google contacts – why-does-gmail-not-find-email-addresses-that-ive-emailed-before – Web Applications Stack Exchange

google contacts – why-does-gmail-not-find-email-addresses-that-ive-emailed-before – Web Applications Stack Exchange

javascript – CRSF protection in Next.js applications

So, I am trying to add CSRF protection to my Next.js application. I have tried a development branch of the next-csrf library.
I have a couple of questions though:

  1. The library saves the CSRF token as a cookie. Is this secure? Isn’t it vulnerable to session hijacks?
  2. Shall I refresh the token in every page? If I choose to do so, is there a point in saving the token as a cookie?

In general I am confused on whether the CSRF token should be a cookie or a HTTP header. Also, when shall I generate a new token?

Thanks for reading this!

applications – OneDrive isn’t uploading all my photos from my phone

I’ve got an Office 365 (Microsoft 365) Family license. I’ve set up OneDrive on my Samsung Galaxy S10 phone. I’ve verified that it is set up by following the instructions here. I’ve got it set up to upload photos using either Wi-Fi or mobile. And I see photos I’ve taken with my phone, uploaded to OneDrive from as recently as a few days ago. So, it works.

But not all the time or for all my photos. I’ve scrolled through my photos on my phone’s Gallery app. I see some photos from as recently as 4 days ago to several months ago, are not uploaded to OneDrive.

Why is that?

applications – How to enable/disable “ELF” load on Android

Sir,
I have a online game(pubg),in pubg application have some native library(ELF file).when I am run the game it will decompress and load all librarys in runtime game memory so I want to disable load librarys in game memory that’s all it means I want game don’t check her runtime memories..

applications – View app’s full package name?

If you’re comfortable using the command line, a solution I like is Android’s pm command. It can easily be called using adb like so:

$ adb shell "pm list packages -f test"
package:/system/app/AutomationTest_JBUP.apk=com.sec.android.app.DataCreate
package:/system/app/BluetoothTest.apk=com.sec.android.app.bluetoothtest

Replace test with whatever package you’re looking for.

pm has a variety of options that may be useful depending what you want to do:

usage: pm list packages [-f] [-d] [-e] [-s] [-3] [-i] [-u] [FILTER]
pm list packages: prints all packages, optionally only
  those whose package name contains the text in FILTER.  Options:
    -f: see their associated file.
    -d: filter to only show disbled packages.
    -e: filter to only show enabled packages.
    -s: filter to only show system packages.
    -3: filter to only show third party packages.
    -i: see the installer for the packages.
    -u: also include uninstalled packages.

applications – How to play CACHE Audio files ? How do I convert them to mp3 files?

I have a music streaming app that can download music. I checked the directory of the app in Internal Storage. It has got audio files for the songs I had downloaded but in CACHE format.
I would like to know how can I play those CACHE files on a different device say my PC? How can I convert CACHE audio to mp3 ?

I have tried changing the extension to mp3 (This method presently works with .xoht files of music) but here it make the audio corrupted.

I searched the net for conversion of CACHE to mp3 but have got a result on a site that converting CACHE files is not possible. SRC: https://www.lifewire.com/cache-file-2620119

web browser – How do applications which are integrated using a javascript client side sdk, secure their data or disallow spam?

Take an example of google maps. google maps provides a javascript client SDK, which means any web app running javascript can access the google maps sdk. You need to use an API_KEY so that google can rate limit your requests, and apply some quota on the requests coming from your api key. If you exceed the quota you would be charged more.

The API_KEY has to be specified in the client side javascript, so it would be visible to anyone who uses your application, and then anyone can abuse your quota. To get around this, google suggests to add referrer based security while setting up your sdk on the google app console. You can specify a list of origins that google would accept requests from, based on the referrer header. So if someone gets your api key and tries to use that from another web application running on another domain, either google would not respond to those requests, or, the request wouldn’t be added in your quota. This acts as a basic level of security, BUT, the referrer header can be easily spoofed.

Now google maps does not have any user specific data, so may be API_KEY abuse is not that big an issue.

Consider an application like sentry, which allows a javascript client to send events to a sentry server. Sentry can also impose similar restrictions based on the referrer or origin header, and only allow events to your sentry server from certain domains. But wouldn’t it be easy for someone to directly send events to your sentry and spam your sentry server?
Sentry suggests to not send any PII in the events anyway, so in case it was possible to get data somehow, at least the guidelines are clear.

But what about products like Intercom, where the primary functionality is collecting user data in some form or the other. If someone knows the unique id of another user in intercom, they can basically see all the data from the other user, their chats , their messages etc. Intercom is a completely frontend setup, where the request to the intercom script and the intercom server happen through the front end, so if the front end can get user’s data through intercom, then any other user can get another user’s data by initiating intercom with the other user’s id on their browser or directly using curl. There is no auth as such, there is an app key which is also completely frontend.

I am just trying to understand how do such applications secure themselves?

Some points about intercom:

  • it opens in an iframe, with intercom.com domain
  • possibly the api has CORS restrictions, so only requests from intercom.com domain are allowed, but these restrictions are not applicable for curl
  • it exposes some javascript methods to initialize with a app secret and you can pass a unique id for the user. The app key is frontend only so can easily be seen in any integration, and the user id can be leaked through other ways. Once leaked, I can just use this user id and the secret key from anywhere to get messages for the user.

applications – Is my phone hacked?

This is my first post on here so I am sorry if I do something the wrong way. Anyways my problem is I have a Snapchat account on which I do some Not Suitable For Work things. And I met a guy online who had some fun with me. He was sending me the pics but once he sent me a blank picture that I could not open. It was causing lagging of the conversation anytime I was scrolling past throught it. I clicked on it but nothing happened. My problem is, after 2 days my messenger started to make other sounds that it used to. The sounds we were discussing two days before (dog barking). Is it possible that it was a virus that took control over my phone? Are my passwords safe? I ran Kaspersky Free antivirus and it showed me nothing but the fact my messenger ringtone has changed scares me very much.

web applications – What is the absolute fastest way to build a prototype for a smartphone/cloud-based machine learning platform?

Note: It seems some people have the wrong impression and that I am asking for basics about tutorials/books etc. That is not the case, I can already implement what I am asking about below. My question is about infrastructure and choice of platform. I want to know how much boilerplate code I can avoid by building on existing tools. I haven’t been following the cloud development scene for years so I am not aware of what is the optimal route to accomplishing my goal. In light of this clarification, I would appreciate if the people who downvoted could remove the downvotes.

I want to develop a prototype for an idea as rapidly as possible.

What is the optimal way to achieve the following (which is a simplified version of what I want to do).

  1. Take a photo of some people with a smartphone.
  2. Automatically upload the image along with ‘other data’ to the cloud/server/whatever you want to call it.
  3. Run a machine learning (ML) algorithm on the image and other data. For example, the algorithm might count/estimate the number of people in the image. The ‘other data’ is information that can be used to improve the accuracy of the ML algorithm. For example, in this case it could be the age range of the people as this kind of information would narrow the space the ML algorithm needs to search.
  4. Generate report using results of 3.
  5. Send report back to smartphone app that originally sent the image to the server.

So I need to develop the following.

  1. A smartphone app that can (i) take an image and automatically send it along with other data to the cloud, and (ii) receive results back from the server
  2. A cloud platform that can (i) receive images and data from the smartphone, (ii) run an ML algorithm, and (iii) send results back to smartphone.

What is the absolute fastest way to develop such a minimal working example prototype?

The smartphone platform is the iPhone. The ML algorithm is already implemented in a Python library.

While I used to be quite into software development, I haven’t been following the app/web/cloud development scene for years now.

I am hoping there are now services/platforms out there now that will handle most of the boilerplate code for this type of scenario so I can just build the core functionality on top of it.

So what would you recommend? How long do you think it would take to build the prototype?

applications – Messenger on High Sierra crashes at start

It has been around two months that Messenger, right at start, crashes with the following message:

enter image description here

It never worked really. I kept it installed and waited for various updates (I have the latest version, 96.0) but always the same behaviour. I tried to delete & reinstall, no luck.

Those are my details, serial hidden for privacy:

enter image description here

According to the App Store, High Sierra should be supported:

enter image description here

I also have it installed on a 2019 MacBook Air with Big Sur; needless to say, it works perfectly.

Thank you.

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123