gpg – Cannot import public key from asc file

The title speaks all. I’m using Windows 10 Home with GPG version 2.2.19.

Whenever I try to import the asc file for Tor Browser using the command gpg --import torbrowser-install-win64-9.0.7_en-US.exe.asc, I get this fancy error:

gpg: no valid OpenPGP data found. 

Likewise, this also happens when trying to verify the installer itself with the key file by using the command gpg --verify torbrowser-install-win64-9.0.7_en-US.exe.asc torbrowser-install-win64-9.0.7_en-US.exe:

gpg: Signature made 03/22/20 10:42:09 Eastern Daylight Time gpg:                using RSA key EB774491D9FF06E2 gpg: Can't check signature: No public key 

Trying the answers in the tons of other guides here haven’t helped whatsoever. Can I get some help?

What can be computed by a Turing Machine that cannot be otherwise computed?

This post seems to indicate that “C” is not Turing Complete because implementations of “C” always have some fixed number of bits limit of addressability: Is C actually Turing-complete?

In the current post I am asking what difference does that make? No actual (totally unlimited space) Turing Machines can ever exist. If we could somehow form a memory cell out of a single molecule we would run out of molecules in the universe before we actually achieved totally unlimited memory.

I am exploring the practical difference of Turing Equivalence.

twentysixteen child theme – responsive menu – ham icon button not working – Cannot read property ‘classList’ of null

I am trying to convert this site http://buildandtest.atspace.cc/ into twentysixteen child theme. It appears that /js/menu.js in my child theme is not working as nothing happens when the ham icon button is clicked (pls.see my site link above to check correct behavior). On inspecting via Google Chrome Inspect I am getting the following errors:

Uncaught TypeError: Cannot read property ‘classList’ of null at mediaqueryresponse (menu.js?ver=5.3.2:19) at menu.js?ver=5.3.2:10 at menu.js?ver=5.3.2:31 mediaqueryresponse @ menu.js?ver=5.3.2:19 (anonymous) @ menu.js?ver=5.3.2:10 (anonymous) @ menu.js?ver=5.3.2:31

Any advice is appreciated

header.php in child theme

<header class="header" id='myTopnav'>  <?php  wp_nav_menu(              array(                   'theme_location'=> 'topnav',                   'container' => 'nav',                   'menu_class' => 'topnav',                   'menu_id'    => 'myTopnav',                   )  );?>  <button class="ham-icon"><span class="fa fa-bars fa-2x"></span></button>  </header> 

/js/menu.js in child theme

(function () {   var mql = window.matchMedia("screen and (max-width: 960px)");   //detect media query    var navTop = document.querySelector(".header");   //return first element within the document that matches .header    var toggle = document.querySelector(".ham-icon");    mediaqueryresponse(mql);   //ensures that addListener function is executed when the page loads, by default addListener only fires when state of the window changes   mql.addListener(mediaqueryresponse);    function mediaqueryresponse(mql) {     if (mql.matches) {       toggle.addEventListener("click", clickMenu);       //if media query matches, execute click or clickMenu event     } else {       navTop.classList.remove("responsive");       //otherwise remove .responsive       toggle.removeEventListener("click", clickMenu);       //and remove EventListener     }    }    function clickMenu() {     navTop.classList.toggle("responsive");   }  })(); 

Why is a threshold determined for Byzantine Fault Tolerance of an “Asynchronous” network? (where it cannot tolerate even one faulty node)

In following answer (LINK: https://bitcoin.stackexchange.com/a/58908/41513), it has been shown that for Asynchronous Byzantine Agreement:

“we cannot tolerate 1/3 or more of the nodes being dishonest or we lose either safety or liveness.”

For this proof, the following conditions/requirements has been considered:

  1. Our system is asynchronous.
  2. Some participants may be malicious.
  3. We want safety.
  4. We want liveness.

A fundamental question is that:

With considering the well-known paper titled: “Impossibility of Distributed Consensus with One Faulty Process” (LINK: https://apps.dtic.mil/dtic/tr/fulltext/u2/a132503.pdf)

showing that:

no completely asynchronous consensus protocol can tolerate even a single unannounced process death,

Can we still assume that the network is asynchronous ? As in that case the network cannot tolerate even one faulty node.

Matching two sets when you cannot do within-set comparisons

Suppose you have two lists, A and B, each with length n. The elements of A cannot be compared with other elements of A–there is no order relation among them–and likewise for B. However, elements of A can be compared with elements of B. So for instance, suppose we have a function compareTo(a,b) where a is an element of A and b is an element of B. If a is less than b it returns -1, if they’re equivalent it returns 0, and if a is greater it returns 1.

Further suppose that a perfect matching exists between the elements of A and B, in the sense that for every element of A there is precisely one element of B such that compareTo(a,b) evaluates to 0. And vice versa (for each b there is precisely one a such that they’re equivalent).

How do we write an efficient algorithm to find the perfect matching?


My attempts: Well, there’s the naive algorithm which takes an element of A and finds its corresponding element of B, repeating until all matchings have been found. This runs in O(n^2) so we want to beat this.

It sounds kind of like Gale-Shapley but an input to that algorithm is a preference list. In this setting we have ties, where preference lists don’t. And even generating something like a preference list would take n^2 time. Since it is fundamental to Gale-Shapley that members of one set propose to their highest preferences of the other, this doesn’t seem applicable to the given problem.

We could try to use an element of A to partition the set B and try to divide-and-conquer. But you would only have divided B and wouldn’t know which elements of A to give to the recursive call. You could then try to use B to partition A. To describe this more, let’s give a specific example. Suppose A = [a1,a2,a3,a4] and B = [b4,b1,b3,b2] and suppose that ai < bj if i < j, and likewise for = and >. We could arbitrarily select a1 and then use it to partition B into the elements that come out greater in the comparison, [b4,b3,b2] and the elements that come out smaller []. Since along the we way we found that a1 matched b1 we make that assignment and eliminate them from the rest of the algorithm. Now that we know a1 was quivalent to b1 we can use b1 to partition A into [] and [a2,a3,a4]. We recursively call the algorithm on the smaller sets [], [] which satisfies the conditions: they have the same length and have perfect matching. And recursively call the algorithm on the larger sets [a2,a3,a4], [b4,b3,b2] which also have the same length and have a perfect matching.

I think this algorithm is correct, but in the worst case it doesn’t beat the worst-case runtime of the naive algorithm. So I don’t think I’m on the right track here.

Is there a reason why JWT cannot be used as “connection bound context variable” for TLS?

Apart from the fact that TLS doesn’t have “connection context” variables, is there any reason why this couldn’t be technically built into the standard for something like JWT?

Why it is needed

When a browser sends multiple requests to the same API server, it resends the JWT in the header multiple times. This means additional data overhead, and each time, the server needs to verify the JWT.

I would like to see the TLS standard include “connection bound context variables” so that JWTs can be sent once and used across multiple HTTP REQUESTS over that TLS connection.

How it could work

1) The client connects to the server, and a TLS encrypted session is established.

2) The client send the JWT to the server-side – there are two options for this:

A) The client can send connection variables directly on the TLS layer. The client sets the variable on the client side, and TLS sends the data to the server side. The variable name from the client is always prefixed with “CLIENT-“.

B) The client sends a HTTP request over the TLS session to a specific endpoint dedicated for use to set a TLS variable /api/setJWT. The client sends the JWT as a POST. The server reads the JWT, verifies it, and then sets it to the TLS connection context.

[B] would work best, because client software would be harder to change (browsers).

3)

On the serverside, the encapsulating TLS object’s ITLSConnectionContext interface is made available from HTTP REQUEST handlers. The ITLSConnectionContext has three functions, string[] ListVariables(), string GetVariable(name), SetVariable(name, string).

Assuming 2B is used, when GetVariable(“JWT”) is successful, it can be assumed that it’s valid.

How it could work without changing TLS standard

If a particular TLS connection between the server and the client has a secure identity, then the application-layer can link that to a simple dictionary lookup. Perhaps this could be a GUID (as well as the client-side IPAddress-Port tuple). This GUID approach would mean each language framework can natively implement the lookup, and that makes other benefits possible, where native memory objects can also be linked, not just platform-independent strings.

Other benefits

Furthermore, the server might variables on the context for other purposes:

1) A database PK for the Person behind the JWT, PersonID. It might be a stream interface 2) A particular stream (TCP connection) to another resource 3) A file lock to a user-related logging file

The web would be better.


But am I wrong? Am I missing something that would make this unworkable and insecure?

Cannot submit valid form in FormFunction

I have a simple FormFunction like this:

FormFunction[{"expr" -> ToExpression}, HTTPRequestData[] &] 

When I use CloudDeploy, it works as normal. But when I use SocketListen and GenerateHTTPResponse to establish a server, my Chrome seems have submitted no data as I can’t Find it in the results of HTTPRequestData.

I’ve tried remote server(instead of local), #expr(instead of HTTPRequestData), none of them works. If I use APIFunction as the backend and URLRead as the client, everything is OK.

What’s missing for the submission compared to the WolframCloud one?

What is the most unique data identifier for a phone user that cannot be repeated?

I’m currently developing an android (and probably iOS in the future) application for my company.

I was wondering what is the most unique data identifier to authenticate the users. A data that cannot be repeated through users.

For example:

Email? That user can log in with another phone using the email and password

Phone number? Could be the most unique one but it would required to verify the phone and I will have to setup a SMS validation service like WhatsApp

IMEI? It pretty much validates the unique phone but it can be spoofed or replaced. Although I don’t know if the application required permissions for this.

EDIT: Maybe a mix of all this methods?

My main goal is to save this data as a database and make it the primary key of it and with this know exactly who’s the user that it’s really using the company web services.

I hope you guys can help me.

Thank you.

Cannot build a ROP chain

My ROP exploit crashes with segmentation fault for unknown reason. This is a vulnerable code (compiled via command gcc h2.c -no-pie -fno-stack-protector -m32 -o h2):

#include <stdio.h> #include <string.h> #include <stdlib.h>  char string[100]; void exec_string() {     system(string); }  void add_bin(int magic) {     if (magic == 0xdeadbeef) {         strcat(string, "/bin");     } }  void add_sh(int magic1, int magic2) {     if (magic1 == 0xcafebabe && magic2 == 0x0badf00d) {         strcat(string, "/sh");     } }  void vulnerable_function(char* string) {     char buffer[100];     strcpy(buffer, string); }  int main(int argc, char** argv) {     string[0] = 0;     vulnerable_function(argv[1]);     return 0; } 

I followed this example: https://medium.com/@nikhilh20/return-oriented-programming-rop-chaining-def0677923ad

In addition, there are no suitable gadgets of pop pop ret pattern (actually, there are, but pop [some reg] pop ebp ret, which messes up the stack as well as gadgets with leave instruction).

I’ve tried two different stack paddings for an exploit: the first one is identical to the primer in the link I provided above. The second one is (top – higher addresses, bottom – lower addresses):

address of exec_string garbage value 0x0badf00d 0xcafebabe add esp 8; pop ebx; ret <-- gadget address of add_sh 0xdeadbeef pop; ret gadget <-- gadget address of add_bin <-- compromised instruction pointer after BoF AAAA .... 112 'A's to overflow the buffer and overwrite ebp (108 + 4) .... AAAA 

Let me explain the add esp, 8; pop ebx; ret gadget. There are no gadgets like pop [some reg]; pop [some reg, not ebp]; ret for chaining calls from add_sh to exec_string functions, so I’ve tried to make a little hack. I’ve chosen add esp, 8; pop ebx; ret gadget to pop out 0xcafebabe and 0x0badf00d via add esp,8 then pop out garbage unreferenced value via pop ebx and then ret to exec_string. Does it suppose to work at all? Correct me if I wrong.

Moreover, when I’ve started debugging, it results with:

Cool, it looks like I owned an instruction pointer, I need to replace it with add_bin function address to jump to it and start a ROP chain.

But…

SIGSEGV in 0x91c2b1c2? I’ve entered a correct add_bin address, ASLR, PIE and canaries are disabled. I thought that maybe there is an undefined reference to string that vulnerable_function gets, but in primer in the link provided above it was ignored, so it confused me a lot.

Proof strategy to show that an algorithm cannot be implemented using just hereditarily terminating procedures

I am taking my question here from there. Consider the following scenario:

You are given a fixed programming language with no nonlocal control flow constructs. In particular, the language does not have

  • Exceptions, first-class continuations, etc.
  • Assertions, in the sense of “runtime tests that crash the program if they fail”.

Remark: An example of such a language could be Standard ML, minus the ability to raise exceptions. Inexhaustive pattern matching implicitly raises the Match exception, so it is also ruled out.

Moreover, you are forced to program using only hereditarily terminating values. Inductively, we define hereditarily terminating values as follows:

  • Data constructors (including numeric and string literals) are hereditarily terminating.
  • Applications of data constructors to hereditarily terminating arguments are hereditarily terminating.
  • A procedure f : foo -> bar is hereditarily terminating if, for every hereditarily terminating x : foo, evaluating the expression f x always terminates and the final result is a hereditarily terminating value of type bar.

Remarks:

  • Hereditarily terminating procedures need not be pure. In particular, they may read from or write to a mutable store.

  • A procedure is more than just the function it computes. In particular, functions do not have an intrinsic asymptotic time or space complexity, but procedures do.


Hereditarily terminating procedures formalize my intuitive idea of “program that is amenable to local reasoning”. Thus, I am interested in what useful programs one can write using only hereditarily terminating procedures. At the most basic level, programs are built out of algorithms, so I want to investigate what algorithms are expressible using only hereditarily terminating procedures.

Unfortunately, I have hit an expressiveness ceiling much earlier than I expected. No matter how hard I tried, I could not implement Tarjan’s algorithm for finding the strongly connected components of a directed graph.

Recall that Tarjan’s algorithm performs a depth-first search of the graph. In addition to the usual depth-first search stack, the algorithm uses an auxiliary stack to store the nodes whose strongly connected components have not been completely explored yet. Eventually, every node in the current strongly connected component will be explored, and we will have to pop them from the auxiliary stack. This is the step I am having trouble with: The loop that pops the nodes from the stack terminates when a given reference node has been found. But, as far as the type checker can tell, the reference node could not be in the stack at all! This results in an extra control flow path in which the stack is empty after popping everything from it and still not finding the reference node. At this point, the only thing the algorithm can do is fail.

This leads to the following…

Conjecture: Tarjan’s algorithm cannot be implemented in Standard ML using only hereditarily terminating procedures.

My questions are:

  1. What kind of proof techniques would be necessary to prove the above conjecture?

  2. What is the bare minimum type system in which Tarjan’s algorithm can be expressed as a hereditarily terminating program? That is, what is the bare minimum type system that can “understand” that the auxiliary stack is guaranteed to contain the reference node, and thus will not add a control flow path in which the auxiliary stack is empty before the reference node has been found?


Final remark: It is possible to rewrite this program inside a partiality monad. Then every procedure would be a Kleisli arrow. Instead of

val tarjan : graph -> scc list 

we would have something like

val tarjan : graph -> scc list option 

But, obviously, this defeats the point of the exercise, which is precisely to take out the procedure out of the implicit partiality monad present in most programming languages. So this does not count as a solution.