Objective: Design and implement a Playlist Manager application in C++ that allows a user to manage and interact with a music playlist. Students will apply object-oriented programming, dynamic memory management, and linear data structures (linked list, stack, and queue) to build this system from scratch. Problem Description: Students are tasked with building a console-based music playlist manager. The application should allow users to: – Add songs to a playlist (no duplicates) – Delete a song by title – Skip to the next or previous song in the playlist – Backtrack to the most recently played song – Queue songs to play next – Play song – View the current song and the full playlist (A template with function stubs and a main program, Input and Output text files are provided to help guide students as they implement the Playlist Manager lab.) This lab helps students apply key programming concepts in a practical, engaging way by building a playlist system using object-oriented programming (OOP) and linear data structures.Compile the Program Open a terminal and run: bash g++ -o playlist playlist.cpp After compiling, run the executable: bash ./playlist_manager To test with predefined input and capture output: bash ./playlist < input.txt > output.txt1. Object-Oriented Programming (OOP): Students create two main classes: Song and PlaylistManager. The Song class represents a track with a title and links to the previous and next songs in the list. The PlaylistManager class controls the playlist—adding, deleting, and playing songs—while keeping its data members private to enforce encapsulation. 2. Dynamic Memory and Pointers: Students dynamically allocate memory for songs using new and must manage that memory carefully using delete. They work with raw pointers (Song*) to navigate and manipulate the linked list, reinforcing pointer skills and safe memory handling. 3. Doubly Linked List: The playlist itself is a doubly linked list. Students practice common operations like inserting songs at the end, deleting songs from any position, and traversing forward and backward through the list. This builds a strong foundation in non-contiguous memory structures and pointer-based navigation. 4. Stack (LIFO Behavior): A C++ stack is used to keep track of recently played songs. When a song is skipped, it’s pushed onto the stack. Students use stack.top() and stack.pop() to implement a backtracking feature—demonstrating how LIFO behavior supports “undo” actions. 5. Queue (FIFO Behavior): A queue stores upcoming songs. Songs are added to the back and played from the front, modeling first-in, first-out behavior. This mirrors realworld scenarios like playlist ordering or job scheduling.The Playlist Manager lab gives students a fun and practical way to learn important programming skills. By building a simple music player, students get to practice how to use classes, work with pointers, and manage memory in C++. They also learn how stacks, queues, and linked lists work by using them in a real-world setting. This project helps make abstract ideas more concrete and gives students the confidence to build more complex programs in the future.Question: When a user chooses to delete the current song from the playlist, explain in detail how you would safely handle this deletion, considering that the current song could be located at the head, tail, or middle of the doubly linked list. In your explanation, describe: – How you would update the pointers (prev and next) of neighboring songs to maintain the integrity of the linked list. – How you would update the current pointer to ensure the playlist continues smoothly (e.g., moving to the next or previous song). – How you would remove or update any references to the deleted song in the recently played stack and upcoming queue to avoid dangling pointersor invalid memory access. – The steps needed to safely deallocate the deleted song’s memory and avoid memory leaks.
This is a group assignment worth 30 points.To be graded, your submission must be uploaded to Canvas by the due date and time.Late submissions will not be accepted and will receive a score of 0.Before submission:
Certificates are used to bind a domain name (e.g. https://google.com) to an entity (Google, the company). A certificate authority (CA) is a trusted third-party that verifies that an entity controls access to its website. When you access a website on a browser, your browser checks for a valid TLS certificate. If one is unavailable or expired, it informs users that the connection is not safe. In this assignment, you will implement a part of this functionality. 1.2 Starter Code class TLSCertificateGrabber: # The hostname and port you are connecting to. def __init__(self, hostname, port):pass # This will be an def connect_and_handshake(self) -> SSL.Connection:pass# This will be an def get_certificate(self, ssl_sock: SSL.Connection) -> crypto.X509: pass # Format: “YYYYMMDDHHMMSSZ” (ASN.1 GeneralizedTime format) def get_validity_start(self, cert: crypto.X509) -> str:pass # Format: “YYYYMMDDHHMMSSZ” (ASN.1 GeneralizedTime format) def get_validity_end(self, cert: crypto.X509) -> str:pass # We only want the issuer’s common name (CN)# E.g. if the Certificate Authority’s Distinguished Name# in string format is “/C=US/O=Let’s Encrypt/CN=R3”, # return “R3” def get_certificate_authority(self, cert:crypto.X509) -> str: pass # Format: a PEM-encoded string, such as# “—–BEGIN PUBLIC KEY—– MIIBIjANBgkh…QIDAQAB —–END PUBLIC KEY—– ” def get_public_key(self, cert: crypto.X509) -> str:pass# Ensure the function returns the existing values in # the original order def dump_certificate(self) -> (crypto.X509, str, str, str, str): ssl_sock = self.connect_and_handshake() cert = self.get_certificate(ssl_sock) not_before = self.get_validity_start(cert)not_after = self.get_validity_end(cert) issuer = self.get_certificate_authority(cert) public_key = self.get_public_key(cert) return cert, issuer, not_before, not_after, public_key # For your own testing if __name__ == “__main__”:service =TLSCertificateGrabber(“cs6262.gtisc.gatech.edu”, 443) response = service.dump_certificate() import pprint pprint.pprint(respo nse)
Upload two files:To qualify for full marks, your Project Plan must include (for all tasks):Scoring notes:Full Marks (10 pts):Contains all items: WBS#, Task Name, Duration, Start, Finish, Predecessors, Resource Names, Cost, Early Start, Early Finish, Late Start, Late Finish, Slack.Partial Marks (10 to >0 pts):Score decreases based on number of missing items (examples shown in the rubric: 1 missing → 9 pts; 2 missing → 7 pts; 3 missing → 5 pts; 4 missing → 2 pts).No Marks (0 pts):If 5 or more items are missing from the list above.Full Marks (5 pts):Gantt chart present and critical path clearly defined.Partial Marks (3 pts):Gantt chart present, but critical path not clearly defined.No Marks (0 pts):Gantt chart missing.Full Marks (5 pts):Resource table/chart present and complete.Partial Marks (3 pts):Resource table/chart present but not complete.No Marks (0 pts):Resource table/chart missing.Total Points: 20
Objectives: Understanding UF-CMA by attacking a real hash function and integrity scheme.1. IntroductionThe goal of this assignment is to break the security of a deterministic hash-based MAC. Namely, let H be the hash function constructed from the compression hash function h via the Merkle-Damg˚ard transform as per Figure 1. Then, to tag a message M consisting of b-bit blocks under a b-bit key K we compute tag ←H(K ∥M).We have provided you with several Python files (See Code section) that you will work with in this assignment. In particular, you will be demonstrating that the MAC described above is not UF-CMA secure by modifying student.py to create a forged message and a corresponding tag. Detailed explanations can be found in the following section.You will be submitting your deliverables via Gradescope.The MAC prepends a secret symmetric key to an input message, then passes it to the SHA1 algorithm:tag = Sha1(password ∥ message)You don’t know the symmetric key, but you do know what length it might be (See the Objective section)A length extension attack is a type of attack where an attacker can use the hash of a message and the length of the message to calculate the hash of that message prepended to another message, where the second message is chosen by the attacker. This can be done without knowing the content of the first message.This MAC is vulnerable to a length extension attack. Specifically, it’s possible to forge a valid (message, tag) pair where the message has some arbitrary data appended to the end, while only knowing the length of the password (not its actual value).This is problematic in the MAC construction above because an attacker can include extra information at the end of the message and produce a valid hash without knowing the secret.Apart from the course material, the only resource you may use for this assignment is the RFC for the Sha1 algorithm that describes how SHA-1 works. You must payspecial attention to Sections 3–5 and 6.1. You will also need to carefully read over the code files we have provided you.This section describes the code you have been provided and what you need to modify.You’ve been provided the following library:This is the only file you will modify for submission.The docstrings in each file provide further details about these modules; read them!You can install the latest version of Python 3 for your system from here; there are noextra dependencies to install. Older versions of Python 3 may work, but we cannot make guarantees. To run the local auto-grader, simply execute:python grader.py [your GT username]You should make student.main() return a (message, tag) pair that:(where message is a sequence of bytes and tag is a hexadecimal string value)There are two parts to this:You will need to submit the following deliverables via Gradescope. There are different assignments for each, so please be careful to submit to the right one!You must keep the existing structure: nothing should run if you execute python student.py on its own, the input parameters should stay the same, and the return value(s) should match the expected format and types.Submit this to Homework 4 (Code) on Gradescope.The autograder will run a suite of tests to determine your score, offering small suggestions for common mistakes if it encounters them or exception logs if your code doesn’t run.Submit this to Homework 4 (Report) on Gradescope.All of these can be answered in one page or less; take care to be succinct and precise. Report content past your second page may be ignored.
Web Security ProjectLearning Goals of this Project:You will be learning about modern web based security vulnerabilities in this project. A majority of the attacks are based on the OWASP Top 10 list which is produced and updated every few years.In particular we will cover these learning topics:The final deliverables:A single JSON formatted file will be submitted to Gradescope.See Submission Details for more information.Important Reference Material:Submission:Gradescope (autograded) – see Submission DetailsVirtual Machine:Table of contents ================== Instructions:In the web security project, our focus will be on tackling two pervasive threats: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). XSS vulnerabilities allow attackers to inject malicious scripts into web applications, compromising user data integrity and potentially leading to account hijacking or defacement. Meanwhile, CSRF exploits trust relationships between users and websites, tricking authenticated users into unknowingly executing malicious actions.Put on your hacker hat and brush up your web security skills for this project.VM Credentials:Login: websecPassword: GreatLibrary_285The Web Security Project ReleaseLinks to an external site.inks to an external site. ED Discussion has all the information to get started! BACKGROUND:Welcome to the GA Tech bookstore website. It’s a place where you can read and review all of the classics. The creators of the website were pretty junior but ambitious. They created the website in only 2 days! They knew a few things about security and did their best but left some vulnerabilities behind. Your job is to seek these out and find the problems.SETUP:To get set up for the flags, carefully follow the steps below. Log into the VM with the websec user. The password should be in Canvas.Run this at the terminal to start the Bookstore Website./StartContainer.shTESTING:You will need to execute a StudentGrader script to test your exploits for all flags. The StudentGrader is a script that willRun this at the terminal to test your exploit for a flag./StudentGrader.sh –flag X –gaTechId Y –filePath ZHere are the valid parameters for the StudentGrader script Flag 1: Web Intro – 15 PointsYou’ve stumbled upon a publicly available web page that is not finished. It seems like the developers are still working on it but somehow published it to production by accident. The page does not have a link in the main menu so the developers thought no one would find it. Challenge accepted!Download the required starter template from the VM using Chrome here:To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader:HINTS:FLAG TESTING:To test your flag1.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 1 –gaTechId 923456789 –filePath /home/websec/Desktop/flag1.htmlYour web output will look similar to this:The grader from the output will look similar to this. Copy the flag to flag1 in project_websecurity.json. Flag 2: XSS Part I – 15 PointsCongratulations, you’ve made it this far! Now you’ve noticed some strange behavior. You were experimenting with reviews and found you can post basic html tags and images in the reviews! The developers of the site wanted reviews to be a rich user experience and not just plain text. With great power comes great responsibility though. You’ve found a way to nefariously inject code that runs when any victim loads a page with your exploited review.This flag will introduce you to the basics of XSS (Cross-Site Scripting) attacks. Specifically you’ll leverage these:Download from the WebSec VM the required starter template here:To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader.Site With Original TextHINTS:FLAG TESTING:To test your flag2.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 2 –gaTechId 923456789 –filePath /home/websec/Desktop/flag2.htmlNote: The grading script will reset the database before it executes your file. Be prepared as any data you have created will be lost.Your web output will look similar to this:The grader from the output will look similar to this. Copy the flag to flag2 in project_websecurity.json. Flag 3: XSS Part II – 15 PointsMalicious user input can be provided using the same techniques, but through different attack vectors. You’ve already persisted malicious data in a review and want to see if there are any other areas of the site that are susceptible to data manipulation. Using your newly acquired XSS skills, you go hunting for more ways to perform this method of attack.In order to successfully exploit another XSS attack, you will need to figure out another way the site accepts user input and employ a similar technique to perform what’s called a reflected XSS attack. This means the XSS code does not reside in the webpage and does not persist, but is malicious code input in the request and returned in the response. You notice there is a page that allows the user to search for a book and wonder if this page can be exploited.Your goal is to display a javascript alert containing the text CS6035 on the search page.You can use the same XSS resources from the previous flag in addition to reflected XSS resources:Download from the WebSec VM the required starter template here:To earn this flag by performing the following steps:HINTS:FLAG TESTING:To test your flag3.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 3 –gaTechId 923456789 –filePath /home/websec/Desktop/flag3.htmlYour web output will look similar to this:The grader from the output will look similar to this. Copy the flag to flag3 in project_websecurity.json. Flag 4: CSRF – 15 PointsCongratulations on reaching this stage! You’ve already navigated through various challenges, and now it’s time to delve into the intricacies of Cross-Site Request Forgery (CSRF) attacks. CSRF is a type of attack that tricks a user into submitting a request to a web application where they are authenticated without their knowledge or intent. This can lead to unauthorized actions being performed on behalf of the user.For further exploration and a deeper understanding of CSRF and its prevention, consider the following resources:You’ve learned of a vulnerability that exists on the bookstore website. It appears you can craft an html file that resets a user’s password to one of your choosing when they open it. You plan to embed this file in an email and see who actually clicks on it. They’ll never know!Download from the WebSec VM the required starter template here:You must reset an unknown user’s password to DeadDrop99. Note: You will not know who the user is, so your crafted html file should work for any user of the website.To validate that your exploit works against a known user:Hints:FLAG TESTING:To test your flag4.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 4 –gaTechId 923456789 –filePath /home/websec/Desktop/flag4.htmlThe grader from the output will look similar to this. Copy the flag to flag4 in project_websecurity.json. Flag 5: Bypass Permissions – 15 PointsThe developers built an Admin page for power users of the site. Obviously, they couldn’t just let everyone have access to this page so they built a simple RBAC (Role-based access control) system and put it into place. Unfortunately for them, they didn’t do the best job of building these permissions and it can be bypassed! Your job is to bypass any security checks and gain access to this Admin page.The Admin page can be accessed by clicking the link at the top right of the page. In order for this to work correctly in your html file, you may need to write a little JavaScript and find a place where this can be XSS injected. Knowing these developers, I bet they left some clues. Maybe some files they should have removed before production.Download from the WebSec VM the required starter template here:To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader:Hints:FLAG TESTING:To test your flag5.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 5 –gaTechId 923456789 –filePath /home/websec/Desktop/flag5.htmlYour web output will look similar to this: Flag 6: CORS – 15 PointsCongratulations on making it this far! You’ve already overcome several obstacles, and now it’s time to dive into Cross-Origin Resource Sharing (CORS). CORS is a security feature in web browsers that allows applications to request resources from domains other than the one hosting the application.To complete this task, we’ll be working with a different flavour to CORS. Specifically, we will explore how CORS can limit the type of requests that can be made and how expanding on the allowed access control methods will help accomplish this task.Download the required starter template here:Your goal is to update the title of book 6 to “Fragments of a Crashed World” and redirect to its Detail View. This needs to be done using JavaScript only. Use this endpoint to make the update:PUT api/book/{bookId}Body:{“newTitle”: “Title 2”}Did the attempt fail? Investigate and troubleshoot—think about what might have gone wrong.Ensure your script addresses the issue and updates the book title. Once you’ve successfully updated the book title, submit the script and earn your flag!Hint:Make sure that you:BEFORE you do the redirect.FLAG TESTING:To test your flag6.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 6 –gaTechId 923456789 –filePath /home/websec/Desktop/flag6.htmlYour web output will look similar to this:The grader from the output will look similar to this. Copy the flag to flag6 in project_websecurity.json.Flag 8: Robin Hood – 10 PointsCongratulations – you’ve already handled XSS, CSRF, and other crafty scenarios. This challenge highlights a different, often-overlooked risk: business logic validation flaws. You can read more about this risk at OWASP: Business Logic Validation.You overheard there’s a vulnerability in the Bookstore’s Library Card system that can enable a user to increase their reward points.Dissatisfied with the amount of points you and other users have, you decide to exploit this vulnerability to double the points for all users of the Bookstore application.Download from the WebSec VM the required starter template here:Flag 8 – TemplateTo earn your flag, you must alter the template so that it doubles the Library Card Reward Points for all users of the Bookstore application when you open it in a browser or run it using the grader.HintsFlag TestingTo test your flag8.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID../StudentGrader.sh –flag 8 –gaTechId 923456789 –filePath /home/websec/Desktop/flag8.htmlIf the ilovetoread user had 240 points prior to you running the command, your web output will look similar to this:The grader from the output will look similar to this. Copy the flag to flag8 in project_websecurity.json. Submission Details:Submission Instructions:This project needs to be submitted via gradescope. Navigate to the course in Canvas, click ‘Gradescope’, click ‘Project Web Security’ and submit there.The contents of the submission file should be the following. You will need to create a file named project_websecurity.json, follow the format below for the flags and replace the placeholders with the flags you retrieve from each relevant task.Note: You can use FeatherPad or Vim to create and edit this file. Do not use LibreOffice or any Word Document editor. It must be in proper JSON format with no special characters in order to pass the autograder and these Word Document editors are likely to introduce special characters.Submission Highlights:Where do I find my GTID?If you want to confirm that you indeed have a properly-formatted JSON file, there are several JSON linter websites to check your file’s format: JSON Linter.If you can’t find the file in the VM just copy this format below (there is no Flag 7 for this project):{“flag1”: “”,“flag2”: “”,“flag3”: “”,“flag4”: “”,“flag5”: “”,“flag6”: “”,“flag8”: “”}An example of what the submitted file content should look like:{“flag1”: “4ec60c3e084d8387f0f33916e9b08b99d5264a486c29130dd4a5a530b958c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c089f0c542”,“flag2”: “f496d9514c01e8019cd2bc21edfeb8e33f4a29af14a8bf92f7b3c14b5e06c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c089f0c442”,“flag3”: “b621bba0bb535f2f7a222bd32994d3875bcfcad651160c543de0a01dbe2e0c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86cf0c49542”,“flag4”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”,“flag5”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”,“flag6”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”,“flag8”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”}
BACKGROUND:You’ve been hired by the IPLRA (International Programming Language Review Association) to conduct a security audit for their newly released API. They are excited to finally release an API to the community for developers across the world to leverage. In fact, they see this API as a way to increase their amount of reviews by 800%. The only thing standing in their way is a final audit and approval, by you. Unfortunately, after only 5 minutes of looking at the API, you’ve found issues and need to report them. Your goal is to bring visibility to these vulnerabilities in their API by finding the flags for each scenario. Good luck on your flag hunt and we hope you enjoy learning all about modern web APIs.Note: The IPLRA is not real and we made it up.SETUP:To get set up for the flags, carefully follow the steps below. You will need switch users. Log into the VM with the following user.The username, password and VM location are located on Canvas. Run this at the terminal to start the API$ ./StartContainer.shproject_apisecurity.json is available in the /home/apisec/Desktop folder. Put all flags in this file and submit it as your final deliverable.To access the Web API open Chrome in the VM and navigate to this URL. This is the Swagger documentation page that describes the API and allows for testing:http://localhost:8080/swagger/index.html_*Note: You can also click the “Swagger UI” bookmark in _Chrome******GATECH_ID IS A REQUIRED HEADER******NOTE: This is not the Georgia Tech Username, it is the GTID that you can find using the steps in the Quick Start GuideBe very careful! When you copy and paste be sure to strip off all leading spaces or special characters.Submission Details:File submission instructions:This project needs to be submitted via gradescope. Navigate to the course in Canvas, click ‘Gradescope’, click ‘Project API Security’ and submit there.The contents of the submission file should be the following. There is a project_apisecurity.json file in your vm with a template set up, or you can copy-paste this to your newly created project_apisecurity.json file elsewhere and replace the placeholders with the flags you retrieve from each relevant task.Note: You can use TextEdit or Vim to create and edit this file. Do not use LibreOffice or any Word Document editor. It must be in proper JSON format with no special characters in order to pass the autograder and these Word Document editors are likely to introduce special characters.If you can’t find the file in the VM just copy this format below:{“flag1”: “”,“flag2”: “”,“flag3”: “”,“flag4”: “”,“flag5”: “”,“flag6”: “”,“flag7”: “”,“flag8”: “”}An example of what the submitted file content should look like:{“flag1”: “4ec60c3e084d8387f0f33916e9b08b99d5264a486c29130dd4a5a530b958c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c089f0c542”,“flag2”: “f496d9514c01e8019cd2bc21edfeb8e33f4a29af14a8bf92f7b3c14b5e06c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c089f0c442”,“flag3”: “b621bba0bb535f2f7a222bd32994d3875bcfcad651160c543de0a01dbe2e0c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86cf0c49542”,“flag4”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”,“flag5”: “1711ee5eb85b9020d1f4193ee6d884abd12a2eadc4890d28c490ae0c36446c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08949542”,“flag6”: “1711ee5eb85b9020d1f4193ee6d884abd12a2eadc4890d28c490ae0c36446c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08949542”,“flag7”: “1711ee5eb85b9020d1f4193ee6d884abd12a2eadc4890d28c490ae0c36446c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08949542”,“flag8”: “f38e2cafb43ab4a0a647a8b08fc97bca25aa7cfb517029d5dd02faf49bff5c5c0f1faeaca2ce30b478281ec546a4729f629b531a86cb27d86c08c49542”}Table of contents FLAG 1: Swagger Intro (10 pts)This flag will introduce you to basic API functionality using a documentation and test harness tool called Swagger. Swagger is a very popular tool used to develop and test web APIs and has plugins/modules in most programming languages. You can learn more about Swagger here: https://swagger.io/You’ll need to leverage Swagger (or any other http tool you desire such as curl or Postman) to determine how the API is configured and what endpoints to invoke to earn this flag.Warning: The site doesn’t use file storage or a database, all data is stored in memory. If you crash the web API or restart the VM, any data you have created/modified will have been lost and you’ll need to begin at step 1.To earn your flag you must perform the following actions by making API calls.Hints: FLAG 2: Stolen Credentials (15 pts)In order to get this flag you need to create a new reviewer in the system. Unfortunately, the developers locked down this functionality some time ago so you’ll need an auth token in order to perform it. You read in the newspaper last week that Programming Reviews LLC had a big data breach so there is a good chance you can come across some credentials.To earn your flag you must perform the following actions.Hints:Include your flag2 into the json file and now onto Flag 3! FLAG 3: JWT Intro (15 pts)Now that you’ve used an Auth token we’re going to dig a bit deeper into JWT (JSON Web Tokens). This flag is simple and designed only to get you acquainted with how JWTs are constructed. There are numerous resources to help you work with JWTs, one we recommend is https://jwt.io/ but you are not required to use this site for the project. Choose any library, tool or site you wish to inspect and construct JWT tokens.To earn your flag you must perform the following actions.Hints:The next few flags will require some trial and error and a bit of research on your part to succeed. Your task is to craft JWT tokens such that you can use the token to successfully authenticate and earn your flag. FLAG 4: Hack JWTs – #1 (15 pts)You are a PHP ninja! You can’t get enough of this language. When you learned that others hate it and gave it bad reviews you felt the need to “correct the situation”. You’ve learned of an API that allows you to delete reviews. Muhahahah! The problem is that only the site moderator can do this and you don’t have his credentials. This has not stopped you in the past.To earn your flag you must perform the following actions.Hints: FLAG 5: Hack JWTs – #2 (15 pts)You’ve learned about a new experimental programming language that is TOP SECRET! This language only requires 1 single keyword to find a polynomial time algorithm to solve any NP-hard problem! You want the 1 million dollar reward for solving this problem and thus need access to this programming language. Find the language.To earn your flag you must perform the following actions.Hints: FLAG 6: Hack JWTs – #3 (10 pts)You’ve been informed that the system has a weak key vulnerability that can be decrypted using a brute-force attack. The weak key corresponds to the employee ID of one of the developers who developed the code, assuming that no one could guess the employee ID.A friendly employee in the company has leaked the pattern for the employee ID number, which would consist of numeric digits and could be up to seven digits. Pass this weak key on to the flag6 API and you should get the flag.To earn your flag you must perform the following actions.Hints: Flag 7: Broken Access Control (10 pts)Like many other systems, this one also maintains user profiles or settings. These profiles may contain sensitive information that can be exploited by malicious hackers to gain unauthorized access to restricted areas of the system. Regrettably, the access control measures for protecting APIs, which ideally should be segmented based on role-based permissions, have been compromised in this system. Your objective is to reset the password of a system administrator user, thereby allowing you to log in as that user and exploit their access for your own entertainment and financial gain.To earn your flag you must perform the following actions.There’s a slight catch though. To accomplish this flag, you will need to write a script in any language you want because there are too many users to brute force this flag. There is only one user that will give you Flag 7, so think of this as a needle in a haystack. Some hints on what to account for in your script:A successful flag will display a Congratulations message like the following:Hints:Resources: Flag 8: Server Side Request Forgery (SSRF) (10 pts)Rumor has it that the IPLRA hosts a hidden application on an HTTP web server running inside its containerized environment. This application is only accessible from within the container and cannot be directly reached from the outside world. However, vulnerabilities within the IPLRA API might allow an attacker to discover this application.To earn your flag you must perform the following actions.A successful flag will display a Congratulations message like the following:Hints:Resources: API SecurityDue: Mon Oct 6, 2025 11:59pmDue: Mon Oct 6, 2025 11:59pmYou will be learning about modern web-based API security principles in this project. These APIs are extremely popular ways of sharing data and integrating enterprise software systems. Understanding how they work and security best practices are paramount to a well rounded security expert.
Data, data, data! The world today is all about data. It’s easy to search through data, but how can we do it efficiently? Parallel design techniques are often used for sorting today. In previous courses you have learned about “Merge Sort”. You’ve probably even implemented it. For this assignment you will be taking a sequential version of the merge sort algorithm and converting it to use parallel processing techniques, applying all the do’s and don’t we have discussed in class. You will receive starting code with the Merge Sort implemented in C++ sequentially. However, it is important for you to understand how the merge sort works. If you need a bit of a refresher, I recommend watching the following YouTube video. Since this is not a course on data sorting, I have provided you with a starting point that performs a merge sort using sequential programming. Download the A2_StartingPoint.cpp file from eConestoga and import it into a Visual Studio solution space. The program has no errors and should compile and execute. HINT As you are performing your development, keep theconst int N = 10. When you are ready increase the value and see what happens. In order to design a parallel version of this algorithm you will need to design and implement and new function that will handle the segmentation and distribution of the data to multiple threads. Create a new function called “Parallel_Merge_Sort” to perform this activity. Once you have implemented your parallel code update the main to execute the parallel processing after the sequential processing Using a N size of 10, run your program, take a screenshot and upload it into the box below. Add code to evaluate the time and efficiency of the two versions of execution. Your code should calculate and display the following information: HINTComment out the code that prints the arrays and results and increase the N to a size of 100000 or more NOTE: Your Parallel Solution should be faster and more efficient than the sequential version. Take a screenshot of your application’s output showing the timing results listed above and upload it into the box below.Update your program one more time to create a global standard vector space that stores thread::ids. In the critical section of your source code have the current thread running the code push its ID into the global vector every time the critical section executes.Rubric See eConestoga for details.Once you have completed your lab upload the following files INDIVIDUALLY to eConestoga using the submission link: Please make sure you delete all .vs (Hidden), release and debug directories before you compress and upload your solution.
Data, data, data! The world today is all about data. It’s easy to search through data, but how can we do it efficiently? Parallel design techniques are often used for sorting today. In previous courses you have learned about “Merge Sort”. You’ve probably even implemented it. For this assignment you will be taking a sequential version of the merge sort algorithm and converting it to use parallel processing techniques, applying all the do’s and don’t we have discussed in class. You will receive starting code with the Merge Sort implemented in C++ sequentially. However, it is important for you to understand how the merge sort works. If you need a bit of a refresher, I recommend watching the following YouTube video. Since this is not a course on data sorting, I have provided you with a starting point that performs a merge sort using sequential programming. Download the A2_StartingPoint.cpp file from eConestoga and import it into a Visual Studio solution space. The program has no errors and should compile and execute. HINT As you are performing your development, keep theconst int N = 10. When you are ready increase the value and see what happens. In order to design a parallel version of this algorithm you will need to design and implement and new function that will handle the segmentation and distribution of the data to multiple threads. Create a new function called “Parallel_Merge_Sort” to perform this activity. Once you have implemented your parallel code update the main to execute the parallel processing after the sequential processing Using a N size of 10, run your program, take a screenshot and upload it into the box below. Add code to evaluate the time and efficiency of the two versions of execution. Your code should calculate and display the following information: HINTComment out the code that prints the arrays and results and increase the N to a size of 100000 or more NOTE: Your Parallel Solution should be faster and more efficient than the sequential version. Take a screenshot of your application’s output showing the timing results listed above and upload it into the box below.Update your program one more time to create a global standard vector space that stores thread::ids. In the critical section of your source code have the current thread running the code push its ID into the global vector every time the critical section executes.Rubric See eConestoga for details.Once you have completed your lab upload the following files INDIVIDUALLY to eConestoga using the submission link: Please make sure you delete all .vs (Hidden), release and debug directories before you compress and upload your solution.
MATH154 Homework 9 Central Limit Problem 9.1: a) Find again the characteristic function ϕX of a standard Cauchy distributed random variable X. (We have done it before. Maybe try to do it without a computer algebra system using residue calculus.) b) Deduce that if you take two independent standard Cauchy distributed random variables X,Y , then (X + Y )/2 is again standard Cauchy distributed. Problem 9.2: a) Verify that the differential entropy of the Cauchy distribution with density 1/(π(1 + x2)) is log(4π). Mathematica gives wrongly log! b) As a flashback, recall how the expectation E[X] of a Cauchy distribution X is defined in a renormalized way by subtracting two infinite quantities. c) Verify that the renormalized variance lim exists for the Cauchy distribution. What is its value? Problem 9.3: a) Compute the entropy of the standard distribution N(0,1). We have sketched it in class. b) What is bigger, the entropy of the Cauchy distribution or the entropy of the standard normal distribution? c) Compute the entropy of the Probability Theory Problem 9.4: We work here with measures on (R,B). a) Assume dµ(x) = f(x) dx and dν(x) = g(x) dx are absolutely continuous probability measures. The convolution f ∗ g(x) = RR f(y)g(x − y) dy defines a new measure dµ ∗ dν = f ∗ g dx. Verify Z Z Z f ∗ gh(z) dz = h(x + y)f(y) dyg(z) dz . b) Conclude that Z Z dµ ∗ dν(A) = 1A(x + y) dµ(x) dµ(y) R R c) Verify that the transformationon the space of all Borel probability measures on (R,B) satisfying R x dµ(x) = 0 has a unique fixed point. Problem 9.5: We have seen that the central limit theorem implies the de Moivre central limit theorem so that in principle we do not need to prove it again. Write down a proof of the de Moivre central limit theorem. You have the following options: a) using the Stirling approximation formula√n! ∼ 2πn(n/e)n for the factorial. b) using characteristic functions, essentially repeating the general proof.
MATH154 Homework 8 Transformation Problem 8.1: a) Check that the automorphisms of a probability space form a group. There is a subset of ergodic automorphisms. Investigate whether (i) ergodic, (ii) weakly mixing, (iii) mixing automorphisms form a subgroup. b) For every T ∈ Aut(Ω,A,P) we have a unitary transformation U : L2 → L2 given by Uf = f(T). Check the orthogonality condition ⟨Uf,Ug⟩ = ⟨f,g⟩. c) Classical mechanics is the theory of automorphisms of probabilityspaces, where the unitary evolution is given by a dynamics Uf = f(T). Quantum mechanics allows for a larger automorphism group consisting of all unitary operator Uf = eitAf with a self-adjoint operator A on the Hilbert space L2(Ω). Assume our probability space is finite. What is its classical automorphism group? What is its quantum automorphism group? Problem 8.2: Show that if a measure-preserving transformation T has the property that for any A,B ∈ A there is m such that P[A∩T−n(B)] = P[A]P[B] for all n ≥ m, then A is a trivial algebra. Ergodicity Problem 8.3: Let (Ω,A,P) be a probability space, and let T : Ω → Ω be a measure-preserving transformation. Verify that the following conditions are equivalent: (i) T is ergodic (ii) If A ∈ A and P[T−1(A)∆A] = 0, then P[A] = 0 or P[A] = 1. (iii) If A ∈ A satisfies P[A] > 0 then P[Sn T−n(A)] = 1. (iv) If A,B ∈ A satisfy P[A] > 0,P[B] > 0 then there is n such that P[T−n(A) ∩ B] > 0. Instead of checking all 12 possible ordered pairs, use the Merry-Go-Round proof technique: (i) → (ii) → (iii) → (iv) → (i). Probability Theory Proof. (i) → (ii) P[T−1(A)∆A] = 0 means that T(A) = A up to a measure zero. By definition A has measure 0 or 1. (ii) → (iii) The set B = Sn T−n(A) is invariant and so has measure 0 or 1. Since it contains A which has positive measure, it has measure 1. (iii) → (iv) If there existed a set B which never can be reached, then B would be disjoint of T−n(A). But P[Sn T−n(A)] = 1. Assume T−1(A) = A and A has measure different from one. Then take □ Weak mixing Problem 8.4: a) In the proof showing that T is mixing implies T2 is mixing, we use the following Lemma from calculus or real analysis: the following two things are equivalent: (i) cn ≥ 0 is a bounded sequence with (ii) There exists a set J of density 1 in N on which limj∈J |ck| → 0. b) Use a) to verify that if cn ≥ 0 is a bounded sequence is equivalent to c) Conclude that weakly mixing can be rephrased as the property = 0 for all A,B ∈ A. Mixing Problem 8.5: a) Prove the following result of R´enyi: A dynamical system T is mixing if and only if µ(A ∩ T−nA) → µ(A)2 for n → ∞. b) State and give a proof of the Riemann-Lebesgue lemma. Why does this lemma imply that T has only absolutely continuous spectrum, then T is mixing? (Use a).
MATH154 Homework 7 Strong Law and Birkhoff Problem 7.1: Let (Ω = [0, eeotte tee ttnoende rdtectt Lebetgce rdtbnbility trnte. Ctotieed ftd n ≥ 1 tee teqceote an = 1/(nltg(n . Defioe Xn(x = n1[0,an/2](xn − n1[1−an/2,1](xn . Io tteed wtdet, we enve n teqceote tf dnoetm vndinblet tent tnke vnlcet n,−n,0. n Ceetk tent Xn it n teqceote tf ioeereoeeot dnoetm vndinblet tf zedt meno noe vndinote n/(ltg(n . b Ceetk tent tee rdttf tf tee wenk lnw tf lndge ocmbedt ttill wtdkt tttent P[Sn/n ≥ ϵ] → 0. t Vedify tent Pn P[{Xn = n}] eivedget noe ttotlcee tent wite rdtbnbility 1, we enve |Sn/n| ≥ 1/2 iofioitely mnoy tfteo. e Ctotlcee tent Xn etet ott tntitfy tee ttdtog lnw tf lndge ocmbedt. Problem 7.2: Use the notes to write down the proof of the maximal ergodic theorem of Hopf. Make sure you understand every step. Problem 7.3: Use the notes to write down the proof of the Birkhoff ergodic theorem. Make sure you understand every step. Problem 7.4: Write down a paragraph about the history of Birkhoff’s ergodic theorem. Especially make a connection with Harvard. Probability Theory Problem 7.5: Giveo n denl ocmbed α let T : T = R/Z → T be eefioee nt T(x = x + α. A ttotioctct fcottito f : T → R eefioet tt n teqceote tf dnoetm vndinblet Xn(x = f(Tn(x = f(x + nα . n If teede exittt n ttotioctct fcottito g tcte tent f(x = g(x+α −g(x , we tnll f n ttbtcoendy . Went tno ytc tny nbtct tee gdtwte dnte tf Sn if f it n ttbtcoendy? b Tee tcm Sn it nltt kotwo nt n Weyl tcm. Attcme f it ttotioctct wite = 0 noe tent α it iddntitonl. Went etet tee Bidketff edgteit teetdem tny nbtct Sn/n? t Attcme α it iddntitonl. Ade tee dnoetm vndinblet Xn ioeereoeeot? Ade tee dnoetm vndinblet eettddelntee? Cno ytc cte tee ttdtog lnw tf lndge ocmbedt tt ettimnte Sn? Cno ytc cte tee wenk lnw tf lndge ocmbedt tt ettimnte Sn? e Lttk cr went enrreot if α ent tee Ditrenotioe rdtredty |α − p/q| ≤ 1/q2 ftd nll dntitonl ocmbedt p/q. (Ao exnmrle it if α it tee gtleeo meno. Teede it n detclt tent nttcdet tent Sn ttnyt btcoeee io teit Ditrenotioe tnte if f it ttotioctct. Fioe tent detclt noe ttnte it.
MATH154 Homework 6 Stochastic Convergence Problem 6.1: Consider the random variables Xn(x) = cos(nx) on [−π,π],B,dx/(2π). a) By writing cos(nx) = Re(einx) and using a geometric series, verify that . This is Dn(x) − 1, where Dn(x) is called the Dirichlet kernel. b) Verify that c) First recollect from class why the assumptions of the weak law aresatisfied and restate the conclusion of that theorem about Sn/n. This should verify that Sn/n → 0 in L1 and so in probability. d) Given a continuous even function f with E[f] = 0, the expectation an = E[fXn] is called the n’th Fourier coefficient and g(x) = Pn anXn(x) is the cos- Fourier series of n. The formula is called Parceval’s identity. What geometric condition does assure it and what famous geometric theorem does it generalize? Problem 6.2: a) Give an example of a sequence of random variables Xn → X for which we have convergence in probability but not complete convergence. b) Give an example of a sequence of random variables Xn, where Xn → X in probability but where Xn → X in L1 does not happen. c) Give an example of a sequence of random variables where Xn → X in L1 but where the convergence is not in L2. Probability Theory Problem 6.3: a) Is there for 1 ≤ p < ∞ a relation between Lp convergence and convergence almost everywhere? b) Is there a relation between L∞ convergence and convergence almost everywhere? c) Is there a relation between complete convergence and Lp convergence for p < ∞? d) Is there a relation between complete convergence and L∞ convergence? Law of Large numbers Problem 6.4: The n’th Chebyshev polynomial is defined as Xn = Tn(x) = cos(narccos(x)). We have Tn(cos(t) = cos(nt). a) Verify that Tn(x) is a polynomial of degree n and write down Tn(x) for n = 1,2,3,4. b) We look at Tn(x) as a random variable on the probability space (Ω = [−1,1],B,P = ). Check that the later indeed is a probability space. c) Demonstrate (by showing all conditions) that you can use the weak lawof large numbers to establish that (1/n)Sn converges in probability to 0. Problem 6.5: Let Xn(ω) be the n’th binary digit of ω ∈ [0,1]. a) Investigate the convergencein probability. b) Verify that Sn has the Binomial distribution . c) Show directly and then use the weak law to see that Sn/n → 0 in probability. √ 2.d) Verify that Sn/ n does not go to zero in√ L e) Verify also that Sn/ n does not converge to 0 in distribution.
MATH 154 Homework 5 Tail algebra Problem 5.1: Bond percolation in 3 dimensions. Ω is the set of all subgraphs of the lattice Z3 with nearest neighbor connections. Look at σalgebras Ae generated by the random variable Xe(ω) = 1{e∈E(ω)}. The assumption P[{Xe = 1}] = p,P[{Xe = 0}] defines a probability space in which {Xe}e∈E are independent. a) What theorem does assure that we have a probability measure on Ωthat is translation invariant? b) The event A consists of all graphs for which there is an infinite cluster. Verify that Pp[A] ≤ Pq[A] if p ≤ q. c) Conclude there is a threshold pc so that p > pc gives an infinite cluster and p < pe none with probability 1. d) Hit the literature: what is currently the best estimate for pc? Jensen Problem 5.2: a) Formulate Jensen inequality in the case f(x) = |x| and show that it implies the calculus identity for a continuous function on [0,1]. √b) It implies the geometric-arithmetic mean inequality ab ≤ (a + b)/2. c) Jensen’s inequality can explain risk aversion and motivate portfoliooptimization. Let ϕ be a concave utility function. (−ϕ is convex). What does Jensen tell you about the expected utility? Entropy Problem 5.3: We study entropy S(A) calculus for a finite σ-algebra. a) Single variable: f(x) = xlog(1/x) is concave. The limit f(0) = 0 exists. b) Multi: the uniform distribution on {1,…,n} has maximal entropy. c) Let AX be the σ-algebra of a random variable X ∈ S and AX,Y the σ algebra of two random variables X,Y ∈ S. Show that if X,Y are independent, then S(AX,Y ) = S(AX) + S(AY ). Probability Theory Chebychev Problem 5.4: You own an insurance company that gets random claims at random times. In order to have enough reserves, you want to estimate how large claims will be in the future. Your staff tells you the mean and standard deviation of the historical claim distribution but you do not know the distribution. a) Why does Chebyshev’s inequality imply that at least 89 percent of fu-ture claims will be within three standard deviations away from the mean? b) Build a similar rule of thumb to see that percent of future claims are within two standard deviations from the mean. Explain. c) Fill in the box: 96 percent of future claims are within standard deviations from the mean. Explain.Problem 5.5: A probability space and random variable X defines what one calls a null hypothesis, the assumption that an effect does not exist. Assume you measure X = c and that c is larger than the expectation, then the P-value of this experiment is defined as P[X ≥ c]. If the Pvalue is < 0.05, one considers the result as significant and rejects the null-hypothesis. If the P-value is > 0.05, one fails to reject the null hypothesis. a) Assume a hypothesis is that X is exponentially distributed. You measure X = 2. What is the p-value? b) Estimate the p-value using Chebyshev’s inequality. c) Having a p-value smaller than 0.05 is considered the gold standard for”statistical significance”. Discuss the following strategy: we repeat an experiment a couple of times until the P-value is smaller than 5 percent. You label the early runs as warm-up-test runs and publish the paper. d) Is it true that if you make a measurement and see the P value is largerthan 0.05 that the non-significance means that the effect does exist? Explain in an example. 1Figure 1. P-Value.1If c was smaller than the expectation, we would define the P-value as P[X ≤c].
MATH154 Homework 4 Independence b) What is the probability that Ana has a meeting during a time that Bobhas a meeting? c) What is the probability that Bob has a meeting during a time whenAna has a meeting? d) Is the event that both have a meeting at the same time independent ofthe event that both have no meeting at the same time?Figure 1. Palindromes Ana and Bob meet to discuss the design of new dice. (AI generated picture) Probability Theory Problem 4.2: True or False? (Please give justifications). 1) If A,B are independent, then A,Bc are independent. 2) If P[B] > 0, and A,B are independent, then P[A|B] = P[A]. 3) If A,B are independent and B,C are independent then A,C are. 4) If A,B,C are independent, then A + B is independent of C. 5) If A,B,C are independent, then A ∩ B is independent of C. 6) If A,B,C are independent then A ∪ B is independent of C. 7) Two disjoint sets A,B are independent if and only if P[A] = 0 or P[B] = 0. 8) ∅ is independent of any other set. 9) Ω is independent of any other set. 10) If A is independent to itself, then P[A] = 0 or P[A] = 1. Problem 4.3: If (Ω,A,P) has a P trivial σ-algebra, you might think that A is the trivial σ-algebra. This is not the case as you verify here with an example: Verify that the σ algebra of cocountable or countable sets in Ω = [0,1] is P-trivial, if P = λ is the probability Lebesgue measure on [0,1] Problem 4.4: In all of this problem, all random variables are bounded L∞. a) Verify that if X,Y are independent and n,m are positive integers, then Xn,Y m are independent. b) Verify that X · Y = ⟨X,Y ⟩ = E[XY ] defines an inner product on L2.Define |X| = p⟨X,X⟩. Check Cauchy-Schwarz |⟨X,Y ⟩| ≤ |X||Y |. c) We have seen that if X,Y are independent L2 random variables, then E[XY ] = E[X]E[Y ]. Can you reverse this? Does the condition E[XY ] = E[X]E[Y ] imply that X,Y are independent? d) What about asking that E[XnY m] = E[Xn]E[Y m] for all n,m > 0? Does this imply that X,Y are independent? Problem 4.5: a) Verify that the moment generating function of the Cauchy distribution does not exist. b) Compute the characteristic function ϕX(t) of a Cauchy distributed random variable. c) Compute the characteristic function of the Gaussian distribution with −x2/√π. probability density function f(x) = e d) Find a probability space and a random variable X such that ϕX(t) = cos(t).
MATH154 Homework 3 Random Variables Problem 3.1: The Gamma distribution with shape α > 0 and rate λ > 0 has support on [0,∞). It is used in econometrics. The probability density function is . a) What distribution do we get in the case α = 1? b) Verify that f satisfies the properties of a PDF. c) Compute the expectation E[X] and variance Var[X]. d) Compute the moment generating function MX(t). e) Why is a Gamma distributed random variable in Lp for all p? Problem 3.2: Verify that for θ > 0 the Maxwell distributionis a PDF of a probability distribution on R+ = [0,∞). This distribution can model the speed distribution of molecules in thermal equilibrium. Now compute its expectation E[ . Problem 3.3: Benford’s law deals with the statistics of the first significant digit in data. Simon Newcomb found the law in 1881 and Frank Benford made significant progress to understand it in 1938. The distribution appears also in naturally occurring sequences. For example, if you look at the first digit of the sequence 2n then the first significant digit k appears with probability pk = log10(1 + 1/k). The digit 1 for example occurs with about log10(2) = 0.30 which is 30 percent. a) What is its expectation and variance of the distribution? b) Verify that the sequence 2n produces this distribution. Probability TheoryFigure 1. The Benford distribution for the first significant digit. It is computed with Histogram[Table[First[IntegerDigits[2n]],{n,1,10000}],10] Problem 3.4: For a centered Cauchy distributed random variable, the probability density is ( ). As seen in class you can generate random variables with this distribution. Define X(x) = x on (Ω = R,B,P = f(x)dx). a) Check that the random variable X is not in L1. b) Look up the definition of convergence in the sense of Cauchy and verifythat the expectation of the distribution in this generalized sense. c) What can you say about the variance and higher moments or momentgenerating function of a Cauchy distributed random variable? d) Why again does Cot(PiRandom[]) generate Cauchy distributed random variables? Problem 3.5: The support K of the law µ of a random variable is the largest closed subset of R such that µ((x − a,x + a)) > 0 for every x ∈ K and a > 0. a) There are absolutely continuous distribution functions for which thesupport is a Cantor set on [0,1]. Construct one. (Note that this can not be the standard Cantor set because the Standard Cantor set has measure zero.) b) There are singular continuous distributions for which the support is[0,1]. Construct one. c) There are pure point distributions for which the support is [0,1]. Construct one. d) Verify that for every closed set K in [0,1] there exists a measure which has K as support.
MATH154 Homework 2 Probability spaces Problem 2.1: Verify the following properties from the axioms. a) P[∅] = 0. b) A ⊂ B ⇒ P[A] ≤ P[B]. c) P[Sn An] ≤ Pn P[An]. d) P[Ac] = 1 − P[A]. e) 0 ≤ P[A] ≤ 1. f) A1 ⊂ A2,⊂ ··· with An ∈ A then P[ Problem 2.2: Let Ω be a set. Let A be the set of countable or cocountable subsets of Ω. a) Verify that A satisfies all the ring axioms of Boolean algebra. b) Verify that A is a π-system. c) Verify that A is a λ-system. e) Verify that A is the smallest σ algebra containing the cofinite topology. Problem 2.3: Let Ω = [0,1]2. Let I = {[a,b) × [c,d)} denote the set of all left-bottom closed right-top open rectangles. a) Verify that this is a π-system. b) Verify that P[a,b) × [c,d)] = (d − c)(b − a) is a probability measure on this π system. c) Why can the measure P be extended to the smallest σ-algebra containing I? d) Under which conditions are two elements in I independent? Probability Theory Problem 2.4: Verify the following properties. The first four are known as Keynes postulates, the fifth is called Bayes Theorem. 1) P[A|B] ≥ 0. 2) P[A|A] = 1. 3) P[A|B] + P[Ac|B] = 1. 4) Problem 2.5: Prove the ΠΣΛ sorority theorem in the text. It states ”The smallest λsystem A containing a π-system I is the smallest σ algebra containing I.”Figure 1. To the left an example of a ΠΣΛ chapter (in this case Oxford MS). To the right, a brooch from BU in the shape of a Marguerite daisy (or A∩B when intersecting two sets in a Venn Diagram) also in the order of the mathematical order ΠΛΣ: to check that we have a σ-algebra, we have to check it is a π-system and a λsystem.
MATH154 Homework 1Problem 1.2: The card game ”set” contains 81 = 34 cards. Each card has one of 3 colors, one of 3 numbers, one of 3 shapes and one of 3 shades. It so models so the 4-dimensional vector space which is also called the field GF(81). A collection of three cards is called a ”set”, if in each of the 3 categories, all three properties either agree or are all different. You randomly pick 3 cards from the 81. What is the probability to draw a set? Probability Problem 1.1: a) You pick a random point (x,y) in the square [−1,1]× [−1,1]. What is the probability that x2 + y2 ≤ 1? b) You pick a random point (x,y,z) in the unit cube [−1,1]3. What is the probability that x2 + y2 + z2 ≤ 1? c) What is the probability that 1 if the point x = (x1,…,x1000) is chosen randomly in the 1000-dimensional unit cube [−1,1]1000.Figure 1. What is the probability to hit the sphere? Probability TheoryFigure 2. The game of set visualizes a 4 dimensional vector space Problem 1.3: The probability density of a positive integer smaller than n is prime is about 1/log(n) by the prime number theorem. What do you expect is the expected number of prime twins smaller than n? Problem 1.4: a) Alex has three kids, and one of them is a girl. What is the probability that Alex has three girls? b) Alex has three kids of different age and the oldest is a girl. What is the probability that Alex has three girls? Problem 1.5: There are three boxes: a box containing two gold coins, a box containing two silver coins, and a box containing one gold coin and one silver coin. The three boxes are shuffled. You pick one box and pick a random coin from it. You notice it to be gold. What is the probability that the other coin from the same box is gold?
