[ Politics ] Open Question : I think CELEBS have below than average looks?

Is that weird? I mean if I go to my local university or gym, I think I would find a handful of cute guys and pretty women. So somehow Kim Kardashian is supposed to be hot as helI. Cardi B, Miley Cyrus, Justin Bieber, Travis Scott all look like average people to me. Even though they are supposed to be glamorous. Even they have all that make up on and photoshop pics Does anybody agree with me

What security arrangements do I need to think about when passing a password through my site server

I want to automate some of my home admin.

I’m writing a small-ish website, to do that. Written in C#/.NET, hosted on Azure, backed by an Azure SQL DB, codebase available publicly on GitHub.

One of the things that I’m going to want my site to do is log into a couple of other websites in Selenium and scrape some information.

I don’t want to have to worry about whether I’ve done password storage correctly, so I’m expecting to have the user (me! :D) enter the relevant password(s) into my site’s UI each time it wants to do this scraping.

So I’ll enter the relevant p/w into my site, in plaintext, which will be transmitted to the server in Azure, my code will briefly hold it in memory before plugging it into the Selenium UI of the destination site (again, in plain text).

I want to make sure that I’ve not made myself less secure by doing this.

What are my security considerations & solutions for this system?

I think that there are 4 attack vectors that I should be consider:

  1. Something snooping on the requests between my home PC and my Azure site.
  2. Something snooping on the requests between my Azure site and the destination site.
  3. Someone noticing the source code on GitHub.
  4. Someone gaining access to the Azure system.

And I think my solutions/responses to these things are:

  1. This is solved by implementing standard TLS for my site, as documented on OWASP.
  2. I assume that the destination site is inherrently securely set up (otherwise logging into it from my home PC is ALSO insecure, in which case my new system is no worse.). So all I need to do is to make sure that Selenium is respecting all the normal security of “a browser talking to a website”.
  3. I have control over write-access to the codebase. Read-only access to the code-base should never be a security risk, as you already assume that the attacker has full knowledge of the structure of your system. The codebase doesn’t know anything about the password, so I’m not exposing anything there.
  4. Would depend on what it is that they can do in there… If they can see the Database, that’s not a problem since the password never gets put there. If they can monitor traffic, that’s no different from #1 and #2. If they can replace my executables they I’m irrevocably screwed because any protection I make can be un-done by changing the executable.

Based on the above:

  • I think that the first 2 have known solutions.
  • I think the 3rd isn’t a problem.
  • I think the last one isn’t solvable (but is also very unlikely to be a risk)

I can’t do anything that resembles sending a hash of the password (rather than the password itself), because I fundamentally need my server code to have the plaintext password so that it can give it to the destination site UI.

I could try to do some encryption of the password, in my browser (or in my head) and have my site decrypt it. But either I use proper, safe encryption where knowing the mechanisms and encryption keys doesn’t help … in which case I think I’m just re-implementing TLS, and will probably do a bad job. Or I’m adding simplistic security-by-obscurity enciphering, which doesn’t achieve anything because the code-base is public (and hence so is the full de-ciphering mechanism & key).

Is my analysis and understanding correct?

What’s the right way to think about a CGF symbol with an infinite null derivation?

I’m curious about the right way to characterize symbol A in a CFG like this one:

A -> A B A -> x B -> y B -> ε // empty 

B is certainly nullable. However, should A be considered nullable? It feels like the answer is probably “no” (and most first-follow implementations I’ve seen either agree or crash on this). However, you can derive an infinitely large parse tree for the null symbol sequence like A -> A(A(A(...) B()) B().

Fan speed, high CPU usage, think it’s GPU not working

So since last night (I think i was changing drivers and what not, once gave me an error and I had to force shutdown by pressing down the power key on my laptop) my CPU usage is really high whenever I watch a youtube video or something like that, and the speed of the fans gets really high, but I never had that problem before, for example, when watching a simple youtube video and nothing else besides it, the CPU usage is like this:

Image 1

And the fan speed gets really high. I was fiddling around and found that my nvidia wasn’t actually being used as the primary card (or something? I’m not really a tech guy)

Image 2

However I had tried to put in the terminal “nvidia-setting” and chose to use nvidia (high performance) instead of intel graphics but didn’t work… (I have driver 390 for nvidia and yes I rebooted after making the system change).

Can someone help me please? I can’t do anything before the fans go crazy…

Shipping is calculated in checkout no postcode. I think I’ve figured out why

My shipping module is getting a postcode even though postcode is not set in the cart.

  • This is for a new cart created from an guest customer.
  • Magento 2.3/Ubuntu Server
  • All Magento Default Shipping Modules Disabled, Running Custom Module.

In my shipping module, using xdebug, I saw that:

$ request->getDestPostcode(); // Defaults to value from Tax Calculation in admin backend.

I’ve isolated this value to be from:

http://Base_url/admin/admin/system_config/edit/section/tax/ postcode set here

Can someone confirm/reproduce this? Github Issue #18630

How to think about dual space of a certain space of Lipschitz functions

Consider the following Banach space (for concreteness):

$ $ X=Lip(\bar{\mathbb{B}}^n)=\{f\in C^0(\bar{\mathbb{B}}^n): \Vert f \Vert_L<\infty \}$ $ where $ $ \bar{\mathbb{B}}^n=\{\mathbf{x}\in \mathbb{R}^n: |\mathbf{x}|\leq 1\} $ $ is the closed ball and $ $ \Vert f \Vert_L=\sup_{\bar{\mathbb{B}}^n}|f| +\sup_{\mathbf{x}\neq \mathbf{y}\in \bar{\mathbb{B}}^n} \frac{|f(\mathbf{x})-f(\mathbf{y})|}{|\mathbf{x}-\mathbf{y}|} $ $ is one of the usual versions of a lipschitz norm.

I’m curious what is the best way to think about the (topological) dual space $ X^*$ of $ X$ as this space is a bit mysterious to me.

For instance, it’s clear that any finite (signed) measure on $ \bar{\mathbb{B}}^n$ can be thought of as an element of $ X^*$ , but one should also have elements that look like differences of infinite measures whose supports are sufficiently close and whose “relative mass” is finite. Are there other natural elements?

Any references (in particular those that are more concrete and less abstract) would be appreciated.