8 – Set and read data in session between anonymous and authenticated user

On my Drupal 8 site, when an anonymous user “A” visit this link: https://www.example.com/page-1?data=12345678, I want to store the data value in a session and save it later to the user account under field_user_data when this same user “A” login/signup to the site.

Note: The query data will be unique for every single user and will not be used twice ever.

I thought the best way to go is by using the data value in a session and use it later when the same anonymous user becomes authenticated on the site.

So on site load and when user “A” is using the site as anonymous, I am saving the data value in a session using:

// Get query values from url.
$request_query = Request::createFromGlobals();
$data = $request_query->query->get('data');

// Save the "$data" in a session variable.
$tempstore = Drupal::service('user.private_tempstore')->get('my_module');
$tempstore->set('data', $data);

and later, in another php file but within the same module, when the anonymous user “A” authenticate to the site, I am saving the session value to his user account as shown below:

// Get 'data' Session value
$tempstore = Drupal::service('user.private_tempstore')->get('my_module');
$data = $tempstore->get('data');

// Set 'data' value to user account.
$authenticated_user->set('field_user_data', $data);

// Save
$authenticated_user->save();

The problem is $data session is shared between all users and not being unique per user while $data value must be unique for every single user.

What is wrong with my code ?
Using cookies will be a better approach for my use case ?

rooting – how to upgrade operating system of micromax E311 device for a novice user

I have Micromax E311 phone.
For some reason the settings of phone have become unreachable. So on the display I see com.android.settings.Setting icon with a mechanical gear on it but when I tap it then
I get a pop up Unfortunately, Settings has stopped.
I click Ok.
Then again same message pops up within a fraction of second this keeps happening then I restart the phone somehow and if I touch settings then same thing happens.If I don’t touch the settings icon there is no problem I can keep using the phone.
So I am not sure what is the OS in this phone my guess is it has been formatted to factory settings so it having Android 4.4.2 I read many tutorials about rooting the phone and installing custom ROM on it.Like

After rooting an Android phone, you can switch the operating system
ROM whenever you want. The rooting process removes the preinstalled
operating system on the Android phone, replacing it with a rooted
Android OS.

as given on https://smallbusiness.chron.com/change-roms-rooted-android-30006.html

How to root any device
https://www.xda-developers.com/root/

How to install custom rom

How To Install Custom ROM on Android


For my device flash rom
https://www.gogorapid.com/flash-stock-rom-on-micromax-e311/

What I am confused with is to upgrade my device OS to android 10, first I should replace the ROM and then do “something” as mentioned on lot of forums or what exactly I should to to upgrade the OS of my phone.
I am very confused with all the tutorials available on internet.
I want to know simple steps in bullet points like

  • Step 1 change rom
  • Step 2 change this
  • Step 3 change that
  • Step 4 boot phone.

Meaning such a guideline will help me when I reading tutorials and I am getting confused with them.

user research – Best Practice for video start image

Personally, I don’t think you should always pick an image from the video. It actually depends on the situation.

I’ve got an example from my recent UX review: a product site with a short video, demonstrating product features, etc.

This video was surrounded with a text, describing the main product idea. And the start image for this video was a random image from the video itself, but, as we all know, picture worth a thousand words, so I suggested to get an refined image describing the main product idea and place it as video start image.

Now we have a text, an illustration for that text and a demo video combined together.

Another example is about an image from the movie itself. There is a local online tv-series streaming service which I use every day. It has a lot of titles, which are grouped by seasons and for every season there is a single page with all episodes. And every episode has a start image taken from the episode itself. It’s okey, until start image is a spoiler image, i.e. something I don’t really expect to see before I watch the epicode by myself!

From the other hand, at YouTube I wish to have a video starting image taking from the video itself so I can decide whatever it’s a right video to watch (there are a lot of music videos with a different video track, etc).

So, it actually depends on the situation.

KALI LINUX BROKEN DEPENDS – Super User

i am in big trouble! i cannot install any package or script or whatever on my linux.
i got some problem with depends and cannot fix it. the error is this :

root@hizzly:/home/noroot/Downloads# dpkg -i libcogl-pango-dev_1.22.0-2_amd64.deb
(Reading database … 516907 files and directories currently installed.)
Preparing to unpack libcogl-pango-dev_1.22.0-2_amd64.deb …
Unpacking libcogl-pango-dev (1.22.0-2) over (1.22.0-2) …
dpkg: dependency problems prevent configuration of libcogl-pango-dev:
libcogl-pango-dev depends on libcogl-pango20 (= 1.22.0-2); however:
Version of libcogl-pango20:amd64 on system is 1.22.6-1.
libcogl-pango-dev depends on gir1.2-coglpango-1.0 (= 1.22.0-2); however:
Version of gir1.2-coglpango-1.0:amd64 on system is 1.22.6-1.
libcogl-pango-dev depends on libcogl-dev (= 1.22.0-2); however:
Package libcogl-dev is not installed.
libcogl-pango-dev depends on libglib2.0-dev (>= 2.28.0); however:
Package libglib2.0-dev is not installed.
libcogl-pango-dev depends on libcairo2-dev (>= 1.10); however:
Package libcairo2-dev is not installed.
libcogl-pango-dev depends on libdrm-dev; however:
Package libdrm-dev is not installed.
libcogl-pango-dev depends on libgdk-pixbuf2.0-dev (>= 2.0); however:
Package libgdk-pixbuf2.0-dev is not installed.
libcogl-pango-dev depends on libpango1.0-dev (>= 1.20); however:
Package libpango1.0-dev is not installed.
libcogl-pango-dev depends on libxcomposite-dev; however:
Package libxcomposite-dev is not installed.
libcogl-pango-dev depends on libxext-dev; however:
Package libxext-dev is not installed.
libcogl-pango-dev depends on libxfixes-dev; however:
Package libxfixes-dev is not installed.
libcogl-pango-dev depends on libxdamage-dev; however:
Package libxdamage-dev is not installed.

dpkg: error processing package libcogl-pango-dev (–install):
dependency problems – leaving unconfigured
Errors were encountered while processing:
libcogl-pango-dev

appsec – What are the types of vulnerabilities that could result in exploits that do not require user interaction?

What are the existing types of vulnerabilities that could result in exploits that do not require user interaction (e.g. zero-click)? I’m trying to understand the type of zero-click attack type for us to plan proper mitigation in code.

Pseudofreeze on Windows 10 – Super User

I’ve been having a weird issue with Windows 10 ever since I installed it early this year.

My issue is that my system “pseudofreezes”. It’s not really frozen: I can move the mouse, hover on things and have tool tips displayed; apps that are already open are responsive, but I can’t open any other apps. Rebooting doesn’t work, and I normally wind up hard resetting, though sometimes the problem resolves itself and everything goes back to normal.

Pseudofreeze seems to happen shortly after booting, though not during it. Everything that’s supposed to load on boot does so with no problems. I don’t think I’ve ever seen a pseudofreeze happen much later after booting. Typically, I notice my system is pseudofrozen while I’m using Chrome.

The most common way I notice pseudofreeze is happening is that I open a new Chrome tab and it’s completely blank. Existing tabs look fine and can be scrolled normally, except if they need to load stuff often (e.g. twitter feed), in which case the content never loads and the wheel spins forever. Also, clicking links will lead nowhere. Generally, accessing the task manager during a pseudofreeze is impossible, but in those rare cases when it did open, I could see that system interrupts where using 100% of the processor.

I did some research on the Internet and found out that I’m not the only one with this issue. I can’t find the post right now, but there was a guy with the exact same issue who claimed he talked to a Microsoft support person who said it was a user account problem and recommended to create a new one. The guy did so and allegedly solved his problem. I did it too, about a week ago, and I got a pseudofreeze both yesterday and today. It may be an odd coincidence, but I think it happens most frequently, if not only, on weekends.

I’m pretty sure I’ve had pseudofreezes happen before launching Chrome (eg I was unable to launch other apps before I tried to launch Chrome), so I’d tend to think it’s not Chrome’s fault. Besides, I launch Chrome pretty soon after boot, so it might simply be that Chrome is affected by the pseudofreeze because as said it only happens after booting and never again during the entire day.

Other things I tried:

  • sfc /scannow: I do that regularly. I’ve had the pseudofreezes whether or not sfc found issues, and they were always resolved anyway.
  • DISM: ditto.
  • Updating graphics card drivers: no use.
  • Scan disk: no errors.
  • Checking Windows logs: the only odd thing I can see is an audit failure that happens often, even well past the pseudofreeze. The log says:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32guard64.dll

That’s the message in the overwhelming majority of the cases. In one instance the file name was different.

  • AV and malware scan: I do that regularly. Nothing there.

My installation of Windows 10 is a fresh one, ie it’s not installed on top of previous OSs. (I had upgraded Windows 7 to Windows 10 at a point and it was godawful. Wound up wiping my hard drive and reinstall afresh. As a side note, nothing like this ever happened on Windows 7.)

I update Windows regularly, whenever I am asked to.

When pseudofreeze happens, there doesn’t seem to be any special disk activity. The disk LED is normally off. Also, CPU temperature is normal.

I’m well above the minimum specs for Windows 10: AMD FX-8350 4.0GHz, 8 cores; MSI GeForce 1050 Ti 4GB; 16GB RAM; SSD 120GB.

I am not having any other issues except pseudofreeze. No system crashes, no normal freezes, no BSODs, nothing.

Any idea what this might be about?

postgresql – Non-Super user permissions required to allow a user to create a schema within a database that is owned newly created user

I’m able to run the following as postgres or any other user which has SUPERUSER (“dba1” has SUPERUSER in this case)

psql -U dba1 dev << SQL
create user udev1;
create schema udev1 authorization udev1;
SQL

what is the minimal set of discrete privileges required for dba1 which would enable dba1 to create a new user “udev2” and a schema owned by that user “udev2” in the dev database?

Magento 2 : How to get admin user data in observer?

I have observer of backend_auth_user_login_success.

I need the data of the admin user who is login in observer.

Can anyone please help me into this?

Thanks in advance.

Should a service indicate the usage of multi-factor authentication by a user for building trust?

We all know that MFA done right can greatly increase the security of an online identity.

There are services around with a fundamental trust problem among the users. For example online market places and classifieds. As long as the user accounts can be compromised via phishing, all indicators of authenticity are worthless.

Would the public indication of MFA usage for an account a valid measure to strengthen the trust relationship? Of course, some factors have to be taken into account (especially since MFA activation) as well:

  • Duration of membership
  • Amount of successful transactions
  • Usage of a trusted (and consistent?) payment method

There’s always the possibility that any user can go bad or that the fraud is planned long beforehand.

But are there any other major caveats? Do you think it is worth the effort?