Delete rows or columns of matrix containing invalid elements, such that a maximum number of valid elements is kept

Originally posted in stack-overflow but was told to post here.

Context: I am doing a PCA on a MxN (N >> M) matrix with some invalid values located in the matrix. I cannot infer these values, so I need to remove all of them, which means I need to delete the whole corresponding row or column. Of course I want to keep the maximum amount of data. The invalid entries represent ~30% of data, but most of it is completly fill in a few lines, few of it is scattered in the rest of the matrix.

Some possible approches:

  • Similar to this problem , where I format my matrix such that valid data entries are equal to 1 and invalid entries to a huge negative number. However, all proposed solutions are of exponential complexity and my problem is simpler.

  • Computing the ratio (invalid data / valid data) for each row or column, and deleting the highest ratio(s). Recompute the ratios for the sub-matrix and remove the highest(s) ratios. (not sure how many lines or columns we can remove safely in one step), and so on until there is no invalid data left. It seems like an okay solution, but I am unsure it always gives the optimal solution.

My guess is that it is a standard data analysis problem, but surprisingly I could not find a solution online.

Greedy heuristic for buying fewest fridges of set temperature for products that can be kept in some temp. ranges?

We have a set of $ n$ products, each $ i$ th product can be kept in a temperature between $ c_i$ and $ h_i$ .

We have to buy fewest number of fridges for these products. The fridges can only have a fixed temperature.

For me I think of this problem as intervals of product temperatures that are placed on the axis. enter image description here

My idea to solve it is to see which product’s temperature range overlaps with most other products temperature ranges, then we can place these products in one fridge.

But the algorithm for this would be inefficient..

What’s a simple greedy solution for this? any ideas?

Why should relatively-public personal identifying information be kept secret online if at all?

I don’t want to get hung up on technical terms, just laying out basics for this question: I understand personal identifying information (PII) as that info which is not apparent to people who cross paths with you day to day and which could be used to prove your identity. For example, my name and face are not really private because anyone I casually do business with could get that info. My birthdate and address are much less apparent and are considered PII. My social security number is a whole different tier of private, being sensitive personal information (SPI).

I grew up in the wild west internet (there’s fringe PII – apx. age) and was advised never to reveal PII-type info. Basically conceal one’s real identity as much as possible, for safety sake.

Knowing more now, I wonder if this precaution is warranted, especially in the context of persona persistence between platforms which could leak some PII. Most internet use, sure I don’t want my name out there tied to it, but I don’t feel like I need to cover my tracks in general. Conversely, I see some benefit in letting my actual or pseudonymous identities persist online, and I wouldn’t be opposed to lightly-vetted or simply-determined users connecting dots between personas, i.e. friends or acquantances knowing two different profiles both represent me, including a PII-filled one like LinkedIn. I’m asking if my intuition here is right or more risky than I think.

The risks of revealing PII are I think:

  • Identity theft
  • Stalking
  • Planning crimes
  • Doxxing/slandering/harassing

For those reasons, I can see reason to use a pseudonym posting publicly. But I also don’t see those threats as particularly concerning in general, like when meeting someone on a message board or a stranger on Facebook or LinkedIn. Someone finding my profile on LinkedIn already has a lot of information that could be used to harass me, just as it’s useful for potential employers to vet me. It has to do with target incentive: why me among numerous others? And even if someone online pursued one of those malicious acts, how would it be any different or more likely than encountering that malevolence with a completely offline relationship? Is it that the internet is vaster (so greater chance of running into bad apples) and might have a deeper look in my life (so greater vulnerability when encountering bad apples)? An online criminal could choose from any number of other profiles to glean info from, so as long as I don’t give away SPI, it seems like basic PII and my online activity is not any worse to reveal online than revealing my PII and ‘in real life’ activity day to day.

Why should relatively-public personal identifying information be kept secret online if at all?

Is there any security concern if I kept password hash on client side?

I have an application that need to be able to work in offline, But the requirement is to authenticate everytime the application is open.

So If I also kept password hash on client side to make it be able to authenticate when there is no internet, Is there anything I should concern?

Thank you very much in advance

How to generate a certificate with csr’s sans kept by using openssl x509?

I already know how to add sans to csr, and I know it’s viable to add once again to crt using openssl x509 like this openssl x509 -req -extfile < (printf "subjectAltName=IP:xxx" -days xxx -in xxx.csr -signkey xxx.key -out xxx.crt

but I want to find a way to do that in one command line without using config file.


IN OAuth 2.0, how is the client secret supposed to be kept secret?

Using most OAuth 2.0 flows, a client application can identify itself to the authorization server by means of a “client id” and “client secret.”

The OAuth 2 specification says that the client secret should indeed be kept secret.

However, if the client secret is inside of the application, then it’s not secret – someone can use a debugger, disassembler, etc to view it.

So I am not sure the effectiveness and/or purpose of this client secret. Furthermore, are there any recommendations for securing a client secret on a client under the control of the general populace? The purpose here is to establish some form of trust between the client application and the Authorization server, independent of the resource owner (user).

Finally, what is the difference between using an OAuth flow without a client secret vs. using one with a client secret and not keeping that “client secret” actually secret?

package “cinnamon-l10n” marked as “kept back” and installation tries to remove cinnamon

Starting some days ago I saw the message

[ch720-02:~]$   sudo apt upgrade  Reading package lists... Done Building dependency tree        Reading state information... Done Calculating upgrade... Done The following packages have been kept back:   cinnamon-l10n 0 to upgrade, 0 to newly install, 0 to remove and 1 not to upgrade. 

As mentioned in some of the articles here (e.g. "The following packages have been kept back:" Why and how do I solve it?), I tried sudo apt-get --with-new-pkgs upgrade and also sudo apt-get dist-upgrade, but then I get the same output that package cinnamon-l10n will be kept back. The only difference I get with sudo apt-get install cinnamon-l10n, but this call tries to remove cinnamon at all:

[ch720-02:~]$   sudo apt-get install cinnamon-l10n  Reading package lists... Done Building dependency tree        Reading state information... Done The following packages were automatically installed and are no longer required:   caribou cinnamon-common cinnamon-control-center-data cinnamon-screensaver cjs gir1.2-accountsservice-1.0 gir1.2-caribou-1.0   gir1.2-cinnamondesktop-3.0 gir1.2-clutter-1.0 gir1.2-cmenu-3.0 gir1.2-cogl-1.0 gir1.2-coglpango-1.0 gir1.2-gconf-2.0 gir1.2-gdesktopenums-3.0   gir1.2-gkbd-3.0 gir1.2-gnomebluetooth-1.0 gir1.2-gnomedesktop-3.0 gir1.2-gtkclutter-1.0 gir1.2-javascriptcoregtk-3.0 gir1.2-json-1.0   gir1.2-keybinder-3.0 gir1.2-meta-muffin-0.0 gir1.2-networkmanager-1.0 gir1.2-nmgtk-1.0 gir1.2-polkit-1.0 gir1.2-upowerglib-1.0 gir1.2-webkit-3.0   gir1.2-xkl-1.0 gnome-backgrounds gnome-themes-standard gnome-themes-standard-data gtk2-engines-pixbuf libcaribou-common libcaribou0   libcinnamon-control-center1 libcinnamon-desktop4 libcinnamon-menu-3-0 libcjs0 libgle3 libkeybinder-3.0-0 libmozjs-24-0v5 libmuffin0 muffin-common   python-pexpect python-ptyprocess python-pyatspi xscreensaver-data-extra xscreensaver-gl-extra Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED   cinnamon cinnamon-control-center cinnamon-settings-daemon The following packages will be upgraded:   cinnamon-l10n 1 to upgrade, 0 to newly install, 3 to remove and 0 not to upgrade. Need to get 2,737 kB of archives. After this operation, 5,694 kB disk space will be freed. Do you want to continue? [Y/n] n  Abort. 

which is obviously not what I want. Does anyone have a clue what is going wrong here? How can I update cinnamon-l10n without removing the other packages?

Why must API keys be kept private?

I have worked with public API’s in only one small project, but I recently learned that if one were to distribute a project with API keys inside this is a security risk.

So I have two questions:

  • What does an API key contain that would pose a security risk?
  • How does one create an application that makes use of public API’s and distribute that application without posing a security risk?

Surely if someone can reverse engineer the application, they could extract any API keys that are present.

I am a fresh computer science graduate so an explanation of this would be much appreciated.

Many thanks!

Would the Ranger be overpowered if their Animal Companion kept attacking once ordered?

For an Animal Companion to attack, the Ranger has to use his action to command it.

I am looking to see some math on just why this restriction is in place. Is the ranger way over-powered if the animal companion can keep attacking once ordered, or if gets to attack as an interact with object or verbal command from the ranger?

I’d like to see calculations for the following 3 scenarios:

  • act as rules as written
  • continue an action once given (1st attack takes a ranger action to activate)
  • act as an interact with object by the ranger

How does the above compare with an identical ranger with colossus slayer?

I am hoping to understand why the designers limited it so much.