Friday, April 30, 2021

Elementary OS 6 beta

Developers and testers, it’s the day you’ve been waiting for: elementary OS 6 Beta is available now! We first started talking publicly about elementary OS 6 in August of last year. In the time since, we’ve been hard at work tackling the ambitious scope of work we laid out for ourselves while also dealing with the fallout of a global pandemic, travel restrictions, and loss in our own circles of family and friends.

Despite all of that, we’re proud of the work we’ve done and are excited to get it into the hands of developers and testers as we work to complete the stable release.

What’s a beta?

Before we get into what’s new, a refresher on what “beta” means. There are generally three phases of development of elementary OS:

Early Access
Beta
Release Candidate

Early Access builds are considered “bleeding edge,” use the daily repositories, and are made available as soon as possible without the standard human testing process that goes into stable builds. In the case of elementary OS 6, we started building Early Access builds all the way back in August, 2020. Sponsors of elementary have had access since then, but we do not recommend anyone uses Early Access builds on their day-to-day computer as there are frequently breaking issues due to the nature of early development. Because they use the daily repos, it is not possible to cleanly upgrade from Early Access builds to the stable release.

Beta releases are a snapshot of Early Access builds once the developer platform has stabilized. At this point, we invite app developers to begin building and testing their apps on elementary OS. They’re still built on the daily repos, so we still caution against using beta releases as your daily driver, and it is still not possible to cleanly upgrade to the stable release. But things should be more stable—especially around developer-facing APIs. You are here.

Release Candidates are what they sound like: candidates for the stable release. These are built on the stable repositories, benefiting from the more rigorous human testing that goes into stable releases. At this point, we consider the release “complete,” and any further work is finding and fixing remaining bugs before the stable release.

Once we are comfortable with the state of the latest Release Candidate, we promote it to the stable release.

What’s new?

Lucky for developers, we’ve been detailing the changes in elementary OS 6 since August of last year. To start, you might want to check out the very first blog post about elementary OS 6, where we highlight what’s to come:

But here’s a recap for you all in one place, as well as links to more detailed individual blog posts if you missed them.

Platform Changes

There is a lot new under the hood in elementary OS 6 that developers should be aware of. The new screen shield brings continued audio playback even when the display has gone to sleep, enabling new use cases for your apps. We’ve completely revamped the notifications system with a new notifications server and a refreshed design; make sure your apps’ notifications are showing properly on elementary OS 6, and please send feedback if something isn’t working as you’d expect.

We’re including LibHandy in elementary OS 6; we encourage app developers to check it out and look at the first-party apps on elementary OS 6 to see how we’re using it. In particular, replacing Gtk.Stack with Hdy.Deck will enable multi-touch swipe gestures for navigation, while Hdy.Carousel is great for pagination while also supporting multi-touch swipes. There are also new avatars with Hdy.Avatars, Hdy.Window enables rounded bottom corners and easy window dragging from any widget, and Handy includes a few layout helpers to make it easier to adapt your app’s interface across small to large displays.

We’ve added several new widgets, utilities and constants to Granite, our GTK companion library. Granite.Dialog is a big one that simplifies creating dialogs following the elementary HIG. Granite.SwitchModelButton simplifies adding switches to Gtk.Popover menus, as seen in Terminal and Camera. Granite.ValidatedEntry brings client-side validation to user inputs—we’d love feedback about how you’re validating entries in forms so we can make that experience easier in future updates as well. TOOLTIP_SECONDARY_TEXT_MARKUP is a constant for adding a smaller second line to Gtk.Tooltips, as seen in the new Panel indicator tooltips. STYLE_CLASS_SMALL_LABEL enables smaller Gtk.Labels without having to use Pango markup. STYLE_CLASS_WARMTH and STYLE_CLASS_TEMPERATURE are new constants for scales, as seen in the editor in Photos. STYLE_CLASS_DEFAULT_DECORATION is a new constant for slim header bars. TRANSITION_DURATION_OPEN and TRANSITION_DURATION_CLOSE are new constants for use in GTK animations to ensure consistency throughout the system. There have also been a number of deprecations and removals, so be sure to build, test, and update your apps for Granite 6.0 and elementary OS 6.

A major shift for elementary OS 6 is the inclusion of Flatpak apps out of the box, as well as an entirely Flatpak-based AppCenter ecosystem. We’ve created and are shipping a Flatpak platform and SDK that include all of the FreeDesktop, GNOME, and elementary libraries and technologies your apps will need to be built as a Flatpak—think of the platform as the elementary OS base in Flatpak form. We’ve updated the relevant developer docs to include information about packaging your app as a Flatpak.

If you already have an app on AppCenter or are developing one for elementary OS 6, we highly encourage you to familiarize yourself with writing a Flatpak manifest and testing your app as a Flatpak, as all AppCenter apps in elementary OS 6 and beyond will be built as Flatpaks. The publishing flow for Flatpak apps in AppCenter is not yet open, but will be by the time elementary OS 6 is released; hang tight, get familiarized with it locally, and we’ll provide more information here on the blog when it’s ready. We’ll be sprinting on this early next month, so it shouldn’t be too long before you hear more.

We’ve also been hard at work refreshing the Human Interface Guidelines for elementary OS 6; first, we’ve moved them to a new Gitbook-powered docs site alongside the developer documentation, creating a much more cohesive and better-organized one-stop-shop for all your docs. We’ve also been updating the HIG to better address questions, remove deprecated patterns, and add new widgets and patterns for elementary OS 6. Give it a fresh read-through, or search for the specific answers you’re looking for! If there’s something you feel is missing, please file an issue against the new standalone HIG repo on GitHub, and we can discuss and address it there.

Look & Feel

elementary OS 6 is coming with an all-new system stylesheet that retains the essential feel of elementary OS while honing in on the use of elevation and shadow—all while enabling great new user-facing features like system-wide accent colors and a dark style preference. We’ve also refreshed typography, unifying on the Inter typeface in various weights. App developers, be sure to test your apps against the new stylesheet and typography to ensure your app looks and feels as good as possible—and consistent with our first-party apps.

If you run into stylesheet issues as a developer, please file an issue on the stylesheet repo before trying to work around things with custom CSS; it’s possible we missed some pattern you and other developers rely on. We also welcome feedback in general about anything you’re using custom CSS for that we could upstream to make available to all apps.

And as we’ve been teasing quite a bit, elementary OS 6 introduces a dark style preference for the first time. Importantly, this is opt-in for app developers; by default, your app will behave the same as in previous versions of elementary OS, using the light or dark variant of the stylesheet—whichever it requests. But in elementary OS 6, your app can bind to Granite.Settings.ColorScheme to respond to the user’s preference, e.g. by requesting the dark stylesheet variant and providing alternate in-app styles. For most apps, we recommend just going along with the user’s preference by default—but if your app has a specialized use or multiple color schemes, you should start considering how your app will respond to the user’s preference.

At this point in the beta, more complex developer-facing apps like Code and Terminal do not yet interact with the dark style preference; they retain their in-app color scheme settings. This may change before the final release of elementary OS 6.

New & Updated Apps, Other User-facing Features

While we’ll save the full rundown of new features for the stable release blog post, we do have some new apps and features that we’d love beta tester feedback on.

Mail has been completely rewritten; instead of relying on the custom Geary mail back-end, it now uses the system’s Evolution Data Server which brings much wider mail server compatibility. Tasks is a new app that also talks to Evolution Data Server, enabling seeing and synchronizing your to-dos to various services. Currently, setting an account up requires installing Evolution from the Ubuntu repos (e.g. with sudo apt install evolution) and configuring your account there; for the stable release this will be set up in Online Accounts settings, but that work is not yet complete.

Files has a rewritten sidebar and—after a lot of testing and user feedback—a new navigation mode: single-click to navigate within the app with a double click to open files in their default app. Files has always been single-click to open, but this new hybrid approach strikes a balance between fast, consistent navigation while avoiding accidental opens of large files.

We’ve also redesigned a few System Settings views, and welcome feedback about them: Desktop has gotten a lot of attention to the Appearance tab with the new dark style preferences, accent colors, and dyslexia-friendly text setting. The Hot Corners tab has also been renamed to Multitasking with the addition of toggles for moving windows to a new workspace when entering fullscreen or maximizing. New gestures preferences have been added to Mouse & Touchpad settings. And the “About” view in System Settings has been renamed “System” and completely redesigned with the important addition displaying and updating device firmware with fwupd and the Linux Vendor Firmware Service.

The new installer for elementary OS is finally here and brings much faster and more straightforward installs for both end users and OEMs. This is an area we would appreciate a lot of testing across different hardware and configurations, so if you are able to spare a non-primary machine for elementary OS testing, start by installing it!

Providing Feedback

A major part of the beta process is having people test these changes and report back! If you have feedback regarding and of the user-facing changes or notice any regressions in functionality, stability, etc. please file an issue.

The best way to do so is via the built-in Feedback tool in elementary OS 6: search “feedback” in the Applications Menu, or head to System Settings → System → Send Feedback. The Feedback tool will help you determine which component is affected, and open its GitHub issues page in your web browser where you can check for an existing issue and report it if it’s indeed new.

Otherwise, you can always head to the elementary GitHub organization and search for the proper component there. Double-check the README on the repository you choose before filing an issue to make sure it’s the right component, and please always use the provided issue templates; it significantly cuts down on the time required for us to confirm, triage, and ultimately address reported issues.

Release Schedule

At this stage of development, we don’t have a release date set for elementary OS 6; that will come once we receive and address beta feedback from users and early testers. We do expect a second beta release and at least one Release Candidate before the stable release. As has been the case throughout all of the development of elementary OS 6, you can follow along on the public project board to get a sense of the outstanding tasks and our progress—or where you can pitch in!

Also note that the experimental Early Access builds for ARM-based devices like Pinebook Pro and Raspberry Pi are currently paused; with the move to Flatpak for some core apps, we’ll need to sort out an ARM-based Flatpak build infrastructure before they can resume.

Get It

If you’re an app developer or eager tester, you can get elementary OS 6 Beta for 64-bit AMD/Intel today from our builds site. While Early Access builds are limited to GitHub Sponsors, beta releases are being made available to the general public in the interest of wider testing and app development.

Disclaimer & Known Issues

As with any pre-release software, there are are some known issues in this first beta release. Check the public project board for known regressions, as well as the progress towards the stable release. And as always:

We do not recommend using beta builds on your primary device, as irrecoverable crashes and data loss are possible.
It will not be possible to upgrade to the stable release from beta builds.
Several user-facing features are unfinished and in rapid development; beta releases are intended for developers.

from Hacker News https://ift.tt/3u7EBYI

So I finally sorted out what happened to my brain

So I finally sorted out what happened to my brain.

I, quite literally, hacked so much, for so long, and without enough breaks...

...that I burned all the glucose out of my brain & gave myself seizures.

___
⬇️ A thread on a very real & physical occupational hazard for infosec.
— Tinker (@TinkerSec) April 30, 2021

from Hacker News https://twitter.com/TinkerSec/status/1388107620574171140

India’s second wave of covid-19 feels nothing like its first

Comments

from Hacker News https://ift.tt/3vxBx8y

Redbean/0.4

/.ape                                    2021-04-24 19:38:27 PDT  100644  21%      704  
/.init.lua                               2021-04-24 16:57:49 PDT  100644  43%      470  
/.reload.lua                             2021-04-17 20:02:40 PDT  100644   8%       63  
/hello.lua                               2021-04-24 16:35:10 PDT  100644  n/a       25  
/redbean.lua                             2021-04-24 16:21:42 PDT  100644  73%   11,533  <-- check out this lua server page
/404.html                                2021-04-20 08:52:44 PDT  100644  62%      506  
/favicon.ico                             2021-04-18 09:50:17 PDT  100644  64%   16,958  
/redbean.png                             2021-04-17 20:02:40 PDT  100644  n/a    5,073  
/redbean-form.lua                        2021-04-23 09:41:14 PDT  100644  66%    1,686  
/redbean-xhr.lua                         2021-04-18 09:50:17 PDT  100644  34%      192  
/seekable.txt                            2021-04-20 18:19:43 PDT  100644  n/a       52  Uncompressed for HTTP Range requests
/tool/net/                               2021-04-24 19:38:18 PDT  040755  n/a        0  
/tool/net/demo/                          2021-04-24 18:15:38 PDT  040755  n/a        0  
/tool/net/demo/index.html                2021-04-18 10:02:22 PDT  100644  43%      897  
/tool/net/demo/redbean.css               2021-04-18 10:03:07 PDT  100644  50%      426  
/tool/net/redbean.c                      2021-04-24 19:38:18 PDT  100644  76%  132,824  
/net/http/parsehttprequest.c             2021-04-24 13:49:38 PDT  100644  67%    8,116  
/net/http/parseurl.c                     2021-04-22 05:25:14 PDT  100644  73%   13,027  
/net/http/encodeurl.c                    2021-04-23 03:41:18 PDT  100644  68%    4,726  
/test/net/http/parsehttprequest_test.c   2021-04-24 13:49:41 PDT  100644  81%   14,274  
/test/net/http/parseurl_test.c           2021-04-23 08:02:23 PDT  100644  83%   21,349  
/virtualbean.justine.lol/                2021-04-24 19:38:27 PDT  040755  n/a        0  
/virtualbean.justine.lol/index.html      2021-04-24 19:38:27 PDT  100644  38%      254  Go to http://virtualbean.justine.lol
/virtualbean.justine.lol/redbean.png     2021-04-24 19:38:27 PDT  100644  n/a    5,073

from Hacker News https://ift.tt/3u2IT3v

What Is Constructor Theory?

Now, given any particular task, such as {3→4}, the constructor is capable of performing this task if, whenever given the substrates in the input attributes, it changes them to having the output attributes. By the way, as we said, the constructor itself must not have any net change over the course of the process: it ends up back where it started.

We don’t care what happens when the constructor is given a substrate with a different attribute than the allowed input ones. For instance, a constructor for a task on the die, e.g. {3→4}, when given a non-allowed input, such as a die whose upturned face is 6, may produce anything in output – even destroy it, or turn it into a garden gnome.

from Hacker News https://ift.tt/3ta90UO

P&G Flocculant/Disinfectant Powder

A P&G™ sachet (Proctor & Gamble)

The Procter & Gamble Company developed P&G Purifier of Water™ in conjunction with the Centers for Disease Control and Prevention (CDC). P&G™ sachets are now centrally produced in Pakistan, and sold to non-governmental organizations (NGOs) worldwide at a cost of 3.5 US cents per sachet. The P&G™ product is a small sachet containing powdered ferric sulfate (a flocculant) and calcium hypochlorite (a disinfectant). P&G™ was designed to reverse-engineer a water treatment plant, incorporating the multiple barrier processes of removal of particles and disinfection. To treat water with P&G™, users open the sachet, add the contents to an open bucket containing 10 liters of water, stir for 5 minutes, let the solids settle to the bottom of the bucket, strain the water through a cotton cloth into a second container, and wait 20 minutes for the hypochlorite to inactivate the microorganisms.

Lab Effectiveness, Field Effectiveness, and Health Impact

The flocculant/disinfectant powder P&G™ has been proven to remove the vast majority of bacteria, viruses, and protozoa, even in highly turbid waters. P&G™ has also been documented to reduce diarrheal disease from 90% to less than 16% incidence in five randomized, controlled health intervention studies. P&G™ also removes heavy metals—such as arsenic—and chemical contaminants—such as pesticides—from water. Studies showing the efficacy of P&G™ have been conducted for highly turbid water in the laboratory, in developing countries, in rural and urban areas, refugee camps, and include all age groups.

Benefits, Drawbacks, and Appropriateness

Process for PUR Purifier of Water system Proctor and Gamble

Process for P&G™ purifier of water system (Proctor & Gamble)

The benefits of Flocculant/Disinfectant Powder are:

Proven reduction of bacteria, viruses, and protozoa in water
Removal of heavy metals and chemicals
Increased free chlorine protection against contamination
Proven reduction of diarrheal disease
Visual improvement of water and acceptability
Transport of sachets easy
Long shelf life of sachets

The drawbacks of Flocculant/Disinfectant Powder are:

Multiple steps are necessary—requires training or demonstration
Requires a lot of equipment (2 buckets, cloth, and a stirrer)
The higher relative cost per liter of water treated

P&G™ is most appropriate in areas with a consistent supply chain for sachet resupply and in urban, rural, and emergency situations when educational messages can reach users to encourage correct and consistent use.

Implementation Examples

Woman with PUR sachets in Haiti, D. Lantagne, CDC

Woman with P&G™ sachets in Haiti (D. Lantagne, CDC)

Social marketing organizations, such as the NGO Population Services International, sell P&G™ sachets in multiple countries.

Local organizations use the socially marketed P&G™ sachets in their own programming to provide safe drinking water. In western Kenya, students in schools are taught how and why to use P&G™, and safe water clubs treat drinking water for all the students. Also in Kenya, HIV self-help groups sell P&G™ sachets and storage containers as an income-generating activity.

P&G™ sachets have been widely used to respond to emergencies – from the 2004 tsunami in Indonesia to flooding in Haiti to cholera epidemics in Africa. The Procter & Gamble Children’s Safe Drinking Water program has been given numerous awards, including the Ron Brown Presidential Award for Corporate Leadership in 2007, the EPA Children’s Health Excellence Award in 2007, the Grainger Challenge Bronze Award in 2007, and the Stockholm Industry Water Award in 2005.

Economics and Scalability

Turbid water in Kenya treated with PUR, G. Allgood, Proctor and Gamble

Turbid water in Kenya treated with P&G™ (G. Allgood, Proctor & Gamble)

Each sachet of P&G™ is provided to global emergency relief organizations or non-governmental organizations at a cost of 3.5 US cents, not including shipping from Pakistan by ocean container. Transport, distribution, education, and community motivation can add significantly to program costs. Sachets are generally sold at product cost recovery for 10 US cents each, for a cost of 1 US cent per liter treated. Currently, P&G™ projects operate either on partial cost recovery (charging the user only for the product, and subsidizing program costs with donor funds), or fully subsidized free distribution such as in emergency situations. Procter & Gamble sells the P&G™ sachets at cost, makes no profits on P&G™ sales, and donates programmatic funding to some projects.

References

Chiller TM, Mendoza CE, Lopez MB, Alvarez M, Hoekstra RM, Keswick BH, Luby SP. Reducing diarrhoea in Guatemalan children: randomized controlled trial of flocculant-disinfectant for drinking-water.External Bull World Health Organ. 2006; Jan 84(1):28-35.

Crump JA, Otieno PO, Slutsker L, Keswick BH, Rosen DH, Hoekstra RM, Vulule JM, Luby SP. Household based treatment of drinking water with flocculant-disinfectant for preventing diarrhoea in areas with turbid source water in rural western Kenya: cluster randomised controlled trial.External BMJ. 2005; Sep 3 331(7515):478.

Luby SP, Agboatwalla M, Painter J, Altar A, Billhimer W, Keswick B, Hoeskstra RM. Combining drinking water treatment and hand washing for diarrhea prevention, a cluster randomized controlled trial.External Trop Med Int Health. 2006; Apr 11(4):479-89.

Reller ME, Mendoza CE, Lopez MB, Alvarez M, Hoekstra RM, Olson CA, Baier KG, Keswick BH, Luby SP. A randomized controlled trial of household-based flocculant-disinfectant drinking water treatment for diarrhea prevention in rural Guatemala.External Am J Trop Med Hyg. 2003; Oct 69(4):411-9.

Doocy S, Burnham G. Point-of-use water treatment and diarrhea reduction in the emergency context: an effectiveness trial in Liberia.External Trop Med Int Health. 2006 Oct; 11(10):1542-52.

Additional Resources

For more information about flocculant/disinfection systems for developing countries visit:

from Hacker News https://ift.tt/3vzyOLO

Florida plans to fine social media for banning politicians

Last month, Steve DelBianco, NetChoice's chief executive, said while testifying against the bill: "Imagine if the government required a church to allow user-created comments or third-party advertisements promoting abortion on its social media page."

from Hacker News https://ift.tt/2R9GYvo

Disney gets special “theme park” exception to Florida’s anti-tech bill

Enlarge /
Florida Gov. Ron DeSantis in Miami on April 08, 2021.

Joe Raedle / Getty

Both houses of Florida's Republican-controlled legislature have passed new legislation banning social media companies from deplatforming political candidates or censoring large journalistic organizations. Gov. Ron DeSantis has expressed support for the bill and is expected to sign it into law.

Tech companies could be fined as much as $250,000 per day if they deplatform a statewide political candidate in the state. Critics argue that the bill is likely to be struck down as unconstitutional. That seems especially likely because the bill is broad and vaguely worded.

But at least one company won't have to worry about the legislation: Disney. A last-minute amendment to the bill provides that it doesn't apply to a "company that owns and operates a theme park or entertainment complex"—like Disney World.

In a Friday interview, Republican Rep. Blaise Ingoglia, a bill sponsor, said the exemption was passed to make sure that the Disney+ streaming service "isn’t caught up in this." The legislation applies to any service with more than 100 million users or at least $100 million in revenue. Disney+ has almost 100 million customers and far more than $100 million in annual revenue.

The bill focuses on conservative complaints about Big Tech

If you browse through the bill, it's easy to connect individual provisions to conservative complaints. Most obviously, many conservatives were outraged when Twitter and Facebook banned Donald Trump after the January 6 Capitol Riot.

The bill also prohibits social media platforms from censoring "journalistic enterprises," which are defined as an entity with more than 50,000 paid subscribers or 100,000 monthly active users. This rule may have been inspired by Facebook and Twitter's controversial decision to censor a New York Post story about Hunter Biden's emails.

The bill also regulates social media companies "shadow banning" users, a common conservative complaint. Sites must allow users to opt out of shadow banning and apply shadow-banning policies consistently. Social media services may not shadow ban political candidates or news sites.

The law prohibits "post-prioritization" of content related to candidates for public office. And the law defines post-prioritization to mean actions that "prioritize certain content or material ahead of, below, or in a more or less prominent position than others" in a newsfeed or "search results." Taken literally, this seems to suggest that a search engine couldn't rank results based on factors like relevance—at least not if they included a political candidate.

Get ready for constitutional challenges

Figuring out what these rules actually mean in practice will be tricky. Facebook uses a complicated algorithm to arrange the items in the News Feed because most users have enough friends that a strictly reverse-chronological news feed would be overwhelming.

If Facebook's algorithm decides that a picture of a friend's cat is more engaging than a post by a political campaign and shows that cat first, would that be an illegal act of "post-prioritization?" Taken literally, this seems to be what the law says. But that would mean Facebook had to dramatically re-design the News Feed.

Some critics argue that the very concept of the bill is unconstitutional—that deciding which content to publish, and in what order, are editorial decisions that are protected by the First Amendment. But even if you don't buy that argument—and at least one Supreme Court justice doesn't—the breadth and vagueness of Florida's legislation might make it vulnerable to a constitutional challenge.

In rare cases where the courts have upheld speech restrictions, they've generally required laws to be clearly written and "narrowly tailored" to address a compelling government interest. Even if the First Amendment allows some regulation of online moderation decisions, the Florida bill does not seem either clear or narrowly tailored.

from Hacker News https://ift.tt/3t7p89M

Diffie-Hellman for the layman

Diffie-Hellman for the Layman

Whitfield Diffie and Martin Hellman are researchers who invented a safe method to communicate a password. Their 1976 paper opens with the following:

WE STAND TODAY on the brink of a revolution in cryptography.

The development of computer controlled communication networks promises effortless and inexpensive contact between people or computers on opposite sides of the world, replacing most mail and many excursions with telecommunications. For many applications these contacts must be made secure against both eavesdropping and the injection of illegitimate messages. At present, however, the solution of security problems lags well behind other areas of communications technology. Contemporary cryptography is unable to meet the requirements, in that its use would impose such severe inconveniences on the system users, as to eliminate many of the benefits of teleprocessing.

Fast forward twenty five years. Their method is a key component of the Signal protocol, adopted by major Instant Messenger (IM) clients such as WhatsApp and Skype. Are we done? No, because relying solely on IMs to send confidential information has downsides. First, both sides have to have the same app installed. Second, sending large files is not what IMs are designed for.

Another problem is that these apps are black boxes to users. How can one know what the app does? When WhatsApp was pressured to leave a backdoor into the encryption, it said “no” but instead agreed to log and report all dubious communication before it is encrypted. How many other IMs do it too, yet have not revealed this fact to their users?

Dissatisfied with the available options for confidential communication, I have created an alternative. I have created a simple web tool which allows for two people to agree on a password. Once they have it, they can use it to encrypt subsequent communication using a variety of existing tools.

Let’s say you want to communicate confidentially with Bob. First, both of you open my web tool. Then, you email him your exchange code and he emails you back his exchange code. You paste each other’s exchange codes into the web tool, and behold: you have generated the same random password!

Next, you verify that both of you have indeed derived the same password, and for this you use the displayed Check digits. If the digits are the same, then the passwords are also the same. (These digits are not secret. For improved security, text them instead of emailing them.)

Here’s a video that demonstrates the process:

I did not “roll” my own. My web tool relies on built-in browser support for Diffie-Hellman exchange and all cryptographic operations. This is important, because web browser’s cryptographic facility is well tested by other web apps.

Whenever you use web apps for encryption, there is a danger that the hosting web server is stealing your confidential information through JavaScript backdoors. How can you know that I am not doing the same?

First, you can download the web page and run it directly from your computer. This means that any new backdoors injected into the web page would not be reflected in your local copy. Second, the page makes no network communication after it loads. You can verify this using browser’s built-in Network inspector. (If you do not know how to do it yourself, ask your nearest web developer to help you. It should not take more than five minutes of his time.)

from Hacker News https://ift.tt/2RcXgnq

SSD Makers Start Warning That Mining Products Like Chia Coin Will Void Warranty

A new trend in cryptocurrency mining is using SSDs for Chia Coins mining. And that can heavily affect the lifespan of an SSD. The first manufacturers now have started altering Warranty claims.

The mining of the Chia Coin cryptocurrency will cause significant wear and tear on SSDs, GALAX has issued a warning to customers:

“If users use our SSDs for mining/farming and other abnormal operations, the data writing volume is much higher than the standard for daily use, and the SSD will slow down or get damaged due to excessive data writing volume. Due to the tests carried out, the damages are qualitative according to the test results, and that is why according to the quality assurance standards of our SSDs, we have the right to refuse to provide warranty services. The right of final interpretation belongs to the company. "

With ChiaCoin, instead of solving equations, a miner's requirement is to store data on their storage devices. This is known as farming, rather than mining. The faster someone can store files, and the more quantity they can store, the higher the chance of getting their compensation from the network.

Chia Coin cryptocurrency is gaining great popularity in the Asia Pacific region, especially in China. Chia Coin extraction requires large amounts of free space in addition to executing many read and write operations. Here durability is as important as speed, which is why consumer SSDs are not the best choice for mini. Some Chinese manufacturers have announced SSDs and mining-specific storage devices that are currently in mass production and expected to be released soon, but they could just be normal products that only have a mining-friendly label.

Marvell invests in SSD maker Memoright -

01/03/2013 09:34 AM

Taiwanese industry sources told DigiTimes that Marvell Technology has made an investment in Taiwanese SSD maker Memoright to form a strategic alliance. The goal is to combine Marvell SSD controller IC...

WD acquires SSD maker SiliconSystems -

03/30/2009 03:28 PM

Western Digital is feeling the heat and has made an entry into the SSD market by acquiring SiliconSystems for $65 million in cash. This company supplies SSDs for the embedded systems market and will n...

Click here

to post a comment for this news story on the message forum.

from Hacker News https://ift.tt/3aNkx5Z

Legal documents from the Philippines government have been exposed online

For at least two months, some 345,000 sensitive court documents from the Office of the Solicitor General of the Philippines related to ongoing legal cases were made publicly available online and could have been accessed by anyone who knew where to look, according to the U.K. security company TurgenSec, which identified the data exposure. The firm says that the documents — which contained hundreds of instances of words like “rape,” “execution,” and “trafficking” — had been removed as of April 28, but some are still cached by Google’s search engine and can be found on the open web.

“It’s not like a traditional data breach that we disclose,” said a spokesperson for TurgenSec. “This one caught our eye because it seems that it might have broader ramifications.”

The spokesperson said they worried that information in the documents could affect ongoing court cases and might be used to identify witnesses or attempt to intimidate victims. The Solicitor General’s office is responsible for representing the government in any litigation that goes before the Philippine Supreme Court or Court of Appeals.

TurgenSec was alerted to the data exposure in February by a third-party whistleblower who downloaded the files and sent them to the security firm for examination. TurgenSec was unable to confirm whether anyone else had accessed or downloaded the data, but the spokesperson noted that it wouldn’t have been difficult for a state actor or open source investigator to do so. As part of a “responsible disclosure” procedure, the company reached out to the Solicitor General’s office twice in an attempt to alert them to the breach but received no response.

It’s not clear why the Philippine Solicitor General’s office and Department of Justice did not respond to TurgenSec, or why the documents were made private only recently. Rest of World reached out to the Philippine Department of Justice, which acknowledged the message but did not comment in time for publication. The website for the Solicitor General’s office was also hacked last December.

TurgenSec, which also runs Breaches.uk, a website that tracks data breaches, said that it chose not to sift through each document, in order to protect the privacy of the individuals named in them. But a keyword search suggests the files contain delicate information that should be kept private. The documents mention the word “rape” 774 times, “trafficking” 135 times, and “execution,” 437 times. Terms like “terrorist” or “terrorism” also appear in numerous instances, along with other words, such as “private,” “confidential,” “password,” “witness,” and “Duterte,” referring to Philippine President Rodrigo Duterte.

According to the TurgenSec spokesperson, the data wound up on the open web because of a misconfigured server, or when an administrator accidentally sets a set of documents to “public” rather than “private.”

“The fix takes literally 20 seconds,” said the TurgenSec spokesperson. “They should just be taking these really basic steps to protect their data.” Misconfigured servers are an extremely common mistake: In 2017, World Wrestling Entertainment made a similar error, exposing data from millions of its fans. Last year, TurgenSec also discovered that Virgin Media accidentally left a database public that linked a number of customers to pornography and other explicit websites.

The Philippine government has had trouble protecting the data of its citizens, even beyond the December breach. In 2016, a major breach of the Philippine Commission on Elections exposed information belonging to more than 55 million voters. When the Solicitor General’s website was hacked late last year, the culprits posted a message on the homepage reading “Stop blackmailing the NTC (National Telecommunications Commission)! Give ABS-CBN provisional authority!” according to the Philippine newspaper The Inquirer. The incident happened after the Solicitor General moved to revoke the broadcasting license for the television news broadcaster ABS-CBN, which has been critical of the Duterte administration. (The station lost the bid to renew its license in July of 2020, but its digital channels remain operational.)

“I wouldn’t be surprised if [the people responsible for defacing the Solicitor General’s website] hacked it using information from this data breach, which seems to have been public for quite a while,” said the TurgenSec spokesperson. “It has a bunch of plain-text passwords in there, along with other stuff that should not be public facing.”

from Hacker News https://ift.tt/3nBaztE

OpenBSD Version 6.9

Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!

OpenBSD/alpha:

If your machine can boot from CD, you can write install69.iso or cd69.iso to a CD and boot from it. Refer to INSTALL.alpha for more details.

OpenBSD/amd64:

If your machine can boot from CD, you can write install69.iso or cd69.iso to a CD and boot from it. You may need to adjust your BIOS options first.

If your machine can boot from USB, you can write install69.img or miniroot69.img to a USB stick and boot from it.

If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.amd64 document.

If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.

OpenBSD/arm64:

Write install69.img or miniroot69.img to a disk and boot from it after connecting to the serial console. Refer to INSTALL.arm64 for more details.

OpenBSD/armv7:

Write a system specific miniroot to an SD card and boot from it after connecting to the serial console. Refer to INSTALL.armv7 for more details.

OpenBSD/hppa:

Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.

OpenBSD/i386:

If your machine can boot from CD, you can write install69.iso or cd69.iso to a CD and boot from it. You may need to adjust your BIOS options first.

If your machine can boot from USB, you can write install69.img or miniroot69.img to a USB stick and boot from it.

If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.i386 document.

If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.

OpenBSD/landisk:

Write miniroot69.img to the start of the CF or disk, and boot normally.

OpenBSD/loongson:

Write miniroot69.img to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details.

OpenBSD/luna88k:

Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details.

OpenBSD/macppc:

Burn the image from a mirror site to a CDROM, and power on your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot.

Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /6.9/macppc/bsd.rd

OpenBSD/octeon:

After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details.

OpenBSD/powerpc64:

To install, write install69.img or miniroot69.img to a USB stick, plug it into the machine and choose the OpenBSD install menu item in Petitboot. Refer to the instructions in INSTALL.powerpc64 for more details.

OpenBSD/sgi:

To install, burn cd69.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from CD-ROM, and need a proper invocation from the PROM prompt. Refer to the instructions in INSTALL.sgi for more details.

If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your system type. Refer to the instructions in INSTALL.sgi for more details.

OpenBSD/sparc64:

Burn the image from a mirror site to a CDROM, boot from it, and type boot cdrom.

If this doesn't work, or if you don't have a CDROM drive, you can write floppy69.img or floppyB69.img (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

You can also write miniroot69.img to the swap partition on the disk and boot with boot disk:b.

If nothing works, you can boot over the network as described in INSTALL.sparc64.

Ports Tree

A ports tree archive is also provided. To extract:

# cd /usr
# tar xvfz /tmp/ports.tar.gz

Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. Rather, it is a set of notes meant to kickstart the user on the OpenBSD ports system.

The ports/ directory represents a CVS checkout of our ports. As with our complete source tree, our ports tree is available via AnonCVS. So, in order to keep up to date with the -stable branch, you must make the ports/ tree available on a read-write medium and update the tree with a command like:

# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_9

[Of course, you must replace the server name here with a nearby anoncvs server.]

Note that most ports are available as packages on our mirrors. Updated ports for the 6.9 release will be made available if problems arise.

If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know.

from Hacker News https://ift.tt/3eYvC7m

Researchers Demo Potential for Zero-Knowledge Proofs in Vulnerability Disclosure

Similarly Tagged Content

from Hacker News https://ift.tt/3ncDynq

Build a giant live scrolling tickertape display

Display live scrolling sports scores, crypto prices, or hot tweets on the side of your favorite newspaper building. All you need are some cheap pixel strips, an Uno, and a 5 volt power supply (I used a USB charger with the connector cut off).

Demo video and easy instructions below!

Introduction

What started out as a proof of concept for parallel processing on a microcontroller has become a 20-foot tall Angry Birds game, Star Wars Mouse Droid, EDC Music Festival Message Flag, a (student-built!) School Info Center, and so many more!

This ultimate update adds the #1 most requested feature – the ability to update the display in real time with live data over either USB or Bluetooth. That’s right – you can now have a Python program running on a Raspberry Pi that pulls bitcoin prices from the internet and displays them on the sign in real time. Happy now?

The code has also been completely reworked to be as simple and reliable as possible. Almost anyone should be able to understand and modify it.

Perfunctory Video

<span>VIDEO</span>

Features

Uses cheap and easy to buy pixel strips, and a ubiquitous Arduino Uno.
Display can be very long (100’s of feet) because it generates the pixel signals on the fly rather than using a frame buffer.
Easily fed with live data using the Arduino’s built-in serial port which shows up on whatever computer it is plugged into.
Can also be fed by any bluetooth device using a cheap and easy to buy HC-05 adapter (or anything else that has a 5 volt serial TX pin).
Includes 6 premade fonts and it is easy to edit those or make your own.
Easily editable code.

Hardware Setup Looks Like This

You do not need to use a breadboard to connect the ground wires – you can just twist them together.

You can connect the power supply to the same end of the strips that the Arduino is connected to if that is easier. In this case, the ground from the power supply is connected to both the Arduino and the strips.

Code drop

Full code here…

https://github.com/bigjosh/SimpleTickerTape

Instructions

1. Get 7 strips of pixels.

These can be Neopixels, WS2812B, WS2813, or SK6812. (All these use compatible protocol and timing)
You can get them from Amazon or Aliexpress or Adafruit or anyplace else.
I used the 60 LED per meter kind because they are cheap and text looks nice, but other kinds can be nice too depending on how you lay it out.
Strips can be as long as you want, basically limited by your ability to power them.
Code is written for RGB style pixels, but you can make it use RGBW by uncommenting a single line.
You can use either 5-volt or 12-volt pixel strings, just make sure your power supply matches (below).
You can use fewer strips if you want, but then you will have to edit the font to make it shorter.

2. Connect all of the “ground” pins from the strips to one or more of the ground pins on the Arduino.

It doesn’t matter which ground pin on the Arduino you use (there are 3).
If your strips have loose power wires coming out the end, you can twist all the black ones together and then connect those into the ground pin. Or you can use a grounding strip.
I used breadboard jumper wires because then I could plug them into a breadboard strip which was easy.

3. Connect each one of the “data in” pins from the strips to the corresponding digital pin on the Arduino, starting at Arduino pin 1 and going to Arduino pin 7.

The strip connected to Arduino pin 1 will be at the bottom of your display. The text flows away from the Arduino.
Again, I used some breadboard jumper wire, which is handy because you can stick it into the plugs from the strips and then stick it into the socket on the Arduino.
You can ignore the power pin on this end of the strip, and you can also ignore the “BI” pins if your strips have them like the WS2813 does).

4. Connect the strips to a DC power source.

Most strips use 5 volts, but some use 12 volts, you should know which kind you bought. They also will usually have either “5V” or “12V” printed on the strip. If you really have no idea, try one strip with a 5 volt supply first and see if it works.
Connect the power supply “positive” or “+” side to the red wires from the strips and the “negative” or “-” side to the black wires.
Do not connect the power wires backwards! This is the one way you can really break stuff and make smoke!
You can twist all the wires together, or use terminal bars to make connections if you are fancy.
You can use any power source that gives you enough amps to keep the strips lit up.
Strips use more power when the pixels are on brightly. If you only use less bright colors then you can get by with much smaller power supplies.
A 2 amp USB charger can power seven 1 meter long strips at the default color brightness.
If you are going to use really long strips, you can get a big power supply like this which can power a couple of thousand pixels, or you can use lots of smaller supplies connected at different points along the length of the strips (see video here). There is plenty of info on the internet about powering long strips of pixels!
For short strips running with very dim colors, you can even get away with powering the strips from the Arduino’s 5V pin, but people will get mad at you for doing this.
Lots more info on powering pixels over at AdaFruit.

5. Load up the `SimpleTickertape.ino` sketch into your Arduino.

You can do this by plugging the Arduino into a computer, running the Arduino IDE, and then copying/pasting the code from here, and clicking the run arrow () in the IDE. (It might be easier to copy the code if you click on the “Raw” button on the webpage.)
You should see a sample message scroll across your LED strips!
To maximize your chances of success, the program only drives the first 60 pixels and uses a not-so-bright red color. We can change these later once everything is working.
If you are using RGBW strips then you must make the edit below for them to work right.

6. Try typing your own text directly onto the tickertape from your computer!

Pick “Tools->Serial Monitor” from the Arduino IDE top menus.
Pick “No line ending” and “9600 baud” from the pickers on the bottom of the serial monitor window.
Type “Hello me!” in the input bar at the top of the window and press enter. You should see your message scroll onto the tickertape!

7. Edit the code for your own use.

Update the PIXEL_COUNT define at the top of the program to match how long each of your strings are.
Update the FRAME_DELAY define if you want to scroll faster (lower number) or slower (bigger number).
Update the COLOR_X defines to make a color you like. R,G, and B stand for red, green, and blue and each of these numbers can be 0-255. The bigger the number, the brighter the color. Start with low numbers since these pixels can be bright and setting bright colors can overtax your power supplies.
If you are using RGBW strips (these have an extra white LED in each pixel besides the red, green, and blue ones) then uncomment the COLOR_W line by deleting the two back slashes in front of it.
You can also change the font by turning 0‘s into 1‘s and vice versa. You can also make the font wider or skinnier if you want by changing the value of FONT_WIDTH and adding or removing lines from each character to match the new width. LMK if you make a cool new font or need help converting an existing font to this format (there are some hacked-up programs to help here).
Change the code to do whatever you want! Except for the part that actually sends out the pixels (which has to be really fast), the program should be pretty easy to understand and modify.

Bluetooth control

You can control your new ticker from your phone over bluetooth! You will need a bluetooth adapter like the HC-05, which you can get from Amazon for less than $10.

UPDATE: HC-05 will not work with iPhones, you need something like AT-09 which is about $5 on Amazon.

Connect it to the Arduino like this…

Then pair the HC-05 to your phone by pressing the button on it and then doing whatever you need to do on your phone to pair (lots of better instructions on how to do this on google).

Next you can test by getting a Bluetooth terminal program for your phone. I used Serial Bluetooth Terminal for Android, but you can use any program that sends serial data out the Bluetooth connection.

Sending SMS messages to the sign

To send incoming SMS messages to the sign from my Android, I used Tasker and Tasker Bluetooth Plugin which works amazingly well and can let you send pretty much anything you can imagine to the sign based off of apps running on the phone.

Write your own no-code app to control the sign

You can also very easily write your own phone apps to drive this sign with MIT’s App Inventor. Use the SendText action of the “Bluetooth Client” component to send whatever text you want to the sign. It work great and it is amazing how easy it is to make an app like this!

Driving the display from a computer

You can plug the Arduino into the USB port of almost any computer (Windows, OSX, Raspberry Pi) and it will appear as a serial port on that computer. Any text you send to that serial port will scroll onto the display.

Live typing

To make the display work like a giant typewriter, run an serial terminal program, set it to the correct serial port, and then set the speed to 9600 baud. Now start typing and it will instantly scroll onto the display! I used the free Kitty terminal program in the video.

Sending messages from a batch file/shell script/python program

You can easily send messages directly to the display from any batch file or shell script by just sending the text directly to the serial port that the UNO creates when it is plugged into the computer. You can then have the computer get data from websites and then put it on the screen, has it post messages whenever anything triggers an event on the computer.

Bitcoin Block Clock

To create the Bitcoin Block Clock in the video, I used the fact that the bitcoin-core program can be configured to call a batch file whenever something interesting happens. I had it call the following batch file to look up the height of the new block and send it to the display via the serial port…

echo bitcoin >com4
choice /D Y /T 1
echo block >com4
choice /D Y /T 2
echo height >com4
choice /D Y /T 2
D:\Documents\Programs\bitcoin\bitcoin-0.20.1\bin\bitcoin-cli.exe -datadir="D:\Documents\Programs\bitcoin\data" getblockcount >com4
choice /D Y /T 3
exit

This is for Windows, but you you are using Linux then you are enough of a geek to be able to figure out how to do the same thing with s BASH script on your own. Note that at some point after each boot you need to set the serial port baud rate suing something like mode com4:9600,n,8,1 (or stty -F /dev/ttyUSB0 9600 in Linux).

Note that you could do the same thing with walletnotify to have a message scroll anytime someone sends you some of that sweeet juicy crypto.

The tricky parts

The hardest part about this program is keeping up with the pixels. For old-skool WS2812B pixels you only have about 5 microseconds (us) between bits. If you wait any longer than that, the pixels will reset. It is hard enough to compute a new column of pixels every 5us, be we also have to be constantly checking and reading in any new data from the serial port. If we go too long without checking, some data will get lost and the display will get messed up. So how do we do all this?

A tiny bit of assembly code. This code actually sends the most timing sensitive parts of the WS2812B signal, and writing in assembly makes sure we can control exactly how long everything will take. Don’t worry, this code is *very* simple with only two instructions. The out instruction sends a byte out to the pins and the nop instruction just pauses for 62.5 nanoseconds. That’s it! Check it out here.
All interrupts off, all of the time. An interrupt literally interrupts the program and then goes and does something else for a bit and then goes back to what it was doing. This is normally very handy, but it is no good when you are trying to do timing sensitive stuff since when get interrupted, the code that was running gets stopped while the interrupt code runs. So for reliability and simplicity, here we just turn them off always and then never have to worry about them. The command that does ths is called cli() which stands for “clear interrupt flag”. The two main things that normally generate interrupts are the timer and the serial port. We are careful to never use the timer (stuff like millis()) because it will never update without interrupts. To get serial to work without interrupts, we need to use…
Polling mode serial receive. Polling means we keep obsessively checking to the if any new serial bytes have arrived. Normally a new byte would trigger an interrupt to read the new byte, but since we have no interrupts it is all on us to check. This seems wasteful and it does use up many more cycles than doing nothing until you get an interrupt, but with polling we get to pick *when* we check (and we pick moments when we have some free time) whereas with an interrupt it can happen almost any time. There is also additional overhead to calling an interrupt since it must remember what it was doing when the interrupt happened and then return back everything to the way it was afterwards.

FAQ

Q: How long can I make my ticker tape?!
A: The technical limit with the current 6 column wide font is [1000 characters in buffer] * [6 pixels per char] = 6,000 pixels. That’s 325 feet long with standard strips. In practice you will not want to make one this long because it will get too slow. It takes about 36 microseconds to transmit 1 pixel, so if you want to update at 20 steps per second (a brisk reading pace), that limits you to a maximum length of about 1,300 pixels, which is still about 75 feet long with standard 60 pixel/meter strips! If you need to go longer, it probably makes sense to put one or more additional Arduinos in the middle to speed things up. If you have a good reason to make such a humongous ticker then I’ll help you.

Q: Can I send text to the ticker from my phone over bluetooth!?
A: For sure! I picked 9600 baud as the default serial port speed because this is what the cheap (<$5 on Amazon!) and plentiful HC-05 bluetooth adapters run at out of the box. To use one, connect the HC-05 power pins to the 5V and GND pins on the Arduino and then connect the TX pin on the HC-05 to pin 0 on the Arduino. Next push the button to pair with your phone. Finally get a bluetooth serial app and start typing and it should end up on the tickertape!

Q: Can I send live info from the internet to my tickertape?
A: For sure! That’s the whole point! You just need to get the data you want and then send it as text out the serial port. With the Arduino attached to my windows computer via USB, I can make a batch file that send the text to the correct COM port (COM3 on my computer but you can check which on yours in the Arduino IDE) and prints it using a command like echo "This is the remix." >COM3. You can do similar things on a raspberry pi or OSX, check out the .

Q: How can I use this code on my [ANYTHING BUT AN ARDUINO UNO]?
A: Really the whole point of this project is that it uses an Uno. You can get it to run on some very closely related AVR-based Arduinos like the Micro and the Nano, but after that you should probably give up and find something meant for the board you have.

Q: Why is this better than just using a TEENSY?
A: The TEENSY is amazingly good at driving lots of pixels and if you have one and you know how to use it then you should use it! Otherwise, the UNO is nice for many people because (1) it is cheap and widely available around the world, (2) millions of people have experience with it, (3) it directly generates the 5V signals that all these pixels need so no buffers or converters are ever needed.

Q: Why does the bottom row of pixels go nuts when I download the sketch?
A: The Arduino digital pin 1 that we use to drive the bottom row of pixels also happens to be the UNO’s serial transmit pin. This is normally not a problem since our sketch never transmits anything, but when we download a new sketch the Arduino and the IDE do talk to each other over the serial port and this data is what makes the LEDs go nuts.

Q: Why do I see all kinds of garbage in serial monitor while I have it up?
A: We are using the RX pin (Pin 1) on the Arduino to drive a row of pixels, but the computer is also connected to the pin so it sees the WS2812B signals as very garbled serial data. It is OK no one will get hurt.

Q: My text is there but looks all janky. What gives?
A: The pixels can get messed up easy – especially WS2813 pixels and especially when the Arduino resets after a download since it turns off the pins connected to the pixels. The best thing to do is press and hold the reset button on the Arduino, turn off power to the pixels for maybe 10 seconds and then turn it back on, and finally release the reset button. This helps make sure the pixels don’t get confused by seeing noise from the the Arduino pins before they have turned on.

Q: Can I make it scroll in the opposite direction?
A: It is significantly harder since you have to send the data in order to the pixel strings, so you would have to compute ahead of time where to start sending. Not that much harder, but the current direction is easier and avoids needing a buffer.

Q: Is it possible to change the color of the text in real time – like even individual words?
A: Yes, I had a whole system where you could stick a #RRGGBB anywhere in the text to set the color. Unfortunately it was just a smidge too slow for some of the older, finicker pixels around. Worked great with all WS2813 pixel though since these have much longer timeouts. If you have the new pixels and really need this and can’t figure out how to do it yourself, LMK and I’ll give you some code.

Q: Can I pay you to build one for my yacht club’s big race event this Sunday?
A: the whole point of this project is to build it rather than buy it! I bet there is some bored 13 year old kid in your town who would love to build this for you if you buy all the parts for him.

Q: What if I only have 5 strings of pixels?
A: Check out this tiny little whiff of a font. Paste it into the Arduino sketch where indicated. Connect the strings to pins 2-6.

Q: I really want to be able to have bidirectional serial communication with my Arduino while it is scrolling.
A: You can do it! Use the above little font above to free up the Arduino’s TX pin, then use this command…
#define SERIAL_TX(c) do {while (!(UCSR0A&(1<<UDRE0))); SERIAL_TX_BLIND(c);} while (0)
…to write a char out the serial port.

Q: Can I change the baud rate of the serial port?
A: Yes, you can use any valid baud rate in the Serial.begin() line in the setup() function. Do not pick a baud rate that is too fast or you will start losing serial bytes, but really there is no reason to go any faster because 9600bd is much faster than anyone can read anyway. Slower is nice – set the baud rate to a speed you can comfortably read if you want to make sure the buffer never overflows.

Q: Can I edit the font or make my own font?
A: Yes! The font is defined where it says fontData and is designed to be very easy to edit directly in the program. You’ll see one section for each letter in the font, and then inside each letter there is one line like 0b00110000 for each column in that letter. If you look at them sideways and squint you should be able to see the letters pointing downwards. Here is the letter E, see it?…

Note that every letter must have the same number of columns, and that number is defined as FONT_WIDTH in the program. You should also leave the rightmost row as 0‘s if you are going to use the serial port since this bottom row of pixels would be connected to the same pin and the serial port. Please share any nice new fonts you make in the comments below!

There are also several nice fonts in the fonts directory that you can directly copy and paste into your program. Note that it is easier to copy them if you push the “raw” button on the github page for each font and then do “select all” + “copy” from your browser.

Q: Can I make my font 8 rows tall rather than 7 like all of yours?
A: Yes, but then you will need to use digital pin 0, which also happens to be the serial receive pin, so you will need to disable the serial port from using that pin by commenting out the Serial.begin() lin in the setup() function. Note that with no serial port, you will need to either generate all your text locally on the Arduino, or use a different kind or port like I2C or SPI to get your text into the Arduino.

Q: Can I make my font even taller than 8 rows?
A: Yes, you could in theory use all of the pins to drive LED strings and make a very tall font, but that would mean more complication. If you can live with just, say, 12 rows of pixels then everything works kind of nicely since digital pins 1-13 are all in a nice row on the side of the Arduino. If you really need to do this LMK and I’ll give some code.

Q: Why use an Uno? This would be so much easier with a TEENSY or something like that.
A: The Uno is cheap, well-known, and easily available almost everywhere. It is a scientifically proven fact that every person on Earth has at least three UNOs in a drawer somewhere.

Q: Where is the video of the giant Angry Birds game?!?
A: I want to see it again too! It was glorious! Sadly I’ve lost the link. If you’ve seen this project anywhere please LMK!

Q: How do I get interactive backspace to work like in the video?
A: Replace the appendToBuffer() function with this one…

void inline appendToBuffer( const byte b ) {

  if (b=='\b') {  // backspace
    if (buffer_len) {
      buffer_len--;
    }    
  } else  if ( buffer_len < BUFFER_SIZE ) {
    buffer[ buffer_len++ ] = b;
  }
  
}

Q: Should I use WS2812B, WS2813, or SK6812 pixels?
A: WS2812B are the originals so are usually the cheapest and easiest to get, and have a wide selection of different form factors. WS2813 and SK6812 are newer versions that have a longer reset time, which gives you more time to do work on the Arduino between transmitting pixels. If you are going to use my code unchanged then it doesn’t really matter, but if you want to experiment with adding new features like changing color in the middle of a message or being able to make letters blink, then the WS2813 will make that much easier. (There are other differences that do not really matter for this project)

Q: Should I use 5V or 12V pixels?
A: The 5V pixels are more common and easier and usually cheaper to get. If you want to make a really long display, then the 12V pixels can better better since there is less voltage drop for a given length, so you can have longer connects to the power supply and use potentially thinner wires. 12V is also handy if you are going to be powering from a car or a car battery.

Q: Would it be possible to use a variable width font?
A: Yes. Probably the easiest way would be put leading zeros in the font data at the beginning of any characters that are narrower than the font width, and then skip any leading zeros when sending columns to the pixels. The timing would be very tight on older WS2812B pixels, but no problem on newer pixels with longer reset times.

Q: Can I power the Arduino from the same power supply I use for the pixel strips?
A: Yes. If you have a 5V power supply then you can connect the “+” side directly to the “5V” pin and the “ground” side to any of the “GND” pins of the Arduino. If you are using a 12V power supply, then you can connect that to the barrel jack on the Arduino. If you don’t have a barrel connector, then you can also connect the +12V to the “vin” pin and the “ground” side to any of the “GND” pins on the Arduino.

Q: How do I make it scroll vertically like in the Block Clock demo?
A: Check out https://github.com/bigjosh/SimpleTickerTape/tree/main/VerticalTickertape.

Like this:

Like Loading...

from Hacker News https://ift.tt/3xzAQgK

Show HN: Serverless Python in 60 Seconds

Serverless Python Functions
in 60 seconds

from Hacker News https://lambdium.com/

Thursday, April 29, 2021

AFP issues search warrant following alleged dodgy tech support scheme

The Australian Federal Police (AFP) on Thursday revealed executing a search warrant at a premises in Wollongong, New South Wales, regarding an alleged fraudulent technical support business.

The AFP said the search warrant was executed following an investigation under Operation Rayko, which was focused on an Australian business that purports to offer genuine Microsoft technology support to Australian customers.

It alleged the business instead linked Australian victims to offshore scammers who would request remote access to their computers.

"Once the scammers had access to the computer, they would convince their victims to purchase new software to fix genuine computer issues," AFP said. "That software was outdated and sold at an inflated price."

AFP said while remotely accessing a victim's computer, the scammers deactivated antivirus software and other protection programs, and conducted further unauthorised remote access.

The company in question, AFP said, has a professional website, an Australian 1800 business number, and uses Microsoft logos to give its operations an air of legitimacy.

The AFP said it worked closely with Microsoft to gather information about the products being sold and offshore entities linked to the Australian business.

During the search, AFP investigators seized documents and electronic devices, which will be subject to analysis by AFP Cybercrime Operations. The investigation is ongoing and the AFP is not ruling out charges as a result of the search warrant activity, it said.

"Police are assessing evidence seized and will continue to work with Microsoft and IDCARE to determine how many Australian customers may have been affected by these types of scams," the AFP said.

AFP Commander Goldsmid took the opportunity to caution people to only download software from the Microsoft store or official Microsoft partner websites. He said the public needs to be aware of the risks associated with unlicensed businesses and carefully vet who they allow to access their computers.

"Be wary of downloading software from third-party sites, as some of them might be outdated or may have been modified to include malware and other threats," he said.

"In this instance the offending involved charging victims for products they didn't need, and products the business was not authorised to sell. However, the consequences can be much worse -- allowing scammers access to your computer may put you at risk of malware, computer viruses, or even the theft of your identification details and sensitive personal information via remote access that can occur without your knowledge."

Goldsmid said it's an important reminder of how scams have evolved.

"They're not as obvious as an email from a Nigerian prince anymore," he added. "Modern-day scammers are very technologically savvy and they will exploit victims' trust in respected institutions to gain a profit."

MORE FROM THE AFP

from Latest Topic for ZDNet in... https://ift.tt/2ReG6W9

Singapore-Thailand pact lets users send money cross-border via mobile number

Singapore and Thailand have inked a bilateral agreement that enables users in both nations to transfer funds using the recipient's mobile number. The pact taps the respective country's peer-to-peer payment systems and is part of a regional payment initiative to ease cross-border payments.

The new partnership helped establish connectivity between Singapore's PayNow and Thailand's PromptPay platforms, to enable fund transfers of up to SG$1,000 ($753.4) or THB25,000 ($793.96) using mobile numbers. Touted as the first of its kind globally, the deal was the result of "years of extensive collaboration" between the two countries' central banks, according to a joint statement released by the Monetary Authority of Singapore (MAS) and Bank of Thailand (BOT).

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Customers of participating banks in both countries would not be required to provide information such as the recipient's full name or bank account, needing only a mobile number to facilitate the cross-border payment. The service would work in the same way PayNow and PromptPay transfers were carried out, with senders tapping their mobile banking or payment apps to make peer-to-peer fund transfers.

Such transactions typically are completed within minutes, rather than an average of one to two working days for the usual cross-border remittance services.

Banks participating on both platforms had pledged to set their fees against market rates, according to MAS and BOT. "The fees will be affordably priced and transparently displayed to senders prior to confirming their transfers," they said. "Senders will also be able to view the applicable foreign exchange charges prior to sending their funds, with these rates benchmarked closely to prevailing market rates."

The connectivity between PayNow and PromptPay was part of efforts initiated under Asean Payment Connectivity, which was set up in 2019 to drive faster, cheaper, and more transparent cross-border payment pacts.

The new Singapore-Thailand digital payment deal would continue to expand to include more participants and offer bigger transfer limits to facilitate business transactions, both countries said.

BOT's governor Sethaput Suthiwartnarueput noted that PromptPay also supported QR-enabled cross-border payments with Japan, Lao PDR, Cambodia, and Vietnam. "Today's PayNow-PromptPay linkage...will effectively address customers' long-standing pain points in the area of cross-border transfers and remittances, including long transaction times and high costs," Suthiwartnarueput said.

MAS' managing director Ravi Menon added: "[The partnership] shows that existing payments infrastructure and the banking system have the potential to provide seamless cross-border payment options to retail customers.

"MAS' shared objective with BOT is to work with our Asean counterparts to expand this bilateral linkage into a network of linked retail payment systems across Asean. With the rise of the digital economy, we want to empower individuals and businesses in the region with simple, swift, and secure cross-border payments through just a few clicks on their mobile phones," Menon said.

RELATED COVERAGE

from Latest Topic for ZDNet in... https://ift.tt/3uc3B12

Microsoft finds memory allocation holes in range of IoT and industrial technology

The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead to malicious code execution.

Given the trendy vulnerability name of BadAlloc, the vulnerabilities are related to not properly validating input, which leads to heap overflows, and can eventually end at code execution.

"All of these vulnerabilities stem from the usage of vulnerable memory functions such as malloc, calloc, realloc, memalign, valloc, pvalloc, and more," the research team wrote in a blog post.

The use of these functions gets problematic when passed external input that can cause an integer overflow or wraparound as values to the functions.

"The concept is as follows: When sending this value, the returned outcome is a freshly allocated memory buffer," the team said.

"While the size of the allocated memory remains small due to the wraparound, the payload associated with the memory allocation exceeds the actual allocated buffer, resulting in a heap overflow. This heap overflow enables an attacker to execute malicious code on the target device."

Microsoft said it worked with the US Department of Homeland Security to alert the impacted vendors and patch the vulnerabilities.

The list of affected products in the advisory includes devices from Google Cloud, Arm, Amazon, Red Hat, Texas Instruments, and Samsung Tizen. CVSS v3 scores range from 3.2 in the case of Tizen to 9.8 for Red Hat newlib prior to version 4.

As with most vulnerabilities, Microsoft's primary piece of advice is to patch the affected products, but with the possibility of industrial equipment being hard to update, Redmond suggests disconnecting devices from the internet if possible or putting them behind a VPN with 2FA authentication, have a form of network security and monitoring to detect behavioural indicators of compromise, and use network segmentation to protect critical assets.

"Network segmentation is important for zero trust because it limits the attacker's ability to move laterally and compromise your crown jewel assets, after the initial intrusion," the team wrote.

"In particular, IoT devices and OT networks should be isolated from corporate IT networks using firewalls."

Related Coverage

from Latest Topic for ZDNet in... https://ift.tt/3u7XRVM

Shipping Containers Plunge Overboard as Supply Race Raises Risks

Containers piled high on giant vessels carrying everything from car tires to smartphones are toppling over at an alarming rate, sending millions of dollars of cargo sinking to the bottom of the ocean as pressure to speed deliveries raises the risk of safety errors.

The shipping industry is seeing the biggest spike in lost containers in seven years. More than 3,000 boxes dropped into the sea last year, and more than 1,000 have fallen overboard so far in 2021. The accidents are disrupting supply chains for hundreds of U.S. retailers and manufacturers such as Amazon and Tesla.

There are a host of reasons for the sudden rise in accidents. Weather is getting more unpredictable, while ships are growing bigger, allowing for containers to be stacked higher than ever before. But greatly exacerbating the situation is a surge in e-commerce after consumer demand exploded during the pandemic, increasing the urgency for shipping lines to deliver products as quickly as possible.

“The increased movement of containers means that these very large containerships are much closer to full capacity than in the past,” said Clive Reed, founder of Reed Marine Maritime Casualty Management Consultancy. “There is commercial pressure on the ships to arrive on time and consequently make more voyages.”

After gale-force winds and large waves buffeted the 364-meter One Apus in November, causing the loss of more than 1,800 containers, footage showed thousands of steel boxes strewn like Lego pieces onboard, some torn to metal shreds. The incident was the worst since 2013, when the MOL Comfort broke in two and sank with its entire cargo of 4,293 containers into the Indian Ocean.

In January, the Maersk Essen lost about 750 boxes while sailing from Xiamen, China, to Los Angeles. A month later, 260 containers fell off the Maersk Eindhoven when it lost power in heavy seas.

A worker walks towards the One Apus container ship, berthed at the Kobe Port in Hyogo, Japan, on Thursday, Dec. 10, 2020. The vessel, managed by NYK Shipmanagement Pte, suffered a massive stack collapse and lost 1,816 containers – 64 of which are classified as dangerous goods – at sea due to severe weather on Nov. 30 while it was en route from Yantian, China to Long Beach, U.S.

The need for speed is creating precarious conditions that can quickly bring disaster, according to shipping experts. The dangers range from stevedores incorrectly locking boxes on top of one another to captains not deviating from a storm to save on fuel and time as they face pressure from charterers, they said. One wrong move can put cargoes and crew at risk.

The chances for mishaps are increasing as exhausted seafarers face deteriorating conditions during the pandemic. Allianz Global Corporate & Specialty estimates that human error contributes to at least three-quarters of shipping industry accidents and fatalities.

Almost all the recent incidents have occurred in the Pacific Ocean, a region where the busiest traffic and the worst weather collide. The sea route connecting Asia’s economies to consumers in North America was the most lucrative for shipping companies last year. China’s exports have gone on a tear as the pandemic fuels demand for all the stuff people need to work, learn and entertain from home.

The journey has always been rough, but it’s become more perilous due to changing weather patterns. The rise in traffic from China to the U.S. this past winter coincided with the strongest winds over the Northern Pacific since 1948, increasing the likelihood of rougher seas and bigger waves, said Todd Crawford, chief meteorologist at The Weather Company.

With 226 million container boxes shipped each year, the loss of 1,000 or more can seem like — well — a drop in the ocean. “That’s a very small percentage lost,” said Jacob Damgaard, associate director of loss prevention at Britannia P&I at a conference in Singapore on April 23. “But it’s almost 60% of the monetary value of all container incidents.”

Dislodged containers on the One Apus container ship, berthed at the Kobe Port in Hyogo, Japan, on Thursday, Dec. 10, 2020. The vessel, managed by NYK Shipmanagement Pte, suffered a massive stack collapse and lost 1,816 containers – 64 of which are classified as dangerous goods – at sea due to severe weather on Nov. 30 while it was en route from Yantian, China to Long Beach, U.S.

At an average of $50,000 per box, the One Apus was estimated to have lost $90 million in cargo alone, the highest in recent history, according to Jai Sharma, a partner at maritime law firm Clyde & Co. in London. Losses so far this year have totaled an estimated $54.5 million, Bloomberg data show.

The issue is also gaining attention as last month’s grounding of the 400-meter vessel Ever Given in the Suez Canal threw a spotlight on the vulnerability of the shipping industry. The mega ship blocked traffic through the vital waterway for nearly a week, and the impact on global trade is still being felt.

So far, none of the recent container accidents has been directly attributed to safety lapses. The International Maritime Organization said it is still awaiting results of investigations into the latest incidents, and cautioned about making any conclusions before that.

The Ever Given container ship moves along the Suez Canal towards Ismailia after being freed from the canal bank in Suez, Egypt, on Monday, March 29, 2021. The giant Ever Given container ship was finally pulled free from the bank of the Suez Canal, allowing for a massive tail back of ships to start navigating once again through one of the world’s most important trade routes.

But many experts say the situation has grown more dangerous because of pressure on supply chains since the pandemic. When ships approach heavy weather, captains have the option to steer away from the danger. But the attitude is “don’t go around the storm, go through,” said Jonathan Ranger, head of marine Asia Pacific at American International Group Inc.

“When you combine that with potentially poor maintenance of twistlocks and cabling required to secure these boxes, then it’s an accident waiting to happen,” he said at the industry conference in Singapore.

Top Heavy

With boxes stacked ever higher, a ship can become more unstable in a storm — wave after wave can cause the vessel to roll at steep angles, putting strain on the securing of containers. The situation becomes even worse if the stack is top-heavy. That can happen when there’s incorrect weightings on the bills of lading for containers, which many in the industry say happens too often.

“You cannot see inside the containers,” said Arnaldo B. Romero, a captain who sailed from Japan to South America late last year. “So when the cargo is heavy and the officer in charge of cargo planning puts it high up, during the rolling of the ship, we may not have control anymore.”

Overworked crews also heighten the risks. Reduced manpower onboard with an increased number of containers on deck make it increasingly difficult for crews to check every single bar and screw effectively, said Neil Wiggins, managing director of Independent Vessel Operations Services Ltd.

There’s also the health and safety of the seafarers at stake. The toppling of multiple tiers of 40-foot containers during a raging storm is one of the most terrifying experiences for a captain and crew. Post-traumatic stress disorder among crew members is common, according to Philip Eastell, founder of Container Shipping Supporting Seafarers.

Concern is growing for the industry to address the situation.

“Traffic on the seas is different from what it was 10 years ago,” said Rajesh Unni, founder of Synergy Marine Group, which provides services to ship owners. “How do we adapt as an industry? It’s convenient to blame the captain, but we need to look at how the port infrastructure needs to change, how ships transit.”

The IMO, which is the United Nations’ agency responsible for shipping regulations, says countries whose flags the ships are sailing under are responsible for issuing safety certificates for vessels, while ports that the vessels call at are responsible for ensuring rules on loading containers are followed.

AIG’s Ranger says companies should be prepared to go around storms and maintain vessels properly. “These vessels are designed to carry the boxes, and to have these losses is — dare I say it — unacceptable.”

from Hacker News https://ift.tt/3dUNa3b