## permissions – Explicitly revoke privileges from a user who is a member of a role that is granted those privileges in PostgreSQL

Let’s say I have a user on my PostgreSQL instance called “myuser”, and I add it to a new group called “update_all” like this:

`CREATE ROLE update_all WITH NOLOGIN ROLE myuser;`

I then grant the update_all role permission to update every table in every schema in every database. My thinking is that I can revoke update permissions from all users by default, and just grant this role to any user that I want to let update tables. However, say I decide that I want myuser to be able to update tables in every database except “mydb”. Is there a way to explicitly revoke privileges that are granted to a user by a role it is a member of without removing it from that role? I would also be interested to know whether this is possible at the schema level. The closest thing I’ve found is row-level security policies, but it seems like they aren’t a perfect solution because you’d have to apply the same policy to every table in the database or schema one by one. It seems like there should be a way to explicitly deny even privileges that are inherited. Is anything like this possible?

## smtp – Is BCC field explicitly dangerous as a mean of hiding target addresses?

BCC header is a popular way to hide target addresses of other recipients and often considered sufficient when there are formal requirements for such hiding. While it’s obvious that using an automated application which sends a separate copy of e-mail to each recipient from the list is more reliable, the reading of the RFC given above suggests that it’s a field that under no circumstances should be used for this purpose, especially when hiding addreses of other recipients is required by law.

I quote the relevant fragments:
“A single notification listing all of the failed recipients or
separate notification messages MUST be sent for each failed
recipient. For economy of processing by the sender, the former
SHOULD be used when possible.”

And taking a look at https://datatracker.ietf.org/doc/html/rfc2822 :

“In the second
case, recipients specified in the “To:” and “Cc:” lines each are sent
a copy of the message with the “Bcc:” line removed as above, but the
recipients on the “Bcc:” line get a separate copy of the message
containing a “Bcc:” line. (When there are multiple recipient
addresses in the “Bcc:” field, some implementations actually send a
separate copy of the message to each recipient with a “Bcc:”
containing only the address of that particular recipient.)”

I think that the practice of inserting lists in BCC fields is quite popular and despite the fact in practice it works as expected in most clients (that is each recipient receives the message in which only he/she is listed as the receiver) in fact it is not guaranteed at all.

So: Is BCC field explicitly dangerous as a mean of hiding target addresses?

## dnd 5e – Does the phrase “the simulacrum lacks the ability to learn” have any implications beyond those explicitly described in the spell description?

The spell simulacrum states:

The simulacrum lacks the ability to learn or become more powerful, so it never increases its level or other abilities, nor can it regain expended spell slots.

The first part of this sentence is giving me trouble – “the simulacrum lacks the ability to learn”. Intuitively, it seems that the rest of the sentence explains what exactly is meant by this, that the simulacrum cannot gain levels or learn new abilities.

How broad are we to understand this statement to be? Can it learn other things, such as peoples’ names? Does a simulacrum remember things that happen to it? Can it learn tactical information during combat and apply that information to make better decisions? These are just some examples of things that one might understand to be within the scope of “learning” (not things I necessarily expect an answer to address directly, but ideally I should be able to rule on those things based on an answer given).

Does the statement “the simulacrum lacks the ability to learn” impose any limitations on the simulacrum beyond those explicitly stated in the spell description?

## LDAP doesn’t return a specifi sAMAccountName unless I explicitly search for it

i.e. I have a username – tonysmith, and when I run the query for all accounts in the DC, tonysmith isn’t returned unless I specifically query for sAMAccountName=tonysmith. What gives?

## interaction design – How to communicate that an image is clickable without explicitly telling that it’s clickable?

Say I have an image that is meant to contemplate, not to attract click. However, if someone is interested in it, they can click on it to explore more. I feel that having an explicit text saying it’s clickable will ruin the mood of the image. Is there a way to tell the user it’s clickable without having to explicitly telling that?

At first I think putting the direction in the tooltip of the image is a way, like how xkcd do with their comics. However this isn’t suitable for mobile. I also found this question Android app: informing users that an image is clickable, and the suggestion I fine suited most is putting a clickable caption below (maybe the title of the image). That’s my solution right now, but I wonder if there are any other creative ways for this?

## openid connect – Does OIDC explicitly handle refresh token exchange for multiple devices?

This question is inspired by this answer and question

I also use that method to handle the case where users can sign in and out of multiple devices, by storing a per-device refresh token for a device id. I am making the assumption that various additional checks should be available to refresh token exchange: check IP for web apps, check device id for mobile apps, throttling etc.

I would have thought that OIDC somehow caters for the flows around multiple devices for a single user, but having tried to study the spec I can’t say I see it. Basically, my question is, does OIDC implicitly or explicitly address this stuff? Am I reading it right there is no support for this and that to handle it a custom non-OIDC approach is necessary?

## JAVA: Input stream has been finalized or forced closed without being explicitly closed

JAVA: Input stream has been finalized or forced closed without being explicitly closed – Code Review Stack Exchange

## linear algebra – How to prove if two matrices are similar without explicitly finding the basis matrix?

My understanding is that two matrices A and B are similar if and only if there exists some other matrix M such that A = MBM-1.

Is there a way to prove that two matrices are similar without knowing exactly what the basis matrix is? Because obviously if we did, then the “proof” would be a trivial one.

## legal – How to go about learning cyber security if possessing such software (hacking software) is highly and explicitly illegal in my and most countries?

A question for “ethical hackers” or cyber security professionals. I am very interested in the world of cyber security and all aspects of it. I am genuinely interested in the security aspect of it and from a highly ethical and moral perspective. I have purchased “self-teaching” online courses for learning cyber security, this is also dubbed loosely “ethical hacking”.

At this point we should not debate my intentions with such activities and I wish you to take them as genuinely ethical. I do understand that many high level organizations such as the NSA, Intelligence Agencies in many countries etcetera do monitor these activities heavily. Therefore I’m sure any such research would be monitored one way or another— enough said on that.

My question here is, how is it possible to learn in this direction if my country and many others forbid even the possession of software for “hacking” despite intentions? This seems one of the main tools used to learn vulnerabilities and how to defend against them. For ones own security purposes as well as better security for others also and my own software development securities.

While I understand the intentions behind such laws being directed at nefarious intentions, what about progress in this direction, what about people who want to enter the field or simply learn for ethical reasons? According to the criminal code of Canada there is no grey area, see first link below.

An FYI of how I intended to go about learning “hacking” ethically. By using my computer to break into my old brick laptop and learning from there. I wouldn’t use such software to hack anyone else unethically, just not interested.

References:

Understanding Canadian cybersecurity laws: Interpersonal privacy and cybercrime — Criminal Code of Canada (Article 4)

Is Ethical Hacking Legal? 3 Surprising Situations When It’s Not

## reference request – Postnikov square explicitly on a simplicial complex

$$DeclareMathOperatorZ{mathbb{Z}}$$

Following Wikipedia, a Postnikov square is a certain cohomology operation from a first cohomology group $$H^1$$ to a third cohomology group $$H^3$$, introduced by Postnikov (1949). Eilenberg (1952) described a generalization taking classes in $$H^t$$ to $$H^{2t+1}$$ which requires that $$t$$ is odd.

Here I consider the specific Postnikov square $$mathfrak{P}_3$$ (hopefully) defined by $$mathfrak{P}_3: H^2(-,Z_{3^k})to H^5(-,Z_{3^{k+1}})$$ given by
$$mathfrak{P}_3(u)=beta_{(3^{k+1},3^k)}(ucup u)$$
where $$beta_{(3^{k+1},3^k)}$$ is the Bockstein homomorphism associated with $$0toZ_{3^{k+1}}toZ_{3^{2k+1}}toZ_{3^k}to0$$ and $$u in H^2(M,Z_{3^k})$$.

Let us focus on $$k=1$$ case,
$$mathfrak{P}_3(u)=beta_{(3^{2},3)}(ucup u)=beta_{(9,3)}(ucup u).$$
Here $$u in H^2(M,Z_3)$$ that we can define as a 2nd cohomology class (also 2-cocycle) with a $$Z_3$$ coefficient on a manifold $$M$$. For example, let us take $$u$$ to be on a 2-simplex with 3 vertices $$(0-1-2)$$, then we denote the data $$u$$ assign on this 2-simplex as:
$$u_{(0-1-2)}.$$

## Question

Then How do we write $$mathfrak{P}_3(u)=beta_{(3^{2},3)}(ucup u)=beta_{(9,3)}(ucup u)$$ on
a 5-simplex with 6 vertices $$(0-1-2-3-4-5)$$. Say, we start with the cup product $$ucup u$$ that can be defined on a 4-simplex with 5 vertices $$(0-1-2-3-4)$$, thus
$$(ucup u)_{(0-1-2-3-4)} = u_{(0-1-2)} u_{(2-3-4)}.$$
which is a product of two 2-cocycles on the 2-simplex with 3 vertices $$(0-1-2)$$ and another 2-simplex with 3 vertices $$(2-3-4)$$. How do we write explicitly on the 5-simplex $$(0-1-2-3-4-5)$$:
$$mathfrak{P}_3(u)_{(0-1-2-3-4-5)}=beta_{(9,3)}(u_{(i-j-k)} u_{(k-l-m)})=?$$
So we have $$mathfrak{P}_3: H^2(-,Z_{3})to H^5(-,Z_{9})$$ on the 5-simplex?