hyperbolic geometry – Reference request: Discrete subgroup of $mathrm{PO}(n,1)$ preserving proper subspace has infinite covolume

I’m looking for a reference for the following claim:

$newcommand{PP}{mathrm{PO}(n,1)}$
Let $PP$ denote the group of isometries of $V = mathbb{R}^{n,1}$ preserving the upper sheet of the hyperboloid (i.e. $PP$ is the group of isometries of hyperbolic $n$-space), and $G$ a discrete subgroup of $PP$.

Claim. If $G$ preserves a proper (linear) subspace of $V$, then $G$ is of infinite covolume in $PP$.

The way I think a proof goes is:

  • If $G$ preserves a subspace $U$, it preserves its orthogonal complement $U^perp$ too.
  • Either $U$ or $U^perp$ either intersects the hyperboloid or contains an isotropic vector.
  • Up to swapping $U$ and $U^perp$, if $U$ intersects the hyperboloid, it preserves a proper subspace of hyperbolic space, and is therefore of infinite covolume.
  • Similarly, if $U$ only contains an isotropic vector, it fixes an ideal point of hyperbolic space, and must also be of infinite volume.

I’m not 100% convinced by this argument, and I looked in Ratcliffe’s and Vinberg’s book for a better one and/or a reference, to no avail.

Thanks!

How to download all from wolfram cloud while preserving folder tree structure?

This answer: https://mathematica.stackexchange.com/a/201726/62529 allows downloads of all files from wolfram cloud. However, it does not preserve the folder tree.

I have a lot of files I want to download and they have folders nested within folders.
These folders make it painful to have to reorganize all my files after downloading.

How can I download everything and not loose my folder organization?

I tried modifying the code (I linked to earlier) by changing Information(#, "DisplayName") to Information(#, "Path"), but this gave me errors

localBackupPath = "C:\Users\username\Desktop\WolframBackup";
objects = CloudObjects@CloudDirectory()
type = Information(#, "FileType") & /@ objects;
allObjects =
    Flatten(MapThread(
        If(#2 === Directory, 
            CloudObjects(#1), #1) &,
            {objects, type}));
CopyFile(#,
    FileNameJoin({localBackupPath,
        Information(#, "Path")})) & /@ allObjects

forensics – Preserving crime evidence from a website I do not own

Is there a standard procedure when it comes to preserving evidence of a crime committed on a website of a third party?

Let’s assume that a crime was committed on a website I visit, like defamation. Other than using the Wayback Machine or browser plugins to save the page in case either the website owner or the perpetrator removes the evidence, is there a better way?

My goal is to be able to prove to the authorities that a crime was committed so that they start an investigation. For not-so-serious crimes unless it’s very easy to prosecute – e.g. the evidence is still accessible without the need for a warrant – the police might not even bother.

Create a self-signed CA in openssl in two commands, `openssl req` (with no -x509) and `openssl x509` while preserving extensions from CSR?

Related question:
Missing X509 extensions with an openssl-generated certificate

I know other methods exist (i.e the openssl req -x509 ...), but specifically for using two separate commands

  1. openssl req -config openssl.cnf -new -key ca.key.pem -out ca.csr.pem -addext 'basicConstraints=critical,CA:true' -addext 'keyUsage=critical,keyCertSign'
  2. openssl x509 -req -in ca.csr.pem -signkey ca.key.pem -out ca.crt.pem

to create a CA. Is there really no way to preserve the extensions from the CSR?

algorithms – Area preserving distance optimization

I stumbled across the optimization problem described below and I am looking for how to approach it efficiently. I have the feeling that the problem at hand might be known, but I was not able to find its name or further information on it. So any help to find an efficient algorithm for its solution or a pointer to the name of the problem at hand would be very helpful.

Given $ n times m $ matrix $ M $ of integers from $ (0, w) $ and a set $ P $ of $ w $ points (i.e. tuples of indices in the matrix),
find a permutation $ M’ $ of the values of $ M $, such that the global distance function $ f(M’) = $
$ sum_{i=0}^{n-1}{ sum_{j=0}^{m-1} } { left(i – xleft(P(M'(i, j))right)right)^2 + left(j – yleft(P(M'(i, j))right)right)^2 } $ is minimal.

Explained in a different way, consider an image with $ n times m $ pixels, where each pixel is of one of $ w $ distinct colors. We then want to rearrange the pixels such that all pixels of the same colors from a group around the seed point of the same color. We are allowed the swap the colors of pixels as long as the total number of pixels for each colors stays constant. Below you find an example of the resulting image from a random initial image with a hundred equally likely color as starting point located around randomly pixed seed points. The result was obtained by iteratively picking two points at random and swapping them if the global distance function after swapping is reduced. Doing this for millions of times approaches (at least a local) optimum depicted in the images. However this approach is rather slow for larger values of $ n $ and $ m $. So I am looking for a faster solution to obtain the result. Also a non-discrete solution where polygons would describe the final areas would be appreciated. I was also considering Voronoi tesselations (which can be computed much faster), however they do not work in my case due to the fixed area constraint (i.e. the colored sections should be of equal size in this example).

Area preserving distance optimization

Simplify usage of KeePass or equivalent password managers while preserving security

Situation

I’m using KeePass to manage my password together with a long complicated password. I need to access passwords quite often so it’s a little cumbersome to have to enter the password each time. Since I’m working in a regular workplace with other people I have a quite short interval before KeePass locks itself after inactivity. It would also theoretically be simple for a colleague to covertly film me typing in the password. I’m not particularly afraid of attacks here and now, but I would like to have a stable long-term secure process established.

I also have Keepass-droid on my cellphone which is much easier to use since I can connect it with my fingerprint. If my fingerprints are temporarily messed up I can still open it by using the master password. This it the kind of convenience I’m looking for on a regular computer.

I’m searching for a solution that I can use together with a password manager on a regular computer that:

  1. Simplifies the log-on process
  2. Still allows the master password as a backup
  3. Is not solely dependent on a physical artefact that easily could be stolen and accessed.
  4. Reduces the vulnerability to key loggers as long as I don’t need to enter my master password.

Thinking about a solution

I’ve looked at buying an external fingerprint reader that I could connect to my computer and integrate with KeePass* but it seems to be a mixed bag of contrived solutions and paid subscriptions.

I’m also thinking that a possible solution could be if the password manager would allow me to open the same database with either my stronger master password or at the same time with a key file together with a simpler password, a key file that I then could store on for example a IronKey* that is hardware encrypted and locks down after 10 invalid password attempts. Then my workflow would be:

  1. Mount the IronKey* in the computer in the start of the work day and open it with the IronKey* password.
  2. When I need to open my password database, I use a key file on the IronKey* together with a simpler password (so that the key file is in itself not enough if the key file somehow get wings).

That way I don’t have to be afraid of losing my USB-stick as 1) It’s difficult to get the key file out of it and it would still require the additional simpler password to open the password database and 2) I could still use my master password to access the database and to set it up with a new IronKey* with a different key file so that I’m not locked out if loosing the stick.

But unfortunately I can’t find anything about password managers supporting password or different password + keyfile at the same time. I understand that something like that could be cryptographically non-trivial, but how about if other password + keyfile would just internally return my master password witch in turn would be used to open the real database?

Alternatives that I do not like

I know that it’s possible to use a Ubikey together with KeePass in either static mode, one-time password mode or Challenge-Response mode but each of those options does not attract me since the static mode makes me very vulnerable to unauthorized access to the ubikey and the others two will leave me locked out from the password database it I lose the ubikey.

Is there some solution that would enable what I’m searching for and trying to describe above?

* Or equivalent

ag.algebraic geometry – Polynomial sized arithmetic map from circle to ellipse preserving integral points

Let $n$ be a square free integer and a product of $O(m/log m)$ number of primes $1bmod 4$ where $m$ is $log_2n$.

Take the circle around origin of radius $n^2$. It has ${exp}(m/log m)$ number of integral points on the boundary by standard results in quadratic forms.

Is there an ‘operator’ describable by a $mathsf{poly}(m)$ sized circuit to map the circle to an ellipse (perhaps not around origin) given by

$$a_{2,0}x^2+a_{1,1}xy+a_{0,2}y^2+a_{1,0}x+a_{0,1}y+a_{0,0}=0$$

which preserves every integral point on the circle (total count is exactly identical) and $$n^4leqmax_{i,j}big|a_{i,j}X^iY^jbig|$$ holds for every integral point on the ellipse and the bivariate is irreducible (it provides counterexample requested in Finite or polynomial number integral points clarification on Coppersmith’s theorems (possibility of ellipse counter example?))?

real analysis – Recurrence results for an “on average” measure preserving transformation

I have a finite measure space $(X, mathcal{S}, mu)$ where $mu$ is the Lebesgue measure, and I have a transformation $f:Xrightarrow X$ that “preserves measure on average”. That is, for $A in mathcal{S}$
$$
lim_{nrightarrow infty} frac{1}{n}sum_{k=1}^n mu(f^k(A)) = mu(A)
$$

I would like to be able to apply some ergodic or recurrence theorem in this situation, but Poincare Recurrence for example requires that the map $f$ be measure-preserving, which this “measure-preserving on average” mapping does not satisfy.

I am wondering if anyone can say if there are any results concerning such “measure-preserving on average” maps and any related recurrence or ergodic theorems, or if there is some way I can use say an altered Poincare Recurrence to makes claims about this mapping.

Apache reverse proxy preserving ssl

Contaxt

I currently have an Apache installation with multiple sites via VirtualHosts.
My goal is to slowly migrate towards a dockerized setup where one nginx reverse-proxy distributes the requests to dockerized apps.

To start the migration, I created a catch-all in the Apache setup; any request towards a site no longer known by Apache is reverse-proxied to the nginx-proxy docker container. Then, I can add one site to the docker solution, disable it in Apache, and the transition is seemless. This works well for http requests; I’m running into issues for the https requests.

Question

How can I setup apache to not interact with the https requests, but just pass the certificate and encrypted data from nginx? Just transparently pass the requests back and forth?

endpoint <-- https (nginx signed) --> apache <-- https (nginx signed) --> nginx

Other scenarios would be:

Decrypt and re-sign: endpoint <-- https (apache signed) --> apache <-- https (nginx signed) --> nginx

Decrypt in the background: endpoint <-- https (apache signed) --> apache <-- http --> nginx

These seems possible but since nginx serves multiple domains, the apache signature does not match. Also, it does not help in migrating if Apache still needs to do the signing.

Current base config

<VirtualHost *:80>

    ServerName example.com

    ProxyPass / http://127.0.0.1:1001/
    ProxyPassReverse / http://127.0.0.1:1001/
    ProxyPreserveHost On

</VirtualHost>

<VirtualHost *:443>

    ServerName example.com

    ProxyPass / https://127.0.0.1:1002/
    ProxyPassReverse / https://127.0.0.1:1002/
    ProxyPreserveHost On

    # These three lines make Apache sign the requests. Without them I
    # generate SSL_ERROR_RX_RECORD_TOO_LONG errors, but with them the
    # response is always signed with the "example.com" certificate
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # This options seems to make sense but I'm unsure what it does
    SSLProxyEngine On

</VirtualHost>