Termination of term rewiting using strict partial order on subterms

Are there any good books, research reports, surveys, theses, or papers that display proof techniques, with clear proofs of termination of term rewriting problems that have the following form…?

Terms are represented by directed acyclic graphs where the terms are vertices with arcs labelled $ arg_{1}…arg_{n}$ pointing to the immediate sub-terms. There would be additional equality arcs between vertices. Thinking of the transitive closure of the equality arcs as representing equivalence classes of vertices that are "merged", the $ arg$ arcs in the graph form a lattice (because or the strict order on sub-terms, and some sub-terms might be shared). A rewrite rule would add extra arcs, such that existing partial order would be preserved and added to, so the rewrite rules would be constructing a series of partial orders (represented in the graph state at each step) $ p_{0} \subset … \subset p_{m}$ more and more "constraining" the partial order relation between vertices until either the re-write rules find nothing to re-write or a rewrite would introduce a cycle (immediately detectable by a depth first search). I think this kind of termination proof is correct because we can say every step was a reduction under the partial order $ p_{m}$ but I’d like a formal justification because I have worries about my not knowing $ p_{m}$ before hand, only when it is constructed. And if the rewrite finds a cycle then that cycle was implicit from the beginning. Again I think that’s OK because my re-write rules are prove-ably LHS iff RHS so they transform the problem to an equivalent problem. I call this "construct a partial order or die trying." Is there a more formal name for this kind of proof?

Ideally the proof examples would be constructive and mathematically thorough. I see some papers that assume a lot of prior knowledge, probably because of brevity requirement, and not wanting to bore an expert audience. And others with "wordy" explanations, which are great to give intuitive understanding, but proofs should not depend on them.

What is the “continuity” as a term in computable analysis?


Background

I once implemented a datatype representing arbitrary real numbers in Haskell. It labels every real numbers by having a Cauchy sequence converging to it. That will let $ \mathbb{R}$ be in the usual topology. I also implemented addition, subtraction, multiplication, and division.

But my teacher said, "This doesn’t seem to be a good idea. Since comparison is undecidable here, this doesn’t look very practical. In particular, letting division by 0 to fall in an infinite loop doesn’t look good."

So I wanted my datatype to extend $ \mathbb{Q}$ . Since equality comparison of $ \mathbb{Q}$ is decidable, $ \mathbb{Q}$ is in discrete topology. That means a topology on $ \mathbb{R}$ must be finer than the discrete topology on $ \mathbb{Q}$ .

But, I think I found that, even if I could implement such datatype, it will be impractical.

Proof, step 1

Let $ \mathbb{R}$ be finer than $ \mathbb{Q}$ in discrete topology. Then $ \{0\}$ is open in $ \mathbb{R}$ . Assume $ + : \mathbb{R}^2 → \mathbb{R}$ is continuous. Then $ \{(x,-x): x \in \mathbb{R}\}$ is open in $ \mathbb{R}^2$ . Since $ \mathbb{R}^2$ is in product topology, $ \{(x,-x)\}$ is a basis element of $ \mathbb{R}^2$ for every $ x \in \mathbb{R}$ . It follows that $ \{x\}$ is a basis element of $ \mathbb{R}$ for every $ x \in \mathbb{R}$ . That is, $ \mathbb{R}$ is in discrete topology.

Proof, step 2

Since $ \mathbb{R}$ is in discrete topology, $ \mathbb{R}$ is computably equality comparable. This is a contradiction, so $ +$ is not continuous, and thus not computable.

Question

What is bugging me is the bolded text. It is well-known that every computable function is continuous (Weihrauch 2000, p. 6). Though the analytic definition and the topological definition of continuity coincide in functions from and to Euclidean spaces, $ \mathbb{R}$ above is not a Euclidean space. So I’m unsure whether my proof is correct. What is the definition of "continuity" in computable analysis?

What is the term for data leaking from one HTTP request to another and how to prevent it?


Context

We recently added a feature that used a library whose API we misunderstood. Long story short, if user A sends a request to our web application, the library caches some result, and that result may show in a response to user B’s request. Needless to say, this is a security bug, specifically, data from user A leaks to user B.

Although it is well-known that web application should be stateless, the long dependency graph of such application makes the likelihood of some downstream library (or its bad usage) accidentally leaking data between requests non-zero. I can imagine this bug is possible with a wide range of web frameworks and environments (e.g., Django, .NET, NodeJS, AWS Lambda), since they all reuse the application between request to avoid cold starts.

Questions

  1. What is the proper term for data leaking server-side between HTTP requests, due to an honest developer mistake? Terms such as session hijacking and session fixation seem to refer exclusively to malicious attacks.

  2. Are there tools and method to test for such mistakes or detect them in production?

Use Custom Post Type archive page for the taxonomies term archive page

In my wordpress theme I created a new custom post type ‘books’ with 2 taxonomies (‘series’, ‘genres’). when I visit the archive of the cpt ‘books’ (site.com/books), I list all the books.

I added a custom frontend filter to get in this archive page books by taxonomy terms by passing an argument to the url with the name of the taxonomy and the terme (like this: site.com/books/?genres=action). Like a book browser.

But wordpress is by default creating the link for my taxonomies like this (site.com/genres/action/) and i want it to be "redirected" to the books post type with the taxonomy argument (site.com/books/?genres=action).

Is it possible to achieve that ? Thank you

What’s the term for a hash sent early and plain text revealed later?

I think there is a known pattern where you post the hash of a document, e.g. on Twitter, in order to have its time registered. You could then later publish the document and have it accredited for the time of the hash.

I’m sure someone gave this procedure a name. What is that name?

I found trusted timestamping, but that is a thing for digital certificates, which do not come into play here.

Generalization of The Term “Insider Threat”

A definition of an Insider Threat in enterprises/organizations context is: "A current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an organization, and who misuses this access."

I would like to know if such a threat can be generalized in a broader context so I can say that: "An Insider Threat refers to any user or entity that misuses the delegated access by taking the privilege that it is already authenticated and authorized to the system. The misuse of delegated access can be unintentional such as program flaws and failure, or intentional such as user account compromise."

Is my generalization of the term "Insider Threat" correct?

If it is not, what term is used to designate the type of threat that I defined in my generalization (2nd paragraph)?

[ Politics ] Open Question : Why would anyone vote to give Trump another term when things have gotten so much worse under him already in less than four years?

Just look at the state of the country today: Massive protests in the streets. 40 million+ people out of work. 100,000+ people dead from coronavirus. Racial relations badly strained.

Why is the term “nation state” used to refer to a government-sponsored effort in infosec, and is it accurate?

I work in infosec and as such, have read many whitepapers and been to many conference talks. I hear all the time, especially in conversation and literature about malware, the term “nation state” used to refer to a government entity or government-sponsored activity. The term “state actor” is also used.

My question is, why? According to Wikipedia:

A nation state is a state in which a great majority shares the same culture and is conscious of it. The nation state is an ideal in which cultural boundaries match up with political boundaries.1 According to one definition, “a nation state is a sovereign state of which most of its subjects are united also by factors which defined a nation such as language or common descent.” It is a more precise concept than “country”, since a country does not need to have a predominant ethnic group.

According to Merriam-Webster, the definition is:

a form of political organization under which a relatively homogeneous people inhabits a sovereign state

Is there some inherent need for the government sponsor to be primarily of one ethnic background in infosec literature? I just don’t understand why this term in particular is so frequently used, when there are many forms of states, such as a federated state, multinational state, or even more general terms such as “government” or “country,” all of whom would likely be capable of and do participate in infosec activities.