How do I safely update and verify the C-Lightning version?

I've divided this post into three sections: Download, Review, and Install to make it easier for users who need help with specific sections. The installation steps were reproduced with Ubuntu 18.04, but can also be easily used for other versions. Just make sure you download the specific ready-made binaries from the release page for the operating system you are using.


download

The C-Lightning implementation now works only in Linux environments. All c-lightning releases will be published on the GitHub release page. You can download them directly from the browser or use the following terminal commands:

# Download the Ubuntu release of C-lightning from the release page
ubuntu@user:~/Downloads$ wget https://github.com/ElementsProject/lightning/releases/download/v0.7.3/clightning-v0.7.3-Ubuntu-18.04.tar.xz

# Download the SHA256SUMS file that contains the hashes of the release
ubuntu@user:~/Downloads$ wget https://github.com/ElementsProject/lightning/releases/download/v0.7.3/SHA256SUMS

# Download the digital signature file SHA256SUMS.asc
ubuntu@user:~/Downloads$ wget https://github.com/ElementsProject/lightning/releases/download/v0.7.3/SHA256SUMS.asc

verification

It's on before installing the software GOT TO to check the signatures of the publication. This ensures that the software on the release page has not been modified by third parties or manipulated during the download process through a man-in-the-middle attack.

The following steps are performed to verify the authenticity of the file:

  1. Calculate the SHA256 hash of the main file
  2. Check if the hash matches the one we downloaded in the SHA256SUMS file
  3. Make sure this hash has been signed by a trusted developer

The first step is to verify that the SHA256 hash of the downloaded file matches the hash created in the SHA256SUMS file. Because SHA256 is a one-way mathematical function, it ensures that the downloaded file has not been modified because its hash matches that in the SHA256SUMS file.

# Calculate the SHA256 of the file that we downloaded in the last step
ubuntu@user:~/Downloads$ sha256sum clightning-v0.7.3-Ubuntu-18.04.tar.xz
e36d259696ad172d509be712c0ee96b64a454d9a836b7a576d0bc26a580b313e  clightning-v0.7.3-Ubuntu-18.04.tar.xz

# Verify that the above hash matches the hash in the SHA256SUMS file
ubuntu@user:~/Downloads$ cat SHA256SUMS | grep clightning-v0.7.3-Ubuntu-18.04.tar.xz
e36d259696ad172d509be712c0ee96b64a454d9a836b7a576d0bc26a580b313e  release/clightning-v0.7.3-Ubuntu-18.04.tar.xz

As you can see above, the hashes match. However, it is not enough just to match the hashes. An attacker could have changed the ZIP file and reproduced its modified hash in the SHA256SUMS file. Therefore, we need to make sure that the hash contained in the SHA256SUMS file was actually signed by a trusted person. For this we have to check the signatures.

You can do this with gpg, First, we need to import the public keys of the developers signing these releases. You can find her here.

# import Rusty Russell's key
ubuntu@user:~/Downloads gpg --recv-keys 15EE8D6CAB0E7F0CF999BFCBD9200E6CD1ADB8F1

# import Christian Decker's key
ubuntu@user:~/Downloads gpg --recv-keys B7C4BE81184FC203D52C35C51416D83DC4F0E86D

# import Lisa Neigut's key
ubuntu@user:~/Downloads gpg --recv-keys 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1

The next step compares the signatures to the hashes in the SHA256SUMS file. If the SHA256SUMS file is missing, you will get one can't hash datafile: No data Error.

ubuntu@user:~/Downloads gpg --verify SHA256SUMS.asc
gpg: assuming signed data in 'SHA256SUMS'
gpg: Signature made Mon 28 Oct 2019 11:15:50 PM UTC
gpg:                using RSA key 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1
gpg: Good signature from "Lisa Neigut " (unknown)
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 30DE 693A E0DE 9E37 B3E7  EB6B BFF0 F678 10C1 EED1
gpg: Signature made Mon 28 Oct 2019 11:51:59 PM UTC
gpg:                using RSA key 15EE8D6CAB0E7F0CF999BFCBD9200E6CD1ADB8F1
gpg: Good signature from "Rusty Russell " (unknown)
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 15EE 8D6C AB0E 7F0C F999  BFCB D920 0E6C D1AD B8F1
gpg: Signature made Tue 29 Oct 2019 08:07:39 PM UTC
gpg:                using RSA key B7C4BE81184FC203D52C35C51416D83DC4F0E86D
gpg: Good signature from "Christian Decker " (unknown)
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B731 AAC5 21B0 1385 9313  F674 A26D 6D9F E088 ED58
     Subkey fingerprint: B7C4 BE81 184F C203 D52C  35C5 1416 D83D C4F0 E86D

installation

After checking the authenticity of the file, we can safely extract the ZIP file with the command tar xf clightning-v0.7.3-Ubuntu-18.04.tar.xz, The extracted folder contains folders bin. libexec and share as content. Paste the contents of this folder into the /usr/ Directory (or /usr/local/). Note: Just replace the files in these folders. Do not replace these folders directly, as these folders generally also contain binaries of other important software.

Visa – After landing with Code 3, can I safely enter the UK through E-Gate?

I come from a country without a visa.

I plan to travel to the UK for 3 weeks or a month to travel only.

However, I am seriously concerned about the ease of entry to the UK in January 2019 due to my difficult immigration history.

Here is my detailed history of visiting or staying in the UK

In 2015, I stayed for 6 months from June to December as a short-term student visa
In August 2016, I was a month as a visitor.

From September 2017 to January 2019, I stayed one year and four months to study my Masters with a Tier 4 visa.

What happened at the beginning of the year, when my student visa almost expired, I was for some reason unwilling to return to my homeland. So I was only in Paris for a few days and returned to the UK right after my student visa expires.

I was looking for a standard visa for 6 months, but the IO was suspicious of me and said to me, "You should not do that."
The IO was probably suspicious that, in my opinion, I tried to use the visa rules as a non-visa national.

The IO asked me when I wanted to leave the UK and I told her that I only needed one week. Then she asked me to show the return ticket that I had prepared. After looking at my return ticket, she told me that she would write the date I told her into my passport and warned that staying more than a week would make me an illegal whereabouts. Then I got 3 code landing.

I left the UK exactly as I was ordered by the IO and have been in my country for almost 10 months now. I also have a job here.

In December 2019 or January 2020, I plan to visit the UK again as a holiday to meet some of my college friends and travel to the north of England for at least 3 weeks.

In May, the Interior Ministry announced that people from several selected countries
can use e-gates from mid-May 2019 and do not have to write the landing map or face the IOs. My country is also one of those countries, but I'm pretty sure I've come under pressure because of the battles with the IO that took place in January this year.
Can a person like me who has a three-code landing, which implies a negative immigration history, use e-gates without any problems?

I do not want to be seriously confronted with the IO, and I do not want to be interrogated or detained for my encrypted landing history the next time I return to the UK.

I tried to search for relevant posts, but there are no posts to people using E-Gate after receiving a coded landing or having problems with immigration.

I look forward to helpful comments.

Thanks.

Hash – Safely display hidden integers with MD5

This very high-end GPU cracker makes 200 GH / s:

https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

That's 200 billion hashes per second (2e11 hashes / s). With a search space of 1e19 possible numbers, this means that ~ 500,000 seconds (about 1.5 years) are needed to completely search the parameter space. Of course, in half the time, on average, you will find a game.

In short, MD5 is a fast algorithm, which usually means brute force is easy. However, in this case, much of it is negated by the size of your search space.

Depending on what happens to a successful user, MD5 may still not be your best bet. A top-end hashing rig is too slow by a factor of ~ 200,000. That seems like a lot, but you're basically wondering "how long does it take for my hardware to be 200,000x faster?". Although the growth rate of computer hardware has slowed, it is not unrealistic to expect that this gap will be significantly smaller in just a few years.

Finally, you must also worry about weaknesses in pre-image consistency. I have not "checked in" MD5 status for some time, but I've recently heard that MD5 still has pre-imaging resistance. Without preimage resistance, an attacker might be able to find something that delivers the same hash without actually having to brutally force the original number.

In short, you are safe at the moment. The safety margin may not be that high. Whether you need to take action or not depends on what you do on the other side.

aws – How can I safely pass credentials to the API Gateway?

I have a code on my local machine that I want to use to call an aws lambda function.
I've configured the API Gateway as an input to the Lambda feature, but I'm concerned about security when sending credentials as query string parameters. So, could someone suggest an approach to pass credentials to the aws lambda function, even if there is a different way than the API gateway, but I want to send it dynamically.

Air travel – Can adjustable monitor stands be safely stowed in checked luggage?

I have a monitor and a stand (HP ZR2240w) that I would like to take with me as part of an international move.

The monitor stand is quite heavy and contains a kind of spring – it is not clear whether it is a compressed gas spring or a simple metal coil. I can not look into the mechanism, the plastic cover seems to be quite persistent to expose the fixtures.

If a gas spring is inside, is it safe under the reduced air pressure?

Do consumer products in the US have labels that indicate the presence of compressed gas?

Linux – How to safely pass the value of a Python variable returned by a script to another script execution via cron?

I have a daemon.py script that retrieves secret data (via decryption) and stores it in a Python variable.
I need to use this variable in another Python script running on cron.

Is there a way to do that for sure?

I do not have the choice to retrieve secure data multiple times.
I also do not have the choice to write the data somewhere like a file or a Bash variable.

My requirement is something like:

daemon.py --> SECRET_DATA = {xx:yy, pp:qq}
rc-cron --> 30 4 * * 3 /usr/local/bin/console_script_command_from_setup_py --secrets=SECRET_DATA
sh file --> crontab -u root /etc/cron.d/rc-cron```

Which Python 3 version can be safely installed on Windows 10 to work seamlessly with Tensorflow 2.0?

When I started a new job two years ago, I got a Windows laptop. And I had to work with Tensorflow. So I installed (naively) the latest version of Python (the 3.6 was, I think, 3.7 had not yet appeared at this time). The latest version of Tensorflow was 1.4.1 at this time. When I tried installing TF 1.4.1 with Python 3.6, it was installed, but I remember getting a lot of bugs while running my programs – that was not compatible with that, that was not compatible with it – it was just a mess.

After looking around for a day or two, I found (in some forums) that TF 1.4.1 seems to be stable with Python 3.5. So I uninstalled Python 3.6 and installed 3.5 and everything worked fine.

Last week I bought a new Windows laptop for personal use. This one also has an external GPU; My office laptop is not working. Which Python version can be used with TF 2.0 as the latest TF version? If anyone here has reports of compatibility issues between Python 3.x and TF 2.0, I would be very happy if you could share your reports and solutions to any problems you may have.

Pay safely – pay safely.pw – HYIPs

I am not an administrator / owner!

Beginning: 27th August 2019

Pay safely

over

Our mission is to give every person a chance to get the maximum profit to invest with minimal risk. Our team of financial experts guarantees an effective and rapid analysis of the current financial situation on a full-time basis. The objective of our investment fund is to provide investors with reasonable risk for a regular income by reinvesting the funds collected in various types of assets.

Investment plan:

40% – 70% per hour for 4 hours

Min / Max deposit: $ 10 / $ 10,000

Reference: 5%

Numbers. systems: Perfect money, Bitcoin, Payeer

Gold Coders Script

SSL Certificate

DDOS Protection

Check and register

Javascript – Can I safely access certain electron APIs?

So I need to find a way to create custom window title bar buttons that I can safely expand without nodeIntegration being enabled in electron. I thought the bias might be what I need, but I'm not sure how it works or whether it would work for it.

Because I create custom window buttons with HTML, CSS, and Javascript, I need the following methods:

mainWindow.minimize();
mainWindow.close();
mainWindow.getBounds();
mainWindow.setBounds(...);
mainWindow.setResizable(...);

This is in the renderer process, so nodeIntegration must be enabled and used remotely as follows:

const { remote } = require('electron');
const mainWindow = remote.getCurrentWindow();

Can I use the preload option with nodeIntegration turned off to access these methods and add functions to my custom buttons? If so, how? Would it be so safe?