I'm working on a CRAM auth system using a Flash/Flex client and a Java server (Red5). I have used the as3crypto library before, but as far as I know it does not support PBKDF2. This algorithm is suggested for password encryption by NIST so its what I want to use. Does anyone know of an AS3 compatible library with this algorithm, specifically PBKDF2WithHmacSHA1?
Refs:
http://code.google.com/p/as3crypto/
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
This one seems OK: http://code.google.com/p/as3-pbkdf2
Did you try putting 'as3 PBKDF2' into google? Took me all of 10 seconds to find these two as they're the top two answers.
The first would suit your needs, but the second seems more versatile as you can specify a hash function.
http://code.google.com/p/as3-pbkdf2/
http://code.google.com/p/as3-pbkdf2-lib/
Related
I want to implement the bilinear pairing Attribute based Encryption using Jpbc library. However, I could not find any pseudocode or code. Could you help me to find the pseudocode or code of ABE. Thank you.
I'm not very sure about what you exactly want. JPBC is a pairing library for Java. ABE is an encryption cipher. One is a mathematical tool to build an encryption cipher; the other is a cipher found in already-built libraries. So I will try to address everything you say in your question:
I want to implement the bilinear pairing Attribute based Encryption using Jpbc library
If you need a pairing library in Java, jPBC is your best option although it is not very good. As the authors mention, MIRACL is a good non-java alternative. Charm can also be a good option, either to build your own ABE implementation (something I do not recommend unless you are a cryptographer with implementation experience) or use some of theirs.
Could you help me to find the pseudocode or code of ABE
If what you want is a Java Implementation of ABE schemes, there are the following libraries available on GitHub:
CP-ABE
DET-ABE
JCPABE
You should consider that these libraries have no maintenance or an active community.
Finally, in case you find it useful, and if you are willing to use other languages, some other ABE implementations are:
Charm (Python)
Rabe (Rust)
OpenABE (C++)
Adam optimizer has flaws when used with weight decay. In 2018, AdamW optimizer has been proposed.
Is there any standard way to implement AdamW in MXNet framework (python implementation)? There is mxnet.optimizer.Adam class, but no mxnet.optimizer.AdamW one (checked in mxnet-cu102==1.6.0, mxnet==1.5.0 package versions).
P.S. I asked this questions on MXNet forum and on datascience.stackexchange.com, but to no avail.
Short answer: There isn't a standard way to use AdamW in Gluon yet, but there is some existing work in that direction that would make that relatively easy to add.
Longer answer:
People have been asking for this feature - a lot :) See: https://github.com/apache/incubator-mxnet/issues/9182
Gluon-NLP has a working version of AdamW - possibly slightly different from the one in the original paper: https://github.com/eric-haibin-lin/gluon-nlp/blob/df63e2c2a4d6b998289c25a38ffec8f4ff647ff4/src/gluonnlp/optimizer/bert_adam.py
The adamw_update() operator was added with this pull request: https://github.com/apache/incubator-mxnet/pull/13728 This is first released in MXNet 1.6.0.
Unfortunately, it looks like there isn't a way to use this with gluon.Trainer directly right now, without copying/modifying the BERTAdam code (or writing something similar from scratch). That would be a very nice thing to add to Gluon.
Please let me know if you get this working, as I'd love to be able to use that as well.
Nowadays, we always think like "send your data to a server, it computes it for you, then send you back the response".
But imagine something else : i want my client to compute the data itself.
The question is : is there something like a universal protocol to send actions rather than data through http ? So that the server can send the action to the client, whatever system it uses. If it does not exist, what are the technical difficulties you can face creating this kind of system ?
I'm talking about "static" actions, like mathematical functions for example.
You're unfortunately going to run into a problem pretty quick because, technically speaking, a universal language is impossible. Systems are going to have different architecture, different languages available, and different storage means. I believe what you intend (correct me if I'm wrong) is a "widespread" protocol. One way or another, you're going to have to drill down based on your personal use-case.
For a widespread example, you could keep a set of JavaScript files with functions server-side, and refer a web client to the one they need to run it by loading a javascript file during some event. Pass the location of the file and the function name, load it using the link above, then call the JavaScript function by name to run it. I could see this being an admitedly somewhat roundabout solution. This also may work in Java due to its built in JavaScript engine, although I haven't tested it.
Beyond that, I am unaware of anything particularly widespread. Most applications limit what they accept as instructions quite strictly to prevent security breaches (Imagine a SQL Injection that can run free on a client's machine). In fact, JavaScript limits itself quite severely, perhaps most notably in regards to local file reading.
Hopefully this helps with your ideas. Let me know in a comment if you have any questions/issues about what I've said.
12-Factor Apps suggest that you configure your application using environment variables. So far, so good. I can easily imagine that this is a good way to do it if you need to set a connection string, e.g.
But what if you have more complex configuration with lots and lots of values? I for sure do not want to have 50+ environment variables, do I?
How could I solve this, and still be compliant to the idea of 12-Factor Apps?
From a quick read of the configure link you provided, I agree with the author's claim that there is a widespread problem, but I am not convinced that their proposed solution is going to always be best. Like you, I don't relish the idea of having to define dozens of environment variables to configure an application. So here are some alternative ideas.
First, read Chapter 2 of the Config4* Getting Started Guide (disclaimer: I am the main author of that software). In particular, notice that its support for what I call adaptive configuration can go a long way towards addressing the concern that you ask about. Is Config4* the ultimate solution? Possibly not, but I think it is a good step in the right direction.
Second, the chances are that whatever application you are developing/maintaining has already settled on a particular configuration technology, such as XML files or Java property files, and it won't be feasible to migrate to using Config4*. This raises the question: is there anything you can do to avoid having a proliferation of, say, XML-based configuration files when you have multiple environments (such as dev, UAT, staging and production) in which the application will be deployed? I have outlined an approach for dealing with this issue in another StackOverflow article.
Is there a good book or other references on Text User Interface Design? I am not interested in graphical user interfaces. I am interested in usability for good command line and scripting interfaces.
Your interface should follow the Rule of Least Surprise as described by ESR in The Art of Unix Programming. If your programm supports command line options, make sure they have the traditional meaning. Be sure to read the chapter about Tradeoffs between CLI and Visual Interfaces.
IBM developed a standard called Common User Access. The Common User Access Basic Interface Design Guide has been published in the BookManager format and in HTML here.
The guide was written as a standard for developing 3270 applications. In my opinion the most important parts are the function keys standard and a color standard.
I'd use a favorite program as a reference for something like this. What command line utility do you think has a good, efficient interface that you could model your program on? Use it.
Update: So I think I need to revise this a little. It was taken way too literally. Google and this site proved that the internet is very democratic. What is popular is replicated, linked to or reproduced in someway.
Given this, plus one's personal experiences with computers, I think it is feasible to derive a pretty good solution based on personal experience and consideration for the solution to be provided.
For example, vim is a great program. A lot of people use it and love it. But that type of interface is probably not going to work (at least well) for a version control system. But both interfaces are very elegant for the purpose they suite. On the other hand, the vim type interface might work for a section of the version control system -- the commit dialog for example.
Now, I know that vim is normally used for the "commit dialog" (by default) for svn (on unix based OSes). This is just an example of mixing two styles of interfaces to come up with a cohesive solution.
You should have a look at some of the ideas behind Ubiquity as well as some of the ideas Aza Raskin talks about, seems like the same kind of thing.