like: enter image description here

I am therefore trying to figure out what the best naming would be. In iOS https://material.io/components/lists/#behavior they would be objects, while as far as I can see, Material Design doesn’t have one unifying word for this https://material.io/components/lists/#behavior

Words that I find could describe the items could be:

  • elements
  • components
  • properties
  • objects

Of these, I find “elements” would be best. What do you call these items that make them easy to find and that one understands that these items are to be used inside a cell?