im trying to build a page that uses uneversal sentence encoder modle to search through database 'abstract' attribute and this error is appearing in the browser console enter image description here
i first stored all data in an array and then tried to encode each one and compare to a search word 'encryption'
this is the php page code :
<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$db = "portal";
$conn = new mysqli($dbhost, $dbuser, $dbpass,$db) or die("Connect failed: %s\n". $conn -> error);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="https://cdn.jsdelivr.net/npm/#tensorflow/tfjs#latest"></script>
<script src="https://cdn.jsdelivr.net/npm/#tensorflow-models/universal-sentence-encoder"></script>
</head>
<body>
<?php
$sql = "SELECT abstract FROM projects";
$result = mysqli_query($conn, $sql);
$abstracts = array();
if(mysqli_num_rows($result ) > 0){
while($row=mysqli_fetch_assoc($result)){
$abstracts[] = $row;
}
}
print_r($abstracts);
?>
<script>const dotProduct = (vector1, vector2) => {
return vector1.reduce((product, current, index) => {
product+= current * vector2[index];
return product;
}, 0);
};
// square each value in the array and add them all up, then square root.
const vectorMagnitude = (vector) => {
return Math.sqrt(vector.reduce((sum, current) => {
sum += current * current;
return sum;
}, 0));
};
const cosineSimilarity = (vector1, vector2) => {
return dotProduct(vector1, vector2) / (vectorMagnitude(vector1) * vectorMagnitude(vector2));
};
(async () => {
// download the model
const model = await use.load();
const abstracts = <?php echo json_encode($abstracts); ?>;
const userQuery = "encryption";
// embed the user input and the blog posts using the model - explained next!
const abstractsTensor = await model.embed(abstracts);
// wrap the user input in an array so model can work with it
const userInputTensor = await model.embed([userQuery]);
// == New code starts here //v,mv dijv
// convert to JS arrays from the tensors
const inputVector = await userInputTensor.array();
const dataVector = await abstractsTensor.array();
// this is an array of arrays, we only care about one piece of user input, one search query so
const userQueryVector = inputVector[0];
// how many results do i want to show
const MAX_RESULTS = 2;
// loop through the blog post data
const predictions = dataVector.map((dataEntry, dataEntryIndex) => {
// COSINE SIMILARITY - compare the user input tensor with each blog post.
const similarity = cosineSimilarity(userQueryVector, dataEntry);
return {
similarity,
result: abstracts[dataEntryIndex]
}
// sort descending
}).sort((a, b) => b.similarity - a.similarity).slice(0, MAX_RESULTS);
document.querySelector("#initial-example-results").innerText = JSON.stringify(predictions, null, 2)
})();</script>
<p>This will take a few moments for the model to load and run. Query: "encryption"</p>
<pre id="initial-example-results"></pre>
</body>
</html>
abstract is an array contains this values :
enter image description here
i cant tell what the error is
According to the official documentation, in order to get something like this:
you would need to change your array.
Instead of having it like this:
$abstracts = [
[
"abstract" => "Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories. "
],
[
"abstract" => "Data mining is the process of fmding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more."
],
[
"abstract" => "A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams."
]
];
$abstracts = json_encode($abstracts);
/*
output:
[
{
"abstract":"Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories. "
},
{
"abstract":"Data mining is the process of fmding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more."
},
{
"abstract":"A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams."
}
]
*/
it needs to look like this:
$abstracts = [
"Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.",
"Data mining is the process of fmding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more.",
"A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams."
];
echo json_encode($absctracts,JSON_UNESCAPED_UNICODE); // the switch / flag isn't a must, but it's a good idea to handle cases like non-standard characters, or emojis
/*
output:
[
"Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.",
"Data mining is the process of fmding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more.",
"A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams."
]
This change will make your const abstracts a regular string array, which is what the model.embed(...) expects - take a look at how you're defining the userInputTensor variable. You're wrapping a string ('encryption') within brackets, turning it into a one dimensional string array. It makes sense to do the same thing when defining const abstracts.
Bottom line - change the way you're filling the $abstracts array. Make it a simple array with numerical indices / indexes, instead of associative one:
<?php
$sql = "SELECT abstract FROM projects";
$result = mysqli_query($conn, $sql);
$abstracts = array();
if(mysqli_num_rows($result ) > 0){
while($row=mysqli_fetch_assoc($result)){
$abstracts[] = $row["abstract"]; // <== this is what you need to change
}
}
?>
Related
We have an awkward, persisting situation of receiving unsolicited comments into our corporate Podio space via the Email to Item feature. We spam arrives sporadically, we get a couple of hundred of them on some days. Removing the offending user from the Podio workspace does not help. We have of course contacted Podio support, but they are unable to help.
I assume others have, or are vulnerable the same breach. It seems Kirsten Campbell-Morris reported in 2014 the same breach.
Our analysis is that the email notification which Podio sends have been captured, and the unique reply-to addresses are used. According to our analysis (and theory), this is a write-only vulnerability.
In our case the spam items are easy to classify as spam/ham: they all come from one user 𝒰, and always arrive via the Email to Item feature. Other than the spam, we never ever need this feature, and would be happy to get rid of this poorly managed feature altogether.
We have sketched three alternate solutions, here in chronological order of development:
A periodic cleanup program
JavaScript program running against the DOM
A webhook endpoint
See below for description of the others (1. and 2.), but we would prefer to use the latest idea (3.), using webhooks. The idea is to create a either one or separate comment-create hook for all the apps in our workspace. It would receive a HTTP request on comment creation, authenticate with the Podio API, fetch the comment in question, decide whether it is spam or not, and delete it if necessary (like said, deciding what is spam is straightforward in our case).
I implemented this idea as a minimal Lumen API endpoint. On receiving the webhook request with the following JSON payload
{
"item_id": "yyyyyyyyy",
"hook_id": "zzzzzzz",
"type":"comment.create"
}
it is passed to PodioComment::get() for decisionmaking.
The problem is that the delete operation [PodioComment::delete()](https://developers.podio.com/doc/comments/delete-a-comment-22347) receives aPodioForbiddenError`, though it authenticates with token from user 𝒰.
The PHP stacktrace
PodioForbiddenError
in Podio.php line 319
at Podio::request('DELETE', '/comment/xxxxxxxx', array()) in Podio.php line 358
at Podio::delete('/comment/xxxxxxxx') in PodioComment.php line 46
at PodioComment::delete(xxxxxxxx) in CommentController.php line 116
What is going on here? Am I not authenticating properly? I can do other tasks, e.g. get comments and other Podio items, and Podio::setup() and Podio::authenticate_with_app() run succesfully, with the client ID and secret, and app id and token.
Our current theory is that the Email to Item feature is a separate application (with it's own app_id). If this is correct, how can we authenticate as that app to delete comments from it? If not, what else can we do to delete the spam comments? How can we check which permissions our custom program has for various Podio items?
Details of solutions 1. and 2.
Solution sketch 1. A periodic cleanup program (does not work)
The first one (1.) of these is a PHP program was written with the Podio PHP client and was planned to run as cronjob. The idea was to periodically – say every 6 hours – to authenticate, scan all items for new comments, and delete them if they are deemed spam. This didn't work, because though the program was running on API keys of an administrator user, it didn't have permission to delete comments made by user 𝒰.
Solution sketch 2. JavaScript program running against the DOM (works if manually supported)
This is hack with screenscraping and automatically pressing buttons on the web UI.
We login as the user 𝒰, navigate to their activity stream, open the browser developer tools, copy-paste the following program to the console, and go for coffee. This bypasses authentication issues of (1.) and (3.), but is cumbersome to operate and error-prone.
// Add the user id to remove in here. There is a good chance it is
// a six-digit number
var spamUid = 'xxxxxx';
// Consider only comments made after this date
var spamDate = new Date(2018, 04, 01);
var spamUserUrl = 'https://podio.com/users/' + spamUid;
var mnum = {
'January': 0,
'February': 1,
'March': 2,
'April': 3,
'May': 4,
'June': 5,
'July': 6,
'August': 7,
'September': 8,
'October': 9,
'November': 10,
'December': 11
}
var titleToDate = (title) => {
re = /(\s*\d*) ([A-Za-z]*) (\d{4}) (\d*):(\d*)/;
[, D, M, Y, h, m] = re.exec(title);
d = new Date(Y, mnum[M], D, h, m);
return d;
}
var throttling = 2000;
var spamComments = jQuery('.comment')
.filter((i, c) => jQuery(c).find('.comment_byline > a')[0].href == spamUserUrl)
.filter((i, c) => jQuery(c).find('.timestamp > time')[0].title != "")
.filter((i, c) => titleToDate(jQuery(c).find('.timestamp > time')[0].title) > spamDate);
console.log("Found " + spamComments.length + " comments to delete");
spamComments.each((i, c) => {
c.style.border = '5px red dotted';
setTimeout(() => {
console.log("deleting 💩", c);
jQuery(c).find('.js-delete-comment').click();
jQuery('.confirm-button')[0].click();
}, i * throttling);
});
Please contact Podio support. We have solution to stop this :)
For the record, we did contact Podio support and this time they were responsive and said the issue has been solved. I have no idea what was done on their end, but we have not received the spam messages since. Thanks.
I have an IoT Project which is:
2 bulbs, connect to 2 Raspberry Pi (python)
web app (Javascript) with 3 buttons: one to turn on/off bulb 1, one to turn on/off bulb 2, one to turn on/off both bulbs.
I approached 2 different ways
using AWSIoTMQTTClient:
Pi:
class CallbackContainer(object):
def __init__(self, client):
self._client = client
def messagePrint(self, client, userdata, message):
print("Received a new message: ")
print(message.payload)
print("from topic: ")
print(message.topic)
print("--------------\n\n")
myAWSIoTMQTTClient = AWSIoTMQTTClient("myClientID")
myAWSIoTMQTTClient.configureEndpoint("xxxxx.iot.eu-west-1.amazonaws.com", 8883)
myAWSIoTMQTTClient.configureCredentials("./certs/rootCA.pem", "./certs/xxxxxxx-private.pem.key", "./certs/xxxxxxx-certificate.pem.crt")
myAWSIoTMQTTClient.configureConnectDisconnectTimeout(10) # 10 sec
myAWSIoTMQTTClient.configureMQTTOperationTimeout(5) # 5 sec
myCallbackContainer = CallbackContainer(myAWSIoTMQTTClient)
myAWSIoTMQTTClient.connect()
myAWSIoTMQTTClient.subscribe("topic_both", 0, myCallbackContainer.messagePrint)
myAWSIoTMQTTClient.subscribe("topic_bulb1", 0, myCallbackContainer.messagePrint)
while True:
time.sleep(1)
Javascript:
var params = {
payload: JSON.stringify(body),
topic: myTopic, //"topic_both" or "topic_bulb1"
qos: 0
};
var iotPromise = iotData.publish(params).promise();
using AWSIoTShadowClient:
Pi:
def customShadowCallback_Delta(payload, responseStatus, token):
print(responseStatus)
payloadDict = json.loads(payload)
print("++++++++DELTA++++++++++")
print("property: " + str(payloadDict["state"]))
print("+++++++++++++++++++++++\n\n")
#Need to handle JSON to control bulbs
thingName = "control_bulb"
myAWSIoTMQTTShadowClient = AWSIoTMQTTShadowClient("myClientID")
myAWSIoTMQTTShadowClient.configureEndpoint("xxxxxx.iot.eu-west-1.amazonaws.com", 8883)
myAWSIoTMQTTShadowClient.configureCredentials("/certs/rootCA.pem", "/certs/xxxxx-private.pem.key", "/certs/xxxxx-certificate.pem.crt")
myAWSIoTMQTTShadowClient.configureConnectDisconnectTimeout(10) # 10 sec
myAWSIoTMQTTShadowClient.configureMQTTOperationTimeout(5) # 5 sec
myAWSIoTMQTTShadowClient.connect()
deviceShadowHandler = myAWSIoTMQTTShadowClient.createShadowHandlerWithName(thingName, True)
deviceShadowHandler.shadowRegisterDeltaCallback(customShadowCallback_Delta)
while True:
time.sleep(1)
JavaScript:
var params = {
payload: '{"state":{"desired":' + JSON.stringify(body) + '}}',
thingName: 'control_bulb'
};
iotData.updateThingShadow(params, function(err, data) {
}
Both approaches manage to achieve the purpose of the project. However, my questions :
What different between AWSIoTMQTTClient vs AWSIoTShadowClient in terms of performance, security, maintenance?
In which use-case, is AWSIoTShadowClient or AWSIoTMQTTClient used?
Thanks
The two different clients represent two different (albeit superficially similar) features of AWS IoT:
AWSIoTMQTTClient provides a general interface to AWS IoT's MQTT broker. All it does is allow you to send and receive messages across topics. In fact, if you really wanted to you could use any MQTT client for this (for example Paho MQTT), but I would stick to AWS' as it is ready-configured for their broker.
AWSIoTShadowClient is an interface specifically for the AWS IoT Device Shadow. The device shadow is an AWS-managed, per-decice, two-way synchronized 'state'. It just so happens that one way of interacting with the shadow is MQTT. But the aim isn't just to send/receive messages, it's to provide a mechanism for devices to persist and take their state from the cloud. (more specifics here)
So to address your question:
Performance: both use the same underlying protocol and so have similar performance. At a push AWSIoTMQTTClient could perform better if you specialised it to your own usage, rather than following the Device Shadow pattern; but I would expect any gains to be negligible.
Security: once again both are secured in exactly the same way using AWS IoT's client/certificate security model. AWSIoTShadowClient is likely more secure by default as it is already configured to ensure that only a device can set it's reported state.
Maintenance: This depends a bit. If your use case (discussed next) is to have device report its state, and have that state inspectable and updatable from the cloud, then the AWSIoTShadowClient is much more maintainable; simply because that is what it's designed and tested to do- you'll have to write and maintain less of your own code!
Picking an approach:
Device Shadow: If you don't have a reason no to, use the shadow. It's a managed and well tested pattern (that includes edge cases, such as the blub being offline when you request it to change) for having your devices send send/receive/synchronize state from the cloud. It's built into AWS so you can easily view/change this state in the console. It's also got built-in persistence, so you can always inspect that latest state even if you aren't constantly listening for changes on the broker.
Your own MQTT topics: There's a few reasons not to use the shadow. The shadow requires you to send JSON payloads, and in highly battery/network constrained situations you might want to use your own binary protocol to save bytes. Similarly it's about double the cost (although still really cheap). Finally if you readings are fast moving, write-only, telemetries that you do not need to persist and can subscribe to when you're interested, you might skip the shadow because you don't need any of its features.
So in your case, I would say you want to use the shadow.
I am mantaining a VB6 Windows application which digitally signs PDF documents by launching a JS file, located in the Javascripts subfolder of Acrobat 9.0. Now my Customer wants to plug another smart card reader to the PC which hosts the application, with its own smart card containing certificates related to a second person who will sign certain type of documents.
My question is: how can I programmatically choose, from my JavaScript code, the smart card reader I want?
In my JavaScript code I do the following:
//Initialize the signature handler
var myEngine = security.getHandler("Adobe.PPKLite");
//Obtain the available certificates
var ids = myEngine.digitalIDs;
var myCerts = ids.certs;
//Find the certificate I want to use to sign
for(var j=0; j<myCerts.length; j++)
{
if(myCerts[j].subjectCN == "SMITH JOHN")
{
oCert = myCerts[j];
break;
}
}
//Log to the signature engine by passing the certificate I want to use
//and the slot where the corresponding smart card reader is plugged
myEngine.login( { oParams: { cDIPath: ACROSDK.sigDigitalIDPath,
cPassword: ACROSDK.sigUserPwd,
iSlotID: 1,
oEndUserSignCert: oCert
}
} );
//Digitally sign the document with the certificate I chose
sigField.signatureSign({oSig: myEngine,
bUI: false,
oInfo: { password: ACROSDK.sigUserPwd,
location: ACROSDK.sigLocation,
reason: ACROSDK.sigReason,
contactInfo: ACROSDK.sigContactInfo,
appearance: "FirmaRPPR"
}
});
Why do I receive a General Error when executing signatureSign? Which is the correct way to assign the iSlotID parameter when logging to the signature engine or, alternatively, the cTokenLabel parameter?
Thanks in advance for your help and suggestions!
Mind you, I have no experience in using Acrobat scripting, but in PKCS#11 slot id would refer to the id of the smart card reader connected to the computer, and token label would be assigned label to one of the smart carts in that slot/reader, which can vary from PKCS#11 implementation to another.
And the easiest way to find out the label of the PKCS#11 token would be to configure the PKCS#11 DLL you're using as a Security device in Firefox browser and see the label field in the configuration. But that would be just to get you going in the right direction.
You can write a short C program against the PKCS#11 and use C_GetSlotList and C_GetSlotInfo to find out the slot id's and token labels, here is an example of that. It should not be a problem to port that code over to VB. Also there is NCryptoki that you can use to interface the PKCS#11 DLL.
I know that this will seem like a duplicate, but I honestly have not been able to find any answer that solves this.
I have two iPads set up with static IP addresses on a network that can only access www.example.com (network restriction, not iPad restriction). example.com is an eCommerce site and I want to fill in a coupon field whenever either of these two iPads visit the site.
The only way I can think of doing this is getting the local IP addresses of the iPads (e.g. 192.168.0.x) and creating a whitelist array. But my problem is trying to detect the browsing device's local IP.
I cannot use any resources outside of the example.com domain and I can't use the network's public IP as there will be lots of other devices connected.
Also, I've tried WebRTC but it's Chrome and Firefox only, and I am limited to the iPad's native Safari browser.
Help me Overflow Kenobi, you're my only hope!
EDIT
Conditions have changed. I found out that no other devices will be using the checkout service, so I can now target the external IP. Details about how I did this are below.
OK, I've found a solution to my problem.
One correction first to my original question:
I just found out that none of the other devices on the network will actually be used for purchasing on the website, so the iPads are the only two devices that will enter the checkout.
Knowing this now, I am able to target the public IP of the network. I've done this using two scripts, one in an external PHP file (our server isn't setup to run PHP in HTML files) and one in an external JavaScript file (easier management as there are multiple versions of the checkout page, so if I need to change the discount code I just have to update the JS file.)
PHP file:
// Declare content as JavaScript
Header("content-type: application/x-javascript");
// Declare variables for IP adress requests
$http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
$http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remote_addr = $_SERVER['REMOTE_ADDR'];
// Request for most accurate IP address
if (!empty($http_client_ip)) {
$ip_address = $http_client_ip;
} else if (!empty($http_x_forwarded_for)) {
$ip_address = $http_x_forwarded_for;
} else {
$ip_address = $remote_addr;
}
// Add results to array - multiple IP addresses may be returned
$list = explode(',', $ip_address, 2);
// Write the first IP address in array as JavaScript
echo 'document.write(\'<div class="myIP" style="display:none;">' . $list[0] . '</div>\')';
JS file:
// Array of allowed IP addresses
var allowedIP = ['x.x.x.x'];
// Coupon code
var couponCode = "CODE001";
// Run script when page is loaded
$(document).ready(function () {
// Get device IP from 'myIP' div loaded by php
var ipAddress = $('.myIP').text();
// Check if device IP matches any of the IPs in the Allowed array
for (var i = 0; i<allowedIP.length;i++) {
if (ipAddress == allowedIP[i]) {
// If it matches, write to console
console.log("Your external IP is allowed");
// Add coupon code to input field
$('input[name="coupon"]').val(couponCode);
} else {
// If it does not match, write to console
console.log("Sorry buddy, you're not on the list.");
}
};
});
Our lab recently got an Agilent Bravo pipetting robot (it precisely dispenses tiny quantities of liquid for doing rapidly doing many biology or chemistry experiments). Apparently the glue language for extending the software that controls the robot is Javascript! I know, right?
Anyway, for the robot to be useful, we have to be able to retrieve information about the samples it's handling but every example I can find for sending queries in Javascript depends on PHP and usually the assumption that the script is running in a web-browser.
Is there some way to wrap a command-line mysql or is there already some library or utility that does this? The OS we're running is Windows 7.
Wow, thanks for the quick and useful answers.
In addition, I found a platform-specific answer: http://www.velocity11.com/techdocs/helpsystem/vworks_ug/usingjavascriptinvworks.html
Long story short, VWorks (control software for Agilent's equipment) has a run() global function that does exactly that. But, the above answers are probably more useful to this site than my own is, because they are relevant to a broader range of problems, so thanks again.
"sending queries in Javascript depends on PHP"
no it doesn't.
Just send retreive data(json) using ajax, I'd use http://api.jquery.com/jQuery.ajax/.
Yes, you can use ADO with Javascript on Windows to access various data sources. Search for "jscript ado" and you will get lots of information on this, e.g.:
// path to database
var DBpath="\\\\Server\\Path\\myDB.mdb"
// set up a few object constants
var adLockReadOnly=1
var adOpenForwardOnly=0
var adCmdText=1
// create and open a new connection (MSAccess)
var cnn=new ActiveXObject("ADODB.connection")
cnn.Provider = "Microsoft.Jet.OLEDB.4.0;Data Source=" + DBpath
try
{
cnn.open
}
catch(err)
{
// could not open connection
// view details in err.Description and err.Number
return 0
}
//open a read only recordset
var rs = new ActiveXObject("ADODB.Recordset")
try
{
rs.Open("Select * from myTable", cnn, adOpenForwardOnly, adLockReadOnly)
}
catch(err)
{
// could not open recordset
return 0
}
while(!rs.EOF)
{
// do something
rs.movenext
}
rs.close
Update:
According to info here, you can develop plugins using Visual Studio/C#. Maybe that is of some use? You could write a plugin to send the data somewhere...