9.2 C
New York
Wednesday, March 19, 2025
Home Blog Page 18

Shade filter doesn’t work in flutter internet iOS – Safari

codesanitize
-
0
Shade filter doesn’t work in flutter internet iOS – Safari


CanvasKit

use CanvasKit for rendering internet: flutter construct internet --web-renderer canvaskit

SvgPicture.string()

as a substitute of utilizing SvgPicture.asset(), load the svg as textual content, change the colour, use SvgPicture.string(). however I counsel doing it solely on Iphone – Safari. right here is how:

import 'package deal:flutter/basis.dart';
import 'dart:html' as html;

bool get isIosSafari  ua.accommodates('ipad') 

static Widget icon({double? width, double? top, Shade? shade}) {
  if (isIosSafari && shade != null) {
    return FutureBuilder(
      future: rootBundle.loadString('belongings/icon.svg'),
      builder: (context, snapshot) {
        if (snapshot.connectionState == ConnectionState.executed && snapshot.hasData) {
          String svgStr = snapshot.knowledge!;
          remaining hexColor="#${shade.worth.toRadixString(16).padLeft(8, "0').substring(2)}';
          svgStr = svgStr.replaceAll(RegExp(r'fill="[^"]*"'), 'fill="$hexColor"');
          return SvgPicture.string(svgStr, width: width, top: top);
        }
        // return empty field till prepared
        return SizedBox(width: width, top: top);
      },
    );
  } else {
    return SvgPicture.asset(
      'belongings/icon.svg',
      width: width,
      top: top,
      colorFilter: shade != null ? ColorFilter.mode(shade, BlendMode.srcIn) : null,
    );
  }
}

answer for Android – Firefox is identical (however clearly the isIosSafari half goes to alter).

The carbon tax is lifeless. No matter comes subsequent ought to save Canadians cash of their houses

codesanitize
-
0
The carbon tax is lifeless. No matter comes subsequent ought to save Canadians cash of their houses


Picture by: Noya Fields (CC BY-SA 2.0) by way of Flickr

The buyer carbon worth has formally moved to palliative care, as new Prime Minister Mark Carney says the coverage is just too politically divisive.

This raises an necessary query: what fills the hole it leaves behind?

There are two methods of excited about this hole. One is only about near-term emissions: the Canadian Local weather Institute estimates the buyer carbon worth would have decreased them by about 8 to 14 per cent by 2030. Economist Mark Jaccard was fast to level out that quite a few versatile laws additionally applied by this federal authorities — together with the industrial carbon worth, an EV availability commonplace, and laws associated to wash electrical energy, cleaner fuels and methane — have helped Canada scale back its emissions and are equally economically environment friendly.

However there may be one other hole value unpacking, and doing so requires a unique mind-set. The buyer carbon worth was basically a thumb on the size, rising the value of fossil fuels. However that’s not the one option to incentivize households to make cleaner decisions. Coverage doesn’t exist in a petri dish. We’d like measures and messages that don’t simply deal with near-term emission reductions, however that really attain Canadians the place they’re: their houses.

Canadians should be prepared members within the vitality transition, which suggests they have to really feel its advantages firsthand, particularly within the type of decrease vitality payments. Not like measures that largely function within the background, issues like shopping for an EV or a warmth pump are private. Your neighbour isn’t asking you about Canada’s methane laws, however they’ll decide your mind about your new electrical Hyundai.

In a survey of the Toronto and Vancouver areas Clear Power Canada will publish later this spring, 59 per cent of respondents say they’re inclined to purchase an EV as their subsequent car. However amongst those that “know somebody who has an EV,” this jumps to 73 per cent. Different research have proven an identical community impact. EVs, warmth pumps, sensible thermostats, photo voltaic panels: that is the vitality transition that folks see, share, and because of this, finally purchase into.

Households account for 17 per cent of Canada’s emissions, because of the automobiles we drive and residential heating. However in additional methods than one, households are having a fair larger impression. In superior economies, households have accounted for almost 60 per cent of fresh vitality funding development since 2016, pushed by EV purchases, vitality effectivity, and rooftop photo voltaic. Already, Chinese language EV adoption is placing downward stress on international oil costs.

For Canada to appreciate its potential, the subsequent prime minister should resurrect the inducement packages for EVs, warmth pumps and different effectivity upgrades with a watch to cautious design and cost-efficiency. Via constructing and electrical codes, the feds must also require EV readiness in new houses, lowering the necessity for costlier retrofits later, whereas persevering with to construct out Canada’s public charging community.

These supportive insurance policies are vital for the success of Canada’s EV availability commonplace, which units targets for the share of an auto producers’ choices that should be zero emission. It’s one other key coverage that can drive down the price of going electrical by rising EV availability and competitors — whereas additionally aligning us with Europe, the U.Ok., China, and 17 states representing 40 per cent of the U.S. automobile market the place comparable insurance policies exist.

All of those measures will assist jobs and funding in a contemporary auto trade.

Because the Worldwide Power Company made clear in a current evaluation, “pathways for constructing a extra aggressive battery trade … begin with guaranteeing robust home demand.” Related analysis from Princeton College discovered that Trump’s weakening of U.S. EV insurance policies might put 100% of deliberate building and growth of home EV meeting and half of present meeting capability susceptible to cancellation or closure.

The financial alternatives of fresh vitality are certainly monumental and characterize a pivotal second, particularly as we bolster relationships with our clean-energy-focused commerce companions in Europe and Asia.

It’s typically mentioned that halting local weather change shouldn’t be a lot a technical or financial problem as it’s a political one. Properly, politics is what hits house for individuals.

This submit was co-authored by Trevor Melanson and first appeared within the Toronto Star.



Cybercriminals Exploit CSS to Evade Spam Filters and Observe E-mail Customers’ Actions

codesanitize
-
0
Cybercriminals Exploit CSS to Evade Spam Filters and Observe E-mail Customers’ Actions


Mar 17, 2025Ravie LakshmananInternet Safety / Cyber Risk

Cybercriminals Exploit CSS to Evade Spam Filters and Observe E-mail Customers’ Actions

Malicious actors are exploiting Cascading Type Sheets (CSS), that are used to type and format the format of net pages, to bypass spam filters and monitor customers’ actions.

That is in line with new findings from Cisco Talos, which stated such malicious actions can compromise a sufferer’s safety and privateness.

“The options out there in CSS permit attackers and spammers to trace customers’ actions and preferences, though a number of options associated to dynamic content material (e.g., JavaScript) are restricted in e-mail shoppers in comparison with net browsers,” Talos researcher Omid Mirzaei stated in a report printed final week.

The insights construct upon earlier findings from the cybersecurity firm a couple of spike in e-mail threats leveraging hidden textual content salting within the second half of 2024 with an intention to get round e-mail spam filters and safety gateways.

This system notably entails utilizing official options of the Hypertext Markup Language (HTML) and CSS to incorporate feedback and irrelevant content material which might be invisible to the sufferer when rendered in an e-mail shopper however can journey up parsers and detection engines.

Cybersecurity

The newest evaluation from Talos has discovered that menace actors are utilizing CSS properties like text_indent and opacity to hide irrelevant content material from being displayed within the e-mail physique. The tip objective of those campaigns, in some instances, is to redirect the e-mail recipient to a phishing web page.

CSS to Evade Spam Filters

Moreover, it has emerged that CSS presents alternatives for menace actors to observe consumer conduct by way of spam emails by embedding CSS properties such because the @media CSS at-rule, thus opening the door to potential fingerprinting assaults.

“This abuse can vary from figuring out recipients’ font and coloration scheme preferences and shopper language to even monitoring their actions (e.g., viewing or printing emails),” Mirzaei defined.

“CSS supplies a variety of guidelines and properties that may assist spammers and menace actors fingerprint customers, their webmail or e-mail shopper, and their system. For instance, the media at-rule can detect sure attributes of a consumer’s setting, together with display dimension, decision, and coloration depth.”

To mitigate the chance posed by such threats, it is really useful to implement superior filtering mechanisms to detect hidden textual content salting and content material concealment, in addition to use e-mail privateness proxies.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



Why federal efforts to expedite environmental allowing in all probability will not

codesanitize
-
0
Why federal efforts to expedite environmental allowing in all probability will not


In an effort to expedite the federal allowing course of, the White Home Council on Environmental High quality (CEQ) rescinded its energy to implement the Nationwide Environmental Coverage Act (NEPA), possible attaining the alternative outcome and additional slowing an already lengthy allowing assessment. The modifications, introduced through the Interim Closing Rule launched by CEQ, formally relinquished its authority below the guise of effectivity and expediency, instructing particular person federal companies to proceed with present practices and procedures as a substitute. CEQ concluded that “it could lack authority to concern binding guidelines on companies.”

However in keeping with an evaluation of CEQ’s resolution by the legislation agency Allen Matkins, this transfer is more likely to create future chaos and uncertainty.

“With out uniform rules,” acknowledged the agency, “every particular person company may now impose its personal necessities on the NEPA course of, [resulting] in higher challenges coordinating environmental critiques and allowing amongst a number of companies.”

When Trellis reached out to CEQ for remark, a consultant responded, “CEQ will not be relinquishing its position in NEPA implementation; fairly on the contrary — President Trump’s Govt Order, Unleashing American Power, directs CEQ to work with all companies as they revise their NEPA implementing rules.”

This lack of alignment between official guidelines and administration feedback is more likely to contribute to the challenges talked about by Allen Matkins.

How the dismantling impacts NEPA

NEPA ensures that each one giant initiatives searching for federal allowing to interrupt floor put together an environmental affect assertion or environmental evaluation. Together with CEQ’s rules that present construction for NEPA implementation, the Allowing Council, established in 2015, facilitates the coordination of initiatives granted federal permits and topic to NEPA.

Modifications applied by the Trump administration embody:

  • CEQ will now not have authority over company implementation of NEPA.
  • Every company must revise or embody its NEPA implementing process to expedite allowing approvals.
  • Whereas revising, companies should exclude evaluation of environmental justice in NEPA implementation.

CEQ additionally included directions for companies to slender the scope of “cumulative results evaluation,” eradicating a lot of the assessment course of that investigates environmental affect altogether.

How a CEQ-less NEPA impacts clear vitality initiatives

Consultants imagine that the transfer could have a unfavourable affect on what number of clear vitality infrastructure initiatives transfer ahead general, and the way rapidly.

“Hundreds of electrical energy era initiatives are awaiting approval to connect with the grid,” mentioned Sen. Sheldon Whitehouse (D-R.I.) in a current Surroundings and Public Works Committee listening to. “Hundreds of thousands of engineering development and manufacturing jobs stalled partly due to our incapability construct transmission traces. This should change.”

Think about the $1.8 billion Pantheon Photo voltaic Venture, which is at the moment mired in uncertainty. A Nevada photo voltaic plant on public land, the undertaking started making use of for a allow in 2020 and remains to be mid-process. Based on the Allowing Dashboard — the federal web site that catalogs all present and proposed initiatives making use of for federal permits — Pantheon has nonetheless not performed its environmental affect assertion. That course of was supposed to start in February 2025, however it’s truthful to imagine its standing is up within the air.

Pantheon goes by way of the Bureau of Land Administration. However it’s truthful to imagine, given CEQ’s response to Trellis, that the White Home could have a say in its future.

It’s additionally truthful to imagine {that a} vital quantity of litigation will comply with every particular person company’s revised NEPA guidelines of engagement. Firms and stakeholders at the moment within the allowing software course of ought to count on implementation delays and authorized uncertainties for no less than the following yr.

In different phrases, CEQ’s effort to expedite allowing could create an entire new set of roadblocks, defeating the intent of its current actions.

Provide Chain Assault Targets 23,000 GitHub Repositories

codesanitize
-
0
Provide Chain Assault Targets 23,000 GitHub Repositories


A vital safety incident has been uncovered involving the favored GitHub Motion tj-actions/changed-files, which is utilized in over 23,000 repositories.

The assault includes a malicious modification of the Motion’s code, resulting in the publicity of CI/CD secrets and techniques in GitHub Actions construct logs.

This vulnerability was detected by StepSecurity’s Harden-Runner, a software designed to safe CI/CD workflows by monitoring community actions and controlling entry on GitHub-hosted and self-hosted runners.

The compromised Motion executes a malicious Python script that dumps delicate knowledge from the GitHub Actions runner’s reminiscence.

The exploit particularly targets Linux environments, the place it makes an attempt to extract secrets and techniques by studying the reminiscence of the Runner Employee course of.

The malicious code was launched by way of a retroactive replace of a number of model tags, all pointing to the identical malicious commit hash.

This refined assault technique allowed the attackers to compromise most variations of the Motion with out instantly elevating suspicion.

Incident Timeline

The incident started on March 14, 2025, and was rapidly recognized by StepSecurity’s anomaly detection capabilities.

By March 15, GitHub had eliminated the compromised Motion, stopping additional use in workflows.

Nevertheless, the repository was later restored with all variations up to date to exclude the malicious code.

To mitigate the affect, StepSecurity launched a safe drop-in substitute for the compromised Motion, recommending that customers exchange all cases of tj-actions/changed-files with step-security/changed-files.

Response

The assault highlights the dangers related to provide chain vulnerabilities in open-source software program.

Whereas there is no such thing as a proof that leaked secrets and techniques have been exfiltrated to distant networks, public repositories are significantly susceptible as their construct logs are accessible to anybody.

Customers are suggested to assessment latest workflow logs for indicators of leaked secrets and techniques and rotate these secrets and techniques instantly if discovered.

An official CVE (CVE-2025-30066) has been printed to trace this incident, emphasizing the necessity for proactive safety measures in CI/CD pipelines.

Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get stay Entry with ANY.RUN -> Begin Now for Free.

1...171819...3,831Page 18 of 3,831

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved