Can message length be useful information?

Suppose a packet is encrypted and sent via an insecure channel so that it is intercepted by a malicious third party as well as the intended recipient. As long as a suitable encryption scheme is used, the message should be (practically) uncrackable.

However, assuming that encryption preserves message length to a certain degree, the third party will gain some info about the size of the message. Is there any context in which knowing only a message’s length could be useful to a hacker? If so, what are some examples?

What questions are useful to scope a mobile app pen test?

When arranging a pen test it’s common practice to ask the client a set of questions, and use the answers either as the basis for further discussions, or to directly provide a test plan and quotation.

For a mobile app specifically, what questions are helpful to include? For example:

  • What platforms does the app support? e.g. iOS, Android
  • Was the app developed using a cross-platform framework? e.g. PhoneGap, Kivy
  • Does the app connect to it’s own back-end service? e.g. bespoke REST, Firebase
    • Do these connections use SSL pinning?
  • Does the app provide additional UI secuity? e.g. PIN, FLAG_SECURE
  • Does the app provide IPC interfaces? e.g. URL handler, intent
  • Does the app interface with hardware? e.g. bluetooth card reader
  • Is the app obfuscated?
  • How is the app delivered? e.g. public store, private app in store, alternate store, sideloading
  • What authentication is used? e.g. pairing, user name & password, connect with Facebook
  • How many views/pages does the app have?
  • What permissions does the app request?
  • Does the app make arbitrary network connections or listen on ports?

If you have any other ideas, please let me know!

What properties of a discrete function make it a theoretically useful objective function?

A few things to get out of the way first: I’m not asking what properties the function must have such that a global optimum exists, we assume that the objective function has a (possibly non-unique) global optimum which could be theoretically found by an exhaustive search of the candidate space. I’m also using "theoretically useful" in a slightly misleading way because I really couldn’t understand how to phrase this question otherwise. A "theoretically useful cost function" the way I’m defining it is:

A function to which some theoretical optimisation algorithm can be applied such that the algorithm has a non-negligible chance of finding the global optimum in less time than exhaustive search

A few simplified, 1-dimensional examples of where this thought process came from: graph of a bimodal function exhibiting both a global and local maxima

Here’s a function which, while not being convex or differentiable (as it’s discrete), is easily optimisable (in terms of finding the global maximum) with an algorithm such as Simulated Annealing.

graph of a boolean function with 100 0 values and a single 1 value

Here is a function which clearly cannot be a useful cost function, as this would imply that the arbitrary search problem can be classically solved faster than exhaustive search.

graph of a function which takes random discrete values

Here is a function which I do not believe can be a useful cost function, as moving between points gives no meaningful information about the direction which must be moved in to find the global maximum.

The crux of my thinking so far is along the lines of "applying the cost function to points in the neighbourhood of a point must yield some information about the location of the global optimum". I attempted to formalise (in a perhaps convoluted manner) this as:

Consider the set $ D$ representing the search space of the problem and thus the domain of the function and the undirected graph $ G$ , where each element of $ D$ is assigned a node in $ G$ , and each node in $ G$ has edges which connect it to its neighbours in $ D$ . We then remove elements from $ D$ until the objective function has no non-global local optima over this domain and no plateaus exist (i.e. the value of the cost function at each point in the domain is different from the value of the cost function at each of its neighbours). Every time we remove an element $ e$ from $ D$ , we remove the corresponding node from the graph $ G$ and add edges which directly connect each neighbour of $ e$ to each other, thus they become each others’ new neighbours. The number of elements which remain in the domain after this process is applied is designated $ N$ . If $ N$ is a non-negligible proportion of $ \#(D)$ (i.e. significantly greater than the proportion of $ \#(\{$ possible global optima$ \})$ to $ \#(D)$ ) then the function is a useful objective function.

Whilst this works well for the function which definitely is useful and the definitely not useful boolean function, this process applied to the random function seems incorrect, as the number of elements that would lead to a function with no local optima IS a non-negligible proportion of the total domain.

Is my definition on the right track? Is this a well known question I just can’t figure out how to find the answer to? Does there exist some optimisation algorithm that would theoretically be able to find the optimum of a completely random function faster than exhaustive search, or is my assertion that it wouldn’t be able to correct?

In conclusion, what is different about the first function that makes it a good candidate for optimisation to any other functions which are not.

Is Group Theory useful in Computer Science in other areas but cryptography?

I have heard many times that Group Theory is highly important in Computer Science, but does it have any use other than cryptography? I tend to believe that it does have many other usages, but cannot find out where and how to apply Group Theory to other areas in CS, such as algorithms, data structres, graphs, complexity and so forth.

How useful is the 5e ‘Wish’ spell (‘Basic Use’ version) for spell research?

The 5e Wish spell does, literally, whatever you wish, but for a price. The Basic Use version may be useful for instant spell research without the usual time / gold costs. Logically, one could use this Basic Wish to learn all the wizard spells lvl. 8 and lower. But what are the limits? To quote:

The basic use of this spell is to duplicate any other spell of 8th level or lower. You don’t need to meet any requirements in that spell, including costly Components. The spell simply takes effect.

Here are some possibilities:

  1. Casting ‘Wish’ may allow one to have a version of any existing / official spell (found in Player’s Handbook, Volo’s &/or Mordenkainen’s manuals). This exists as a memorized spell ‘slot’, uncast, in one’s mind. Wizards (class) could then write-scribe this spell, providing this was a wizard’s (spell-list) spell in the first place. This learning technique may also extend to some ritual spells, q.v.

  2. As the Basic Use of a ‘Wish’ spell does NOT require material components. As such, the caster of this spell can automatically gain one (1) fully transcribed non-magical version in a book (or scroll / carved tablet / scribed on a skull / whatever suits your fancy). Should this be a ‘wizard’ spell, the caster could then use this written version as though they had transcribed this themselves. Other wizards would need to endure the usual transcription-study-cost process from this origin material, as normal.

  3. This Basic Version of the spell vetoes any and all requirements! As such, any spell imaginable (of less than 8th level value) can be instantly scribed into a book. If it were considered a ‘wizard’ type spell others of that class could make use / transcribe it as usual. If it were a spell for any other list, those of the appropriate class could use this written spell to re-establish a new relationship with their deity, patron or other spell-delivery creature.

Off the cuff, the first one seems reasonable. The second version seems to be pushing boundaries a little (not sure why). The last one, drafting out Brand New Spells every day, seems totally implausible for a mere Basic Wish (perhaps a FULL wish could do this?) – yet i have no known RAW defence on this. It just seems like a bad idea to let a CR 11 ‘arch-mage’ pump out 300+ spells (of any class / up to 8th lvl) in any given year, risk free. But… why not?

Gathered Exchangers of Stackings… what say ye?

Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could "hide" the data.

Would these adjustments to the ranger archetype Beast Master help the animal companion be more useful?

I recently playtested a Beast Master ranger from level 1 to level 20 (I was playtesting a new homebrew archetype, which was my primary reason for doing so; the Beast Master ranger was just one of the other party members), but there were a few things I noticed regarding the relative power of the beast companion itself. For reference, the beast I went with was a wolf, which is probably a fairly standard choice.

Issues

Now, I know that Beast Master rangers are infamously weak, but I still wanted to see if I could try to improve what I felt were some of its weakest points during my playtesting. I was already using the popular houserule of letting the ranger tell the beast to attack using a bonus action instead of an action, but the other things that bothered me were:

  • Relatively low HP (as the first linked Q&A points out), although this was more of a problem during Tier 1/2, less so during Tier 3/4, at least during my playtesting;
  • Hardly any hit die, which is related to the above problem, since I remember having to spend a lot of healing resources to keep bringing the wolf’s health back up to full/close to full;
  • The DC for resisting the knocked prone secondary effect from the wolf’s Bite attack remains pathetically low at DC 11 for the whole game.
  • The lack of any saving throw proficiencies really screwed the wolf over during the big finale where it died to a meteor swarm, but with a decent DEX saving throw bonus, it would probably have made it.
  • I was sometimes hesitant to use the wolf, because it was dropped to 0 HP a few times at lower levels, unless I knew it would probably land the killing blow or could avoid an opportunity attack or otherwise being hit.

I will point out that at higher levels, the AC was fairly decent (for a wolf), and the HP wasn’t as bad as it was at earlier levels, and I was impressed with the damage output thanks to attack rolls and damage scaling with the ranger’s proficiency bonus. Its Stealth and Perception skill bonuses were also impressive. These things I don’t feel the need to change.

Changes

Here are the changes I propose, somewhat inspired by the UA Sidekick rules:

  • You get a new hit die whenever you take another level in ranger, so at level 3 your wolf starts off with two hit die, but at level 4 they would have three hit die … by level 20 they have 19 hit die. I doubt this would make their max HP better than four times the ranger level, so it would only really be for the purposes of short resting.

  • To improve the max HP a little, maybe something as simple as adding the beast’s CON modifier to that, so it’s now:

    \begin{align} \text{ (ranger level + beasts’s CON modifier)} \times 4 \end{align}

    This way, the animal’s toughness is also taken into an account; I feel like the wolf having 5 instead of 4 more HP each level would have been just enough to help, combined with more hie die to heal, but also from a flavour perspective, I feel like choosing a boar should end up tougher than a hawk, whereas RAW, they would both have the same HP. I would however, keep the minimum HP gained per level to 4, in case the beast somehow has a negative CON modifier, since I think taking HP away from the beast would be cruel, given how underpowered this whole archetype is.

  • Any DCs it has, such as the wolf’s ability to knock people prone, should scale with your proficiency bonus, like this AC and attack/damage rolls do, so rather than a measly 11, at level 3-4 it would be 13, and at level 5, it would be 14 … ending up at 18 at level 17+.

  • Unless it already has a "physical" saving throw proficiency (meaning STR, DEX or CON), it gains one of your choice at level 3, which of course would just mean a +2 (because that’s every valid animal companions’s proficiency bonus) but that also has your proficiency bonus added to it, like AC, etc. This would have certainly helped when it was hit by meteor swarm during our final level 20 showdown, it might have actually survived (even with its RAW hit points) had it made that DEX saving throw.

  • Finally, since I’m letting the beast be commanded as a bonus action, the first half of the 7th level ranger feature Exceptional Training is kinda wasted, so I was considering changing that to not only make the beast’s attacks magical, but also to effectively give the beast a rogue’s Cunning Action, which it can use if you command it to using the same bonus action you used to command it to attack (or do something else with its action). In short, you use one bonus action to tell it what to do with its turn, and it can now effectively use its action and bonus action to do something useful.

Question

Do the above changes seem reasonable, and do you foresee any balance issues coming from my proposed changes? My intention is for the Beast Master’s beast in particular to become more useful and survivable, without increasing its damage output (since I was happy with that), but not making it more powerful than I intended by overlooking something. I suppose also double checking whether there’s a problem with making some animals tougher than others based on their CON; does this unfairly favour tougher animals to the point where that’s a balance issue in and of itself?

What can this circuit be useful for?

enter image description here

I have calculated the boolean functions for $ r$ and $ f$ :

$ f = \overline{s_1} \cdot s_0 + s_1 \cdot \overline{s_0}$ .

$ r = \overline{s_0 \cdot s_1 \cdot s_2 \cdot s_3}$ .

Do you have an idea what an application for this circuit can be? I don’t know where we would use it.

Is it a useful strategy for Mobile VR titles to render faster than their simulation loop?

For example – If a title had a very heavy simulation loop (say 20ms), is it desirable to render at a greater rate, say 90hz?

This would always a present head pose correct to the view, without being stalled on simulation.

Or does this result in discomfort for the player, and instead render and sim should stay in lockstep?

In standard 5e, does elf weapon training do anything useful at character creation?

Working just with the basic game (read: PHB, no expansions), I was trying to outfit an elven cleric, but the starting equipment only includes simple weapons (or war hammer, which is only useful for dwarves). Do I really have to start with suboptimal simple weapons and upgrade to a longsword or longbow (replacing mace/crossbow, respectively) as funds become available?

This seems to be a broader problem than just the one I see here, because every class that allows you to equip martial weapons at the start also grants martial weapon abilities — making the elf weapon training redundant. Did I miss some special rule that allows you to treat "race-specific weapons" as simple weapons for initial character creation? I’d even be happy if shortsword was "simple", but it isn’t — and playing an elf who favors dwarf weapons seems kind of silly.