Vairāk

Python rīks nepārtrauks darbību- nav bezgalīga cilpas problēma

Python rīks nepārtrauks darbību- nav bezgalīga cilpas problēma


Man ir problēmas ar pitona skriptu. Būtībā tas ir gandrīz cita skripta, kas darbojas labi, dublikāts- tas izmanto dažādus failus, taču neatkarīgi no tā izmantotie rīki un to izmantošanas secība būtībā ir vienādi.

Kad es palaistu savu dublēto rīku, tas nepārtrauks darbību. Tam nav loģikas, kas to novestu bezgalīgā ciklā. Būtībā tā ir tikai virkne rīku un rezultātu. Vai kāds zina, kas varētu būt par šo cilpu, kas to neļauj veiksmīgi pabeigt?

Esmu mēģinājis iekļaut drukas paziņojumus, taču šķiet, ka tas iesaldē, tāpēc drukātie paziņojumi netiks drukāti.

Šeit ir kods (ar ceļu ar nosaukumu rediģēts):

importēt arcpy arcpy.geoprocessing.env.overwriteOutput = True #Variables asOldParcelsFC = r "string" asBoundary = r "string" scParcelsInAS = r "string" newNotInOld_preclip = r "string" newNotInOld = r "string" arcpy.MakeFagePriceLay asOldParcels_layer ") arcpy.MakeFeatureLayer_management (asBoundary," AltamonteBoundary ") arcpy.MakeFeatureLayer_management (scParcelsInAS," scParcels ") arcpy.AddJoin_management (" scParcels "," PARCEL "," PARCEL " ("scParcels", "NEW_SELECTION", "asOldParcels.PARCEL IS NOT NULL") arcpy.SelectLayerByAttribute_management ("scParcels", "SWITCH_SELECTION") arcpy.CopyFeatures_management ("scParcels", arcNip newNotInOld) arcpy.Delete_management (newNotInOld_preclip) arcpy.Delete_management ("AltamonteBoundary") arcpy.Delete_management ("asOldParcels_layer") arcpy.Delete_management ("scParcels")

Strādājot ar lielām tabulām un veicot savienojumus, es ieteiktu abām tabulām izveidot atribūtu indeksu, pievienojot atribūtu indeksu, tam vajadzētu palīdzēt kopējam procesa ātrumam.


Vai izpildlaika vide var noteikt bezgalīgu cilpu?

Vai izpildlaika videi būtu iespējams noteikt bezgalīgas cilpas un pēc tam apturēt saistīto procesu, vai arī šādas loģikas ieviešana būtu līdzvērtīga apturēšanas problēmas risināšanai?

Šim jautājumam es definēju "bezgalīgu cilpu", lai apzīmētu virkni instrukciju un ar tiem saistītus sākuma kaudzes/kaudzes datus, kas, izpildot, atgriež procesu tieši tādā pašā stāvoklī (ieskaitot datus), kāds tas bija iepriekš uzsākot bezgalīgo cilpu. (Citiem vārdiem sakot, programma, kas ģenerē bezgalīgi garu pi decimālo paplašinājumu, nav "iestrēdzis" "bezgalīgā cilpā", jo katrā atkārtojumā tai ir vairāk pi ciparu kaut kur saistītajā atmiņā.)


7 atbildes 7

Servo vienmēr darbojas. Vispārējā nozīmē servo ir vadības cilpa, kas kā ievadi izmanto pozīcijas mērķi un pieliek spēku, lai noturētu pieprasīto mērķi. Ja vēlaties, lai mērķis tiktu saglabāts, tad servo ir jādarbojas.

Servomotors satur elektroniku, kas pēc vajadzības ieslēdz un izslēdz līdzstrāvas motoru, lai noturētu mērķa pozīciju. Ja mērķis neatbilst pašreizējai pozīcijai, tas ieslēdz motoru, lai tas grieztos, līdz abi sakrīt. Kad izejas vārpsta sasniedz to, ko jūs pieprasījāt, servomotora elektronika izslēdz motoru. Izslēgts nozīmē, ka līdzstrāvas motors patērē nelielu strāvu vai tās nav. Servo vadības cilpa vienmēr darbojas, salīdzinot vārpstas stāvokli ar mērķi.

Ja izslēdzāt visu servomotoru, stāvoklis netiek kontrolēts un var pārvietoties. Daudziem lietojumiem, ja atvienojat vadus, pārnesumi un motori pieliek pietiekami daudz berzes, lai tas negrieztos. Bet kopumā jūs nerēķināties ar berzi, lai viss darbotos.

Jā. Lai pateiktu servoautoram palikt vienā pozīcijā, varat vienkārši nosūtīt tam vienu un to pašu mērķi.

Bet jums nav jāraksta atkal un atkal. Ja vēlaties, varat izsekot pēdējam iestatījumam un piemērot to tikai tad, kad esat veicis izmaiņas. Piemēram, jūs varat kodēt šādi:

Neatkarīgi no jūsu koda, zem pārsega Servo pastāvīgi pārraida pozīcijas mērķi uz servomotoru.

Normālam servo nav "go" funkcijas, tam ir tikai pozīcijas kontrole. Tas ir, neatkarīgi no tā, vai servo.write (90) palaižat mūžīgi vai vienreiz, servo pāriet uz 90 un turpinās aktīvi saglabāt šo pozīciju, līdz uzrakstīsit citu pozīciju. Vienīgais veids, kā izslēgt servo, ir:

Parastam līdzstrāvas motoram jums tas būs jāieslēdz un pēc tam jāizslēdz, un pēc tam cilpā ir jābūt sava veida stāvokļa izsekošanai, lai to nekad neieslēgtu, izmantojot mainīgo vai milis () utt.

Protams, ja vēlaties, lai kaut kas darbotos tikai vienu reizi, ievietojiet to iestatījumos () (iespējams, vienkāršu uzdevumu iestatīšanas cilpas ietvaros).

Varat arī simulēt programmas beigšanu, ievadot bezgalīgu cilpu ar, kamēr (true) <> vai par () <>.

myservo.detach () ir tas, ko jūs meklējat. Pārvietojot to uz vietu, nevis atvienojot. Tas ir labi, ja vēlaties to izmantot, lai kontrolētu servo, nevis turpināt to uzņemt enerģiju, piemēram, lietojot akumulatoru. Šeit ir piemērs.

Vārds servo ir neskaidra definīcija un var ietvert daudzu veidu apakškomponentus. Ja tu vēlies bez varas stāvokļa turēšana izmantojot elektromagnētisko motoru, ir četras iespējas:

  • Augstas viskozitātes smērviela
  • Dash pot
  • Ļoti augsta pārnesumu attiecība
  • magnētiskā bremžu klucis / bremžu josla

EDIT: Ir dažas papildu iespējas, taču tas ir dažu motoru konstrukciju efekts:

Augstas viskozitātes smērvielai un domuzīme katlam ir līdzīgas funkcijas, kas nodrošina augstu statisko berzi, lai pretotos kustībai, kas pēc tam pārtrauc kustību. (Dash pot ir būtībā zobots zobrats sienas tvertnes iekšpusē un ir pastāvīgi piepildīts ar šķidrumu ar augstu viskozitāti.)

Tomēr abi šie elementi palielinās motora slodzi, un, kad tie sakarst, tie mēdz kļūt tievi un šķidri un zaudēt noturības spējas.

Augsta pārnesumu attiecība palielina griezes momentu, kas vajadzīgs motora atpakaļ griešanai. Tomēr ņemiet vērā: ja jebkurai pārnesumkārbai varētu būt pilnīgi berzes nesaturoša smērviela, nekāds pārnesumu samazinājums nevarētu apturēt atpakaļ griešanos.

Tātad tas tiešām ir līdzīgs biezajam smērvielu un domuzīmju katlam, taču pārnesumu samazināšana ļauj tikai parastajai plānajai eļļošanai nodrošināt pietiekamu statisko atdalīšanās berzi, lai apturētu atpakaļgriešanos.

Magnētiskā bremze ļauj jums aktīvi kontrolēt statisko bremzējošo berzi, un var nodrošināt ļoti augstu noturības spēju pret periodiskiem slodzes palielinājumiem uz izejas vārpstas. Parasti, izslēdzot strāvu, atspere ieslēdz bremzi, lai noturētu pozīciju bez jaudas.

Ņemiet vērā, ka ir divi dažādi bremzēšanas veidi: statiska stāvokļa noturēšana un kustīga mehānisma palēninājums.

Otrais veids gan izplūst siltumu bremžu klučos un berzes plāksnē, gan nodilst klučus un berzes plāksni. Ja bremze pārkarst, kluči parasti sadalās, un bremze tagad nenotur savu pozīciju.

Ja vien nerunājam par lielām mašīnām, parasti servo bremzes ir vienkārša konstrukcija bez nomaināmām detaļām. Kad bremze neizdodas, jūs visu noņemat un nomainiet. ieskaitot, iespējams, visu servomotoru un pārnesumkārbu.

Lai nodrošinātu ilgu kalpošanas laiku ar magnētisko bremzēšanu, jums ir aktīvi jāpalēnina slodze, izmantojot servo, un pēc tam, kad tā ir pārstājusi kustēties, pēc tam ieslēdziet bremzi, lai tikai veiktu noturēšanas stāvokli.

Magnētiskās bremzes izmantošana tikai jaudas statiskās slodzes noturēšanai izskatīsies šādi:

  • Ieslēdziet motoru, iegūstiet pašreizējo stāvokli un sāciet aktīvi turēt pozīciju.
  • Ieslēdziet bremzes, lai tās atbrīvotu
  • Paātriniet un pārejiet uz jaunu pozīciju
  • Palēniniet motoru un turiet beigu stāvokli
  • Atvienojiet bremžu jaudu, lai to ieslēgtu
  • Izslēdziet motora barošanu

Motors tiek ieslēgts un vispirms tiek turēts pozīcijā, lai krava pēkšņi neslīdētu nevienā virzienā, tajā pašā laikā starp bremzes atlaišanu un servomotoru.

EDIT #1: Dažiem pastāvīgo magnētu motoriem pat ar izslēgtu strāvu pastāv rotācijas pretestība, jo noteiktās pozīcijās magnēti un polu gabali ciešāk piesaista viens otru, pazīstami kā aizturēšanas griezes moments.

Šī polu pozicionēšana ir kā ieleja ar zemu enerģijas patēriņu, un ir vajadzīgs neliels spēks, lai pārvarētu magnētisko pievilcību un pārvietotu rotoru jebkurā virzienā, izmantojot ārēju griezes momentu.

To var sajust dažos bezsuku ventilatoros un pakāpju motoros, kur, pagriežot vārpstu bez strāvas, tas pretojas nepārtrauktai kustībai, un šķiet, ka ir augstas pretestības vietas, kuras rotors nevēlas šķērsot. Vērpšanas laikā rotors strauji palēninās un, nokļūstot vienā no pievilcīgajām magnētiskajām iedobēm, var strauji svārstīties.

To var izmantot, lai pretotos ārējiem griezes momentiem bez bremzes, taču izmantojiet to, ja tas prasa apstādināt rotoru kādā no magnētiskajām iedobēm, nevis noteiktā pozīcijā. Bet, ja to apvieno ar pārnesumkārbu, precīzai konkrētai apstāšanās pozīcijai var nebūt pārāk kritiska nozīme, un blakus var būt vairākas akas, kur rotors var apstāties un kas nodrošina pieņemamu gala efekta izlīdzināšanu.

Rediģēt #2: Pastāvīgā magnēta vilkmes griezes moments ir visu strāvas vadu īssavienojuma rezultāts. Kad tas ir izdarīts, vārpstas pagriešana prasa ievērojami lielāku spēku nekā tad, ja pakāpiena spoles vadi ir atvienoti viens no otra.

Tas ir tāpēc, ka tad, kad spoles vadi ir savienoti kopā, kad rotors griežas, tas darbojas kā ģenerators un strāva plūst caur spolēm. Šī strāvas plūsma rada tā saukto pretelektromotora spēku (CEMF), kas neitralizē pastāvīgā magnēta magnētisko lauku.

Šis CEMF var nodrošināt papildu pretestību rotācijai, kad servo nav darbināms. Lai gan CEMF neaizkavēs kustību, tas var palīdzēt pretoties nepārtrauktai kustībai un nodrošināt tūlītēju palēninājumu, ja tiek pielietoti periodiski slodzes tapas, kas mēģina pārvietot bezpiedziņas servo.

Viss iepriekš minētais parasti attiecas arī uz lineāro motoru servos. Tiem nav pārnesumu samazināšanas, bet kustību ratiņus var ieeļļot ar biezu smērvielu, aprīkot ar paneli un tiem ir magnētiskās bremzes.


Vai šis kandidāts efektīvi izvērtē prasības un vajadzības gadījumā meklē papildu ieguldījumu?

Kad inženierim tiek nodota prasība (izmantojot SOW vai specifikāciju vai kādu citu prasību dokumentu), daži ir pašsaprotami, bet citi-pilnīgi neskaidri. Šis ir lielisks pēdējā piemērs. Kā parādīja iepriekšējās atbildes, nav iespējams atbildēt uz šo prasību, neizvirzot vairākus galvenos pieņēmumus (a) par jautājuma būtību vai (b) par sistēmas būtību, jo prasību nevar izpildīt. kā rakstīts (tas nav iespējams).

Lielākā daļa atbilžu mēģina vienu vai otru problēmu atrisināt, izmantojot virkni pieņēmumu. Viens īpaši iesaka to ātri paveikt un ļaut klientam par to uztraukties, ja tas ir nepareizi.

Šī ir patiešām slikta pieeja. Kā klients, ja es izvirzīšu neskaidru prasību un inženieris aiziet un izveido man risinājumu, kas nedarbojas, es būšu sarūgtināts, ka viņi devās uz darbu un iztērēja manu naudu, vispirms neuztraucoties man jautāt. Šāda veida kavalieru lēmumu pieņemšana liecina par komandas darba trūkumu, nespēju kritiski domāt un sliktu spriedumu. Tas var novest pie jebkāda veida negatīvām sekām, ieskaitot dzīvības zaudēšanu drošībai kritiskā sistēmā.


Kā apbruņot Yubikey

Pirms pāris gadiem man bija YubiKey, kuru ietekmēja drošības ievainojamība, un, lai novērstu šo problēmu, Yubico man bez maksas nosūtīja pavisam jaunu YubiKey. Tā kā pēc jaunā saņemšanas autentifikācijai neizmantoju veco YubiKey, es nolēmu noskaidrot, vai varu to pārvērst par kaut ko līdzīgu USB Rubber Ducky un USB ierīci, kas emulē tastatūru un nosūta datoram sēriju ieprogrammēto taustiņu nospiešanu, kad tas ir pievienots.

Izrādījās, ka es to varēju izdarīt, un, lai gan krājums YubiKey nav ideāls kā USB piliens, tas ir ērts ikdienas nēsāšanai, bieži vien ir mazāk pamanāms nekā zibatmiņas disks, un man tas ir noderējis. vairākas reizes kā ekspromts veids, kā izlauzties no kioska ierobežotā apvalka, kad nebija pieejami citi rīki.

Šajā rakstā es paskaidrošu, kā es identificēju visus taustiņu nospiešanas gadījumus, kurus varētu izveidot mans YubiKey krājums, izmantojot ASV tastatūras izkārtojumu, un pēc tam izveidoju lietderīgās slodzes, izmantojot šīs atslēgas.

1. darbība: lejupielādējiet YubiKey personalizācijas rīku

YubiKey savā vietnē nodrošina programmu YubiKey Personalization Tool (YPT), ko var izmantot, lai pielāgotu dažādas YubiKey funkcijas operētājsistēmā Linux, Windows vai Mac. Es šajā ziņojumā izmantoju Linux versiju, taču Windows un Mac versijām vajadzētu darboties ļoti līdzīgi.

Ja izmantojat Linux versiju kā es, iespējams, jums būs jāveido programma no YubiKey nodrošinātā avota koda. Norādījumi, kā to izdarīt, ir iekļauti failā README, kas tiek piegādāts kopā ar avota kodu, un ir viegli izpildāmi, tāpēc es tos šeit neaprakstīju.

2. darbība: YubiKey programmēšana ar statisku paroli

Noklusējuma konfigurācijā YubiKey ierakstīs unikālu autentifikācijas marķieri, kad tas tiks izmantots, un šis marķieris mainīsies katrā lietošanas reizē. Tomēr YubiKey var arī ieprogrammēt tā vietā ievadīt statisku, lietotāja definētu paroli. Tā kā YubiKey ievada datus datorā tāpat kā parasta tastatūra, es vēlējos noskaidrot, vai ar to papildus standarta burtiem, cipariem un simboliem var nospiest interesantākus taustiņus, piemēram, CTRL, ALT vai Windows taustiņu. Lai to pārbaudītu, es sāku YPT un augšējā joslā izvēlējos opciju Statiskā parole. Pēc tam lapā Statiskā parole es noklikšķināju uz pogas ar uzrakstu “Scan Code ”.

Lai saprastu, kā viss darbojās, es sāku programmēt YubiKey ar ļoti vienkāršo statisko paroli “abcdef ”. Lai to izdarītu, logā Statiskā parole es izvēlējos šādas opcijas:

  1. Konfigurācijas slots: Konfigurācijas slots 1
  2. Tastatūra: ASV tastatūra
  3. Parole: abcdef

Es pamanīju, ka, ievadot paroli laukā Parole, laukā Skenēšanas kodi labajā pusē sāka parādīties heksadecimālās vērtības. Es to ņēmu vērā un nolēmu, ka manam nākamajam solim pēc YubiKey programmēšanas ar statisku paroli vajadzētu būt heksadecimālās vērtības noteikšanai katrai atslēgai, kuru vēlējos ierakstīt. Tādā veidā es varētu to ieprogrammēt, nospiežot taustiņus, kurus es nevarēju ievadīt paroles laukā un#8211 taustiņus, piemēram, CTRL un ALT.

Šajā ekrānuzņēmumā ir redzami visi iepriekš aprakstītie iestatījumi un skenēšanas kodi, kas tika ģenerēti, ievadot manu paroli:

Pēc tam es noklikšķināju uz “Rakstīt konfigurāciju ”, lai ierakstītu statisko paroli savā YubiKey. Pirmo reizi to darot, parādījās dialoglodziņš, kurā tika lūgts apstiprināt, ka vēlos pārrakstīt pašreizējo 1. slota konfigurāciju savā YubiKey. Es atzīmēju izvēles rūtiņu “Nerādīt šo ziņojumu vēlreiz ” un noklikšķināju uz Jā, lai ierakstītu izmaiņas ierīcē.

BRĪDINĀJUMS. Ja sekojat līdzi savam YubiKey, pārliecinieties, ka tas ir tas, kuru jūs pašlaik neizmantojat autentifikācijai. Ja rakstīsit jauno konfigurāciju YubiKey, tiks dzēsti iestatījumi, kas saglabāti jūsu izvēlētajā konfigurācijas slotā, un jums būs jāpārprogrammē YubiKey un pārreģistrējiet to pakalpojumos, kurus izmantojat, lai to atkal izmantotu daudzfaktoru autentifikācijai. Ja autentifikācijai izmantojat tikai vienu konfigurācijas slotu YubiKey, jūs droši varat pārrakstīt otru. Bet, ja neesat pārliecināts, vislabāk ir vai nu atcelt YubiKey reģistrāciju no pakalpojumiem, kurus izmantojat vispirms, vai vienkārši izmantot citu YubiKey.

Pēc izmaiņu rakstīšanas es atvēru teksta redaktoru un nospiedu YubiKey aparatūras pogu. YubiKey ekrānā ierakstīja paroli, “abcdef un#8221, kā paredzēts.

3. darbība. YubiKey ’s heksadecimālo atslēgu kodu identificēšana

Tagad, kad biju apstiprinājis, ka varu iegūt YubiKey, lai ievadītu iepriekš noteiktu atslēgu sēriju, nākamais, ko vēlējos darīt, bija izdomāt, vai es varu likt tai nospiest interesantākus taustiņus, YPT norādot heksadecimālos “Scan Codes ”. Lai sāktu skenēšanas kodu kartēšanu ar atbilstošajiem taustiņu nospiešanas veidiem, es sāku ar ļoti zemo tehnoloģiju pieeju, rakstot burtus “a ” līdz “z ” YPT laukā Parole un novērojot rezultātus skenēšanas kodos lauks. Rezultātā laukā Skenēšanas kodi parādījās heksadecimālās vērtības 04 līdz 1D.

Es atkārtoju šo procesu visiem pārējiem izdrukājamajiem taustiņiem uz manas tastatūras, kā arī katra lielā burta versijai. Es pierakstīju visas savāktās heksadecimālās vērtības un to vērtību diapazonus, kas man vēl nebija atbilstīgi tastatūras taustiņam. Es sakārtoju visas rakstzīmes, kuras spēju dekodēt, tabulā, un pēc tam es pamanīju modeli. Izrādījās, ka skenēšanas kodi ir sadalīti pa vidu, un mazie burti atrodas starp 00-7F un lielajiem burtiem vai “key + Shift un#8221 versijas, kas atrodas vienā vietā starp 80-FF. To skaidrāk var redzēt zemāk esošajā tabulā.

Tagad atlika tikai noteikt taustiņu nospiešanu, ko ģenerēja heksadecimālās vērtības katrā nezināmā diapazonā. Tā kā, ierakstot heksadecimālās vērtības laukā YPT skenēšanas kodi, netika parādīta neviena izvade, un tāpēc, ka es gaidīju, ka daudzas no nezināmajos diapazonos nospiestajām taustiņām ir taustiņi, kas nerada izdrukājamu izvadi (piemēram, CTRL taustiņš), Man vajadzēja veidu, kā uzņemt YubiKey ģenerētos neapstrādātos taustiņu spiedienus. Šim nolūkam es nolēmu izvades atšifrēšanai izmantot Linux rīku xinput un savu xinput-keylog-decoder skriptu.

Ja jūs neesat iepazinies ar xinput, tas ir komandrindas rīks, kas kopā ar grafisko darbvirsmas vidi parasti tiek iekļauts daudzos Linux izplatījumos. Tas arī bieži tiek ļaunprātīgi izmantots kā keylogger, ja šīs sistēmas ir apdraudētas, un es šim nolūkam izveidoju rīku xinput-keylog-decoder.

Tā kā YubiKey būtībā ir tastatūra, pirmā lieta, ko es izdarīju, nospiežot taustiņus, bija identificēt tā ID numuru xinput. Es to pārbaudīju, palaižot komandu xinput bez jebkādiem argumentiem, un noskaidroju, ka tās ID ir 16, kā parādīts zemāk esošajā izvadē.

Pēc noklusējuma skripta paraugs, kas tiek piegādāts kopā ar xinput-keylog-dekodētāju, reģistrē ievadi no visām sistēmai pievienotajām tastatūrām, taču, zinot YubiKey ID, es varēju konkrēti atlasīt šo ierīci, analizējot izvadi.

Pēc tam es atvēru trīs termināļa logus un izpildīju komandas, lai reģistrētu un analizētu YubiKey ģenerētos taustiņu spiedienus. Zemāk esošajā ekrānuzņēmumā ir izskaidrots katras komandas mērķis.

  • Augšējais terminālis: pārtrauciet visus pašlaik palaistos xinput procesus, sāciet jaunu xinput procesu un sāciet bezgalīgu cilpu, lai nolasītu ievadi no tastatūras. Šis ir termināļa logs, kuru es turēju atlasītu, kamēr YubiKey ievadīja taustiņus sistēmā. Tādā veidā viss, ko tas ierakstīja, netraucētu citiem termināļa logiem.
  • Vidējais terminālis: katru sekundi ekrānā parādiet testa izvades neapstrādāto izvadi. test-output.16.txt ir fails, kurā tika automātiski saglabāti taustiņu nospiedumi no tastatūras ID 16. Neapstrādāto atslēgu kodu parādīšana, izmantojot xinput, ļāva man iegūt vairāk informācijas, ja xinput-keylog-decoder.py trešajā termināļa logā neizdevās atšifrēt taustiņu nospiešanu.

Visbeidzot, programmējot heksadecimālos skenēšanas kodus YubiKey, es sāku, ievadot tos starp divām zināmām rakstzīmēm – parasti “a ” (skenēšanas kods 04) un “b ” (skenēšanas kods 05). Tādā veidā es varēju apstiprināt, ka taustiņi pirms un pēc mērķa taustiņu nospiešanas patiešām tika nospiesti, un tas ļāva man noteikt, vai taustiņu nospiešana kaut kādā veidā ietekmē šos citus taustiņus. Tālāk ir sniegts šī procesa piemērs, mērķējot uz skenēšanas kodu 𔄚A ”.

Pirmajā ekrānuzņēmumā varat redzēt neidentificētu skenēšanas kodu 𔄚A ”, kas atrodas starp skenēšanas kodiem “a ” un “b ”. Varat arī pamanīt tukšo atstarpi starp “a ” un “b ” paroles laukā.

Nākamajā ekrānuzņēmumā es izvēlējos augšējo termināli un nospiedu sava YubiKey pogu. No pirmā acu uzmetiena šķiet, ka tika nospiests tikai taustiņš “b ” un “a ”. Tomēr, pārbaudot vidējo logu, jūs varat redzēt, ka trīs taustiņi tika nospiesti un atbrīvoti pēc kārtas. Trešajā logā vidējā loga atslēgu kodi tiek atšifrēti cilvēkam draudzīgā formātā, un ir skaidrs, ka nospiestās taustiņas bija “a ”, atpakaļatkāpes taustiņš un “b ”. Tas izskaidro, kāpēc “a ” neparādījās pirmajā logā un identificē mērķa skenēšanas kodu 𔄚A ” kā atpakaļatkāpes taustiņu.

Pēc tam, kad šādā veidā bija identificēta atslēga, viss, ko es darīju, bija nospiest taustiņu kombināciju CTRL+C, lai apturētu darbības cilpu augšējā logā, vēlreiz palaidiet komandu (lai notīrītu žurnālu un restartētu reģistrētāju), un pēc tam atkārtojiet iepriekš minēto procesu. Pēc šo darbību atkārtošanas katrai neidentificētai heksadecimālajai vērtībai es apstiprināju taustiņu nospiešanu, ko radīja katrs iespējamais skenēšanas kods, un apkopoju tos tabulā zemāk.

Skenēšanas kodu dekodēšanas laikā es arī novēroju, ka YubiKey dažu taustiņu nospiešanas secību beigās automātiski nospiedīs taustiņu Enter. Dažos gadījumos es varēju novērst šo uzvedību, pārtraucot secību ar skenēšanas kodu 󈫰 ”, taču tas ne vienmēr darbojās. Lai parādītu, šeit ir ekrānuzņēmums ar YubiKey, kas ir konfigurēts, lai ierakstītu burtus “a ” līdz “z ”, un izvades ekrānuzņēmumu, tiklīdz tiek nospiesta YubiKey ’s poga. Ņemiet vērā, ka taustiņš “z ” (skenēšanas kods 𔄙D ”) bija pēdējā YubiKey ieprogrammētā atslēga, bet YubiKey tik un tā virknes beigās nospieda taustiņu Enter. Tas atšķiras no uzvedības, kas novērota, dekodējot atpakaļatkāpes taustiņa kodu iepriekšējā piemērā, kur taustiņš Enter netika nospiests.

Šķiet, ka šo darbību ietekmē gan taustiņu nospiešanas secības ilgums, gan YubiKey ’s izvades ātrums (konfigurējams YPT iestatījumu ekrānā). Manā testēšanā papildu Enter taustiņš neparādījās mazāk nekā 23 taustiņu secībā, kas tika ierakstīta ar standarta izvades rakstzīmju ātrumu. Tomēr rakstzīmju ātruma palēnināšana par 60 ms izraisīja taustiņa Enter automātisku nospiešanu uz sekvencēm, kas ir tik īsas kā viena taustiņa nospiešana. Uzmanieties no tā, veidojot kravas savā YubiKey, ja nevēlaties, lai tā beigās automātiski tiktu nospiests Enter.

4. darbība. Noderīgu kravu izveide

Tā kā visi skenēšanas kodi bija saskaņoti ar taustiņiem, kurus viņi nospiež, es tagad biju gatavs sākt veidot lietderīgās kravas. Diemžēl neviens no maniem pārbaudītajiem skenēšanas kodiem nespieda CTRL, ALT vai Windows taustiņus, kurus es cerēju atrast, tāpēc, lai gan to varēja izmantot, lai ierakstītu garu vienas rindas līniju, tas nebija ideāls kā pilnībā automatizēts komandu ievadīšanas rīks vai USB piliens, piemēram, Rubber Ducky vai Teensy.

Lai gan YubiKey nenospieda CTRL, ALT vai Windows taustiņu, tam joprojām ir piekļuve vairākiem citiem potenciāli interesantiem taustiņiem, tostarp:

  • Shift (izmantojot vienu no “Shift + bez efektiem un#8221 skenēšanas kodiem)
  • Funkciju taustiņi (F1-F12)
  • Izvēlnes taustiņš (ekvivalents peles labajam klikšķim)
  • Escape
  • Shift taustiņš kombinācijā ar visiem identificētajiem taustiņiem

Lai gan šie taustiņi, iespējams, nav vēlami, lai ievadītu izpildāmu lietderīgu slodzi mērķa sistēmā, viens no scenārijiem, kad tie ir ārkārtīgi noderīgi, ir mēģinājums izlauzties no datora kioska ierobežotā apvalka.

Sakarā ar grūtībām pilnībā nodrošināt kioska programmatūru, kiosku veidotāji bieži fiziski noņem taustiņus no tastatūrām, peles labās pogas pogas no rādītājierīcēm vai pilnībā noņem abas ierīces par labu skārienekrānam. Bet nav nekas neparasts, ka USB porti kioskā paliek atklāti, lai tehniķi varētu pievienot savas tastatūras problēmu novēršanai. Šādā gadījumā uzbrucējs, kas ir bruņots ar savu tastatūru (vai šajā gadījumā YubiKey), var vienkārši pieslēgt tastatūru kioskam un izmantot vienu no daudzām labi zināmām metodēm, lai izkļūtu no ierobežotā apvalka un pārņemtu kontroli dators.

Pirmais solis, kā izbēgt no kioska ierobežotas čaulas, bieži vien ir tikai jauna lietojumprogrammas loga atvēršana, vai tas būtu dialoglodziņš, jauns pārlūkprogrammas logs vai jebkas cits. Un tas bieži vien ir solis, kurā tastatūra ir visnoderīgākā, jo pārējo uzbrukumu parasti var veikt ar minimālu rādītājierīces ievadi. Tālāk esošajā tabulā ir aprakstīti taustiņu nospiešanas gadījumi, kurus YubiKey var ievadīt, lai mēģinātu izpildīt šo pirmo darbību.

Taustiņu nospiešanaIetekme uz datoru kiosku
EscapeIziet no pašreizējā loga
Piecas reizes nospiediet ShiftAtver dialoglodziņu Windows ’ Sticky Keys
F1Atver dialoglodziņu Palīdzība daudzās lietojumprogrammās un operētājsistēmās
F6Atlasa tīmekļa pārlūkprogrammas adreses joslu
F10, lejupvērstā bultiņaAtver lietojumprogrammu izvēlni daudzās lietojumprogrammās
F10, lejupvērstā bultiņa un#8220n ”Atver jaunu logu pārlūkprogrammās Chrome, Firefox un Windows Explorer
F10, lejupvērstā bultiņa un#8220p ”Atver drukas dialoglodziņu daudzās lietojumprogrammās
F11Iziet no pilnekrāna režīma. Var atklāt tīmekļa pārlūkprogrammas un adreses joslu
F12, EscAtver tīmekļa izstrādātāju rīkus un izvēlas JavaScript konsoli
Shift + F10Ar peles labo pogu noklikšķiniet. Atver īsinājumizvēlni
Shift + izvēlneShift + ar peles labo pogu noklikšķiniet. Atver īsinājumizvēlni ar paplašinātām opcijām, lai Windows Explorer palaistu komandu uzvedni vai PowerShell
Citi funkciju taustiņi (F1-F12)
Papildu funkcionalitāte daudzās lietojumprogrammās. Slēptās funkcijas/izvēlnes dažās kioska programmatūrās
Drukāt ekrānuDažās sistēmās tiek atvērts ekrānuzņēmuma dialoglodziņš

Paturot prātā šīs funkcijas, es izveidoju trīs zemāk esošās kravas, lai izmantotu savu YubiKey kā kioska izlaušanās ierīci.

YubiKey kravas

  • Kravnesība 1 – Vienkārša funkciju taustiņa un lipīgo taustiņu pārbaude
    • Skenēšanas kodi: 522c3a3b3c3d3e3f404142434445e6e6e6e6e6e652
    • Izejas rakstzīmju ātrums: Standarta
    • Taustiņu nospiešana:
      • Aktivizēt hipersaiti dialoglodziņā Sticky Keys (ja ir): augšupvērstā bultiņa, atstarpes taustiņš
      • Nospiediet katru funkciju taustiņu: F1, F2, F3, F4, F5, F6, F7, F8, F9, F10, F11, F12
      • Atveriet dialoglodziņu Sticky Keys, piecas reizes nospiežot Shift, kā arī vienu, lai būtu drošībā: Shift, Shift, Shift, Shift, Shift, Shift
      • Dialogā Sticky Keys atlasiet hipersaiti un mēģiniet bloķēt taustiņa Enter aizvēršanu, ja tas tiek nospiests: bultiņa uz augšu
      • Skenēšanas kodi: 3f2a06b3a83f4dca06b3283c443e3b3d40ab2c29e5115128454142435113113ae6e6e6e6e652
      • Izejas rakstzīmju ātrums: Palēniniet ātrumu par 60 ms
      • Taustiņu nospiešana:
        • Atveriet “c: ” jaunā pārlūkprogrammas logā: F6, atpakaļatkāpes taustiņš, ierakstiet “c: ”, Shift+Enter
        • Atvērt “c: ” (Chrome): F6, Beigas, Shift+Sākums, “c: ”, Ievadiet
        • Nospiediet funkciju taustiņus: F3, F11, F5, F2, F4
        • Izmēģiniet F7 un aizveriet dialoglodziņu, ja tas parādās: F7, Shift+Tab, Space, Esc
        • Atveriet jaunu pārlūkprogrammas logu: Shift+Menu, n, Down, Enter
        • Izmēģiniet F12/tīmekļa izstrādātāja konsoli: F12
        • Izmēģiniet F8 un F9: F8, F9
        • Atveriet drukāšanas dialoglodziņu vai jaunu pārlūkprogrammu: F10, uz leju, p, n
        • Izmēģiniet F1/Palīdzība: F1
        • Atveriet dialoglodziņu Sticky Keys: Shift, Shift, Shift, Shift, Shift
        • Neļaujiet taustiņam Enter aizvērt dialoglodziņu Sticky Keys: uz augšu
        • Skenēšanas kodi: e5
        • Izejas rakstzīmju ātrums: Standarta
        • Taustiņu nospiešana: Shift+izvēlnes taustiņš

        Pirmā lietderīgā slodze ir ļoti vienkārša: tā nospiež augšupvērsto bultiņu, atstarpes taustiņu, katru funkciju taustiņu (F1-F12) un pēc tam sešas reizes nospiež taustiņu Shift, pirms vēlreiz nospiež augšupvērsto bultiņu. Šīs lietderīgās slodzes mērķis ir pārbaudīt katru funkciju taustiņu, lai noskaidrotu, vai tas nodrošina veidu, kā piekļūt kioska papildu funkcijām, un pēc tam atkārtoti nospiediet taustiņu Shift, lai atvērtu dialoglodziņu Sticky Keys. Kad ir atvērts dialoglodziņš Sticky Keys, YubiKey pogu var nospiest otrreiz, un augšupvērstās bultiņas un atstarpes taustiņa nospiešana atvērs hipersaiti dialoglodziņā, lai pārietu uz Windows un#8217 ērtas piekļuves iestatījumiem. Šī bija pirmā lietderīgā slodze, ko izveidoju YubiKey, un tā ir ļoti veiksmīgi izkļuvusi no ierobežotām čaulām vairākās lauka platformās.

        Otrā lietderīgā slodze ir mēģinājums uzlabot pirmo, pielāgojot funkciju taustiņu izmantošanu, lai atspoguļotu to funkcijas parastajās tīmekļa pārlūkprogrammās. Piemēram, nav jēgas nospiest F7 un pēc tam nekavējoties izmēģināt F8, jo, nospiežot F7, lielākajā daļā pārlūkprogrammu tiek parādīta uzvedne, kas efektīvi bloķē F8 nospiešanu pārlūkprogrammas kontekstā. Katrs funkciju taustiņš kopā ar lipīgo taustiņu secību joprojām tiek nospiests tāpat kā pirmajā lietderīgajā slodzē. Papildu taustiņi ir iekļauti, lai mēģinātu automātiski izvēlēties izvēlnes opcijas un nodrošinātu pārlūkprogrammas savstarpēju saderību. Šī lietderīgā slodze ir jauna, ko es apkopoju, rakstot šo rakstu, tāpēc tā vēl nav izmantota šajā jomā. Tas līdz šim labi darbojās laboratorijas vidē un īpaši tad, ja tas darbojās vairāk nekā vienu reizi.

        Visbeidzot, trešā lietderīgā slodze vienkārši nospiež Shift plus izvēlnes taustiņu. Tas faktiski ir tas pats, kas turēt taustiņu Shift un ar peles labo pogu noklikšķināt. Tas dod man iespēju kioskam pievienot peles labo pogu, lai es varētu noklikšķināt ar peles labo pogu uz dažādām lietām, tiklīdz esmu ieguvis sākotnējo vietu. Tas arī nodrošina ātru saīsni uz PowerShell vai komandu uzvedni, ja es varu ar peles labo pogu noklikšķināt Explorer logā. Es parasti glabāju šo lietderīgo slodzi savā YubiKey 2. slotā, kā arī vienu no citām lietām 1. slotā.

        Secinājums

        Lai gan YubiKey ir lieliska divu faktoru autentifikācijas ierīce, tai noteikti trūkst dažas funkcijas, kas to padarītu par ideālu USB HID uzbrukuma rīku, un ir arī citi produkti, kas šo darbu jau dara daudz labāk. Iespējams, ka YubiKey kā uzbrukuma rīka galvenais spēks ir tas izskatās kā YubiKey. Augstas drošības vidēs, kurās nav atļauts izmantot zibatmiņas diskus, iespējams, varēs ievest YubiKey kontrabandu, un tuvplāna sociālās inženierijas scenārijos var būt vieglāk pārliecināt darbinieku atvērt publiska interneta kioska skapi. var “autentificēt ” savā e -pasta kontā, nekā tas būtu, ja pievienotu kādu neatpazītu ierīci.

        Manuprāt, tas ir galvenais atteikums eksperimentēt ar YubiKey. Ar nelielu piepūli un salīdzinoši nelielu tehnisko zinātību pat uzticamas elektroniskās ierīces var padarīt par uzbrukuma rīkiem.

        Mežonīgo rietumu Hackin un#8217 Fest – praktiskākais Infosec Con!

        Pievienojieties mums vietnē Savvaļas rietumu Hackins un#8217 Fest Deadwood —, 2020. gada 23.-25. septembris. Uzziniet vairāk: https://www.wildwesthackinfest.com/

        Pievienojieties BHIS emuāru adresātu sarakstam - saņemiet paziņojumus, kad publicējam jaunus emuārus, tīmekļa pārraides un aplādes.


        Secinājums

        Apsveicam ar pirmā sentimenta analīzes modeļa izveidi Python! Ko jūs domājāt par šo projektu? Jūs ne tikai izveidojāt noderīgu rīku datu analīzei, bet arī apguvāt daudzus dabiskās valodas apstrādes un mašīnmācīšanās pamatjēdzienus.

        Šajā apmācībā jūs uzzinājāt, kā:

        • Izmantot dabiskās valodas apstrāde tehnikas
        • Lieto mašīnmācīšanās klasifikators lai noteiktu apstrādāto teksta datu noskaņojumu
        • Veidojiet savu NLP cauruļvads ar spaCy

        Tagad jums ir pamata instrumentu kopums, lai izveidotu vairāk modeļu, lai atbildētu uz visiem jautājumiem, kas jums varētu rasties. Ja jums patīk pārskatīt apgūto, varat lejupielādēt un eksperimentēt ar šajā apmācībā izmantoto kodu zemāk esošajā saitē:

        Iegūstiet avota kodu: Noklikšķiniet šeit, lai uzzinātu avota kodu, ko jūs izmantojat, lai šajā apmācībā uzzinātu par noskaņojuma analīzi, izmantojot dabiskās valodas apstrādi.

        What else could you do with this project? See below for some suggestions.


        12 Atbildes 12

        This Answer is obsolete - and contains methods which were WRONG even when it was written.

        Unfortunately this still gets flagged as a Suggestion by StackOverflow.

        For running Midori on startup, take a look at this tutorial. For DIY solutions, read on.

        You can add your script executable command to the bottom of .bashrc that will run your script every time open a terminal (or run a new instance of bash ).

        Make sure you are in the pi folder:

        Create a file and write a script to run in the file:

        Save and exit: Ctrl + X , Y , Enter

        Open up .bashrc for configuration:

        .bashrc is intended to run scripts.

        It is run each time a non-login interactive shell is started and is used to configure the shell.

        /.bashrc: executed by bash(1) for non-login shells .

        Scroll down to the bottom and add the line: ./superscript

        Save and exit: Ctrl + X , Y , Enter

        If you are looking for a solution that works on bootup to the console, take a look at this link. Basic rundown:

        Create a file for your startup script and write your script in the file:

        Save and exit: Ctrl + X , Y , Enter

        Make the script executable:

        Register script to be run at startup:

        If you want a script to run when you boot into the LXDE environment, you could take a look at this Raspberry Pi forum post:

        Open the autostart file in that folder:

        Add @midori on a new line. If you want to run something like a python script, put something like @python mypython.py on a new line. Running a script file would be @./superscript , but for some reason the script runs in an infinite loop (perhaps this will stop that).

        Save and exit: Ctrl + X , Y , Enter

        Restart your Raspberry Pi into the LXDE environment.

        The way that I've seen most people do it (have a look on the Raspberry Pi forums), and have done myself with success is using /etc/rc.local .

        All you need to do here is put ./myscript in the rc.local text file. If it's in python, put python myscript.py .

        This literally is "a simple solution, (like dropping my script in some "startup" directory or something similar)"- maybe search on the forums when you're having questions as well, this solution came up on the first 4 results of a google search!


        The Infinite Loop

        A loop becomes infinite loop if a condition never becomes FALSE. You must use caution when using while loops because of the possibility that this condition never resolves to a FALSE value. This results in a loop that never ends. Such a loop is called an infinite loop.

        An infinite loop might be useful in client/server programming where the server needs to run continuously so that client programs can communicate with it as and when required.

        When the above code is executed, it produces the following result &minus

        Above example goes in an infinite loop and you need to use CTRL+C to exit the program.


        3 atbildes 3

        Your is_prime() function checks if num is a multiple of any number below it. This means that it checks if it is a multiple of 2, 4, 6, 8, 10, etc. We know that if it isn't a multiple of 2, it won't be a multiple of 4, etc. This goes for all other numbers, if it isn't a multiple of 3, it won't be a multiple of 27 (3x3x3).

        What you need to do is check if num is a multiple of any prime number before it.

        I'm sure someone else here will come up with an even more efficient solution, but this'll get you started.

        You only need to loop to the square root of the number, because after that you'll just repeat the same numbers again. For example if you were testing for 100, after 10 you will find 20, but you already tested it while you were testing the 5, 100/5 = 20 and 100/20 = 5, if 5 didn't divide 100 so 20 won't and vice versa, so 100/a = b tests for the divisibility by a and b, only at 10 which is sqrt(100) will a and b be repeated again but in reversed order, (e.g you a=5, b=20 and a=20, b=5). Vairāk informācijas šeit

        So the code will look like that

        But overall this naive method consumes a lot of time, it's O(sqrt(n) * n) where n is the total number of integers tested, I suggest you learn more about Sieve of Eratosthenes, it's an algorithm for finding all primes less than n in O(n * log(log(n))) which is alot faster than the naive one.


        Junior and senior SE employees need to attend a 101 class in human decency.

        It's not a joke. Forget about being more inclusive and welcoming, these have proven to be empty words. If executives and/or directors cannot communicate meaningfully in private with someone the calibre of Monica, there is something seriously wrong with their internal policy.

        One month on, the gravity of the situation continues to prolong and worsen.

        I also use my real name on this site. If what happened to Monica happened to me, I would be just as appalled and frustrated.

        SE has to address this rather than simply ignore it.

        I also throw my wholehearted support behind Monica in her effort to get as much of this situation repaired as possible.

        A few practical suggestions:

        If a GoFundMe page is set up to help deal with the personal expenses that have been and will be faced, I will happily contribute to that.

        If there is a petition created in her support, I will happily sign that.

        If there is some other forum where I can express my public support, I will participate there too.

        Monica has started a GoFundMe page. I hope you join me in supporting her there.

        I am wholeheartedly yet heavy-heartedly supporting your GoFundMe appeal 1 for legal funds.

        Wholeheartedly, as I commented there with my initial donation toward your first goal (copyedited, formatted, and hyperlinked here):

        I have known Monica since Mi Yodeya launched into the Stack Exchange network, and she started contributing her knowledge and curiosity to the community. When we held our first mod elections, I endorsed her as an "example of how to behave courteously, respectfully, and productively in an online community," and she has continued to set such an example over many years as a moderator on Mi Yodeya and elsewhere across the Stack Exchange network.

        I trust Monica with my money, and so has Stack Exchange. When we needed money to publish "Days of Awe - Mi Yodeya?", Monica set up a fundraising page much like this one to handle donations from the community, which earned us matching funds from Stack Exchange. At every step of the project, Monica displayed due care and more for acquitting the trust that all of us had put in her to handle our money honestly and transparently.

        Heavy-heartedly, because it is so stupid, wasteful, and destructive that we're at this stage of conflict. We're all here on Stack Exchange because we like to use words to help other people. Here, though, Stack Exchange has used words to hurt you, you've pleaded with them to use more words to help reverse the damage, and they have responded with

        Stack Exchange isn't refusing to help. They are not dignifying your plea with any response at all, not even an honest "No." Their silence on this issue is so all-consuming that I think it's even preventing them from seriously considering your plea. More than once, I have seen Stack Exchange staff respond to discussion of this post and specifically to calls for them to fix the damage to your name, by essentially changing the subject.

        This silent treatment by Stack Exchange toward a long-standing community member and volunteer whom they've harmed strikes me as a classic form of abusive behavior. Whatever confidential corporate risk-management concerns are behind this behavior may explain it, but they cannot excuse it.

        I know that Stack Exchange staff is made up of many exceptionally good, caring people. I know that these good people are tremendously frustrated by this whole situation, as we all are.

        When good people are stuck in a conflict, especially good, caring people who are expert communicators, the obvious thing to do is to talk to each other. That's what you've been asking for for weeks. But again, some sort of corporate risk-management strategy is dictating that no such human interaction with you is permitted.

        So here you are, raising money for legal fees. Here's Stack Exchange, muzzling their best communicators, piling hurt upon hurt to you and the community, and doubtless stocking up their own legal arsenal. And here's hundreds of the rest of us, sad and angry on a daily basis as we watch a company we've loved hurt you and bury its own heart.

        So, my heart is heavy as I contribute to your fund, because it is stupid, wasteful, and destructive that this is what has to happen for Stack Exchange to do the basic decent thing and address the harm they've done to you.

        Maybe with the intermediation of lawyers, maybe by some miracle without, may Stack Exchange talk to you again, and may you find a way to work together to repair what can be repaired. May we all return kopā to the noble business of helping people around the world share helpful words.

        1. I had a link to the GoFundMe appeal here, but Stack Exchange edited it out, per "Why is SE removing links and community ads about legal issues?".

        Anyone who is as offended as I am about the abuse Monica has endured at the hands of SE, Please consider a contribution to her GoFundMe page.
        You can find this page by doing a Google search for:

        In my fantasies.

        • Monica is reinstated on every site where she was recently a moderator.
        • All the moderators who left or took a leave over this are also given the chance to return.
        • SE institutes moderator training like they've been talking about doing and includes gender/pronoun issues (this is important).

        And I get to go back to pouring my heart and soul into writing questions and answers and contributing to the community that has been an important part of my life for the last year. Both on Writing, where I'm a moderator, and on many other sites that I am a part of.

        And then I wake up.

        Reinstating Monica is vital but it's not enough. Stack Exchange the corporation can't treat her like a wrongdoer who has learned the error of her ways and is allowed back into the fold.

        Because they have caused damage. Damage to her reputation. Damage to her real life persona (she uses her real name as her user name and anyone can track her down because of that and information in her profiles). How far that will go, I don't know. But the sooner it gets stopped, the better.

        At first the only damage was to her status here on SE, when it could have been easily fixed. But that all changed when SE staff spoke to the media. Instead of fixing it then, they doubled down. They made more public statements about Monica's supposed wrongdoing, here on SE (in publicly accessible posts) and alluded to it on Twitter.

        Until they fix this, none of the rest of this is going to work. They want her to apply to be reinstated and they've hinted that it will happen (no guarantees though. maybe they have other plans). But they are glossing over the damage.

        I want it to be that easy. I want Monica to apply for reinstatement, get it, and everything goes back to normal. But this is a fantasy.

        The longer this goes on, the harder it will be to fix. But it's still fixable! It has to come from the upper levels of SE. They have admitted mistakes in how they handled Monica's situation, but they need to go a few steps further. Make a sincere effort to repair her reputation and right the wrongs they've created. Then, and only then, will reinstatement mean anything.

        I still love this community and it pains me to have lost it. I know I'm not the only one. I pray that SE will do what's right.

        If there was a mensch in senior management at SO Inc, they would already have done two things:

        • Reinstated Monica based on at least the appearance that the company's actions were not the way they think matters should have been handled.
        • Issued a public apology stating that what had been publically released were personal opinions that don't represent the thoughts of the company, and may have been based on a misunderstanding. And that Monica is held in the highest esteem by the company, as evidenced by her reinstatement.

        Instead, senior management appears to be listening to the advice of the corporate lawyers. Their standard playbook includes some basic operating strategy:

        • Never admit anything, your position is that you've done nothing wrong.
        • Don't deal with anything you don't have to. Most people don't have the energy or money to fight a corporation and its resources. They make a little noise and then go away. Just wait them out.
        • Don't do anything to make life easier for an opponent. Don't respond to communications or have human interaction. It makes the opposition burn out and give up that much sooner.
        • Once you've screwed somebody, don't let them back in the door. The baggage will always be there, and you will need to deal with it again later.
        • If the person does not give up and go away, and they get a lawyer, they've passed the first test of demonstrating that they're serious. That's when any resolution process starts, not before.

        Bottom line, there will be no action from SOI until Monica's lawyer contacts SOI's lawyers.

        I scrolled to the bottom of this post, hoping to see an official SO response, offering a positive closure to this. But there is none, nothing, nada. And that's pathetic.

        Not only did they have to take your job away over reasons that as far as I can tell are mostly/completely made up, they had to humiliate you (very publicly, I might add) on top of it. In no way is this acceptable. I don't care if you burned down SO HQ and told the CEO to you-know-what. That sort of treatment is unacceptable. You're a human being and as such entitled to some basic respect.

        If I had to guess, whatever you were discussing irritated a higher-up and your firing was more of a way to get revenge/shut you up than for any legitimate reason. Honestly, comparing your posts on SE in general and the CoC, I'm not seeing any clear violations.

        I've encountered you before on these sites, Monica. You're one of my favorite moderators. You're fair, reasonable, and recognize people posting as human. You've even stepped in when another moderator seemed to be after my blood. I, for one, certainly hope you get reinstated. And regarding the legal matters, I'd highly recommend looking into your options. If SO continues to handle it the same way, this could get nasty for you.

        And to SO: Please, for God's sake, take the appropriate action here. She did nothing wrong, and your actions were not that of a ethical, well behaved business. I'm in college right now for business administration (freshman year), and everything I've learned thus far indicates you handled this all wrong. You didn't ensure you had adequate reason, and you didn't keep it private. You've made a mistake, big deal. If handled in a fair, ethical, and logical manner, this could all be in the past soon. If you keep handling it poorly, people won't forget this, and some won't forgive. I for one won't.

        Some folks showed support by posting question, answers, or just writing about their feelings. Some just silently supported you. One (badly ^^) knitted this :) Keep being strong and fight for your own sake at the moment, hopefully, things will get better, sooner or later.

        I'm not a lawyer, but it seems like any admission of SE inflicting real harm on you - whether it be a personal apology, summary reinstatement, or retraction of public statements - would expose them to civil litigation. Even if you don't want to sue, no corporate lawyer worth their retainer is going to let SE open themselves up to such a liability.

        You probably need a lawyer. Even if you're not looking for money, if your list consists of bright lines for you (and I think you're justified in that), you'll likely need a settlement that puts that in writing before the legal knots involved can be untied.

        I don't know why the decision was made to remove Monica as a moderator, as to me it just seems to be "He said, she said" at this point, so I can't say if it was fair or not.

        Tomēr it is a fact that what SO (the company) did has actively harmed Monica's reputation, both professionally and personally. SO took a private matter and immediately went public with it, both on meta and to external press. That is not how you treat people, and makes me ashamed to think I'm part of a community led by a company that doesn't value individual humans.

        Now we all make mistakes. I believe there are only very few people that have not lashed out, or done something in an emotional surge that they later regretted. And that is fine. We are humans, and humans act on impulses and emotions. What makes the difference is how you follow up on your mistakes, and how you learn from them. This is the part SO (the company) has failed on.

        What SO should do is retract the public statements made, apologize, and seek to restore the damage done to your reputation. And then clear up any misunderstandings with you in private.

        This is the way SE works

        I went through a situation a few years ago - utterly trivial by comparison to this - where the way it was handled made a few hard truths obvious.

        SE is not interested in people generating good content. SE is not interested in people being good actors for communities. SE ir interested in the numbers. The billionth question, the x-millionth user, the number of hits per day, that is all that SE is interested in.

        Unless you are overtly contributing to pushing those numbers up, SE really doesn't give a flying one about you. You could be generating great answers on a specialised topic, but you're way down the priority list compared to someone else who might be creating 10 times the quantity but 10% the quality, and if an issue arises you būs be made aware of that in no uncertain terms.

        It's a signal/noise thing, and SE is more interested in noise than in signal.

        In your situation it's time to cut and run. There is no satisfactory outcome from this for you. Even if you were reinstated, would you ever feel safe on SE again? Would you always be watching your back? Would you always have the nagging worry that a CoC would be weaponized against you in an attempt to justify what was done here?

        Cut your losses. Get out.

        But take consolation from this. Although damage was done to you, it doesn't take a huge amount of scratching beyond the surface to uncover the whole shitstorm, and you're the one who comes out of it looking like an idiot.

        It makes me really sad to see how you are treated. And it doesn't help to realize that "fixing the Monica situation" is of such low (zero?!) priority to Stack Exchange Inc.!

        Maybe the point now is really to update profiles: so that every new user who comes in gets a chance to see something will turn him/her/* curious.

        People were able to cover "large parts" of facebook with French colors for example, some time back.

        Seriously: we can talk here on MSE and MSO and Mvienalga all day long. The majority of the users . aren't here.

        So let's get the message ārā to them. Esi radošs!

        Not only have they treated you horribly, they responded by repeatedly gaslighting both you and the community as a whole.

        Personally, I will not consider this situation resolved until SE takes concrete steps to make amends to you, regardless of how much they try to gaslight me into thinking otherwise.

        Monica, I would have written this in a comment to your question if I had the rep, but I just joined this community so that I could express my deepest regret, sorrow and condolences for what is happening to you.

        I don't know you, nor have I ever come across any SE material that you are/were directly or indirectly involved with before 30 minutes ago. Yet reading about your story has literally brought tears to my eyes :'(

        It makes me seriously reconsider being a part of the SE community, and that is a crying shame. And all over some stupid PC bull that is being taken far too seriously IMHO.

        Political correctness in general has become an absolute minefield these days. You can't say or even domā anything freely anymore, for fear that someone will take it too seriously.

        I am not by any means a bigot I totally agree with the core of the CoC issue at play here (people being identified in the way/s that they want to be), but for you to be treated in this way is far worse than any comments that you have allegedly made (especially since you didn't actually make them!).

        Anyway, I wish you the best of luck with your endeavours. If I had the money I would donate to your GoFundMe page, but I am also curious why a no-win-no-fee lawyer is unable to help you, as others have suggested. In Australia at least, you can take matters like this to court without paying a cent (or a penny in your case :P) until you lose. And I don't think that you would.

        Some users have created community ads that link directly to Monica's fundraiser. As described here, SE's strategy has moved from waiting us out to actively suppressing financial support. To counter that strategy, I would suggest changing your community ads so that they do not directly link to the fundraiser. Some options:

        Other options may also be effective. The benefit of using the Twitter link is that it is outside the control of SE staff. The benefit of using Isaac's answer here on metaSE is that it is harder to argue that the community ad isn't explicitly about this community.

        Note: at this point, links like this: Monica's fundraiser are not being removed, as they do not directly link to the fundraiser page.

        I honestly cannot believe that SE still hasn't attempted to resolve this situation. You would think that with this amount of public outrage, somebody would do something about it. Even if the company didn't care that it hurt its users (and it did), the situation must have a negative impact on their business, considering all the resignations and strikes and whatnot.

        • Admit their mistake, clear Monica's name and reinstate her as a mod.
        • Present their proof, let Monica appeal the charges and win, then clear her name and reinstate her as a mod.
        • Do nothing hide from Meta and ignore all the wreckage, pretend like nothing's wrong, lose even more moderators, and let all Stack Exchange networks collapse into chaos.

        I don't understand why SE is choosing option 3 right now.

        Monica, I can't imagine what you're going through right now, and I feel so sorry for you.

        Now that it’s no longer essential to look good for a potential buyer, and none of the employees publicly involved in it are working at the company any more, maybe it is time to resolve this disgraceful saga?

        I mean, tiešām resolve it. Because so far I haven’t seen anything to refute this theory:

        Monica isn’t talking about this, presumably because she can’t, and I'm not expecting her to say anything now. But I’ve spoken to a couple of legally knowledgeable acquaintances in the States and the most likely way this went down is like @LindaJeanne speculates in the comment above:

        Stack Overflow sent in a lawyer to react to Monica’s defamation suit and threatened to counter-sue, which would have destroyed her financially far beyond what a Gofundme could raise

        The only choice she would have been given to prevent this countersuit would probably have been to sign a non-disclosure agreement, forcing her to shut up about the entire issue forever under threat of total ruin

        She was probably , different from popular imagination, paid any money for the damage caused her by Stack Overflow's actions.

        If this is how it happened, it remains a huge disgrace to this day, a dark stain on the company’s reputation that continues to alienate a part of the community.

        This would probably be very easy to fix:

        Work out a new agreement with Monica that includes a public apology announcement from Stack Overflow that tiešām clears her name, while protecting the company from further legal action

        Pay a reasonable amount of money as restitution.

        Come on, people in charge. You all say you are big believers in justice and kindness and all that - put your money where your mouths are. It's really about time.

        I feel for you and what you are going through. It must be terrible after years of pouring your heart and time into many SE sites.

        Looking at the situation from the SE angle, I would imagine that, by now, they realize they have made a terrible mistake, that the ongoing noise is not doing them good (it is only a matter of time until more articles and case studies appear on the crisis) and must be looking at ways to resolve this. At the same time, I would imagine they are worried of future litigation and that their Legal counsel is controlling much of their actions.

        As such, I believe you should be more explicit about your legal conditions for a return to normal. Piemēram, would you be willing to sign an agreement committing you to no future litigation if they accepted your two requests? If yes, I think saying so might make it easier for SE to come to an agreement with you. (It would also make their non-action even more unreasonable and constitute an even stronger basis for you in the future).

        I am not suggesting that you accept less than you feel due to you - but rather that you clarify your position from a legal standpoint. The idea is to provide as easy a path to normalization as possible, as far as you would accept. Agreeing to some clear language retracting their statements without further details should be easy if they are not worried it will lead to further litigation. Reinstating a moderator that was highly recognized and appreciated - and that SE itself called to moderate meta - should be even easier in these conditions.

        As other answers already stated, SE are not giving any sign of goodwill towards the community in order to resolve this issue, and it is past time for us to do something about it.

        The thing is. We, the community, have visas the power here. SE was built upon questions and answers that we have been providing for free.

        This was (and can continue being) the best Q&A site available on the Internet, but if SE doesn’t appreciate and respect the community that made it great, I say we give away our time to them no more.

        Since this whole thing started, and moderators started resigning I don't ask any questions and don't give any answers on non-meta sites.

        I'm just a drop in the ocean. I barely know how to speak English properly and just started answering some questions on Stack Overflow in gratitude for the many useful answers I found there since I was in college. But if all of us who care about whats happening, stop providing the answers that keep the site alive, SE will be forced to do something, or go bankrupt while Stack Overflow fades away.

        A number of people have advised Monica to get legal counsel I concur. Note that this does not necessarily mean sue, it just means get advice, and with that advice plan a way forward. A number of people have also mentioned crowd-funding and said they would contribute. Monica posted a comment above about funding, which I repeat in toto here:

        Thanks @TheAnathema. On crowdfunding, I'd like to see this happen with somebody other than me running it, for clear transparency and also because I'm kind of bad at that sort of administration. I'd also like there to be a charity fallback: any funds not needed for legal stuff (e.g. because SE decided to actually work with me) go to a charity TBD that works on behalf of the Lavender community -- I'm thinking education, support services, and the like rather than legislative advocacy so it has worldwide benefit. If anyone wants to drive that or nominate charities, please get in touch. -

        I'm not the person to organize crowdfunding, although I will certainly contribute. But I hope that someone with the expertise to do so, does, provided that Monica wants it at this time.

        Monica: do you want this kind of help now -- or later, and if later, when do you think you would be ready?

        And if the answer from Monica is iet, how would this be organized and publicized, because SE is very unlikely to allow it to be organized and publicized here more than 5 minutes after the first post about it.

        It's bad enough when a company abuses information it should have kept private it's truly appalling from one that actively encourages (or at least did in the past) its users to use their real names.

        It seems very likely that their statements to the Register were a violation of privacy that even one of their own employees that was fired with cause wouldn't suffer, never mind a volunteer under much foggier circumstances. There is no excuse for SE refusing to engage in honest, open dialogue with Monica to resolve the issue they have written statements that they can avoid legal action (something that should have been obvious from the start given who they're dealing with), and let's be honest. at this point, there's no possible way it could do anything to make them look sliktāk.

        For the rest of us, aside from offering our support, I think spreading the news around the large portions of the network that never so much as peek at Meta (the avatar and username changes are great ideas) is probably the most we can do. It's pretty likely that SE just wants the problem to go away a steady trickle of new users stumbling upon the scandal and coming here to read up on it and offer their opinions is a step toward keeping it alive.

        A couple of things have prompted me write this post:

        Both were reactions to the news that Stack Overflow has found a willing buyer. 2 Those of us who spend a lot of time thinking about Stack Overflow might be interested in how two programmers, who occasionally find answers on the site, think about it. My summary of the podcast conversation:

        1. Stack Overflow users have the reputation of calling questions stupid and marking them as duplicates. This is understandable ("it's basically just a big forum"), but frustrating when the questions are only superficially the same.
        2. The site is a "huge repository of gathered wisdom" about all sorts of things. 3
        3. Stack Overflow sold for roughly the same amount as Minecraft, but the hosts of the podcast don't actually know how it makes money. (They make pretty good guesses, however.)

        What random visitors nav thinking about is how the company harmed members of the Stack Exchange community. This isn't surprising. I'm a very occasional Reddit user and this list of Reddit controversies was mostly unknown to me. It takes a lot of notoriety for events like this to surface for people who aren't actively part of the community.

        Have you heard of the Ship of Theseus thought experiment? Well communities constantly experience a related paradox. People come and go, but the community remains. I've joined and left Stack Overflow at least twice. The subject of this question precipitated the largest turnover the network has seen. Many of the people who were harmed have left the community. They have been replaced by people who, like the podcast hosts, are only vaguely aware of the community's shared history with the company.

        Meanwhile, almost all of the principle actors in the drama of 2019 have left the company. 4 That includes me, of course, but also people responsible for the decision to remove Monica from her moderator positions. Of the people who remain, most were as blindsided as the community was by the actions the company took. I know because I've had conversations with other people who were at the company in the fall of 2019. And obviously people who joined in the last year or so have no more idea what happened than the podcast hosts.

        I was recently on a call with some former Stack Overflow employees. 5 Someone pointed out they worked for two different companies while at Stack Overflow. Someone else wondered how many Stack Overflows they worked at. Every configuration is as much a different organization as it is the same. The company name is a bit like a label that always points to the most recent iteration. With the move to a new owner (and the likely exodus of longtime employees) we're going to see yet another Stack Overflow soon.

        As time goes on, the people who made the decisions and played a role in this incident have fewer reasons to stick their necks out. Indeed the message we heard when a settlement was reached was that we could finally move on as a community team. As much as I wish some people would take responsibility, that just doesn't seem realistic these days.

        Two moments stand out to me. One was about a week before this happened. I was on the phone with Monica pacing back and forth in front of the pool at the condo where I lived at the time. It was a typical southern California day (just about perfect) and I'd been optimistic we could come to a compromise. As we talked, it dawned on me that there could be no compromise between her position and what was increasingly becoming clear would be the company position.

        My 5 th grade teacher used to say:

        I'm principled.
        You're stubborn.
        He's a pig-headed fool. 6

        It just sorta naturally came to mind as I talked with Monica. It seems to me there was an opportunity to deescalate around that time, but that opportunity was missed. Metaphorical clouds hung over me the rest of that day.

        The Friday before Rosh Hashanah 2019, I sat in a camp chair reading a book and watching my son's soccer practice. Yet another wonderful day. I knew there was trouble brewing, but I figured it would wait until Monday since there were so many outstanding questions about how to communicate the decision to remove the moderator status of a well-regarded member of the community. Plus the day was ending on the east coast. It's not a good idea to take drastic action just before everyone disappears on the weekend.

        And then I got a notification on my phone. Once again my day darkened. Nothing would be the same at Stack Overflow (the company) or Stack Exchange (the network of communities) from that day on. That night I wrote a few emails, including one to my church's prayer chain, and started thinking about what had gone wrong. What I didn't know until later was that this was the beginning of my grieving processes.

        One of the biggest drawbacks of confidential settlement agreements is that it can put the public at risk. When the bad actions of the defendant are kept confidential, it can allow their wrongful actions to continue, removing the public's ability to protect themselves from bad actors.

        Probably impossible to prove, but I don't think confidentiality agreements are ever labi for a community. I believe the company hoped the settlement would mean the public would move on. Not only has that not happened, but the agreement prevents employees from telling their stories. As a result, the public gets Monica's side of the story and the company's inept response to it. But the truth is not so binary.

        I'm resisting the temptation to say the community should move on. For one thing, I find myself drifting away from Stack Exchange as time goes on. It's not mans community nearly as much today as it was a year and a half ago. In addition, there is no timetable for grief, pain and disappointment. The company's manifold failures harmed many people and the settlement deprived us of one path toward restoration. I don't know that there are easier roads than to continue attempting to hold the company accountable.

        And yet, the core of the Stack Exchange community is building a library of high-quality, practical and accessible answers to questions (both common and long-tail). If the company supports that mission (or at least isn't actively sabotaging it), it's in the community's best interest to rebuild the partnership. So we can't forget the harm done, but we can (in theory) collectively learn from the past.

        The segment is answering listener mail. I didn't submit the question, in case you were wondering.

        Full disclosure: I have some vested options from my time as an employee. I haven't yet heard how the transaction will be settled, but the rumors I've gathered from back channels suggest a significant windfall. Not FYIFV money but enough that you should suspect it biases my opinion. A lot of people who left before I did let their options expire, but I was lucky enough to leave after an important policy change. It's impossible that I won't allow that good fortune to make me more favorable toward the company than if I weren't benefiting financially.

        This is specifically a reference to Stack Exchange.

        Exactly how the decision came about is still unclear to me.

        Whatever I think of the uzņēmums, I'm always happy to reconnect with the people who have worked there.


        Skatīties video: Creative Coding with Python by Ivana Vezjak