Countering a system killing UID/GID=0 processes in Android

Suppose that there were a security system in an Android kernel meant to prevent exploits that have arbitrary kernel memory read/write from getting root privileges. This system,

  1. Kills a process by using force_sig() with SIGKILL if the process UID or GID is 0 and if the system decides it shouldn’t be.
  2. Depends on kernel variables that are read-only after init. (on/off status)

If we assume that the system decides with complete accuracy in [1] above, and KASLR is not present on the device, what can an exploit do to counter this system and get root IDs?

What I can think of:

  1. Disabling SIGKILL temporarily:
    If SIGKILL can be disabled temporarily (or even permanently until reboot) then the system is essentially useless, but I have yet to find a way to disable SIGKILL through kernel memory write.
  2. Disabling the system by flipping the read-only bits somehow:
    This is unlikely to be possible but included for the sake of completeness.
  3. Editing the text sections of kernel memory to patch the functions:
    Also unlikely to be possible because the text section is read-only.

Checkout system with offline payments

I’m trying to find the best way to handle offline payments (e.g. internet bank transfer) into a site which offers services like courses.

At present there is a course registration form, when successfully completed the user receives a confirmation screen and email which states that payment is required, confirms the amount and bank account details.

I’m concerned that when a user completes this process it may feel as though they have achieved a booking or reservation, regardless of the information that follows.

For management a difficulty is that once the checkout is completed it takes a minimum of 24-48 hours before the payment can be confirmed. Also, the user may choose to not pay immediately (or at all). During this time the list contains unpaid booking requests, and it’s proving hard to manage the attendee list and be sure of who is coming.

I’m wondering if anyone has encountered this problem before and if there is a better way to handle the checkout process.

More information:

The UX objective is to have an easy to use system for a user to create a course booking, where if they choose to pay ‘offline’ it is clearly understood that there is no reservation of a place until the payment has been made.

It could simply be that a standard process like the current one is fine, we just need to work the copy so that it communicates this well.

Another possibility I’ve considered is a system where ‘offline’ payments are completed before the booking form is completed, identified using a unique code sent via email. This might better reflect reality but it would also be pretty unusual and could put people off.

What is this RPG system which is based on character’s character not stats?

I read a review of a system to do with the walking dead, last week or so, but I have lost the reference to it.

It was a system which rather than using Strength, Dexterity, etc. used Motivations and Careers and so on.

The example it gave was from the Walking Dead – I have no idea who is stronger between Darryl and Rick but I can tell you what is different between their personalities.

I quite liked this idea and want to include it in a homebrew game, but cannot quite remember the details. Does anyone recognise a game like this or used this mechanic before?

Is this system for calculating the PC’s level to receive Lycanthrope, accurate or balanced?

It tells in the Monster Manual how a PC can become a Lycanthrope and what mechanical differences it makes, but as far as I can see it doesn’t say anything about what level the character should be at or how it would effect Combat Encounter Calculations.

Some of the ability’s a PC would get become redundant at high levels but would be completely broken at lower levels (most notable it’s damage immunity’s), Is there a Rule of Thumb or maybe something written in one of the supplement books that would determine what effects lycanthropy would have at different levels.

Some of the things I’ve calculated are…

  • A PC character can gain access to Polymorph at 7th level, since a lycanthrope has a limited polymorph as one of its abilites, combining that with the other advantages it gets would indicate the Level 7 would be the best level for Were-PC.
  • Monk’s and Circle of the Moon Druids gain access to their respective “your attacks count as magical for the purposes of overcoming resistances” meaning they’ll start facing creatures with similar damage immunites to the lycanthrope , combining that with the other advantages it gets would indicate the Level 7 would be the best level for Were-PC.
  • According to some brief CR calculations (using the DMG) the higher CR Lycanthropes seem like even fights with a 7th or 8th level Party, while lower CR’s look good for a 4th or 5th level party so depending of the Lycanthropy, a Were-PC would be fine anyway between 4th to 9th Level PC.

Based of the Calculations above I assume that creating a Were-PC at level 10 or Higher is fine (If the Player want’s it), but below level 5 is too powerful, between Levels 5 and 10 a player’s Level should match or surpass the CR of the Lycanthrope + 5 in order to have it, otherwise it might be too powerful.

This is all assuming the PC “embraces the curse” and the DM allows the player to use it freely. Assuming the opposite you could subtract 5 from the players level when using the calculations above.

As for Calculating Combat Encounters a PC should be considers 1 level higher than their player level when working out Combat encounters until they become level 11 or higher in which case treat them like a normal PC

Does all that make sense? Is it a good system or is there some fact that I’m missing? Does this adequately answer What level should a Lycanthrope PC be? Would any of this be different if you where creating a character at a different level?

Are there any standardized questionnaires available for asking adults about their opinion on the suitability of a system designed for children?

My team and I have developed an augmented reality app for children (primary school students).

I would like to get their teachers’ opinions about the usability of the system in the context of their students.

First, I thought about using standardized questionnaires like System Usability Scale or User Experience Questionnaire but those are designed for asking the actual user of a system and furthermore, I actually don’t want too much focus on the usability rather than on their opinion about the suitability of the system for children.

I am wondering if there are any standardized questionnaires available for cases like that.

How to explain the authorisation of the system to users

The problem I currently have is: users do not understand the authorisation of the system well (i.e. what a user can do in the system depending on his roles and other things, not to be confused with authentication).

The situation:

We are developing a business system, and the business requirements towards authorisation are unfortunately rather complex.

Now, users often are confused at why they cannot see a certain object another colleague sent them, or why they cannot edit certain objects. They often ask us to tell them the roles that they currently have, but that actually doesn’t really make it understandable for them. Then they want to know what roles in what configuration they would need for XYZ.

The authorisation works as follows:
Users request a role in a central role management system according to their process roles. During the request, they additionally have to select certain attributes for the role which denotes for which parts they are actually working in that role.
Our system then maps their roles to rights. Additionally, these rights may have conditions on the attributes the users selected for their role.

My request therefore:

Does anyone have examples or ideas of how it could be made more transparent to the user, so that they

  1. understand why a certain action is restricted to them
  2. know what roles in what configuration they would need to enable them to do what they wanted to.

Singularity or stiff system in NDSolve

I have the following piece of code

(*UV cuttoff*) rmax = 10; (*Fixed input values*) nc = 4; nf = 4; (*Value of \[Alpha]1*) \[Alpha]1 = 0.95;  b0 = 1/(6 \[Pi]) (11 nc - 2 (nc + 2) nf) ;  b1 =  1/(24 \[Pi]^2) (34 nc^2 - 10 nc (nc - 2) nf  -        6 (nc + 1) (nc - 2) (nc - 2) nf) ;  eqalp1 = alp1'[mu1] + (b0 alp1[mu1]^2 + b1 alp1[mu1]^3) == 0;   sol1 = NDSolve [{ eqalp1, alp1[0] == \[Alpha]1},     alp1, {mu1, 0, 10^24}];  alph1[mu1_] := First[Evaluate[alp1[mu1] /. sol1]]  alph1[mu1]; \[Alpha][mu_] := alph1[mu] 

It works fine if I choose nf=1,2,3 but when I set nf=4 and higher I get the following error message

error

I tried to solve the differential equation not from zero but from other points. Every time I get a similar error. I also tried changing the tuned input for \[Alpha]1 in the beginning of the code, but the same message persists.

Can someone suggest something to bypass this?