How to protect your authorship when trapped in "collaboration"?

As Martin suggests, I'll write my comment as an answer. We know by Bolzano-Weierstraß that every finite dimensional normed space is locally compact as its closed and bounded subsets are compact.

Interestingly enough is the converse also true. A locally compact normed space is finite dimensional. To see this we use the Riesz' lemma: If $X$ is a normed space, $U \subsetneq X$ a closed subspace, $\delta > 0$, then there is a $x \in X$ with $d(x,U) > 1- \delta$ and $\|x\| = 1$. If now $X$ is infinite dimensional we let $U_0 = \{0\}$ and choose by induction $x_n \in S_X$ (i. e. $\|x_n\| = 1$) with $d(x_n, U_{n-1}) > \frac 12$ and let $U_n := \mathrm{span}\,\{x_1, \ldots, x_n\}$. We can do so as $U_n$ is finite dimensional for every $n$ and such a closed proper subspace of $X$. Now $(x_n)$ is a sequence in $B_X$ with $\|x_n - x_m\| > \frac 12$ for $n \ne m$, hence has no convergent subsequence. If $X$ were locally compact, $0$ would have a compact nbhd $V$. We could choose $\epsilon > 0$ with $\epsilon B_X \subseteq V$. But $\epsilon B_X$ and hence $V$ contains a sequence without a convergent subsequence, so $V$ cannot be compact.

So a normed space is locally compact iff it is finite dimensional. This also holds for Hausdorff topological vector spaces, as you can see in this blog post by Terence Tao.


Lots of potential problems here.

First, you're using PHP, and it's hard to do things correctly (like avoiding SQL injection, encrypting securely, etc.) in PHP. It's not impossible, by any means, but it's unreasonably difficult.

Second, as a commenter pointed out, you're hashing a password with SHA256 to generate the key. This is bad. Use a proper PBKDF, like bcrypt.

Third, you're using the 256-byte block-size version of Rijndael, which is just odd. Don't, like so many others have before you, confuse this with AES-256.

Fourth, don't encrypt the data directly with the derived key. Encrypt it with a data encryption key which is securely randomly generated, and which then in turn is protected with the user's password derived key. This way the user can change their master encryption password without you then having to synchronously decrypt all of their passwords with the old key, and re-encrypt them with the new key. You only need to re-encrypt the data-encryption-key with the key-encryption-key.

Fifth, logging, rate-limited, IDS. You need to have a system in place to dampen attacks, and let you know when their happening.

That's enough for now. I'm sure there are many more pitfalls...This is just a list from my initial glance. I would strongly encourage you to abandon this project entirely, and look for an existing, reasonably well proven solution like 1Password for Teams, or something along those lines instead. Building a system like this is fraught with danger, and the code sample you provided indicates to me that you probably do not yet have the knowledge required to accomplish it with any reasonable level of confidence in its security. And that's not a knock against you...These are simply incredible difficult systems to build securely, and someone attempting to do it for the first time without guidance beyond what the Internet can provide, won't.


I've had this issue before and when it occurred, the system logs of the affected Mac seemed to indicate that there were filesystem journal errors on the Time Machine drive.

My Time Machine drive is mounted remotely via an Airport Extreme to simulate a Time Capsule, and it is used by several Macs. All the other Macs were still backing up fine, so rather than connecting the drive directly to a Mac and doing a Disk Utility diagnosis and repair, I just mounted the Time Capsule drive from another Mac, deleted the backup sparse bundle from it and then removed the disk from the Time Machine preferences on the affected Mac.

I then added the drive back again and it all worked.

Tags:

Collaboration

Publications

Authorship

Interpersonal Issues

Group Dynamics

Related

Git repo in shared folder or multiple cloned repos in each researcher individual folder for collaborative data analysis? Graduate student salary increase only for new students What is the expected time commitment for a part time Research Master's Program? How much do teaching responsibilities hinder a researcher at a small university? I'm about to tell my advisor I want to leave my PhD. Do I mention this when scheduling a meeting or do I drop a bombshell while there in person? What should I do when my work has been published by my supervisor without my knowledge? What undergraduate work stays on a CV once you start graduate school? A quote that one has to be rich to engage in science? How to choose keywords for papers? Obtaining feedback from supervisors Unclear terms: Statement of Purpose, Academic Statement and Personal Statement Do other countries have a oral exam system similar to French “colles”?

Recent Posts