Would this pure class theory about ordinals and their relations raise concerns about its arithmetic soundness?

The following theory is a class theory, where all classes are either classes of ordinals, or relations between classes of ordinals, i.e. classes of Kuratowski ordered pairs of ordinals, or otherwise classes of unordered pairs of ordinals. However, the size of its universe is weakly inaccessible. Ordinals are defined as von Neumann ordinals. The theory is formalized in first order logic with equality and membership.

Extensionality: $ \forall z (z \in x \leftrightarrow z \in y) \to x=y$

Comprehension: if $ \phi$ is a formula in which the symbol $ “x”$ is not free, then all closures of: $ $ \exists x \forall y (y \in x \leftrightarrow \exists z(y \in z) \land \phi)$ $ ; are axioms.

Ordinal pairing: $ \forall \text{ ordinals } \alpha \beta \ \exists x (\{\alpha,\beta\} \in x) $

Define: $ \langle \alpha \beta \rangle = \{\{\alpha\},\{\alpha,\beta\}\}$

Ordinal adjunction:: $ \forall \text { ordinal } \alpha \ \exists x (\alpha \cup \{\alpha\} \in x)$

Relations: $ \forall \text{ ordinals } \alpha \beta \ \exists x (\langle \alpha, \beta \rangle \in x)$

Elements: $ \exists y (x \in y) \to ordinal(x) \lor \exists \text{ ordinals } \alpha \beta \ (x=\langle \alpha,\beta \rangle \lor x=\{\alpha,\beta\})$

Size: $ ORD \text { is weakly inaccessible}$

Where $ ORD$ is the class of all element ordinals.

/Theory definition finished.

Now this theory clearly can define various extended arithmetical operations on element ordinals. Also it proves transfinite induction over element ordinals. In some sense it can be regarded as stretching arithmetic to the infinite world. Of course $ PA$ is interpretable in the finite segment of this theory.

In this posting Nik Weaver in his answer raised the concern of ZFC being arithmetically unsound.

My question: assuming this theory to be consistent, is the concern of it being arithmetically unsound is the same as that with ZFC?

The motive for this question is that it appears to me that the above theory is just a naive extension of numbers to the infinite world, it has no power set axiom nor the alike. One can say that this theory is in some sense purely mathematical in the sense that it’s only about numbers and their relations. Would this raise the same kind of suspicion about arithmetic unsoundness that is raised with ZFC.

My reasoning about that is that generally speaking when one raises the concern of arithmetic unsoundness of some theory, especially if that theory is well received by mathematicians working in set theory and foundations, then there must be some technical or intuitive argument behind that suspicion, otherwise that suspicion would be unfounded. The suspicion must not depend merely on the strength of the theory in question. Otherwise we’d not define any theory stronger than $ PA$ based on such concerns.

From Nik Weaver’s answer it appears to me that his concern is based on ZFC not capturing a clear concept intuitively speaking. Now this theory is based on an intuitive concept that is generally similar to the one behind defining arithmetic for finite sets. It extends it in a very clear intuitive manner, higher ordinals are defined from prior ones in successive manner, and it doesn’t generally feel to be so different from the intuitive underpinnings of arithmetic in the finite world. So the question here is about if this theory still fall a prey to the arguments upon which the concerns about arithmetic unsoundness of ZFC are based.

Networking Package for Unity design concerns

I wanted to float some design questions I had about a project I’m trying to build. I’m currently working on a package to allow any indie game developer to create a multi-player version of their game. I’m achieving arbitrary code by using Assembly.Load to load your Game’s object/types into the server, these get packaged at build of the game.

I’ve decided how to implement these in the back-end, and from a server perspective I have object serialization down, writing over TCP/UDP, as well as being able to call arbitrary messages on arbitrary server side objects.

On that last note is my question. I want to make this system somewhat platform dependent, so for unity I can’t serialize/send a gameobject. More importantly, I don’t think I should. I think a NetworkEntity/NetworkComponent shouldn’t have any strict dependencies on GameObject I think it should be a network-dependent way to represent a piece of an object in the gamespace. Some examples are a NetworkHealthController, or a NetworkPosition, both just represent some items that the server will manage updating/syncing the state of. Is this is a good design?

Some issues I forsee is, if you reference GameObject, like your network object does: GameObject.GetComponent<SomeType> We would fail. Do I just fail to build in this case? As I can’t really resolve things in the underlying C++ game-engine.

I hope I explained this well enough, and I appreciate any advice I can get.

Security concerns in disseminating database design?

I work for a government agency, and we’ve been requested via a freedom of information request for the layout of the tables of one of our systems, a data dictionary and schema design request.

What are the dangers in sharing this? My initial concerns are need to know concerns, making SQL injection attacks much easier, and a bunch of starting information for future vulnerabilities (ie, maybe a bug is introduced later that only affects varchar columns over 500 bytes in length… here’s a handy list of all of ours!).

What else is of concern? I don’t want to be an obstacle for the sake of being an obstacle, but as a DBA, this makes me REALLY nervous.

SOCKS proxy security concerns

As claimed, “A socks proxy simply transfers data from a client to a server, not penetrating into this data contents (therefore it can work with HTTP, FTP, SMTP, POP3, NNTP, etc.)”, I really can’t buy it, can’t a SOCKS proxy log data, analyze its content, redirect traffic, capture submitted forms, intercept SSL/TLS communications, “harvest” emails, or even spoof an IP address through a poisoned DNS?

I understand that SOCKS operates at lower level than HTTP proxies, and that it support authentication in its SOCKS5 version.

I found it risky to use proxies, but sometime its the most “feasible” as an exchange to privacy, when it come to region limitation and bandwidth allocation.

Can anybody clarify the above points?

Generating a secret token: security concerns other than min-entropy?

I’m trying to compare two techniques for generating an OAuth 2 PKCE code_verifier.

  • For each character, get a random byte and “mod 66” to map to one of the 66 valid characters.
  • For each character, get a random byte and “mod 64” to map to a subset of the valid characters. (We could also use 6 random bits per character instead of 8.)

It appears that the min-entropy of both techniques is the same (answer). Are there any other security-related factors I should consider?

Note: for the purposes of this question, I’m only worried about the security of the secret. Let’s ignore the efficiency and/or potential timing side-channels of the secret generation code for now.

Seperation of concerns: Submitting a form to create an email, store it and send it

Context

I have a workflow that has an email form. The requirements are the following: A user completes the form that contains email fields and submits it. If everything goes well then an email model object is created and stored in the database, and then the data are sent to a rabbit queue. When the queue gets processed an email is generated (this is a different with html body and everything) and gets send to the SMTP server to send it and then another database model is created which I call note and gets stored in the database as well (this will appear as an action item in the history). If it fails at some point I rollback and put the message back to the queue for a retry.

Notes

The system is a preexisting one and I am required to add an email integration so if some stuff feel unnecessary or round about it’s what me and the client have decided so I can’t anything more about it and honestly in the larger context of the business they make sense.

Actual Question

As you can see there are a lot of stuff happening and I am bit unsure about where everything should happen and what concerns are grouped together. My initial thoughts are that there are two transactions. First the initial email db model. I feel like I should process the form and save it to the database and then send it to its merry way to the queue to be processed successfully hopefully at a later point. Then when the queue gets processed another transaction is happening – email html gets generated, sent to SMTP and if SMTP returns success then a note gets created and stored in the db and the transaction gets committed. Otherwise rollback, put it back in the queue, retry and after 3 retries put it in a dead letter queue.

I think that makes sense but I wanted to get another POV.

RFID IDs: Who decides them? Implementation or Convention/Authority? Concerns about security in regards to Bruteforcing

I’ve been playing a bit with RFID cards of various types lately, and have noticed that the passive cards I’m using all seem to have digits of data on them as a unique identifier.

Which leads me to think that this is not a of a lot of possible ID’s, so I’m wondering if organisations which issue RFID cards have ID ranges [0000100000 to 0000100100 for 100 id’s for instance] assigned to them by some authority or convention?

Or is ID generation just a duty of the software that writes to the RFID cards to generate an ID at random and have it locally provisioned within the context of the application alone, ignoring concerns for global ID collisions?

Furthermore, assuming I have a device that is able to output RFID identifiers, i wonder what the limitations are of most dumb terminals. Has anybody got any examples of real world bruteforce rate for a rfid reader? How many ID/sec can it process? Do most have rate limiting in place?

Assuming a bad implementation of a card reader that does not implement rate limiting, it would follow that provisioning ID’s that are sequential is bad security practice as detecting a large chunk of sequential ID’s is easier than finding random ID’s sparse across 10 billion values.

Any opinions on this?

Enterprise IoT Security & Compliance concerns

We have lots of 3rd party IoTs (e.g. wired and wireless – A/V equipment, physical security, facilities, vending machines, EV chargers, displays, etc) deployed in guest VLAN/s that are completely isolated from corporate VLANs.

Do we need to be concerned about compliance (visibility, monitoring, security) for such devices? If so, are there any recommended approaches/tools to address this?

Security concerns around sharing secret on a website

I need to share credentials with users. These credentials are created when the user wants them, but cannot be chosen by the user specifically (AAD credentials). I want to share the same with the user on my website(just once, at the time of creation). What are the security concerns around the same?

The website is using TLS, and proper authentication & authorization procedures are followed.

How to split a Rails model file into multiple files (not concerns, not modules, just separate files)?

I have a Rails 4 model Foo defined in a single file foo.rb

# app/models/foo.rb class Foo < ActiveRecord::Base   def method1     ...   end    def method2     ...   end end 

Without any type of class re-definition (eg, without refactoring to use traits or concerns for example), I would like to simply move some of the code to a new file, foo_more.rb

# app/models/foo.rb class Foo < ActiveRecord::Base   def method1     ...   end end  # app/models/foo_more.rb class Foo < ActiveRecord::Base   def method2     ...   end end 

When I do so, the method2 is undefined, so there appears to be something else I need to do to have the foo_more.rb file get loaded to add those methods to the Foo class.