request Archives - New and Fresh Private + Public Proxies Lists Everyday!

reference request – Definition of pointed Gromov-Hausdorff convergence for metric spaces

Whereas the definition of Gromov-Hausdorff convergence for compact metric spaces seems to be standard, difference sources seem to give slightly different definitions of pointed Gromov-Hausdorff convergence for (noncompact) pointed metric spaces.

For example, A course in metric geometry (D. Burago, Yu. Burago, and S. Ivanov) at page 272 gives this definition

Definition A A sequence ${(X_n,d_n,p_n)}$ of pointed metric spaces converges to the pointed metric space ${(X,d,p)}$ if for all $varepsilon,r>0$ there exists a natural number $n_0$ such that for every $n>n_0$ there is a map $f:B(p_n,r)rightarrow X$ such that

$f(p_n)=p$

$text{dis} f<varepsilon$ (i.e. $sup_{B(p_n,r)}|d_n(x_1,x_2)-d(f(x_1),f(x_2))|<varepsilon$)

the $varepsilon$-neighbourhood of $f(B(p_n,r))$ contains the ball $B(p,r-varepsilon)$

On the other hand, Petersen’s Riemannian Geometry (3rd edition) in Chapter 11.1.2 (page 401) restricts to proper metric spaces, introduces a pointed Gromov-Hausdorff distance as follows:
$$d_{text{GH}}left((X,p),(Y,q)right)=inf{d_H(X,Y)+d(p,q)}$$
where the inf is over all metrics $d$ on the disjoint union $Xsqcup Y$ which extend the metrics on $X$ and $Y$ and $d_H$ denotes the Hausdorff distance of $X$ and $Y$ as subsets of $Xsqcup Y$ and gives the following definition

Definition B A sequence ${(X_n,d_n,p_n)}$ of pointed metric spaces converges to the pointed metric space ${(X,d,p)}$ if for all $r>0$ there exists a sequence $r_nrightarrow r$ such that
$$d_{text{GH}}left((overline{B}(p_n,r_n),p_n),(overline{B}(p,r),p)right)rightarrow 0$$

Finally, Gromov’s own book Metric Structures for Riemannian and Non-Riemannian Spaces (Def. 3.1.4, at page 85) uses essentially the same definition as Petersen’s, but restricts to (complete) locally compact length metric spaces.

And these are not all the definitions I have found in the literature.
For example, this paper by Dorothea Jansen states (Definition 2.1)

Definition C Let $(X, d_X , p)$ and $(X_n, d_{X_n} , p_n)$, $ninmathbb{N}$, be pointed proper
metric spaces. If $$d_{text{GH}}left((overline{B}(p_n,r),p_n),(overline{B}(p,r),p)right)rightarrow 0$$ for all $r>0$ where the balls are equipped with the restricted metric, then $(X_n, p_n)$ converges to $(X, p)$ in the pointed Gromov-Hausdorff sense.

Not all of them are equivalent. For example, say $X_n$ is the space consisting of the two points ${0,1+frac{1}{n}}$ and $X={0,1}$ (both with the metric inherited from $mathbb{R}$).
Here all $X_n$ (and $X$) are proper, but they are not length spaces. It is easy to see that $(X_n,0)rightarrow (X,0)$ according to definitions A and B. However for all $n$, $overline{B}_{X_n}(0,1)={0}$ and $overline{B}_X(0,1)={0,1}$, so $(overline{B}_{X_n}(0,1),0)notto (overline{B}_X(0,1),0)$ and $(X_n,0)notto (X,0)$ according to definition C.

Also, these notes (which adopt Petersen’s definition B) claim that if ${(X_n,d_n,p_n)}$ ($ninmathbb{N}$) and ${(X,d,p)}$ are compact pointed spaces such that $d_{text{GH}}left((X_n,p_n),(X,p)right)to 0$, then $(X_n,p_n)to (X,p)$ in the sense of definition B, i.e. for each $r>0$ there exist $r_nto r$ such that $$d_{text{GH}}left((overline{B}(p_n,r_n),p_n),(overline{B}(p,r),p)right)rightarrow 0$$
without ever assuming the spaces are length spaces.

My questions are:

When are these definitions equivalent?
What are the advantages of restricting to proper spaces? What are the advantages of restricting to length spaces?
Is there a reference which deals with these issues?

metacpan – How can we request bounty on questions?

I don’t have enough reputation to post on Meta. Please migrate this and delete this sentence?

I found this site after Googling a technical problem, but those questions with the same issue attracted no answers. If you Google these questions, you can see that many other people are suffering from the same issues. Answering these questions can assist other people. Can we start a request thread for requesting bounties on questions?

I’d appreciate charity from some users with >10k bounty. Thank you.

http request – Redirect non-www to www in settings.php for Drupal 8

I want to redirect all non-www to www in below function.

if ( (!array_key_exists('HTTPS', $_SERVER)) && (PHP_SAPI !== 'cli') ) {
  if (substr($_SERVER('HTTP_HOST'), 0, 4) <> 'www.') {
    $new_url = 'www.' . $_SERVER('HTTP_HOST');
  } else {
    $new_url = $_SERVER('HTTP_HOST');
  }
  $new_url .= $_SERVER('REQUEST_URI');

  header('HTTP/1.1 301 Moved Permanently');
  header('Location: https://'. $new_url);
  exit();
}

reference request – Different ways of defining the Chern character of a complex

Consider a finite complex $E$ of (holomorphic) vector bundles on a (complex) manifold $X$, i.e, the complex is of the form
$$
0 to E_N to E_{N-1} to dots to {E_0} to 0,
$$
where the bundles are equipped with connections $D_i$. By K-theory, one may consider the complex $E$ as the alternating sum $sum_i (-1)^i (E_i)$, and it is then natural to define the Chern character (as a form) as $ch(E,D) := sum_{i=0}^N (-1)^i ch(E_i,D_i)$, and the Chern form as $c(E,D) := prod_{i=0}^N c(E_i,D_i)^{(-1)^i}$, where $ch(E_i,D)$ and $c(E_i,D)$ denote the Chern character and Chern form of $(E_i,D_i)$.

Alternatively, for a fixed $k$, one may express the Chern character as a polynomial in the Chern forms, $ch_k = S_k(c_1,dots,c_k)/k!$, where $S_k$ is the polynomial which expresses the Newton polynomials in terms of the elementary symmetric polynomials, i.e., what is sometimes called the Hirzebruch-Newton polynomial. For example, $S_1(t_1)=t_1$, $S_2(t_1,t_2)=t_1^2-2t_2$ etc. With the help of the polynomials $S_k$ above, one could alternatively define a Chern character of $E$ by
$widetilde{ch}_k(E,D)=S_k(c_1(E,D),dots,c_k(E,D))/k!$.

I have only found mentioned in passing or implicitly that these definitions coincide, i.e., $ch_k(E,D) = widetilde{ch}_k(E,D)$, but not any precise argument. Does anyone know of a convenient reference or proof of this fact?

nginx – How can i redirect all the index.php request to in /index.php?rp=/login?

I am new to Nginx and wanted to know how I could make that every time the site redirected to index.php or domain.com it would automatically go to /index.php?rp=/login. Even when a user writes the manual path it always redirects to /index.php?rp=/login.

Thanks in advance, but sadly I’m newbie with nginx

sso – CAS Protocol ticket sent via GET request

From CWE598 sensitive information should be sent using POST request. Why CAS protocol sends the ticket value using a GET request as illustrated below? Should it be considered safe in this scenario? From the image:

“Set the session cookie and forward the browser back to the application with the service ticket stripped off. This optional step prevents the browser address bar from displaying the ST”

My doubt is: if the browser already sent a GET request including the ticket value in the URL, the ticket could be already logged somewhere or am I wrong?

enter image description here

reference request – Low dimensional integral cohomology of $BPSO(4n)$

Toda has calculated the $mathbb{Z}/2$‐cohomology ring of $BPSO(4n+2)$, and also gave the simple exceptional calculation of the $mathbb{Z}/2$‐cohomology of $BPSO(4)$, in

Hiroshi Toda, Cohomology of Classifying Spaces, Advanced Studies in Pure Mathematics 9, (1986) Homotopy Theory and Related Topics pp. 75-108, doi:10.2969/aspm/00910075

(This is also done in a different way in Kono–Mimura, referenced below, and by Baum–Browder) However for the general case of $BPSO(4n)$, we get a stability result for low-dimensional cohomology once $ngeq 2$, in particular $H^4(BPSO(8),mathbb{Z}/2)$ gives all the higher-rank cases, too (this is in Kono and Mimura, On the Cohomology of the Classifying Spaces of $PSU(4n+2)$ and $PO(4n+2)$, doi:10.2977/prims/1195191887). Now I’m interested in the integral cohomology, rather than at the prime 2, mostly because amongst all compact simple Lie groups, $PSO(4n)$ is the only exceptional case where $H^3(PSO(4n),mathbb{Z})$ is not $mathbb{Z}$, but is $mathbb{Z}oplus mathbb{Z}/2$, assuming $ngeq 2$.

I presume the stability result still holds for integral cohomology (correct me if I’m wrong!), and so aside from the exceptional case of $BPSO(4)$, I presume that knowing $H^4(BPSO(8),mathbb{Z})$ means we would then know all the groups $H^4(BPSO(4n),mathbb{Z})$.

Now I know that the torsion class in $H^3(PSO(4n),mathbb{Z})$ is even equivariant for the conjugation action of $PSO(4n)$ on itself, that is, it comes from equivariant cohomology $H^3_{PSO(4n)}(PSO(4n),mathbb{Z})$. But what I don’t know is if this class comes from $H^4(BPSO(4n),mathbb{Z})$.

What’s a reference that gives the fourth integral cohomology group of $BPO(4n)$?

authentication – Is PKCE really protecting public facing clients? Can’t a rogue app steal the ClientID and Secret and make a AuthCode request of its own?

From what I have understood, for public facing clients such as JavaScript apps that run on the browser or mobile apps which have no backend there is no secure place to store client id and secret. Therefore, the client will generate a random string code a.k.a code challenge (plain).

And then:

Client sends ClientID, secret, redirect URI and code challenge --> Authorization Server 
--> Auth Server sends back Auth Code --> Client --> Sends the previously generated code challenge (string) 
--> Auth Server --> Auth Server checks if the code challenge is same as the one that was sent earlier
 when it generated that particular Auth Code. --> Auth Server Sends back Access token.

How does this secure the client application? I mean that if someone can steal the ClientID and secret then it can also generate a random string and send all three to the Authorization server to generate Auth Code and then make another request to get the access token. Eventually the token would expire and then the person could repeat the process since it has the ClientID and Secret. It is just a matter of generating that random code challenge again.

I understand that Hacker App can not use the stolen AuthCode to get Access Token because of PKCE but – why can’t Hacker app use the clientID of your app and generate a code verifier then ask Authorization Server for a Auth Code and then again for Access Code?

Is it impossible to steal ClientID?
When Authorization sever sends back the AuthCode to the client. Is that the only point which is vulnerable?

I have been through this post but I am still not clear on this.

Is it okay that a payment app is sending my payment details via a GET request?

Is it okay that a payment app is sending my payment details via a GET request? – Information Security Stack Exchange

Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up.

Anybody can ask a question

Anybody can answer

The best answers are voted up and rise to the top

Asked
today

Viewed
36 times

I was trying to use a state-owned mobile payment app to conduct some transaction on the internet and, thanks to an error message, I found out that my card number and the amount I’m paying were sent via a GET request.

Other data on the request: the name of the service and an HMAC. And, yes, it’s on HTTPS but I don’t believe this really helps if the data is in URL.

Is this secure? Shouldn’t such details be sent over a POST or a PUT request? I’m not a security expert so maybe I’m missing something here.

asked 7 hours ago

ahmed

235

HTTPS protects the entire web request, which includes the url path and parameters. So the data being in the url doesn’t make it any less securely transmitted. Only the domain name is exposed via SNI.

GET requests are avoided when transmitting sensitive information in web apps because the url containing sensitive information may be exposed in the user’s browsing history (which may have misled you into thinking urls themselves were insecure). However, this is obviously a concern with web apps only. Since this scenario is a mobile app, you are fine from a security point of view.

answered 7 hours ago

nobody

6,053

Tag: request