I’m building a site that will use youtubeAPI to keep track of playlist changes. In order for 3rd party to use it I would supply a dialog box in which user would type his/hers playlistID – this would be read and then put as an argument into bash script that in turn runs curl/python scripts to connect with API (ran on my machine) and another bash script that would mkdirs on my disk.
Does this potentially endanger me/my files somehow ? Can someone input some magic command that would do “rm * -f” or similar malicious endeavor ? Should I use some external server instead of my machine ?
I know nothing about security, Ive read few topics here but didnt find similar problem.
I would like to copy a VIGIK RFID badge. It’s MIFARE type badge. I’ve an ARC122 USB reader / writer and my OS is Linux like. I compiled mfoc and mfcuk successfully. First I tried to copy the badge with mfoc using this command:
mfoc -P 500 -O Matrice.dmp
And I’ve got this error :
Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 04 * UID size: single * bit frame anticollision supported UID (NFCID1): 63 0e 43 bc SAK (SEL_RES): 08 * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 .../... mfoc: ERROR: No sector encrypted with the default key has been found, exiting..
After a search on the web, I found I’ve to use mfcuk tool like this for find a key :
mfcuk -C -O Matrice.dmp -R 0:A -s 250 -S 250 -v 3
But it’s taking hour without result. How to do that quicker ?
First, a reason this might matter would be a multiclassed Druid/Monk using Wild Shape and hoping to use Flurry of Blows, the latter of which states:
Immediately after you take the Attack action on your turn, you can spend 1 ki point to make two unarmed strikes as a bonus action.
So say we are transformed, via Wild Shape, into an Owl and we use our “Talons” action. Can we then use Flurry of Blows?
I’m unsure what the case is given that the Monster Manual states (page 10):
When a monster takes its action, it can choose from the options in the Actions section of its stat block or use one of the actions available to all creatures, such as the Dash or Hide action, as described in the Player’s Handbook.
“Talons” is not one of the actions available to all creatures, but the Attack action is so I’m unsure whether Talons also counts as the Attack action and if so, why/how?
In addition the Essentials Kit describes the “Use a Special Ability” action as follows (page 36):
Many class features give you special ways to use your action. Monsters also have their own special actions, as described in their stat blocks.
Are these “special actions” things like “Talons” or is “Talons” a use of the Attack action?
Can a Monk use Flurry of Blows while under the effects of Wild Shape; are actions such as the Owl’s “Talons” considered the Attack action?
Say I have three components in a system:
- An identity service, hosted at
- A single page application, served from
- An API, protected by requiring a bearer token signed by
In the single page application, would it be considered secure to keep an access token in memory, and a rotating refresh token (set by
identity.mydomain.com, marked with all the expected security attributes as well as SameSite=strict) in a cookie? The refresh token would rotated similarly to this auth0 article here: https://auth0.com/docs/tokens/concepts/refresh-token-rotation
My thinking for the flow would be as follows:
- User visits
- The SPA sends a request to the
token endpoint of
identity.mydomain.com returns 401 because there is no refresh token cookie
- SPA redirects user to
- User authenticates
identity.mydomain.com sets a refresh token cookie (with HttpOnly, Secure, SameSite=Strict) valid for
.mydomain.com (all subdomains)
- User is redirected back to
app.mydomain.com sends a request to the
token endpoint of
identity.mydomain.com receives the cookie, because it is on the same overall domain.
identity.mydomain.com sets a new refresh token cookie, invalidates the old one, and returns a very short-lived access token
app.mydomain.com can then store that access token in memory and use it to call the API at
- access token expires, so the SPA sends another request to
identity.mydomain.com/token to refresh the tokens and the cycle continues.
I can’t see a way this would be particularly vulnerable – the refresh token wouldn’t be available to JS due to its protected attributes, and even if it is retrieved somehow the rotation should ensure it’s not used more than once. The SameSite=true attributes should also protect against CSRF. I’d make the refresh token also a signed JWT so the identity service can validate it and make sure it is issued by the correct authority as well.
If this is insecure, I’ve definitely misunderstood something somewhere down the line – so please could you explain why?
If say my initiative put me first, but I wanted to attack after a certain event, can I use my action as a reaction to use my attack actions(multiple attacks) and bonus action after a certain specified circumstance? Or do I only get one attack and no bonus actions if I use the reaction?
Thanks for looking over, so I’m trying to take a nxn matrix as input where in the input is in the following format example :
4 1123 3442 5632 2444
you see the input format that’s my problem I don’t want those elements to be stuck together and c++ is reading the rows as if each of the row is a number which means “cin” is reading only n elements and I expect it to read all n×n elements to be read separately. Pardon me if the question wasn’t upto the mark as this is my first question.
I have a polynomial like this:
ser = 1 - x/2 - x^2/8 - x^3/16 + y/2 + (3 x y)/4 + (23 x^2 y)/16 + ( 27 x^3 y)/32 - y^2/8 - (31 x y^2)/16 - (127 x^2 y^2)/64 - ( 351 x^3 y^2)/128 + y^3/16 + (35 x y^3)/32 + (407 x^2 y^3)/128 + ( 1915 x^3 y^3)/256;
Now I want to extract the terms with total degree smaller than 4. Using patterns, I can realize the goal.
Cases[ser, (_*x^m_.*y^n_. /; m + n < 5) | (_?NumericQ*y^j_. /; j < 5) | (_?NumericQ*x^i_. /; i < 5) | _?NumericQ]
But I think my method is a little tedious. I have two questions: 1. can my method be simplified? 2. are there other simple methods to do the job?
What got you interested in computer science,what do you study in highschool’s, what do you do at your job and whats your name?
If we can build up a heap with time O(n), can we take down a heap also by O(n)? (by delete-max repeatedly).
Intuitively, it may feel it is, because it is like the reverse of build it up.
If building a heap is O(n) in the worst case, including the numbers are all adding by ascending order, then taking the heap down is exactly the “reverse in time” operation, and it is O(n), but this may not be the “worst case” of taking it down.
If taking down a heap is really O(n), can’t the selection problem be solved by building a heap, and then taking it down (k – 1) time, to find the kth max number?
I am researching on AI and its working. Whenever I try to search for AI algorithms, ML algorithms come up. Then, I read the differences between ML & AI. One of the key points mentioned was “AI is decision making” & “Machine learning is generating values and learn new things”.
I come up with a conclusion that ML allows us to take generate some sort of values and using AI we can make decisions with those values.
But I am confused with “The weather forecast” problem. Our machine learning model will directly generate the decision that will it rain or not? Is our ML model lies in the AI domain or I am wrong? Help me!