This commit addresses one of the lower hanging fruits of the RNG: its usage of SHA1.
BLAKE2s is generally faster, and certainly more secure, than SHA1, which has [1] been [2] really [3] very [4] broken [5]. Additionally, the current construction in the RNG doesn't use the full SHA1 function, as specified, and allows overwriting the IV with RDRAND output in an undocumented way, even in the case when RDRAND isn't set to "trusted", which means potential malicious IV choices. And its short length means that keeping only half of it secret when feeding back into the mixer gives us only 2^80 bits of forward secrecy. In other words, not only is the choice of hash function dated, but the use of it isn't really great either.
Intuit Inc. is an American corporation that specializes in financial software. Specifically, the company develops personal finance, accounting, and tax return software.
The company is headquartered in Mountain View, California. It has more than 10,000 employees.
While Intuit has a GitHub presence with over 100 repositories for numerous open source projects, none of these repositories offer any substantial desktop software. Instead, the repositories focus on tools and libraries for developers. None of these projects appear to have attracted significant interest from the open source community.
It took around 3.5 years of development to release KiCad 6.0.0 open-source EDA suite, as the previous major release, KiCad 5.0.0, was introduced in July 2018.
KiCad 6.0.0 comes with a refreshed user interface that’s supposed to reduce the barriers of entry for new users and users switching from other design software with notably the schematic and PCB editors now feeling like being from the same program instead of completely different tools.
FTP is a file transfer network protocol used to efficiently transfer files among servers and clients over a computer network without any complexity. FTP first applications were written on the command line before GUI OS appeared. Although there are various clients of GUI FTP, software developers still create FTP clients for users based on CLI who prefer utilizing the old-fashioned way. There are numerous Linux FTP Clients which are secure and robust and easily accessible in the market. This article conveys the most reliable and best Linux FTP Clients that one ought to select the finest one to fulfill the task.
The Enlightenment 0.25 released as a major update with new features and improvements. In this post, we wrap up the release.
Carsten Haitzler released a new version of the Enlightenment window manager / shell (and Wayland compositor) for Christmas. Various Enlightenment components have also seen new releases.
Enlightenment 0.25 is available as the latest version of this window manager that has been seeing new releases on a roughly annual cadence. With Enlightenment 0.24 having been released in May 2020, the Enlightenment 0.25 release is rather large. Some of the big changes with E25 include...
We looked back in time and found out some “Kool” KDE Facts and Trivia. Here it is.
The KDE has a long history. How it was conceptualized, progressed and became a winner as a “go-to” desktop for all user base. In this post, we give you some interesting facts and trivia of KDE that you may be not aware of. And it’s good to know.
Early this year, I completely switched over to Signal and I’m fortunate enough to have everyone that I talk to switch over as well. I know I wrote what some might view as a hit piece on Signal, but I have immense respect for the project and will continue to use it until an actually viable alternative comes along.
Unfortunately, their desktop application isn’t natively available for OpenBSD. A solution that’s worked decently enough for me is to run it via X11 forwarding on a Ubuntu VM running on vmm(4) — OpenBSD’s built-in hypervisor.
For multi-room audio, I set up a proof of concept with some old computers and configured mpd to use sndio. It worked great. I purchased several more APU2D4 machines and USB Behringer UCA202 DACs for the audio. I created C++ microservices to run with httpd slowcgi and build / send mpc commands to control mpd. Simple, no library dependencies and easy to update / test. Maybe someday I'll change the interface but this has been working well. For UI, I created a page to select a room and send commands. Wanting a single volume control, I opted to expose master volume (rather than mpd volume). I needed to select music, so I created another page to access music data. I'm only really interested in playlists, artists, genres and songs, so I provided these in the song UI and allow adding to the queue of whatever room is currently selected. Each room can operate independently or output to multiple rooms.
The Orange Pi 3 LTS is a Raspberry Pi-sized single-board computer powered by an Allwinner H6 processor, which is a 1.8 GHz quad-core ARM Cortex-A53 chip with Mali-T720 graphics. The little computer also has 2GB of LPDDR3 memory, 8GB of eMMC storage, a microSD card reader, and support for WiFi 5 and Bluetooth 5.0.
Tk is a user interface toolkit that makes it easy to build desktop graphical user interfaces. Tk is cross-platform, meaning the same code can be made to run the same on Windows, Mac OS X, or X11 under a huge range of Unix systems (e.g. Linux). Compared with most user interface toolkits, Tk is also quite high level, meaning that it takes care of a lot of details for you. Tk is also unique in that it was designed from the start to be paired with a high level dynamic programming language (like Python, Tcl, Ruby, and Perl) as opposed to lower-level languages like C or C++. In fact, you'll find a Tk binding for most dynamic languages available today. It also is BSD-licensed, making it attractive for both open source and commercial developers.
Taken together, these factors make Tk an attractive option for people trying to develop a GUI on Windows, Mac or Unix, especially if they want it to run on all three. And because Tk is used from dynamic programming languages, it's an accessible tool not only for hardcore developers, but also many people without a computer science or engineering background.
Because it's been around for a very long time, and changed a lot over the years, there's a lot of horridly outdated and therefore incorrect information out there. This makes extracting the truth pretty overwhelming if you just want to figure out if and how to use Tk today. While that's mostly what this site will help with, a brief history of where it came from, why and how it caught on, and how things have evolved until today will help put a whole lot of things in context.
People have written a fair amount about how to contribute to web and web-adjacent standards, but before you can contribute to them, there’s an essential first step: you have to be able to read them. Before I worked on a web browser for a living, standards intimidated me, and I would steer clear of them in favor of friendlier documentation like MDN. But as I began to work on Chrome, I found that I needed to be able to read standards, and eventually write and edit them as well. Nowadays, I’ll typically go to a standard as my preferred form of documentation; sometimes it can be more efficient than reading other documentation that can be more out of date or imprecise. (Just as sometimes it can be more efficient to read the code than the documentation!)
Here are some tips that I find helpful when navigating the web standards world.
The largest nurses' union in the United States is condemning the Centers for Disease Control and Prevention's decision to shorten the recommended isolation period for healthcare workers who test positive for Covid-19, saying the move could be "dangerous" for both workers and patients.
National Nurses United (NNU) released a statement Friday, a day after the CDC released new guidelines saying healthcare workers who test positive for the disease will be able to return to work after seven days instead of 10 as long as they are asymptomatic and have a negative test.
For more than 10 years, EFF’s HTTPS Everywhere browser extension has provided a much-needed service to users: encrypting their browser communications with websites and making sure they benefit from the protection of HTTPS wherever possible. Since we started offering HTTPS Everywhere, the battle to encrypt the web has made leaps and bounds: what was once a challenging technical argument is now a mainstream standard offered on most web pages. Now HTTPS is truly just about everywhere, thanks to the work of organizations like Let’s Encrypt. We’re proud of EFF’s own Certbot tool, which is Let’s Encrypt’s software complement that helps web administrators automate HTTPS for free.The goal of HTTPS Everywhere was always to become redundant. That would mean we’d achieved our larger goal: a world where HTTPS is so broadly available and accessible that users no longer need an extra browser extension to get it. Now that world is closer than ever, with mainstream browsers offering native support for an HTTPS-only mode.
In 2020, Firefox announced an “HTTPS-only” mode feature that all users can turn on, signaling that HTTPS adoption was substantial enough to implement such a feature. 2021 was the year the other major browsers followed suit, starting with Chrome introducing an HTTPS default for navigation when a user types in the name of a URL without specifying insecure HTTP or secure HTTPS. Then in June, Microsoft’s Edge announced an “automatic HTTPS feature” that users can opt into. Then later in July, Chrome announced their “HTTPS-first mode”, which attempts to automatically upgrade all pages to HTTPS or display a warning if HTTPS isn’t available. Given Chrome’s dominant share of the browser market, this was a huge step forward in web security. Safari 15 also implemented a HTTPS-first mode in its browsers. However, it does not block insecure requests like in Firefox, Chrome, and Edge.€
With these features rolled out, HTTPS is truly everywhere, accomplishing the long-standing goal to encrypt the web.
Twitter has gotten a lot more transparent recently about what the blue checkmark means and is meant to achieve. Their documentation says that it’s used to mark authentic accounts of public interest. But there is still a lot to ponder about what those words mean (what’s “public interest”? what’s “authentic”?) and why this is a useful feature. The verification program could be motivated by mis-/disinformation, harassment and abuse (e.g. preventing impersonation), scams and phishing, or some combination of the above. It’d be fascinating to know what Twitter’s internal success metrics (if any) are for the blue checkmark feature.
As per a recent report by Allied Market Research, the India home automation market size was valued at $1.79 billion in 2018 and is expected to reach $13.5 billion by 2026, growing at a CAGR of 29.8 per cent during the forecast period.
In recent years, setting up a public HTTPS website has gotten easier and easier, thanks to widespread automated certificate management, free certificates, inexpensive CDN support, and other developments. However, for the most part, these advancements – and the web PKI in general – are designed for publicly accessible websites. That is, a website with a publicly resolvable domain name can undergo domain name validation to get an HTTPS certificate. You can also get an HTTPS certificate for a public IP address, but this type of certificate is much more rare and less widely supported than certificates for public domain names. What you cannot do is get a publicly trusted HTTPS certificate for a non-public domain name (such as an intranet hostname) or a reserved private network or localhost IP address (such as 127.0.0.1). That is, a certificate authority like Let’s Encrypt or DigiCert will not be able to provide you with an HTTPS certificate for foo.test or 192.168.0.1 that works with an out-of-the-box client like a major web browser. This is because there’s no way for the certificate authority to validate that you are the true owner of such a name; by definition, there is no such concept of the true owner of such a name.
Students from Muslim families in particular are under strong pressure to adapt, for example in terms of behaviour during the fasting month of Ramadan, dealing with religious minorities or the headscarf. “It is not enough that the pupils privately decide in favour of a stricter interpretation of Islam. Increasingly, such views are dominating the mainstream, with increasingly clear demands that these rules also be observed by others,” the inventory states. “This then also applies to educational staff, provided they themselves have a Muslim migration background.”
For example, the head of one school reported that teachers and students there had been challenged about their “summer clothes”. The management of another school stated that a pupil told a staff member of Arab origin that he did not listen to her because she was a “very bad Muslim” due to her lack of a headscarf. The boy’s father, who was called in, had encouraged his son in his behaviour.
Established in 2006, the IEC was mandated to administer and supervise all types of elections, including presidential, according to the commission’s website.
“They have taken this decision in a hurry... and dissolving the commission would have huge consequences,” Aurangzeb, who headed the panel up until the fall of the previous regime, said.
“If this structure does not exist, I’m 100 percent sure that Afghanistan’s problems will never be solved as there won’t be any elections,” said Aurangzeb, who like many Afghans goes by only one name.
The 34-year-old had planned to attack police officers, government officials and other Muslims that he deemed insufficiently devout, Detective Superintendent Michael Sheehy told reporters on Friday morning.
“This individual is [allegedly] posting a significant amount of material about bombings and manufacturing explosives,” Det Supt Sheehy said.
The Biden administration’s Infrastructure and Jobs Act, passed in October, and the new fuel standards set by the EPA will have a positive impact on electric vehicles in the United States in the coming year. Let’s review this good news.
The International Energy Agency warned in May that an immediate halt to new investment in fossil projects is needed if the world is to reach net-zero carbon emissions by 2050 and to stand any chance of limiting warming to 1.5C.
The call was a revolution for an agency created in the wake of the first 1970 oil shock to protect the energy security of rich, oil-consuming nations.
Another major moment in 2021 was the emergence at the COP 26 climate summit in Glasgow of a coalition of nations that pledged to phase out oil and gas production, although no major oil and gas producing nation joined that group.
Cryptocurrencies are seen by many as the future of finance, and Miami is aggressively angling to become the world's crypto capital – in a direct threat to New York's status as the country's financial hub, threatening New York's dominance in finance.
In an extraordinary gesture of desperation that upset many Bitcoin miners in the region, local governor Igor Kobzev in a confidential memo to Russia’s energy minister this autumn complained about a “skyrocketing electricity use in the region” fraught with “accidents”.
Irkutskenergo, the region’s main electricity company, insists that it cannot deny service to suspected Bitcoin miners as it is obliged to provide as much as electricity to households as it has the capacity for, and it has no right to ask if the customer wants to build five heated pools or install 100 mining rigs on their property.
The energy company was desperate enough to launch private investigations into suspected illegal farms in order to seek damages in court.
Low hydro reservoir levels, a malfunction at a power station and a delay in obtaining power from an external producer led to the reduction, effective immediately, the company said on Tuesday. In addition to fish-feed plants, the reductions apply to large customers on curtailable short-term contracts. Record demand also played a part, said Tinna Traustadottir, executive vice president of sales and customer service at Landsvirkjun.
Scrubgrass is just the start. Stronghold has executed a purchase agreement to acquire a second waste coal plant in Pennsylvania, the Panther Creek Energy Facility, and aspires to buy a third. Like Scrubgrass, Panther Creek was increasingly unable to compete on the open electricity market– operating at less than one tenth of its capacity prior to its acquisition by Stronghold.
Amid the ongoing government efforts for wildlife conservation through community invo€lve€ment and afforestation in the country, Prime Minister Imran Khan on Saturday shared a rare footage of a snow leopard roaming and roaring over the snowy mountains in the Khaplu area of Gilgit Baltistan.
Iran has passed a law banning the free, state-subsidized distribution of contraceptives in a bid to boost its population growth -- but the move has raised fears of catastrophic repercussions. Iran's government systematically cracks down on the free flow of information and those who speak to foreign media may be subject to persecution. For that reason, the identities of the interviewees are not disclosed and their faces are blurred or not shown.
In a defiant Christmas Eve press rally, the Poor People’s Campaign and other progressive leaders vowed to continue to fight for the Build Back Better Act, despite opposition from West Virginia Senator Joe Manchin.
This is the time of year when many publications are busy preparing their “Year in Review” pieces. Boring! We already lived through the past year. We know what happened. Instead, let’s look ahead to 2022ââ¬â°—ââ¬â°the year that will be,€ probably.
The reason I write is not just to inform (and occasionally amuse) you, but also to arm you with the truth so you can fight more effectively for the common good.
That's $4 billion for the Sacklers, who are rightly pilloried by the press daily, and $7 billion for Renaissance Partners, who no one seems to have heard of. The Mercer guilty plea has not been covered by The Hill, Breaking Points, The Young Turks, or other usually reliable media outlets, much less by the mainstream media. Search Google News for Renaissance Technologies and the $7 billion fine is not included in the top 80 search results. It has been disappeared in favor of stories about the fund's above-average financial performance.
To read this article, log in here or subscribe here. In order to read CP+ articles, your web browser must be set to accept cookies.
The two viruses are related due to the way in which Hindu nationalist aligned charitable organizations in the United States and the United Kingdom have raised money for Covid relief and then funnelled these funds to Hindu nationalist groups in India, where they are potentially used to spread hatred against religious minorities.
To read this article, log in here or subscribe here. In order to read CP+ articles, your web browser must be set to accept cookies.
In the past two days, President Recep Tayyip Erdoßan and his supporters have rejoiced in the rebound of the Turkish Lira against the dollar. However, reporting by daily BirGün shows that that celebration is misplaced. Not only was the currency crisis self-inflicted, but over the past two decades of Justice and Development Party (AKP) rule, people in Turkey have only gotten poorer.
Erdogan has previously cited his religion in explaining why he believes interest rates cause inflation instead of reining it in.
High interest rates are a drag on activity and slow down economic growth.
But central banks raise their policy rates out of necessity when inflation gets out of hand.
The Turkish lira has now lost nearly half its value in the past three months alone.
Nigeria’s unfavourable response further infuriated the Turkish government. Consequently, several Nigerian students attending Turkish schools abroad were arrested while others were deported for reasons never stated.
President Buhari’s adviser on Diaspora Affairs at the time, Abike Dabiri-Erewa, confirmed to local media that “the Ministry of Foreign Affairs through the permanent secretary summoned the Turkish Ambassador immediately the information was received. While both countries are working at resolving the issue through every possible diplomatic channel, the Ministry of Foreign Affairs made it clear that such acts against Nigerians will not be accepted.”
So, it’s inevitable that services make mistakes—removing users’ speech that does not violate their policies, or terminating users’ accounts with no explanation or opportunity to appeal. And inconsistent moderation often falls hardest on oppressed groups.€
The dominance of a handful of online platforms like Facebook, YouTube, and Twitter increases the impact of their content moderation decisions and mistakes on internet users’ ability to speak, organize, and participate online. Bad content moderation is a real problem that harms internet users.€
There’s no perfect solution to this issue. But U.S. lawmakers seem enamored with trying to force platforms to follow a government-mandated editorial line: host this type of speech, take down this other type of speech. In Congressional hearing after hearing, lawmakers have hammered executives of the largest companies over what content stayed up, and what went down. The hearings ignored smaller platforms and services that could be harmed or destroyed by many of the new proposed internet regulations.€
The removal of the monuments testifies to the ruling Communist Party’s efforts to erase the bloody events from the public consciousness. It also comes as the party snuffs out democratic challenges in Hong Kong to its rule.
On Thursday, a monument at the University of Hong Kong was dismantled, wiping out one of the city’s last remaining places of public commemoration of the crackdown.
The government has never provided a figure on casualties and the pro-democracy movement remains a taboo topic in mainland China. Hong Kong and Macao, the two semi-autonomous territories, were the only places on Chinese soil where commemorations of the crackdown were allowed until authorities banned annual candlelight vigils for two consecutive years.
Indeed, the Steampowered domain isn't accessible anymore to Chinese users according to Comparitech, while Steamchina is. That's the domain of the Chinese version of Steam, which Valve launched in February 2021 through a partnership with Perfect World.
Steam China is far more limited than the global version, though. It was built to comply with the Chinese government's strict regulations on videogames and Internet usage. First and foremost, to publish a game on this platform a developer would need Chinese government approval for the game. That's why the Chinese version only had 53 games at launch, not to mention the lack of features such as Steam Forums, Steam Workshop, Steam Market, and more.
China’s apparent ban on Steam Global is a rough way to end a year that the country has spent cracking down on gaming. In July, Tencent rolled out a facial recognition technology that scans kids’ faces to keep them in compliance with the 10PM curfew that China set to prevent kids from gaming late at night. Just one month later, China implemented a new rule that restricts minors from playing games for more than three hours per week. China later banned Fortnite, even though the game was already heavily modified to comply with China’s strict rules.
According to The Verge, Steam China only has 103 titles on its library, and it is a massive step down for gamers and enthusiasts. The library only holds less than ten percent of the games it originally featured.
The New Year’s card proposed by the city of Marseille shocked the conservative opposition a few days before the New Year. The reason: in the photo, the cross of the Basilica Notre-Dame de la Garde was removed from its dome, France 3 reported in an article published on Thursday December the 23rd. This detail caught the attention of numerous local politicians, such as Valérie Boyer, who addressed the city council on Twitter. The Les Républicains (LR) senator of the Bouches-du-Rhône department reacted not without irony: “Thank you to the city administration for being so attached to our traditions, our roots and our identity. After the disappearance of Merry Christmas (which has been replaced by Happy Feast), we learn that Notre-Dame-de-la-Garde has no cross. The Virgin Mary could be next?”.
This article was originally published on If This Be Treason.
New Englanders concerned about the treatment of Julian Assange, the founder of the radical news site Wikileaks who is currently in custody in the UK awaiting extradition to the US under espionage charges, will gather as part of a “First Night Against the Wars” event at Boston’s Copley Square on the afternoon on December 31. The gathering will take place between 2 pm-3:30 pm.
In recent years, the world has been shaken by protests. From the Arab Spring to the social uprisings in Chile and Latin America, the world has seen a dramatic rise in protests. In a polarized world, the COVID-19 pandemic has only accentuated feelings of outrage and discontent.
Leaving behind a legacy of fighting for oppressed people in South Africa and around the world, Archbishop Desmond Tutu died Sunday at age 90 in Cape Town, South Africa. The cause was reportedly cancer.
Advocates for human rights, health equity, economic justice, and nonviolence honored Tutu, who helped lead the anti-apartheid movement in South Africa and the Truth and Reconciliation Commission which was formed afterwards.
Many young women like Namazzi who try to escape unemployment and poverty at home, often end up as domestic workers in the Middle East where over the years, there has been systematic documentation of cases of exploitation, physical and/or sexual abuse, and even fatalities.
In August this year, Uganda said it was to review the agreements with a number of countries, particularly in the Middle East, as cases of abuse of migrant workers continue to rise.
Heidar Ghorbani was executed early on December 19 in Sanandaj prison in western Iran's Kurdistan Province, the Oslo-based Iran Human Rights (IHR) and the France-based Kurdistan Human Rights Network (KHRN) said, adding that neither his family nor his lawyer had been given prior warning.
Ghorbani's execution was carried out while his case was still under consideration at the Supreme Court.
Perhaps no woman on Earth can relate to an Afghan woman more than an Iranian. With shared language and culture, we know what it means when a political power transfer happens and men in power decide on women’s issues. We know that when those men say that ‘proper systems are in place to ensure the safety of women’, it means that they are going to gradually ignore us.
We know the process: first, they announce their respect for women, emphasising women’s duty of childbearing, then they rule how women should cover themselves, before banning us from going to work or having higher education, ‘for our own good and security’. And then, some time later, after wars, bombs, suicide attacks or economic crises, women's issues are forgotten altogether.
Arzoo had earlier refused to go home with her parents, who filed a case last year claiming that a Muslim man named Syed Azhar Ali, who is much older than their daughter, first abducted her and then forcibly converted her to Islam and married her.
Afghanistan’s ruling Taliban issued on Sunday new travel restrictions for the country’s women, an action criticized by the U.S. as further mistreatment of Afghan women by the terror group.
The Ministry for the Promotion of Virtue and Prevention of Vice directive limits a woman’s ability to travel farther than 72 kilometers unless accompanied by a close male relative. It also advised taxi drivers to offer rides only to women wearing an Islamic hijab or a headscarf.
Ministry spokesman Sadiq Akif Mahajer defended the restrictions, telling VOA they were in line with Sharia, or Islamic law.
The move follows the Taliban barring many women in public-sector roles from returning to work in the wake of their August 15 seizure of power, and as girls remain largely cut off from state secondary schooling.
It also comes despite the hardline Islamists seeking to project a moderate image internationally in a bid to restore aid suspended when the previous government imploded during the final stages of a US military withdrawal.
Japan will compensate companies to keep secret patents with potential military applications under proposed legislation, the Nikkei reported on Sunday, without citing sources.
The patents under review in the proposed economic security legislation will include technology that can help develop nuclear weapons, such as uranium enrichment and cutting-edge innovations like quantum technology, the financial daily said.
Japan will compensate companies to keep secret patents with potential military applications under proposed legislation, the Nikkei reported on Sunday, without citing sources.
The patents under review of the proposed economic security legislation will include technology that can help develop nuclear weapons, such as uranium enrichment and cutting-edge innovations like quantum technology, the Nikkei report said.
The Japanese government will introduce legislation to keep patents with potential military applications secret, compensating companies and applicants for forgone licensing income, Nikkei has learned.
In 2020, Amazon teamed up with publisher Penguin Random House and authors including Lee Child and John Grisham to sue several pirate eBook sites operating out of Ukraine. After a tortuous legal process, a Washington court has awarded the maximum available statutory damages of $7.8 million.
