“Do not buy hardware wallet from a 3rd party seller” security tip, does it apply if authorized in the official website?

“Do not buy hardware wallet from a 3rd party seller” It’s a well-known security guideline for newbies. I wonder though, does it apply for 3rd party sellers that are listed on the official website of the product? E.g. Ledger reseller? If not safe, and you still decide to buy from there, how can you ensure the device hasn’t been tampered with?

Are 3rd generation languages outdated for web applications?

I’ve recently been programming a website using Java + Spring….. And I see a trend has worsened: annotations & generics.
Basically a new layer has been added to java for generating code. Like the preprocessors of C/C++ but even more complicated. We end up coding a lot using these annotations.

But that’s not what Java (or similar 3rd gen languages) have been designed for initially and the syntax is becoming more and more complicated. Isn’t there a need for a new generation of languages ?

If a malicious 3rd part app is able to intercept and modify the initial Auth_URI redirect of an OAuth flow, is it mitigable after the fact?

Related to a question I have at stackoverflow:

https://stackoverflow.com/questions/69274715/is-public-key-encryption-acceptable-for-protecting-last-leg-of-this-openid-conne

If a malicious 3rd party app is able to intercept the initial Auth_URI redirect and modify its values. Is this a mitigable threat once the device/browser is compromised?

Miami 3rd Party DC Tech Services


Hello,

We have existing colo in Miami (Doral more specifically), and are hoping to contract someone to:

1) pick up some servers from a warehouse/depot

2) rack them

3) cable them

4) configure IPMI

We would normally do these ourselves, but are avoiding travel due to the current world situation.

Does anyone have any recommendations?

oauth2 – How to mitigate malicious 3rd party app from generating unauthorized OAuth Request in Desktop App

I have a REST API that a Desktop Application needs to access. I am using an OpenID Connect auth code flow to accomplish this.

  1. The desktop app establishes an unauthenticated session with the REST
    API server. The REST API server then generates a state and nonce for
    building an Auth Code request URI, it then sends the Auth Code
    request URI and sessionID in the response to the desktop app.

  2. The Desktop app then opens the the URI in a web browser, and the
    user authenticates with the IDP.

  3. The auth code is returned to the app which it passes back to the
    REST API server using the sessionID that only the desktop app knows,
    and then the API server exchanges the auth code for an id_token and
    verifies that the exchanged token nonce matches the nonce it
    originally passed in the initial request ensuring that it belongs to
    the session.

  4. After confirming it then passes some credentials to the client.

This process prevents the code from being misused if it’s intercepted and it ensures that the token is only granted to a person who has knowledge of the sessionID (which is reasonably only the desktop app.)

While these protections prevent token exchange snooping. I do not see how to mitigate the threat of a malicious 3rd party app generating an unauthorized Auth Code request and manipulating valid auth sessions with the IDP to trick the user into using the malicious Auth Code request.

A malicious app could generate a legitimate Auth Code URI request and then inject it during the browser redirect to the IDP and an unsuspecting user would be none the wiser that they are now authorizing a different application.

Is it even possible to prevent this from happening outside of ensuring a malicious app isn’t on a device?

dnd 5e – How to get from 3rd to 5th level in “The Forge of Fury” using XP?

I am a DM who has started my campaign with new 3rd level characters running The Forge of Fury as published in Tales from the Yawning Portal. The synopsis contains the line

It is designed for four 3rd-level player characters. They can advance to 5th level with good play.

“With good play” implies an XP-like method of determining progression, where you get more progression from overcoming more challenges. I am using XP for progression in this campaign because it works well for an open-world campaign with lots of dungeon crawling. However, counting the XP formally available in this adventure, I’m struggling to see how this sentence is true.

Going from the start of 3rd level to 5th level requires 5600 XP per character, or 22,400 XP between a party of four. (Getting to 4th level requires 7200 XP total.)

There are 4470 XP of creatures in the Mountain Door (the first level), 5600 XP in the Glitterhame and Sinkhole, and 7810 XP in the Foundry, offering 17,880 XP, which is well short of the target. If you include the final boss (which I don’t because I think the party will just die if they fight it before 5th level) then the total goes up to 20,780 XP, which is just shy of the target.

How can the party get enough XP to go from 3rd level to 5th level in The Forge of Fury?

Based on DMG p.260-261, my understanding of XP is that (for combat) it is granted based on the as-written XP values of monsters, not the modified values used to determine how hard an encounter. But if I’m wrong there, then that would accelerate progression substantially.

I do grant XP for non-combat challenges, although I’m unsure if I can cram enough such moments to make up the XP difference without over-inflating their value (although maybe I’m undervaluing them).

google sheets – How to prevent cell formulas from moving down when data comes in from 3rd party app

So I need to create a quiz with AidaForm, and link the results of this quiz with Google Sheets. There is some additive calculation involved, so in the Google Sheets document I would type in the formula first in a cell (C2) like this:

A B C
1 Question 1 Question 2 Score
2 =A2+B2

The issue is that whenever AidaForm updates Google Sheets with the user input, the pre-set formula would shift down an entire row and hence not calculate the user’s quiz results:

A B C
1 Question 1 Question 2 Score
2 5 6
3 =A3+B3

Is there any way to make the formula stay in its row and not shift down when data is added to Google Sheets from AidaForm?

P.s. AidaForm does not allow me to configure any settings relating to the appending of form data to Google Sheets.