How to report false positive to Google Safe Browsing without signing up with Google?

I was wondering how to report a false positive to Google Safe Browsing without having to create a Google account and feeding their insatiable hunger for more data?

I have not found such a way as of yet. Google pretty much seems intent on preventing any contact in this matter or others.

Background

My domain – yep whole one, including subdomains – was reported as (two examples):

Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

… and:

This site is unsafe

The site https://***********.net/ contains harmful content, including pages that:

Install unwanted or malicious software on visitors’ computers

I won’t disclose my domain here, but given I have a list of digests for all the files located on my (private) website and the list is signed with my PGP key and I verified the hashes and the signature and all checked out, I am sufficiently certain that this is a false positive. None of these files have changed in the last four years, because my current software development activities are going on elsewhere.

Unfortunately there is no useful information to be had from the “details” provided by Google Safe Browsing. A full URL to the alleged malicious content would have been helpful; heck even a file name or something like MIME-type plus cryptographic hash …

I have two pieces of content on my website where one could debate whether they are PUA/PUP (as it’s called these days). Both are executables inside a ZIP file and alongside the respective source code which was used to create those executables. So in no way would any of that attempt to install anything on a visitors computer, unless we imagine a fictitious browser hellbent on putting its user at risk by requesting to run at highest privileges upon start and then unpacking every download and running found executables without user interaction. And even then one of the two pieces of software would fail and the other would be visible.

  1. One is a Proof of Concept for an exploit of Windows debug ports which has been patched for well over a decade and so will hardly be a danger to anyone.
  2. The other is a tutorial which includes a keylogger which – when run – is clearly visible to the user. So no shady dealings here either.

But since these two items came up in the past, I thought I should mention them.

Anyway, a cursory check on VirusTotal showed one out of seventy engines giving a “malicious” for my domain. Given Google bought VT some time ago, it stands to reason they use it for Google Safe Browsing.

The mysterious engine with the detection is listed as “CRDF” and I still have been unable to find out who or what that refers to. So obviously there is no way to appeal, request a review or whatever … seems Google is judge, jury and executioner in this one.

So how do I “appeal”?

Write the smallest positive number that can be represented by the floating point system

Using a normalised floating point representation box with an 8-bit mantissa and a 4-bit exponent, both stored using two’s complement.

(a) Write the smallest positive number that can be represented by the floating point system in the boxes below. The result is: Mantissa 0.1000000 and exponent 1000

Do not see how this can could someone please explain.

Number of ways n can be written as sum of at least two positive integers

I found a solution in Python for this problem, but do not understand it. The problem is how many ways an integer n can be written as the sum of at least two positive integers. For example, take n = 5. The number 5 can be written as

4 + 1 3 + 2 3 + 1 + 1 2 + 2 + 1 2 + 1 + 1 + 1 1 + 1 + 1 + 1 + 1 

Here’s a solution for n = 100.

n = 100 ways = [1] + [0]*n  for i in range(1, n):     for j in range(i, n+1):         ways[j] += ways[j-i]  print ways[n] 

This solution is elegant and efficient, but unfortunately, I do not understand the logic. Can someone please explain the logic of this solution to the problem? Is there a way to make this algorithm easy to understand?

Decide whether an $n$-bit positive integer is composite

Question:

Given an $ n$ -bit positive integer. A decision problem is to decide whether it is composite. Is this problem in NP?

I know that for every composite number, a factor of the number is a certificate. Verification proceeds by dividing the number by the factor and checking if the reminder is zero. My question is whether the verification can be done in polynomial time of $ n$ ? it seems that we need to use at most $ 2^n/2 = 2^{n-1}$ factors to test, does that mean we should use exponential time to verify?

Find $n’th$ perfect number , where perfect number is a positive integer whose sum of digits is $10$

For example $ 46$ is a perfect number , since $ 4+6=10$ . If $ n=1$ , answer is $ 19$ . If $ n=2$ , answer is $ 28$ . If $ n=3$ , answer is $ 37$ and so on .We need to make a program which takes $ n$ and outputs $ n’th$ perfect number.

How to solve this problem for large $ n$ , for example $ n$ close to $ 10^{18}$ ? we can’t use brute force method since input can be so large .Can we solve it using DP or binary search ?

Source of the problem : Perfect Number

Note: In given problem statement (in link) $ n$ is not large and thus can be solved using brute force.But i am curious to solve it for large $ n$ .

Iterate cartesian product (cross product) of sorted lists of positive numbers in order of decreasing product of entries (MVCE of a stub included)

Suppose I have several sorted lists of positive numbers, like so for example:

double[] a1 = new double[]{0.70, 0.20, 0.10}; double[] a2 = new double[]{0.80, 0.10, 0.05, 0.05}; double[] a3 = new double[]{0.60, 0.15, 0.14, 0.10, 0.01}; 

I want to iterate Cartesian product of these arrays in the order of decreasing product of entries, like so:

0000: Combo[product=3.36e-01, vals=[0.70, 0.80, 0.60], indexes=[0, 0, 0]] 0001: Combo[product=9.60e-02, vals=[0.20, 0.80, 0.60], indexes=[1, 0, 0]] 0002: Combo[product=8.40e-02, vals=[0.70, 0.80, 0.15], indexes=[0, 0, 1]] 0003: Combo[product=7.84e-02, vals=[0.70, 0.80, 0.14], indexes=[0, 0, 2]] 0004: Combo[product=5.60e-02, vals=[0.70, 0.80, 0.10], indexes=[0, 0, 3]] 0005: Combo[product=4.80e-02, vals=[0.10, 0.80, 0.60], indexes=[2, 0, 0]] ... 

E.g. in the example above the first entry is obvious (as arrays are sorted) and it is a combination of the first values: [0.70, 0.80, 0.60] with product 0.70*0.80*0.60 = 3.36e-01 and corresponding value indexes in arrays a1, a2, a3 are [0, 0, 0]. Now the second entry is less obvious, should we change 0.70 to 0.20? Or 0.60 to 0.15? Or 0.80 to 0.10? The second should be [0.20, 0.80, 0.60]with product 9.60e-02, indexes [1, 0, 0].

Here is a program in java to generate/print them: https://repl.it/repls/FilthyGreatRotation (all the logic is in printWholeCartesianProduct() method)
This program generates them in lexicographic order and then sorts the whole set by product.

Question: Is there an easy way to actually generate the combos in correct order in the first place?

The reason for this: I don’t have the lists in the first place, only iterators over some sorted collections of numbers. Possibly veeery long, length not known ahead of time, but it is known that the numbers in each iterator are sorted.

MVCE to play with (same as in https://repl.it link above):

import java.text.DecimalFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.StringJoiner; import java.util.function.Consumer; import java.util.stream.Collectors;  public class Main {      public static void main(String[] args) {         List<List<Double>> data = createData();         printWholeCartesianProduct(data);     }      public static List<List<Double>> createData() {         double[] a1 = new double[]{0.70, 0.20, 0.10};         double[] a2 = new double[]{0.80, 0.10, 0.05, 0.05};         double[] a3 = new double[]{0.60, 0.15, 0.14, 0.10, 0.01};         return createData(a1, a2, a3);     }      public static void  printWholeCartesianProduct(List<List<Double>> data) {         final DecimalFormat df = new DecimalFormat("0.00");          // print input data         String matrix = data.stream()             .map(l -> l.stream().map(df::format).collect(Collectors.joining(", ")))             .map(row -> "[" + row + "]")             .collect(Collectors.joining("\n"));         System.out.println("Input data:\n" + matrix);          // collect combos as they are generated         final List<Combo> combos = new ArrayList<>();         Consumer<int[]> callback = indexes -> {             double[] v = new double[indexes.length];             double prod = 1;             for (int i = 0; i < indexes.length; i++) {                 List<Double> col = data.get(i);                 int index = indexes[i];                 v[i] = col.get(index);                 prod *= v[i];             }             combos.add(new Combo(prod, v, indexes.clone()));         };          // generate combos         int[] c = new int[data.size()];         int ptr = c.length - 1;         while (ptr >= 0) {             callback.accept(c);             c[ptr]++; // increment             if (c[ptr] == data.get(ptr).size()) { // carry                 do {                     ptr--;                 } while(ptr >= 0 && c[ptr] == data.get(ptr).size() - 1);                 if (ptr < 0) {                     break;                 }                 c[ptr]++;                 // zero out                 while (++ptr <= c.length - 1) {                     c[ptr] = 0;                 }                 ptr = c.length - 1;             }         }          // cheating - sort after generation and print result         combos.sort((o1, o2) -> Double.compare(o2.product, o1.product));         StringBuilder sb = new StringBuilder();         double totalP = 0;         for (int i = 0; i < combos.size(); i++) {             sb.append(String.format("%04d: ", i)).append(combos.get(i)).append("\n");             totalP += combos.get(i).product;         }         System.out.printf("Cartesian product in descending product (total p=%.3e):\n%s", totalP, sb.toString());     }      public static List<Double> asList(double[] a) {         return Arrays.stream(a).boxed().collect(Collectors.toList());     }      public static List<List<Double>> createData(double[]... arrays) {         final List<List<Double>> vals = new ArrayList<>();         Arrays.stream(arrays).forEachOrdered(a -> vals.add(asList(a)));         return vals;     }      static class Combo {         final double product;         final double[] vals;         final int[] indexes;          Combo(double product, double[] vals, int[] indexes) {             this.product = product;             this.vals = vals;             this.indexes = indexes;         }          @Override         public String toString() {             return new StringJoiner(", ", Combo.class.getSimpleName() + "[", "]")                 .add("product=" + String.format("%.2e", product))                 .add("vals=[" + Arrays.stream(vals).boxed().map(v -> String.format("%.2f", v)).collect(                     Collectors.joining(", ")) + "]")                 .add("indexes=" + Arrays.toString(indexes))                 .toString();         }     } } ``` 

Practical use of O-card, or how to measure positive consent on the fly

I’m preparing to run the game of Bluebeard’s Bride with couple of players I don’t know very well. This game can be quite heavy on disturbing content, so I certainly plan to have X-card equivalent in game. At the same time, I have put clear indicatation of the theme and some of possible triggers in the pre-game blurb (it will be run on small convention dedicated purely to RPG games), so assumption is, that players will be willing to experience at least some of it and push their boundaries.

As it is single-session game, in predefined timeframe (5-6 hours total), there is a limit to how much pre-game ‘session 0’ research/questionnaires I can do. I also do not expect to have any contact with the players before the game itself.

I’m strongly considering having equivalent of O-card in addition to X-card. For people not familiar with the term, here is a definition from TTRPG Safety Toolkit

The O card can be used at any point if a participant wants to continue with the content. When the O card is used by tapping the card or typing an “O” in the chat, the group is ok to continue with the content. They can also regularly be prompted by a “O?” asked out loud or in the chat to check-in if everyone is still ok.

Let’s ignore online play part.

How does it work in practice with multiple players? X-card is simple – one players bails out, scene stops. But with O-card, is it enough that directly involved player taps a card to increase/follow the narration and rest can X-card it if they don’t agree? Can some other players use O-card, even if they are just listening atm? Or do we do quick vote, which can be quite awkard with 5 players and put a kind of peer pressure on last one not joining, which those techniques are meant to avoid?

With LARPs it is bit easier with red/yellow/green safety words, because

  • you often interact with just one person who can be affected by your actions
  • often you ask about physical interaction but you use verbal confirmation, which intrudes less into the flow

In TTRPGs, physical gesture on X-card provides same distinction between action (which is verbal) and safety mechanism (touch in this case) – verbal consent techniques would be more invasive.

Do you have any other, techniques for players to indicate consent for moving to ‘higher gear’ on-the-fly, which work with 5 players?

Why does going from 2’s complement (in binary) to the positive value by completing to 1 then adding 1 work?

I’m studying Computer science and this has confused me for a long time since our professor didn’t give any proof.

When changing from 2’s complement to the positive value, we can go in reverse (by subtracting 1, then using 1’s complement), and that’s clear why it works.

But our professor told us another method which is taking the number, using 1’s complement, THEN adding 1.

I don’t understand why the second method works.

Computer infected with malware or false positive?

(windows 8.1 user)
A few months ago I downloaded binaries from: https://github.com/noahp/srlua-mingw

They had 2 exe files in the folder: srlua.exe and glue.exe. I had been unable to compile srlua from the original github posting for srlua, so I used the srlua.exe from the binary and the glue.exe which I compiled on my own. I was able to use the tools successfully. The only issue was I received a few positives (1-2) when scanning the various files via virustotal, but that was expected given they are programs that compile lua code into .exe (i.e. c compilers get flagged alot on virustotal).

Skip ahead to today, I needed to use the program again. But because srlua.exe deletes itself (glues itself) to the created .exe, I needed another copy. I found the old zip for the binary in my recycle bin so I restored. I then proceeded to try and get the code to work again, but couldn’t get it to work. I then proceeded to use “just” the files in the binary’s zip srlua.exe and glue.exe (the ones in link above), and was able to create the .exe but not get them to run either. When opening the created .exe it said they were unrecognized filetypes. So again: 2 months ago, I didn’t use both files from the zip, but I did this time.

I then received a notification from my antivirus that “malware detected on pc”. It linked specifically to srlua.exe. I deleted the srlua.exe, and then followed the ‘disinfection’ protocols kasperky presented to me. I had never seen this prompt before and I couldn’t tell if it had detected anything real or was just presenting safety options. The only thing of worry it presented to me was that it detected an unknown program/code running at pc start.

I followed all their suggestions, and restarted the computer as they told me to. I then scanned the .zip file that had the binaries in it, on virus total. The database version showed its fine, I rescanned though and it turned over 50% positive. I then downloaded malewarebytes and ran that, and it picked up a registry key in an old divx player folder, I’m guessing that’s unrelated, and it picked up the zip folder from my downloads and the ones in my trashbin. I quarantined the zip in my downloads folder, I’ll delete later if necessary, and deleted the others.

I then went to the github page. I’m really bad at understanding github, but it says last commit was 4 years ago…and as stated I downloaded this zip 2 months ago originally. I then went to grab the zip file again, but was blocked by kasperky citing: Access denied Object URL: https://codeload.github.com/noahp/srlua-mingw/zip/master Reason: the object is infected by P2P-Worm.Win32.Palevo.ikpc

This was not there when I downloaded 2 months ago. This is all new. I messaged github, and am waiting for reply, however I am unsure of how github works and if I’m messaging the right place (they only had an abuse and harassment section). This raises questions like: Was the file infected while on the github servers…why is it still there on the site if everything is now flagged by all the antivirus as malware…etc..

My main concern though is: Was I likely infected? And how can I tell if I’m still infected? How would I even know? The antiviruses, when I look at the reports from kapersky and malewarebytes, don’t tell me anything other than that srlua.exe and the .zip it came from are positive. Wouldn’t there be more to report if it was actually malware?

The last backup I have is from months ago, and the backup was made after my use of the program back then. So the backup technically is of a pc that used the supposedly infected srlua.exe with the not infected glue.exe I compiled myself. It’s undesirable to backup to that point. And there’s the potential even that could be infected. I’d assume it’s unlikely that a perpetrator designed it so you needed to use both the srlua.exe and glue.exe from the zip to infect the pc.

I have not experienced any odd behaviour on my pc. But I have no idea what a pc with malware does or doesn’t do, or what else can be checked outside of scans.

The process for using srlua.exe and glue.exe, from the link, is in cmd prompt (windows user) to:

glue srlua.exe prong.lua prong.exe   

where prong is the code file’s name. I’m assuming running this command is the same as opening the .exe and anything could happen if it is actually infected.