How does Sony’s Magicgate technology works?

I owe a Memory Stick Pro Duo Mark-II (MagicGate compatible). It is used as a storage medium in my Playstation Portable.

Upon searching on Google for the same, I only found a wikipedia page of it, which states:-

MagicGate is a copy-protection technology introduced by Sony in 1999 as part of the Secure Digital Music Initiative (SDMI). It works by encrypting the content on the device and using MagicGate chips in both the storage device and the reader to enforce control over how files are copied.

And nothing has been explained for How it does that?

So I would like to be educated on How does magicgate work? and What protocols does it use internally?

P.S.:- Nothing has been enforced (to my knowledge) as copy-protection on the device as all the device files are easily accessible, emulators have been made on it’s architecture, and the device firmware has already been cracked.

How exactly works this SQL injection example related to the DVWA application?

I am a software developer converting do application security and I have some doubts about SQL injection example.

I am following a tutorial related the famous DVWA: http://www.dvwa.co.uk/

So I have the following doubt (probably pretty trivial).

I have this PHP code defining the query and the code to perform it:

<?php  if( isset( $  _GET[ 'Submit' ] ) ) {     // Get input     $  id = $  _GET[ 'id' ];      // Check database     $  getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$  id';";     $  result = mysqli_query($  GLOBALS["___mysqli_ston"],  $  getid ); // Removed 'or die' to suppress mysql errors      // Get results     $  num = @mysqli_num_rows( $  result ); // The '@' character suppresses errors     if( $  num > 0 ) {         // Feedback for end user         $  html .= '<pre>User ID exists in the database.</pre>';     }     else {         // User wasn't found, so the page wasn't!         header( $  _SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );          // Feedback for end user         $  html .= '<pre>User ID is MISSING from the database.</pre>';     }      ((is_null($  ___mysqli_res = mysqli_close($  GLOBALS["___mysqli_ston"]))) ? false : $  ___mysqli_res); }  ?> 

As you can see the query is definied as string concatenation:

$  getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$  id';"; 

So I can inject what I want into the $ id variable and perform extra SQL code as:

$  id = 1 OR 1=1 

that will be always true. Ok this is clear.

My doubt is different:

Inserting a valid value (such as 1) into the form) I obtain this URL: http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1&Submit=Submit#

The query is performed correctly and I am obtaining the following message result: User ID exists in the database.

If I try to insert a totally wrong ID in the form, for example “ABC” I am obtaining the following message error: User ID is MISSING from the database.. Ok, and this is ok

But if I try to insert a “wrong” value such as 1′ in the form, the following URL is generated: http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1%27&Submit=Submit#

And I obtain a valid message: User ID is MISSING from the database.

So it seems that the query was correctly executed searching for the user with ID=1.

Why the char is not brocking the query? I was thinking that it have to search a user with ID=1′ that is not existing in the database (as the case of ID=ABC).

Why? What am I missing? Probably it is a trivial question but I want to understand it in deep

-sn works when a single target is specified, but, not when multiple targets are

When I specify an individual target,

 >nmap -v3 -sn 172.18.188.209 

I get the correct and expected nmap response

 Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-08 11:16 India Standard Time Initiating Ping Scan at 11:16 Scanning 172.18.188.209 [2 ports] Completed Ping Scan at 11:16, 1.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:16 Completed Parallel DNS resolution of 1 host. at 11:16, 5.62s elapsed DNS resolution of 1 IPs took 5.62s. Mode: Async [#: 4, OK: 1, NX: 0, DR: 0, SF: 0, TR: 3, CN: 0] Nmap scan report for raspberrypi-dQ2XyAPpB6.dhcp.XXXX.com (172.18.188.209) Host is up, received conn-refused (1.0s latency). Read data files from: C:\Program Files (x86)\Nmap Nmap done: 1 IP address (1 host up) scanned in 6.70 seconds 

However, when I specify a range,

 >nmap -v3 -sn 172.18.184,186,188.0-255 

I get,

 . . Nmap scan report for YYYY.dhcp.XXXX.com (172.18.188.208) Host is up, received syn-ack (0.0010s latency). Nmap scan report for 172.18.188.209 [host down, received no-response] Nmap scan report for 172.18.188.210 [host down, received no-response] . . 

I’m running Windows 10 version 1809 build 17763.737 and Nmap 7.70

Additional info if it helps

 >nmap -version Nmap version 7.70 ( https://nmap.org ) Platform: i686-pc-windows-windows Compiled with: nmap-liblua-5.3.3 openssl-1.0.2n nmap-libssh2-1.8.0 nmap-libz-1.2.8 nmap-libpcre-7.6 WinPcap-4.1.3 (packet.dll version 10 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: iocp poll select 

Is this a bug, or am I missing something in the switches ?

Thanks !

Is this change to how XP works in D&D 3.5 unbalanced?

I have been concerned for a while about how to treat experience totals in D&D 3.5 when a character gains or loses Level Adjustments (LA). Gaining/losing LA in play is too punitive and is inconsistent with the rules for starting with LA.

Under a strict reading, the rules work like this: A starting first-level character with the drow template has LA +2 and gains levels at the rate of a third-level character. This is implemented by starting with 3000 XP and needing 6000 total to advance to second level. Compare with a character who starts as a human, is immediately bitten by a radioactive elf, and gains the Drow race[1]. He gains LA +2, and needs 6000 total XP to reach second level (ECL 4). Not only has Drow-man been slapped with a major penalty, he has to earn 3000 experience before he is back to the starting point for first level. If he had previously gained some XP, it is also completely undefined how many XP he can spend on e.g. item creation.

I solve this by adjusting current XP when LA changes: subtract the experience to reach the character’s former ECL, then add the experience to reach the character’s new ECL. So for Drow-man, I would subtract the xp to reach ECL 1 (zero XP) and add the xp to reach ECL 3 (3000 XP). This makes it so you just need to gain the XP to level at a slower rate, instead of being penalized for not leveling slowly before.

I’ve used this approach before in play to deal with PCs contracting lycanthropy, and it worked fine. However, I am concerned that there may be some balance issue or exploit that I have not considered.

So: is there any way that this change is worse than RAW?


[1] Of course it doesn’t usually work that way for Drow. But it does for lycanthropes, and I want to avoid discussing gaining hit-dice while introducing this.

Site collection is not working in IE11 but works in Chrome and Firefox

I have a site, which was created using sharepoint online, that works fine on Chrome and Firefox but not working in IE11. It works fine once I change the document mode (in developer mode) to 11 instead of 10. Not sure how to make it work without changing the document mode as this is not a solution (Can’t change this setting for the computers of anyone who visits the website).

My root domain is not resolving to my server, but the www. subdomain works fine

I have the DNS configured like this:

enter image description here

So, my domain example.mx is working as http://www.example.mx. With www there is no problem, but with non-www like http://example.mx it’s not working.

As you can see, my DNS records are pointing in example.mx record to the NS ns1.example.mx. Actually, ns1.example.mx is pointing to my server’s IP.

What could be the problem which is causing http://example.mx not to work while http://www.example.mx does work?

How exactly the “Tearing” property works?

There is some ambiguity in Tearing property.
Dark Heresy Rulebook states that:

These weapons roll two dice for Damage and choose the highest.

Rogue Trader, Deathwatch and Only War are agreed that:

These weapons roll one extra die for damage, and the lowest result is discarded.

For most weapons it’s quite simple because of damage like 1d10+something. But, what if we have more dice in damage? Should I roll additional die for every base damage die, or only for entire damage roll?

For example, Angelus bolter from Dark Heresy supplement Inquisitor’s Handbook has 2d10 damage and (like all bolt weapons) Tearing quality. Lets presume that my character shot a heretic with this bolter, and now I must determine inflicted damage. Should I roll 2d10 twice, and discard lowest in both, or I should roll 3d10, and discard the lowest one?

Font only works in parts of LibreOffice

I am making charts in LibreOffice Calc — I’ve been able to set the font on the axes and titles to Times New Roman, but when I try to change the font on a text box I have inserted in to the chart, it tells me “This font has not been installed. The closest available font will be used.”

I’ve tried making sure the microsoft fonts are installed, ran the fc-cache command. Any ideas of what to try next?