Articles

0.2: Acknowledgments


This textbook is a product of the Michigan State University Libraries’ Open Educational Resource (OER) program led by Regina Gong, OER and Student Success Librarian. Individual contributions range from co-authoring specific Jupyter notebooks to testing and providing feedback of the materials.

Lead Instructors

  • Dr. Dirk Colbry
  • Dr. Ming Yan
  • Dr. Matthew Mills
  • Dr. Paul Speaker
  • Dr. Zhichao Peng
  • Dr. Sulin Wang
  • Dr. Rongrong Wang

Graduate Teaching Assistance

  • Shuyang Qin
  • Cullen Avery Haselby
  • Haoyang Chen
  • Kai Huang
  • Nathan Brugnone
  • Yao Li
  • Thomas Chuna

Undergraduate Learning Assistance

  • Amanda Bowerman
  • Zachary Matson
  • Noah Jankowski
  • Nicholas Mouaikel
  • Marv Zurek
  • Ishaan Pathak
  • Sam Tracht
  • Dave Yonkers
  • Heather Noonan
  • Drew Pype

Cover Art

Special thanks to Sri Pallay from the MSU Library for developing the cover art, and to Julie Taylor for assistance with branding. The cover is a composite image, derived from data collected by the Jovian Infrared Auroral Mapper (JIRAM) instrument aboard NASA’s Juno mission to Jupiter. The image shows the central cyclone at Jupiter’s north pole and the eight cyclones that encircle it (NASA).


How to install

The mexican Dirección General de Epidemiología has released open data about COVID-19 in México. This source contains information at the individual level such as gender, municipality and health status (smoker, obesity, etc). The package covidmx now can handle this source as default. Some variables are encoded as integers and the source also includes a data dictionary with all relevant information. When you pass clean=True (default option) returns the decoded data. You can also have access to the catalogue using return_catalogo=True and to the description of each one of the variables with return_descripcion=True . When you use some of this parameters, the API returns a tuple.

To get historical data use:

Default date format is %d-%m-%Y , but you can also use a particular format with:

Plot module

As of version 0.3.0, covidmx includes a module to create maps of different COVID-19 status at the national and state levels, with the possibility of including municipalities (using information of the Dirección General de Epidemiologia).

You can check available status and available states using:

To plot a national map just use:

If you want to include municipalities use:

You can pass a particular state filling the state argument with a valid name included in the available_states attribute:

state='CIUDAD DE MÉXICO' state='JALISCO' state='MORELOS' state='MÉXICO'

Finally you can plot another interest variable (according to available_status attribute):

You can save your maps using save_file_name :


Valheim mod to add new Recipes using Honey, in my playthrough I found that I was accumulating far too much honey and this mod was to try to use that honey in other ways. I'm open to any suggestions.

Can be installed either through the releases page here or on the thunderstore.

Adds:
Honey Baked Bread (45HP, 75 Stamina, 4HP/S)
Honey Glazed Meat (45HP, 35 Stamina, 4HP/S)
Honey Glazed Neck Tail (40HP, 25 Stamina, 4HP/S)
Honey Glazed Lox Meat (75HP, 45 Stamina, 4HP/S)
Honey Sweetened Sausages (65HP, 45 Stamina, 4HP/S)
Honey Glazed Serpent Meat (75HP, 45 Stamina, 4HP/S)
Teriyaki Salmon (50HP, 30 Stamina, 4HP/S)
Teriyaki Salmon Wrap (65HP, 95 Stamina, 4HP/S)
* Odin's Delight (50HP, 50 Stamina, 4HP/S)


Virtual Edition acknowledgments

These acknowledgments may apply to the VE software.

Acknowledgments that apply to VE running on the Amazon EC2 hypervisor

This product includes ec2-tools software, copyright © 2008, Amazon Web Services, and licensed under the Amazon Software License. A copy of the License is located at http://aws.amazon.com/asl/ .

This product includes the Amazon AutoScaling Command Line Tool, copyright © 2006-2009, Amazon Web Services, and licensed under the Amazon Software License. A copy of the License is located at http://aws.amazon.com/asl/ . The Amazon AutoScaling Command Line Tool contains the following third party components:

  • XML handling functions from the JAXB project - Copyright 2005 Sun Microsystems, Inc.
  • XSLT support from Xalan - Copyright (c) 1999-2002, Lotus Development Corporation, Copyright (c) 2001-2002, Sun Microsystems., Copyright (c) 2003, IBM Corporation.
  • Utility functions from Apache Commons - Copyright 2001-2008 Apache Software Foundation
  • Streaming API for XML from Codehaus - Copyright 2003-2006 The Codehaus
  • XML processing from Codehaus - Copyright 2006 Codehaus Foundation
  • XML processing from Apache - Copyright (c) 2000 The Apache Software Foundation
  • XFire SOAP framework from Codehaus - Copyright (c) 2005 Envoi Solutions LLC
  • WS-Security verification for SOAP messages from Apache Software Foundation - Copyright 2004-2009 The Apache Software Foundation
  • Security standards for XML from Apache Software Foundation - Copyright 2002-2006 The Apache Software Foundation
  • Cryptographic functions from Bouncy Castle - Copyright (c) 2000 - 2008 The Legion Of The Bouncy Castle

This product includes the Amazon CloudWatch Command Line Tools, copyright © 2006-2009, Amazon Web Services, and licensed under the Amazon Software License. A copy of the License is located at http://aws.amazon.com/asl/ . The Amazon CloudWatch Command Line Tools contain the following third party components:

  • XML handling functions from the JAXB project - Copyright 2005 Sun Microsystems, Inc.
  • XSLT support from Xalan - Copyright (c) 1999-2002, Lotus Development Corporation, Copyright (c) 2001-2002, Sun Microsystems., Copyright (c) 2003, IBM Corporation.
  • Utility functions from Apache Commons - Copyright 2001-2008 Apache Software Foundation
  • Streaming API for XML from Codehaus - Copyright 2003-2006 The Codehaus
  • XML processing from Codehaus - Copyright 2006 Codehaus Foundation
  • XML processing from Apache - Copyright (c) 2000 The Apache Software Foundation
  • XFire SOAP framework from Codehaus - Copyright (c) 2005 Envoi Solutions LLC
  • WS-Security verification for SOAP messages from Apache Software Foundation - Copyright 2004-2009 The Apache Software Foundation
  • Security standards for XML from Apache Software Foundation - Copyright 2002-2006 The Apache Software Foundation
  • Cryptographic functions from Bouncy Castle - Copyright (c) 2000 - 2008 The Legion Of The Bouncy Castle

This product includes the AWS CLI tools software, distributed under the Apache License, version 2.0. Copyright © 2012-2013 Amazon.com, Inc. or its affiliates. All rights reserved.

This product includes the aws-cfn-bootstrap software, distributed under the Apache License, version 2.0. Copyright © 2012 Amazon.com, Inc. or its affiliates. All rights reserved.

This product includes the Windows Azure Linux Agent, which is distributed under the Apache License, version 2.0. Copyright © Microsoft Corporation.

This product includes googletest software, copyright © 2008, Google Inc. All rights reserved.

This product includes bats: Bash Automated Testing System software, which is distributed under the MIT license. Copyright © 2014, Sam Stephenson.


0.2: Acknowledgments

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup.

This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration.

Cortex XSOAR 5.5.0 builds earlier than 98622

Cortex XSOAR 6.0.1 builds earlier than 830029

Cortex XSOAR 6.0.2 builds earlier than 98623

Cortex XSOAR 6.1.0 builds earlier than 848144.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR 6.1.0< 848144>= 848144
Cortex XSOAR 6.0.2< 98623>= 98623
Cortex XSOAR 6.0.1< 830029
Cortex XSOAR 5.5.0< 98622>= 98622

Required Configuration for Exposure

This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the 'Test' button or other integration testing functions, including testing automation, were used at some point.

Severity: MEDIUM

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

Solution

This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.

All versions of Cortex XSOAR 6.0.1 should be upgraded to the latest version of Cortex XSOAR 6.0.2.

After you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets.

Workarounds and Mitigations

You must configure a new private key for SAML SSO integration and you should not run integration testing functions until after you complete the Cortex XSOAR upgrade.

You must clear all server system log files located in the '/var/log/demisto/' directory. There may be several files in this directory, including the server.log file and other archived server logs.

You can clear all server system logs by stopping the server and running the 'rm /var/log/demisto/server*.log' command from the console.


Security bulletin

Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues.

Note: None of these issues affect Photoshop CS5.

Affected software versions

Adobe Photoshop CS4 version 11.0.1 and earlier for Windows and Macintosh

Solution

Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2 using the instructions below.

To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates, choose Help > Updates from the Adobe Photoshop menu bar.

Photoshop CS4 customers can also find the Photoshop CS4 11.0.2 update for Windows or Macintosh here:

Note: These issues do not affect Photoshop CS5.

Severity rating

Adobe categorizes these vulnerabilities as critical issues and encourages all customers to update their installations.

Details

Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues. Adobe also encourages all customers to follow security best practices by exercising caution before opening any unknown file or files from unknown sources, regardless of the application used to open the file.

Note: These issues do not affect Photoshop CS5.

Acknowledgments

Adobe would like to thank Gjoko Krstic of Zero Science Lab (CVE-2010-1296) for reporting these issues and for working with Adobe to help protect our customers.


Security bulletin

Release date: January 15, 2013

Last updated: March 14, 2013

Vulnerability identifier: APSB13-03

Priority: 1

CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632

Platform: All

Summary

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.

Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.

Affected software versions

ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX

Solution

Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html.

Customers should also inspect files and scheduled tasks of unknown origin located in the CFIDE, CFIDE/adminapi or webroot directories, and remove any suspicious files (some examples of malicious file names include h.cfm, i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm).

Additionally, Adobe recommends that customers follow security best practices, which include the following steps to harden their ColdFusion server:

  • Configure a username and password for Remote Development Services (RDS) that is different from the Administrator account. After configuring the RDS account, users should disable RDS if not needed.
  • Disable external access to the following directories for all hosted sites:
    • /CFIDE/administrator
    • /CFIDE/adminapi
    • /CFIDE/componentutils

    Priority and severity ratings

    Adobe categorizes this hotfix with the following priority rating and recommends users update their installation to the newest version:


    This hotfix addresses critical vulnerabilities in the software.

    Details

    Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.

    Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section above.

    This hotfix resolves an authentication bypass vulnerability affecting ColdFusion versions 9.0.2, 9.0.1 and 9.0.0, which could result in an unauthorized user gaining administrative access (CVE-2013-0625).

    This hotfix resolves a directory traversal vulnerability affecting ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0.0, which could permit an unauthorized user access to restricted directories (CVE-2013-0629).

    This hotfix resolves a vulnerability affecting ColdFusion versions 9.0.2, 9.0.1 and 9.0.0, which could result in information disclosure from a compromised server (CVE-2013-0631).

    This hotfix resolves an authentication bypass vulnerability affecting ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0.0, which could result in an unauthorized user gaining administrative access (CVE-2013-0632).

    Acknowledgments

    Adobe would like to thank the following individuals for responsibly disclosing the relevant issues and for working with Adobe to help protect our customers:

    • Michael McDowell and Harry Lane (CVE-2013-0625, CVE-2013-0629)
    • Will Fuller (CVE-2013-0631, CVE-2013-0632)
    • Scott Buckel of Corporate Zen (CVE-2013-0632) (CVE-2013-0631, CVE-2013-0632)

    Revisions

    March 14, 2013 - Added security hardening recommendations to Solution section.
    January 16, 2013 - Acknowledgement added for CVE-2013-0631 and CVE-2013-0632.
    January 15, 2013 - Bulletin released.

    Adobe Disclaimer

    License agreement

    By using software of Adobe Systems Incorporated or its subsidiaries ("Adobe") you agree to the following terms and conditions. If you do not agree with such terms and conditions do not use the software. The terms of an end user license agreement accompanying a particular software file upon installation or download of the software shall supersede the terms presented below.

    The export and re-export of Adobe software products are controlled by the United States Export Administration Regulations and such software may not be exported or re-exported to Cuba Iran Iraq Libya North Korea Sudan or Syria or any country to which the United States embargoes goods. In addition Adobe software may not be distributed to persons on the Table of Denial Orders the Entity List or the List of Specially Designated Nationals.

    By downloading or using an Adobe software product you are certifying that you are not a national of Cuba Iran Iraq Libya North Korea Sudan or Syria or any country to which the United States embargoes goods and that you are not a person on the Table of Denial Orders the Entity List or the List of Specially Designated Nationals. If the software is designed for use with an application software product (the "Host Application") published by Adobe Adobe grants you a non-exclusive license to use such software with the Host Application only provided you possess a valid license from Adobe for the Host Application. Except as set forth below such software is licensed to you subject to the terms and conditions of the End User License Agreement from Adobe governing your use of the Host Application.

    DISCLAIMER OF WARRANTIES: YOU AGREE THAT ADOBE HAS MADE NO EXPRESS WARRANTIES TO YOU REGARDING THE SOFTWARE AND THAT THE SOFTWARE IS BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE DISCLAIMS ALL WARRANTIES WITH REGARD TO THE SOFTWARE EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE MERCHANTABILITY MERCHANTABLE QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or jurisdictions do not allow the exclusion of implied warranties so the above limitations may not apply to you.

    LIMIT OF LIABILITY: IN NO EVENT WILL ADOBE BE LIABLE TO YOU FOR ANY LOSS OF USE INTERRUPTION OF BUSINESS OR ANY DIRECT INDIRECT SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT TORT (INCLUDING NEGLIGENCE) STRICT PRODUCT LIABILITY OR OTHERWISE EVEN IF ADOBE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states or jurisdictions do not allow the exclusion or limitation of incidental or consequential damages so the above limitation or exclusion may not apply to you.


    Cisco Catalyst Blade Switch 3030 for Dell Command Reference, Release 15.0(2)SE

    The Cisco IOS software pipe command uses Henry Spencer's regular expression library (regex). The most recent version of the library has been modified slightly in the Catalyst operating system software to maintain compatibility with earlier versions of the library.

    Henry Spencer's regular expression library (regex). Copyright 1992, 1993, 1994, 1997 Henry Spencer. All rights reserved. This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California.

    Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions:

    1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it.

    2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation.

    3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation.


    0.2: Acknowledgments

    A 3D cell-based Voronoi library based on voro++

    This library includes Python bindings, using Cython.

    Tess is a library to calculate Voronoi (and Laguerre) tessellations in 3D and analyze their structure. The tessellation is calculated as a list of :class:`

    tess.Cell` objects, each of which can give information on its volume, centroid, number of faces, surface area, etc. The library is made with packings of spherical particles in mind, possibly with variable sizes.

    The Tess library is a set of Python bindings to the Voro++ library. Voro++ provides all the algorithms, and Tess provides an easy to use interface to the voro++ library for Python, using Cython to do so.

    Original work on voro++ by Chris H. Rycroft (UC Berkeley / Lawrence Berkeley Laboratory).

    To install, use pip (or easy_install ):

    The first step is to create a :class:`

    tess.Cell` objects, representing Voronoi cells:

    tess.Cell` objects have many methods. Here are a few:

    See the Reference for more methods, or just use a Python interpreter or IPython notebook to find them on your own!


    Development Status & Future Work

    The threadpool core classes are completed and the implemenation can be considered ready for production code. The library is used by several commercial server applications and can handle high workload without problems. I'm currently working on helper and service classes which make the usage of the pool more comfortable. A small tutorial introduces the thread pool and more example code will be added in the future. The documentation is far away from being finished.

    • Policy-based thread pool implementation
    • Scheduling policies: fifo, lifo and priority
    • Size policies: static_size
    • Size policy controller: empty_controller, resize_controller
    • Shutdown policies: wait_for_all_tasks, wait_for_active_tasks, immediately
    • Smooth integration into STL and boost
    • More policies: deadline_scheduler, .
    • Possibility of limiting the number of pending tasks
    • Futures (handles to results of scheduled functions)
    • More examples to illustrate the usage of the library
    • Provide Unit tests


    Watch the video: Writing The Acknowledgments (December 2021).