Is running bash script that is taking arguments from site dialog box a good idea?

I’m building a site that will use youtubeAPI to keep track of playlist changes. In order for 3rd party to use it I would supply a dialog box in which user would type his/hers playlistID – this would be read and then put as an argument into bash script that in turn runs curl/python scripts to connect with API (ran on my machine) and another bash script that would mkdirs on my disk.

Does this potentially endanger me/my files somehow ? Can someone input some magic command that would do “rm * -f” or similar malicious endeavor ? Should I use some external server instead of my machine ?

I know nothing about security, Ive read few topics here but didnt find similar problem.

How many times is taking mfcuk to find a key

I would like to copy a VIGIK RFID badge. It’s MIFARE type badge. I’ve an ARC122 USB reader / writer and my OS is Linux like. I compiled mfoc and mfcuk successfully. First I tried to copy the badge with mfoc using this command:

mfoc  -P 500 -O Matrice.dmp 

And I’ve got this error :

    Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target:     ATQA (SENS_RES): 00  04   * UID size: single * bit frame anticollision supported        UID (NFCID1): 63  0e  43  bc         SAK (SEL_RES): 08   * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 .../... mfoc: ERROR:  No sector encrypted with the default key has been found, exiting.. 

After a search on the web, I found I’ve to use mfcuk tool like this for find a key :

mfcuk -C -O Matrice.dmp -R 0:A -s 250 -S 250 -v 3 

But it’s taking hour without result. How to do that quicker ?

Does using an Owl’s “Talons” action while Wild Shaped count as taking the Attack action?

First, a reason this might matter would be a multiclassed Druid/Monk using Wild Shape and hoping to use Flurry of Blows, the latter of which states:

Immediately after you take the Attack action on your turn, you can spend 1 ki point to make two unarmed strikes as a bonus action.

So say we are transformed, via Wild Shape, into an Owl and we use our “Talons” action. Can we then use Flurry of Blows?


I’m unsure what the case is given that the Monster Manual states (page 10):

When a monster takes its action, it can choose from the options in the Actions section of its stat block or use one of the actions available to all creatures, such as the Dash or Hide action, as described in the Player’s Handbook.

“Talons” is not one of the actions available to all creatures, but the Attack action is so I’m unsure whether Talons also counts as the Attack action and if so, why/how?

In addition the Essentials Kit describes the “Use a Special Ability” action as follows (page 36):

Many class features give you special ways to use your action. Monsters also have their own special actions, as described in their stat blocks.

Are these “special actions” things like “Talons” or is “Talons” a use of the Attack action?

Can a Monk use Flurry of Blows while under the effects of Wild Shape; are actions such as the Owl’s “Talons” considered the Attack action?

Taking advantage of subdomains for refresh token rotation in SPAs

Say I have three components in a system:

  1. An identity service, hosted at identity.mydomain.com
  2. A single page application, served from app.mydomain.com
  3. An API, protected by requiring a bearer token signed by identity.mydomain.com

In the single page application, would it be considered secure to keep an access token in memory, and a rotating refresh token (set by identity.mydomain.com, marked with all the expected security attributes as well as SameSite=strict) in a cookie? The refresh token would rotated similarly to this auth0 article here: https://auth0.com/docs/tokens/concepts/refresh-token-rotation

My thinking for the flow would be as follows:

  1. User visits app.mydomain.com
  2. The SPA sends a request to the token endpoint of identity.mydomain.com
  3. identity.mydomain.com returns 401 because there is no refresh token cookie
  4. SPA redirects user to identity.mydomain.com
  5. User authenticates
  6. identity.mydomain.com sets a refresh token cookie (with HttpOnly, Secure, SameSite=Strict) valid for .mydomain.com (all subdomains)
  7. User is redirected back to app.mydomain.com
  8. app.mydomain.com sends a request to the token endpoint of identity.mydomain.com
  9. identity.mydomain.com receives the cookie, because it is on the same overall domain.
  10. identity.mydomain.com sets a new refresh token cookie, invalidates the old one, and returns a very short-lived access token
  11. app.mydomain.com can then store that access token in memory and use it to call the API at service.mydomain.com.
  12. access token expires, so the SPA sends another request to identity.mydomain.com/token to refresh the tokens and the cycle continues.

I can’t see a way this would be particularly vulnerable – the refresh token wouldn’t be available to JS due to its protected attributes, and even if it is retrieved somehow the rotation should ensure it’s not used more than once. The SameSite=true attributes should also protect against CSRF. I’d make the refresh token also a signed JWT so the identity service can validate it and make sure it is issued by the correct authority as well.

If this is insecure, I’ve definitely misunderstood something somewhere down the line – so please could you explain why?

How do I input a 2d matrix when no spacing is given in adjacent elements while taking the input in c++?

Thanks for looking over, so I’m trying to take a nxn matrix as input where in the input is in the following format example :

4 1123 3442 5632 2444 

you see the input format that’s my problem I don’t want those elements to be stuck together and c++ is reading the rows as if each of the row is a number which means “cin” is reading only n elements and I expect it to read all n×n elements to be read separately. Pardon me if the question wasn’t upto the mark as this is my first question.

Taking some terms from a polynomial

I have a polynomial like this:

ser = 1 - x/2 - x^2/8 - x^3/16 + y/2 + (3 x y)/4 + (23 x^2 y)/16 + ( 27 x^3 y)/32 - y^2/8 - (31 x y^2)/16 - (127 x^2 y^2)/64 - ( 351 x^3 y^2)/128 + y^3/16 + (35 x y^3)/32 + (407 x^2 y^3)/128 + ( 1915 x^3 y^3)/256; 

Now I want to extract the terms with total degree smaller than 4. Using patterns, I can realize the goal.

Cases[ser, (_*x^m_.*y^n_. /; m + n < 5) | (_?NumericQ*y^j_. /; j < 5) | (_?NumericQ*x^i_. /; i < 5) | _?NumericQ] 

But I think my method is a little tedious. I have two questions: 1. can my method be simplified? 2. are there other simple methods to do the job?

Is destructuring a heap (taking down a heap) also O(n) like building a heap? If so, can the selection problem be solved by this method in O(n) time?

If we can build up a heap with time O(n), can we take down a heap also by O(n)? (by delete-max repeatedly).

Intuitively, it may feel it is, because it is like the reverse of build it up.

If building a heap is O(n) in the worst case, including the numbers are all adding by ascending order, then taking the heap down is exactly the “reverse in time” operation, and it is O(n), but this may not be the “worst case” of taking it down.

If taking down a heap is really O(n), can’t the selection problem be solved by building a heap, and then taking it down (k – 1) time, to find the kth max number?

Is Artificial intelligence simply taking decisions on the basis of values produced by a machine learning model

I am researching on AI and its working. Whenever I try to search for AI algorithms, ML algorithms come up. Then, I read the differences between ML & AI. One of the key points mentioned was “AI is decision making” & “Machine learning is generating values and learn new things”.

I come up with a conclusion that ML allows us to take generate some sort of values and using AI we can make decisions with those values.

But I am confused with “The weather forecast” problem. Our machine learning model will directly generate the decision that will it rain or not? Is our ML model lies in the AI domain or I am wrong? Help me!