Confused about pumping lemma, What i’m missing?

When I apply pumping lemma on this language: $ {L=\{010^n:n\ge0\}}$ over the alphabet $ {\Sigma =\{0,1\}}$ I get that it is non-regular despite the fact that it is regular.

  1. let $ {n=4}$ , then $ w=010000$
  2. $ w=xyz$ , $ { \mid xy\mid \leq n} $ and $ {\mid y\mid \geq 1}$
  3. $ x=0$ , $ y=10$ , $ z=000$
  4. let $ i =2$
  5. $ xy^2z = 01010000$ $ \not\in L$ so L is non-regular.

so, what I’m missing?

Java learning but still confused about what i put and what i do [on hold]

Hello guys i have been watching guides for 8 monuths and it didnt help me to learn java coding videos youtube and sololearn and books i do not understand maybe that i know whats the meaning of em but maybe i do not know why i should put this and dont know how to use the tools i always think array is small and impossible to be pro coder and type lots of codes i always think that i cant be programmer but i dont give up and always trying to be and also i practice but how would i practice when i dont know what to put and what is this and why we put this i am really confused how to make things with methods i have no idea what to type under method body i have no logic maybe please tell me what i need to do i need solution please cuz i like java i wanna learn it as hobbie and make application and give it to big company thats my dream is to code bexause i know girls likes it and also i do not know why i should put the things inside for loop i always think loop is like to count more than once please need help as fast guide me and help thanks

Confused in between Javascript or Python or Go [on hold]

Simple and straight

I am a PHP programmer (6+ years experience). I really want to work in cutting edge technologies to earn better. But I am confused in below options

  • Python as a secondary language
  • Go as a secondary language
  • Node.js
  • AWS certificates for a developer and associate solution architect
  • Become DevOps engineer
  • Microsoft Azure or Google Cloud or IBM cloud?
  • Become a MEAN stack developer (keep in mind I want to proficient in backend mostly)

Where:

  • I want to work in India as of now (But open for everywhere in the world)
  • Also, put my shoe on the track
  • Go Language does not have a broad market in India
  • Indian market requires full stack developer mostly.

I . (About Me)

  • Worked closely with Node.js / Angular.js / React.js
  • Mostly worked with PHP & Relational DB (done one project in firebase NoSQL)
  • Developed one mobile application in React Native (as I was a part of service based organization)
  • Have interest in cloud (AWS mostly used to deploy GIT code)
  • Want to buy accommodation for my family, for my dad, for my mom, for my spouse
  • Want to teach college students about programming for free
  • Want to aware youth about the job opportunities so at least they have a hope (My younger brother at age 29 has lost his hope completely)
  • Want to become a freelancer or consultant so I can utilize my free time to teach college/school students for free
  • Want to visit the world, small towns & villages and keep students aware of programming and motivate them
  • Want to purchase freedom for my future children for their entire life

Please suggest mates if this is not a right page, I will post somewhere else, but I need it.

Confused about pumping lemma

Here I have the method for pumping lemma to prove that a language L is not regular:

  1. Suppose to the contrary that L is regular ⇒ ∃ DFA A, s.t. L(A) = L.
  2. Let n be the number of states in A. ⇒ ∀w ∈ L(A), if |w| ≥ n, then w = xyz, where x, y, and z as in Pumping Lemma.
  3. Choose a suitable w ∈ L, where |w| ≥ n.
  4. Find an i, such that xyiz /∈ L. Since xyiz ∈ L(A) ⇒ L(A) 6= L.
  5. 4 contradicts 1: ⇒ 1 cannot be true ⇒ L cannot be regular

First of all, what are we trying to prove here in other words? That the language L cannot be represented by a FSM, therefore cannot be considered “regular” because a regular language is only regular if it can be represented by a FSM?

Second, how am I supposed to find “n” which is the number of states in A? Is this also known as the pumping length?

What is the proper way in which we are supposed to break up the string chosen string w >= n into 3 parts (xyz)?

For example this teacher broke it up in this way:

w = a^(n)ba^(n+2)

i = 2

xy^2z = a^(n+∣y∣)ba^(n+2)

How is the above equation equivalent?? Why is he choosing |y| and adding to to n?

And why would any of this prove that L is not regular? I’m really confused about the whole thing

Confused about R-Output with Paired T-Test

the Output of the paired T-Test in R is: Paired t-test

Paired t-test

data: p$ MZP1 and p$ MZP2

t = 7.4822, df = 64, p-value = 2.638e-10

alternative hypothesis: true difference in means is not equal to 0

95 percent confidence interval:

2.108796 3.645050

sample estimates:

mean of the differences

           2.876923  

I don’t understand it. Does this mean, that there is a difference between both groups or not? The p-Value is 2.638e-10, a very small number, so it’s significant. So do both groups are significantly different from another?

Confused about commands, domain events and external events in event sourcing

I’m a little confused about

  • commands role in event sourcing
  • distinction between domain and external events

If my understanding is right

  • a command represents an action initiated by an actor in terms of the domain
  • a domain event is an event can be consumed and produced by aggregate roots
  • an external event is just like a DTO – a data contract and it needs to be translated to either a domain event or a command

Example

I have a Product aggregate root. A product can have multiple active special offers. In order to manage it’s SpecialOffers, the product accepts 2 domain events:

  • SpecialOfferActivated
  • SpecialOfferDeactivated

So it’s public interface is just 2 overloaded Apply methods:

class Product{     ...     Apply(SpecialOfferActivated){...}     Apply(SpecialOfferDeactivated){...} } 

1st case: The request comes form front-end to the api

So a Controller is first in the line. It basically translates caller intention from data contract (DTO) to the domain language (command):

class ProductController{     Post(SpecialOfferDto dto){         ActivateSpecialOfferCommand command = Map(dto)         _commandBus.Send(command)     } } 

Command sent, now we need a command handler

class ActivateSpecialOfferCommandHandler{     Handle(ActivateSpecialOfferCommand command){         SpecialOfferActivated domainEvent = Map(command)         _eventBus.Publish(domainEvent)     } } 

Event published, now time for the event handler

class SpecialOfferActivatedDomainEventHandler{     Handle(SpecialOfferActivated domainEvent){         var product = GetFromDatabase()         product.Apply(domainEvent)         Save(product)     } } 

Done.

2nd case: The process is initiated by an external event published to the service bus.

This time NewPromotionExternalEvent is the data contract (ExternalEvent) and again we need to translate it to the domain language (Command)

class NewPromotionExternalEventHandler{     Handle(NewPromotionExternalEvent extenalEvent){         ActivateSpecialOfferCommand command = Map(extenalEvent)         _commandBus.Send(command)     } } 

And then it falls back to the ActivateSpecialOfferCommandHandler from the fist case. So it’s the same case as the first one basically.

3rd case: Skip the domain events layer (variation of either the 1st or the 2nd case)

So either by an api or an external event a command was produced. We simply create a domain event in order to apply it to the aggregate root. We do not publish the event to the service bus.

class ActivateSpecialOfferCommandHandler{     Handle(ActivateSpecialOfferCommand command){         SpecialOfferActivated domainEvent = Map(command)          var product = GetFromDatabase()         product.Apply(domainEvent )         Save(product)     } } 

Done.

4th case: Skip the commands layer (variation of the 1st case)

We can easily skip the commands layer

class ProductController{     Post(SpecialOfferDto dto){         SpecialOfferActivated domainEvent = Map(dto)         _eventBus.Publish(domainEvent)     } } 

and fallback to the SpecialOfferActivatedDomainEventHandler

5th case: Aggregate root creation.

So either by an api or an external event a command CreateNewProductCommand was produced. And we need another handler:

CreateNewProductCommandHandler{     Handle(CreateNewProductCommand command){         var product = Map(command)         SaveToDatabase(product)          NewProductCreated domainEvent = Map(product)         _eventBus.Publish(domainEvent) // in case somebody is interested     } } 

In this case there’s really no place to stick the domain events layer.

6th case: Domain event produced by Product (aggregate root)

class Product{     Apply(SpecialOfferActivated domainEvent){         var specialOffer = Map(domainEvent)         _specialOffers.Add(specialOffer)         if(...){             // For simplicity sake, assume the aggregate root can access _eventBus             _eventBus.Publish(new ProductReceivedTooManySpromotionsDomainEvent(this.Id))         }     } } 

Questions

  1. The events layer is cool, it allows us to distribute jobs across multiple instances or other microservices. However, what’s the point of the command layer? I could easily produce domain events right away (in a controller or external an event handler – 4th case).
  2. Is 3rd case legit (create a domain event just to apply it to the aggregate root, without publishing it)?
  3. Does command layer only make sense in 5th case where it gives us the benefit of delegating product creation to another microservice while domain events layer is not applicable?
  4. Where is the line between external and domain events? Is NewPromotionExternalEvent from the 2nd really an external event or is it rather a domain event?
  5. Who can produce domain events? Aggregate root? Command handler? Domain event handler? External event handler? Another microservice? All of them?
  6. Can domain events be dispatched to another micro-service or would it become an external event then?
  7. What is the proper way of handling product creation and special offer activation when it the request comes form controller or external event?

XSS and CSRF Protection in a SPA with session cookies and auth in sub-domain (confused)

The problem is, that the more I read about XSS and CSRF and the protection against these attacks for my website, the more I get confused what would be the right strategy.

Setup:

  1. SPA (Reactjs and runs only in the browser desktop/mobile) served with NGINX (index.html) => https://example.com

    1.1 User Sign in/up is with Firebase Client SDK

  2. API Server https://example.com/api/… (Node.js + Express.js) which only allows JSON, runs on the same server as the SPA (runs socket.io where no critical operation are made => try to run it as wss) and should only allow request from website (NGINX forwards requests to localhost)

  3. Auth server (Node.js + Express.js) on https://auth.example.com uses Firebase Admin SDK to create session-cookie (have to write a custom Firebase sign in/up logic because Firebase does not support it) with ttl min-max. 24h, best would be if user has to login again when browser was closed, but if I set no cookie time I think this is against Firebase policy with max ttl of 2 weeks. CORS set because different domain and cookie created here and should be available on the main-domain.

Sign in/up flow was described by Firebase: client sign in in browser send token to server where I create the session and session-cookie is sent back to client.

Now with cookies set HttpOnly, I am or I should be secure from XSS, but my concern is now CSRF which is somehow much harder to understand and to get right.

My initial though would be to send a CSRF token when user visits the site for the first time (make GET request to auth server which sets the CSRF token in the Header) but then I think I run into a problem to verify the CSRF token in API server.

Also, I read somewhere here or stack-overflow that I would have a problem with CORS, because one can somehow make sub-domain request and all the CSRF protection is for naught. Some say to use a JWT token because with SPA you are not vulnerable against XSS etc. and secure against CSRF.

There are many answers out there, which sometimes are opposite of that what you just read few minutes ago.

How can I secure my setup against XSS and CSRF?

What does “$E$ is not bounded above” mean? I am confused. “Principles of Mathematical Analysis” by Walter Rudin Theorem 3.17.

I am reading Walter Rudin’s “Principles of Mathematical Analysis”.

There are the following definition and theorem and its proof in this book.

Definition 3.16:

Let $ \{ s_n \}$ be a sequence of real numbers. Let $ E$ be the set of numbers $ x$ (in the extended real number system) such that $ s_{n_k} \rightarrow x$ for some subsequence $ \{s_{n_k}\}$ . This set $ E$ contains all subsequential limits, plus possibly the numbers $ +\infty$ , $ -\infty$ .

Put $ $ s^* = \sup E,$ $ $ $ s_* = \inf E.$ $

Theorem 3.17:

Let $ \{s_n \}$ be a sequence of real numbers. Let $ E$ and $ s^*$ have the same meaning as in Definition 3.16. Then $ s^*$ has the following two properties:

(a) $ s^* \in E$ .

(b) If $ x> s^*$ , there is an integer $ N$ such that $ n \geq N$ implies $ s_n < x$ .

Moreover, $ s^*$ is the only number with the properties (a) and (b).

Of course, an analogous result is true for $ s_*$ .

Proof:

(a)
if $ s^* = +\infty$ , then $ E$ is not bounded above; hence $ \{s_n\}$ is not bounded above, and there is a subsequence $ \{s_{n_k}\}$ such that $ s_{n_k} \to +\infty$ .

If $ s^*$ is real, then $ E$ is bounded above, and at least one subsequential limit exists, so that (a) follows from Theorems 3.7 and 2.28.

If $ s^* = -\infty$ , then $ E$ contains only one element, namely $ -\infty$ , and there is no subsequential limit. Hence, for any real $ M$ , $ s_n > M$ for at most a finite number of values of $ n$ , so that $ s_n \to -\infty$ .

This establishes (a) in all cases.

I cannot understand the following argument:

(a)
if $ s^* = +\infty$ , then $ E$ is not bounded above; hence $ \{s_n\}$ is not bounded above, and there is a subsequence $ \{s_{n_k}\}$ such that $ s_{n_k} \to +\infty$ .

What does “$ E$ is not bounded above” mean?
p.12, Rudin wrote “It is then clear that $ +\infty$ is an upper bound of every subset of the extended real number system”.
And $ E$ is a subset of the extended real number system.

Confused about GitHub’s GPG key association and authenticity

I’m not sure I understand GPG, and something on GitHub has left me wondering.

In git, a GPG private key can then be used to sign commits, which allows someone who is in possession of the public key of the committer to verify the signature. If they know that the public key does indeed belong to the committer, then they can verify the commit authenticity.

By my understanding, the public key is public and it should be considered that anyone could have a copy of it.

In GitHub, it is possible to associate a public GPG key with an account by adding it through the settings, which will then display the commits as Verified, here’s an example.

enter image description here

In addition, GitHub API exposes the GPG keys, here’s an example.

There is something I am confused about though. Since all GPG public keys are supposed to be public, wouldn’t it mean that anyone in possession of my public key could associate it with their account even if they are not in possession of the private key, and therefore the Verified status does not provide authenticity?