schengen – What’s the process of transit these days in countries with a covid ban?

I am a Canadian-Hungarian dual citizen, residing in Canada. As such, I can enter Hungary at worst I will need to quarantine. The question is, should the need arise, how would travel happen? I mean, there are a few flights but there never was anything direct and given the state of affairs I would count myself lucky if I could get there in two transfers (I am aware of the YVR-AMS-BUD option but I don’t count on it). Now, how does that work? I guess if you never leave airside then there’s no problem but what if you want to sleep en route? To be more specific, let’s limit the question to Amsterdam and Frankfurt as those are the most likely. Can you enter as a citizen of an EU/Schengen country? If you enter do you quarantine — which would obviously make the stop not practical.

If it matters: the only possible reason I would risk such a trip would be if one of my parents were on their deathbed or passed. Not sure whether this creates a special case.

How to check if there exists a process with a given pid in Dart?

Thanks for contributing an answer to Stack Overflow!

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

certificates – How does the digital signature verification process work?

OK, the answer so far are fundamentally on track, but I’m going to try to take your questions as they came in:

* where did this public key come from?

A public key is part of a key pair used in asymmetric cryptography. There are many encryption algorithms out there, but boils down to a public key and a private key which are mathematically linked. They can be used this way:

Encrypt(public key, original data) -> encrypted data

Decrypt(private key, encrypted data) -> original data

The nature of the mathematical relationship between private and public key are related to the cryptographic algorithm and quickly become a good topic for Math Overflow. 🙂

The pivotal part is that their is a pair of keys that were generated together.

Next, to deal with a digital signature, the sender sends:

  • the original data, the encrypted data, the public key, and information about how to verify the signature (for example, what algorithm is being used)

The verifier performs the Decrypt operation above and compares his output with the original data. If the two are the same, he knows that the message was not tampered with, because only the sender has the private key, and there is no reasonable way to determine the private key from the public key.

taking this a little bit out of order…

* and what is the role of the certification authority in this process?

Anyone can make a private/public key pair. It’s a pretty easy task, given today’s toolkits. So giving you my public key, along with the encrypted data and signature as described is just about as trustworthy as giving you a business card that I had printed at Staples for $50. To really trust that I am who I say I am, and am therefore trust worthy, you need someone to sign off on my identity (like checking a driver’s license).

That’s the Certificate Authority’s job (CA for short). The CA has it’s own key pair – and it uses it’s private key to sign a digital certificate for the key holder. The certificate includes the public key, as well as a bunch of information about the person or thing holding this private key. This is like my government making me a nice looking id with a picture that can’t be easily faked without special equipment – you can believe my information because you trust the government… no because you trust me.

Usually when a system verifies a signature, it not only checks that the encrypted data matches the original data, but also that a certificate that vouches for the identity of the public key holder is also properly signed by a trusted source. Usually CA systems are organized in chains of CAs that originate from a Root. A collection of the more prominent root CAs (which are self-signed, ie, signed by their own private keys), can be found in your browser.

For highly secure systems, additional checks of up to the minute status information can be performed. It all depends on how important it is to be absolutely sure of the sender’s status.

* and how is it (the public key) distributed to the receiver?

Double checking here – do you mean the receiver of the certificate or the holder of the key?

The sender (key holder) can get a key pair and a certificate in a variety of ways. The simplest way is to make them locally, and then apply to the CA for a certificate, submitting the public key data. In other cases, keys may be made centrally and distributed by secure channels to the key holders.

In most signature cases, the key pair are made by the key holder, because it limits the potential that the private key is exposed.

When a signature is created and sent to a recipient, it is typical for the public key to also be attached to the message (for example, a standard for this is XMLDSIG where one optional field in the element is a digital certificate, which includes the public key).

In cases where bandwidth is an issue, the public keys may be held in a central repository – like an employee database, or often an Active Directory or other LDAP server. Then the signature can reference the sender’s identity and the verification process can include a request to the repository to retrieve the public key.

* how the public key is identified for the specific digital signature?

Usually through a digital certificate.

When the sender goes to create a digital signature, he typically has rules associated with what key pairs he can use for what purposes. In the X509 certificate standard, certificates identify a Key Usage field that spells out specific purposes for the key pair described by the certificate. One of those uses happens to be Digital Signature, and many software systems won’t let you create a signature without that setting in the certificate.

The CA actually determines these settings before it signs the certificate. In many security policies, certain key usage settings cannot be granted without specific authentication processes, so the responsibility for figuring this out rests on the CA and the people in charge of it (typically RAs, Registration Authorities).

If, for some reason, you have a system that does not use digital certificates, there may be other ways to determine what key pair. In the end it comes down to the security policies in place and what is deemed appropriate for the given activity that required the signature.

c – How to execute as much as possible from a block before the process is terminated?

So consider I have 2 functions in a multi-threaded application – each of them can be running concurrently. The first one is doing some important task while the second one is signaling for low memory condition (and so terminating the process).

I want to create something like a mutex where each time there are threads waiting and one of them is doing so at function 1 (doing important work) – to choice this one to acquire the mutex (instead of function 2 which is terminating the process).

The pseudo-code will look something like this:

special_mutex mutex;

function1() { //can be more than one thread at this point
    FirstPriorityAcquire(mutex);
    //do some important work
    ReleaseMutex(mutex);
}

function2() { //can be more than one thread at this point
    SecondPriorityAcquire(mutex);
    //terminate process
    ReleaseMutex(mutex);
}

So as long as there is a mutex waiting at function1, function2 mutex won’t be acquired.

What primitives or pseudo-code using them could help me here?

I’m primarily interested in Win32 API implementation but will be happy for any other ones (since they could give me an idea of how to do it there anyway).

Help for analysis bifurcation process

How I can obtain system (21) in the following pdf file?

https://drive.google.com/file/d/10NofU9AzejTEdLr7094rtyzuSoxB7lVn/view?usp=sharing

In the first step, several changes of variables are done to obtain the system (20),
then changes the variables again repeated in the neighborhood (w1 *, w2 *) to gain Eq 21.
I have 3 questions:
1-The change of variables performed in the neighborhood (w1 *, w2 *)
for the system (20) or for the system (7) ???
2-What does it mean in the neighborhood (w1 *, w2 *)?
3- How did obtain Eq (21)?
Thanks

How memory limit for backup process is calculated?

How "memory limit" for backup process is actually calculated?

enter image description here

c – Basic process management in Windows kernel

I’m in the process of learning Windows kernel programming and I’m focusing on writting clean C code that handles and propagates errors correctly. The following piece of code is quite simple, but I’d like to have feedbacks on it before I apply this interface and coding style to the rest of the code.

The code bellow is responsible for initializing process objects, reading and writting in their memory, and cleaning them up.

process.h:

#pragma once

#include <ntdef.h>
#include <ntifs.h>

typedef enum  {
    EProcessSuccess,
    EProcessInvalid, 
    EProcessInvalidArgs,
    EProcessAccessDenied
} EProcessStatus;

#define PROCESS_STATUS_SUCCESS(EValue) (EValue == EProcessSuccess)

typedef struct _Process {
    HANDLE id;
    PEPROCESS process;
    BOOLEAN initialized;
} Process;

EProcessStatus processInit(HANDLE processId, Process* process);
EProcessStatus processDestroy(Process* process);
EProcessStatus processReadMemory(Process* process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size);
EProcessStatus processWriteMemory(Process* process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size);
EProcessStatus processGetId(Process* process, HANDLE* id);

process.c

#include "process.h"

#include "log.h"

NTSTATUS NTAPI MmCopyVirtualMemory(
    PEPROCESS SourceProcess,
    PVOID SourceAddress,
    PEPROCESS TargetProcess,
    PVOID TargetAddress,
    SIZE_T BufferSize,
    KPROCESSOR_MODE PreviousMode,
    PSIZE_T ReturnSize
);

void printErrorRW(char* msg, HANDLE id, NTSTATUS status, PVOID address, SIZE_T size) {
    DEBUG_LOG("(ERROR) %s - %x n", msg, status);
    DEBUG_LOG("ttProcess: %pn", id);
    DEBUG_LOG("ttSourceAddress: %pn", address);
    DEBUG_LOG("ttBytes: %pn", size);
}

BOOLEAN processIsValid(Process* process) {
    return process && process->initialized;
}

EProcessStatus processInit(HANDLE processId, Process* process) {
    DEBUG_VERBOSE("Create process with PID %dn", processId);

    if (process == NULL) {
        DEBUG_LOG("(ERROR) Can't initialize NULL Process.n");
        return EProcessInvalid;
    }

    process->id = processId;
    process->initialized = NT_SUCCESS(PsLookupProcessByProcessId(processId, &process->process));

    if (!process->initialized) {
        DEBUG_LOG("(ERROR) Unable to initialize process with PID %dn", processId);
        return EProcessInvalid;
    }
    return EProcessSuccess;
}

EProcessStatus processDestroy(Process* process) {
    if (processIsValid(process)) {
        ObDereferenceObject(process->process);
    }
    
    return EProcessSuccess;
}

EProcessStatus processReadMemory(Process* process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) {

    if (!processIsValid(process)) {
        DEBUG_LOG("(ERROR) Can't read memory from invalid processn");
        return EProcessInvalid;
    }

    DEBUG_VERBOSE("Read memory from process %d at address %pn", process->id, SourceAddress);

    SIZE_T Bytes = 0;
    NTSTATUS Status = STATUS_SUCCESS;

    __try
    {
        Status = MmCopyVirtualMemory(process->process, SourceAddress, PsGetCurrentProcess(), TargetAddress, Size, KernelMode, &Bytes);

        if (!NT_SUCCESS(Status))
        {
            printErrorRW("readMemory", process->id, Status, SourceAddress, Bytes);
            return EProcessFail;
        }
        return EProcessSuccess;
    }
    __except (EXCEPTION_EXECUTE_HANDLER)
    {
        printErrorRW("readMemory exception", process->id, Status, SourceAddress, Bytes);
        return EProcessAccessDenied;
    }
}

EProcessStatus processWriteMemory(Process* process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) {
    if (!processIsValid(process)) {
        DEBUG_LOG("(ERROR) Can't write memory from invalid processn");
        return EProcessInvalid;
    }

    DEBUG_VERBOSE("Write memory from process %d at address %pn", process->id, SourceAddress);

    SIZE_T Bytes = 0;
    NTSTATUS Status = STATUS_SUCCESS;

    __try
    {
        Status = MmCopyVirtualMemory(PsGetCurrentProcess(), SourceAddress, process->process, TargetAddress, Size, KernelMode, &Bytes);

        if (!NT_SUCCESS(Status))
        {
            printErrorRW("writeMemory", process->id, Status, SourceAddress, Bytes);
            return EProcessFail;
        }
        return EProcessSuccess;
    }
    __except (EXCEPTION_EXECUTE_HANDLER)
    {
        printErrorRW("writeMemory exception", process->id, Status, SourceAddress, Bytes);
        return EProcessAccessDenied;
    }
}

EProcessStatus processGetId(Process* process, HANDLE* id) {
    if (process == NULL) {
        DEBUG_LOG("(ERROR) Can't get PID of invalid processn");
        return EProcessInvalid;
    }
    if (id == NULL) {
        DEBUG_LOG("(ERROR) processGetId - NULL id pointern");
        return EProcessInvalidArgs;
    }
    *id = process->id;
    return EProcessSuccess;
}

Thank you for your time.

macos – How to automount volumes earlier in the boot process?

I have a set of programs that run from directories directly off the root path (/) instead of the usual /Applications. They have worked fine in every version of macOS including Catalina and now Big Sur. Unfortunately, starting with Catalina, the OS does not allow you to create directories off the root anymore.

To get around this, I created a /etc/synthetic.conf file which allows you to define empty directories at the root that can be used as mountpoints. I put each program its own APFS volume and use fstab to automount them at boot time. It works perfectly — sort of.

The problem is that every time I reboot my Mac, some system preferences are lost (file type/MIME associations, notification center preferences, privacy settings, LaunchPad icons, etc.) and I have to reset them every time. The first time I launch application Foo after a reboot for example, it asks me if I want to allow notifications. One application I use starts a VM at boot time, before a user has logged into the machine. I have to place that VM in my ‘/User/’ directory in order for it to work. None of this is a huge deal, but it’s very annoying.

From what I understand, macOS runs some launch daemons during the boot process looking for app bundles and populates various databases used by these features use to determine what apps are actually installed on the system. My guess is that the fstab file doesn’t get processed until later in the boot process, so the APFS mounts not available when those launch daemons run.

Generally speaking, how does macOS control the order of launch daemons? And specifically, how can I get fstab to process earlier on?

Is the boarding process/time the same for any train in China, or does the bullet train have its special boarding process?

As far as steps 5, 6, 7 are described in the graphic, yes, it is the same for all trains.

Identity Check

Since 2012, all passenger trains in China have adopted the “real-name system” where all tickets must be purchased with an associated name (and ID number) and can only be used for the named passenger.

Initially this is was only checked at boarding but to reduce heavy traffic inside the train station, as well as for security measures, nowadays most stations can only be accessed with a ticket and the ID associated to it.

This is strictly enforced almost everywhere (as it also involves the commercial interests of the railway company).

What may be different for HSR (and certain other routes): Many larger stations for more popular routes allow the use of Chinese machine-readable IDs without physical ticket (much like e-Ticket for flights); automated screening (via facial recognition) may be available. But this is not universal for all HSRs at the moment.

There are also stations with dedicated area for HSRs with dedicated lanes that allow faster boarding, which can also be a pain if you are unfamiliar and you may need to exit and enter through another side of the building to transfer trains for example.

Luggage Check & Security Check

This is standard as part of entry process to the station building. I couldn’t remember when it started, but it was a thing since 2008 at latest.

After the terrorist attacks at Kunming and Ürümqi train stations in 2014, the security at stations becomes remarkably stricter and many stations underwent renovations to seal off the station building as a “sterile” area. Additionally, the pat-down/metal detector checks are introduced generally. This is also when much more oppressive policies were introduced in Xinjiang.

But this check can still be quite lax at many stations, as long as you don’t have obviously banned items (e.g. knives). But it does increase the wait queue at peak times, during which many people are just waved through at some stations.

During sensitive periods (e.g. Congress/CPPCC sessions, Olympics), certain trains, HSR or otherwise, will also be subject depending on the destination (e.g. Beijing, Xinjiang).

What may be different for HSR (and certain other routes): Train stations serving HSRs may have more stringent security practices, even though the safety rules are technically the same. But HSR-serving stations are usually large and considered an important location, and sometimes are inspected by higher up officials, so there is a greater desire to at least appear more secure.

database design – Transaction was deadlocked on lock resources with another process and was chosen as the

I have table in SQL Server 2014. Please find the structure below:

CREATE TABLE (dbo).(ProductIMEISerialNoes)(
(ID) (int) IDENTITY(1,1) NOT NULL,
(IMEI1) nvarchar NULL,
(IMEI2) nvarchar NULL,
(SerialNo) nvarchar NULL,
(ProductModel_ProductID) (int) NULL,
(ProcessDate) (datetime) NOT NULL DEFAULT (‘1900-01-01T00:00:00.000’),
(BoxName) nvarchar NULL,
(BoxNo) nvarchar NULL DEFAULT (‘0’),
(Order_OrderID) (int) NULL,
(Color) nvarchar NULL,
(BoxSize) (int) NULL DEFAULT ((0)),
(IMEI3) nvarchar NULL,
(IMEI4) nvarchar NULL,
(Version) (int) NULL,
(CurrentStatus) nvarchar NULL,
(BoxStatus) (int) NULL,
(BoxId) (int) NULL,
(PrintStatus) (int) NULL,
(BoxWeight) (decimal)(7, 3) NOT NULL DEFAULT ((0.0)),
(TempBoxNo) nvarchar NOT NULL CONSTRAINT (DF_ProductIMEISerialNoes_TempBoxNo) DEFAULT (‘0’)
) ON (PRIMARY) TEXTIMAGE_ON (PRIMARY)

GO

We currently have around 8 systems that are running dotnet mvc applications that concurrently access the same database/same table for read/write. The issue is that, we very frequently get the above exception — “Transaction was deadlocked on lock resources with another process and was chosen as the…”. Could you please suggest what can be done to solve this issue or work around this issue? Maybe table restructuring, something at the sql server level? Any help will be greatly appreciated.