web application – Does API access token that only have access to public information need to be kept secret?

I found a Instagram Basic Display API access token leaked in a website. This token belongs to a Instagram marketing account of this website. Using my leet investigating skill, below are the information i have.

  • This token has 3 months valid period
  • This token is in use (i see it’s refreshed last week when its valid period is going to end), although i cannot find where it is used
  • This token is an User Access Token for querying data from Basic Display API. Doc here: https://developers.facebook.com/docs/instagram-basic-display-api
  • This access token only has read access to public information 🙁
  • This token will be temporarily rate limited if using too much

Do you know of any impact i can do with this access token other than rate limiting it?

Also, if this token needs to be kept secret, how can we protect it?

ip – Do modems have public address?

I know for a fact that when we are connected to wifi and we search something in the internet, the server we are requesting from will return the files to our IP address and this IP address is the public IP address which is the Ip address of the modem (or at least that’s what I thought so).
But I just came across another article according to which modems being nodes do not have any IP address.
So what is the ip address that the server sees when we send a request.

c# – Can i change the scene via public void or something? I do not want to make a new code everytime and change the scene that is going to load

This is the code i am using. It switsches to another scene if the coal gets touched by an objekt with the right tag. Now I want to know how i can change the numbers of the scenes via unity without opening the code.

using System.Collections.Generic;
using UnityEngine;
using UnityEngine.SceneManagement;

public class levelend: MonoBehaviour
    string strTag;

    private void OnCollisionEnter(Collision collision)
        if (collision.collider.tag == strTag)

cryptography – Why public key systems involve private keys

Public key cryptography means that the entire communication between both parties is public, including the setup. Contrast this with the case of two parties $A,B$ meeting in secret, agreeing on some keyword, and using this keyword to encrypt future communications.

Clearly, if $A,B$ decide on the encrpyption scheme in public, something has to be kept private (otherwise you could decipher the messages just like the parties involved). This is the private key, so the flow is something along the following lines: $A$ and $B$ publicly discuss and share some information with each other and the world, then they do something in private and send each other encrypted messages. Witnesses to the public exchange alone can’t recover what is being said.

The child version of such scheme which I like is the following. Suppose $A$ and $B$ want to agree on some secret color, only known to them, however the entire exchange must be public. Under the assumption that mixing colors is easy, but given a mix recovering its components is hard, then $A$ can send $B$ can each choose a secret (private key) color denoted by $a,b$. Then $A$ can send $B$ the color $c$ (public key), and the mixture $(a,c)$. $B$ now creates the mixture $(b,c)$ and sends it to $A$, and also mixes $(a,b,c)$ and keeps this compound to himself. Finally, $A$ adds $a$ to $(b,c)$ and is now also in the possession of the secret mixture $(a,b,c)$, known to $A,B$ but unknown to anyone who solely witnessed the interaction between them.

multi signature – P2SH address as a product of public keys

Assuming the multisig 2 of 3, if I do have extended public keys (xpub) for all 3 cosigners (with proper derivations), can I somewhat get the result address (P2SH)? How to calculate the “script” out of these public keys?

Would be cool to have scheme for doing so or a code/pseudocode in python if possible.

Is it ok and safe to import master public key from electrum wallet into bluewallet to be a watch-only wallet?

I want to use my iPhone (Blue wallet) to be the watch-only wallet for my offline wallet generated on electrum. So that I can generate unsigned transaction on the bluewallet and send it back to my offline wallet to be signed on electrum. And then send the signed transaction back to bluewallet to be broadcasted.

Is it safe to do so? Is there any better way to do it so I don’t have to send the unsigned and signed transaction back and forth?

sharepoint online – How to migrate a public library view from one library into another

From SharePoint Online, I was able to go into Site Settings, create my custom content type, and add new columns to it.

I then created a new SharePoint site, added my custom columns from my custom content type and saved a public view for my library in this site.

I then created a new library within the same site, and added my columns to it (from my custom content type), but how do we copy over the public view that was in the previous library into this new library?

In this case, does the view have to be re-created when going from library to library?

reverse proxy – Multiple servers behind one public ip

I am hosting multiple servers behind one public IP. (Mostly in Proxmox VE) Currently, all the services are on separate ports.
I would like to use multiple domains to reach different services and am not sure how/ if I can do this.

I have looked at squid reverse proxy but it only works with HTTP/HTTPS

I’m not sure if a local DNS could help. Although I am planning on setting up a local PowerDNS server anyway.

Thank you in advance for any help.

What is the difference between Apple’s “Safari Technology Preview” for the public and the Safari beta download for developers?

It is my guess that the Safari Technology Preview (STP) is updated less frequently than the Beta for Developers (BD).

I wonder if Apple publishes an explainer on the differences between the two, apart from the observable update cadence difference, and the marketing to different audiences.

April 15, 2021 – I see that the last BD release was on April 6, 2021. I speculate that STP was last updated in early March 2021 based on the tickets in the release log.

Safari download page

How do many public keys correspond to one private key?

I have read online that hardware wallets can generate new public keys to facilitate transactions. Ie if someone has BTC on an exchange and they want to send that BTC in different installments to a single private key/hardware wallet, that hardware wallet can generate a different public key for each transaction. I’m a bit confused on how this works? Would the ledger not indicate that each of those installments now belongs to a different address? Or is it simply that each time a new public key is generated, the private key in the hardware wallet has the ability to sign for all of those? (Thus creating a persistent, growing list of public keys associated with one private key?).

Additionally, what is displayed on the ledger if that hardware wallet, after multiple installments with different public keys, now wants to send BTC elsewhere? Which of the previous public keys is used? Does it create a new one? Wouldn’t this show up on the ledger as a public key sending more BTC than it ever acquired?