tamper update

2025-06-19 12:04:08 -04:00 · 2024-04-21 15:43:49 +00:00 · 2024-04-21 15:43:49 +00:00 · 1354ddb396
commit 1354ddb396
parent 5826499548
4 changed files with 60 additions and 719 deletions
--- a/661
+++ b/661
@ -1,661 +0,0 @@
@charset "utf-8"
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 100
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 100
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 100
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 200
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 200
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 200
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 300
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 300
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 300
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 400
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 400
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 400
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 500
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 500
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 500
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 600
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 600
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 600
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 700
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 700
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 700
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 800
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 800
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 800
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 900
  font-display: swap
  src: url(../webfonts/cyrillic-italic.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 900
  font-display: swap
  src: url(..webfonts/latin-ext-italic.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: italic
  font-weight: 900
  font-display: swap
  src: url(../webfonts/latin-italic.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 100
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 100
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 100
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 200
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 200
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 200
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 300
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 300
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 300
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 400
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 400
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 400
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 500
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 500
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 500
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 600
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 600
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 600
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 700
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 700
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 700
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 800
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 800
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 800
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 /* cyrillic */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 900
  font-display: swap
  src: url(../webfonts/cyrillic-normal.woff2) format('woff2')
  unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116
 /* latin-ext */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 900
  font-display: swap
  src: url(../webfonts/latin-ext-normal.woff2) format('woff2')
  unicode-range: U+0100-02AF, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF
 /* latin */
@font-face 
  font-family: 'Jost'
  font-style: normal
  font-weight: 900
  font-display: swap
  src: url(../webfonts/latin-normal.woff2) format('woff2')
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD
 // Update Bulma's global variables
 $family-sans-serif: "Jost", sans-serif
 $footer-padding: 1.0rem 2.5rem
 /* on small resolutions */
@media screen and (max-width:1023px) 
  /* add left and right margins to menu */
  .navbar-brand
    margin-left: 0.5em!important
  .navbar-menu
    margin-right: 0.5em!important
  /* allow menu items to wrap */
  .navbar-menu
    flex-shrink: 1!important
  .navbar-end
    flex-wrap: wrap!important
 html
    scroll-behavior: smooth
 body
    font-family: $family-sans-serif
    display: flex
    flex-direction: column
    min-height: 100vh
 section
    flex: 1
 #dark-mode
    display: none
 .menu
  position: sticky 
  top: 48px
  max-height: calc(100vh - 48px)
  overflow-y: scroll
 div.column.is-2.is-hidden-mobile
  padding-right: 0px !important
 img 
  margin: auto
  display: block
 #image-gay
  width: auto
  height: auto
  max-height:90vh
 ul
  font-size: 18px
  color: #373737 !important
 .toc
  font-size: 15.5px !important
 ol
  font-size: 18px
  color: #373737 !important
 p
  font-size: 18px
  color: #373737 !important
 h1
  text-align: center !important
  font-size: 2.8em !important
  text-decoration: underline #AE3B8B !important
 h2:not(.title)
  font-size: 1.8em !important
  margin-top: 2.5rem !important
  margin-bottom: 2rem !important
 h3
  font-size: 1.4em !important
  font-style: italic !important
 h4
  font-size: 1.1em !important
  text-decoration: underline !important
 a
  color: #AE3B8B
 .menu-list a.is-active
  background-color: #AE3B8B
 code
  color: #AE3B8B
 .icon-text
  font-size: 16px
 body[theme="dark"]
    background-color: black !important
 body[theme="dark"] article.box
    background-color: black !important
    box-shadow: 0 .5em 1em -.125em rgba(245,245,245,.1),0 0 0 1px rgba(245,245,245,.02)
 body[theme="dark"] blockquote 
    background-color: #090809 !important
    border-left: 5px solid #232223
 body[theme="dark"] .navbar 
    background-color: #090809 !important
 body[theme="dark"] .footer
    background-color: #090809 !important
 body[theme="dark"] .navbar-item 
    color: #c9c7c9 !important
 body[theme="dark"] .navbar-item:hover
    color: black !important
 body[theme="dark"] .navbar-item:focus
    color: black !important
 body[theme="dark"] p 
    color: #c9c7c9 !important
 body[theme="dark"] strong 
    color: #c9c7c9 !important
 body[theme="dark"] ol 
    color: #c9c7c9 !important
 body[theme="dark"] ul 
    color: #c9c7c9 !important
 body[theme="dark"] .title
    color: #c9c7c9 !important
 body[theme="dark"] h1
    color: #c9c7c9 !important
 body[theme="dark"] h2
    color: #c9c7c9 !important
 body[theme="dark"] h3
    color: #c9c7c9 !important
 body[theme="dark"] h4
    color: #c9c7c9 !important
 body[theme="dark"] a.toc
    color: #c9c7c9 !important
 body[theme="dark"] a.toc:hover
    color: black !important
 body[theme="dark"] a:not(.toc,.navbar-item)
    color: #fa86d8 !important
 body[theme="dark"] code 
    color: #fa86d8 !important
    background-color: #090809 !important
 body[theme="dark"] a.is-active
    background-color: #fa86d8 !important
    color: black !important
 img[theme=dark]:not(.no-dark)
    filter: invert(1) hue-rotate(180deg)
--- a/content/posts/tamper/index.md
+++ b/content/posts/tamper/index.md
@ -14,10 +14,12 @@ a4="tamper-a4.pdf"
 letter="tamper-letter.pdf"
 +++
-If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make devices tamper-evident. As the No Trace Project [notes](https://notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation is the process of taking precautionary measures to make it possible to detect when something has been physically accessed by an adversary."
+If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make devices tamper-evident. As the Threat Library [notes](https://notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation is the process of taking precautionary measures to make it possible to detect when something has been physically accessed by an adversary."
 <!-- more -->
-['Evil maid' attacks](https://en.wikipedia.org/wiki/Evil_maid_attack) work like this: An attacker gains temporary access to your [encrypted](/glossary/#encryption) laptop or phone. Although they can’t decrypt your data, they can tamper with your laptop for a few minutes and then leave it exactly where they found it. When you return and enter your credentials, you have been hacked. The attacker may have [modified data on your hard drive](https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot), replaced the firmware, or installed a hardware component such as a keylogger.  
+['Evil maid' attacks](https://en.wikipedia.org/wiki/Evil_maid_attack) work like this: an attacker gains temporary access to your [encrypted](/glossary/#encryption) laptop or phone. Although they can’t decrypt your data, they can tamper with your laptop for a few minutes and then leave it exactly where they found it. When you return and enter your credentials, you have been hacked. The attacker may have [modified data on your hard drive](https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot), replaced the firmware, or installed a hardware component such as a keylogger.  
 "Defense in depth" means that there are multiple layers of security that an adversary must bypass in order to succeed. This article will cover tamper-evident laptop screws, storage and firmware, as well as physical intrusion detection. 
 # Tamper-Evident Laptop Screws 
@ -47,29 +49,29 @@ For this reason, it is preferable to apply nail polish directly to the screws ra
 Glitter nail polish was successfully bypassed during a Tamper Evident Challenge in 2018 — the winner [explained](https://hoodiepony.medium.com/bypassing-the-glitter-nail-polish-tamper-evident-seal-25d6973d617d) how they managed to do it. Notably, a brand of nail polish with relatively large pieces of glitter in only two colors was used. It would be difficult to apply this bypass to inset screw holes; if the glitter was applied with a high density of elements, but not too thick, this would also increase the difficulty. Finally, [using an adhesive](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-klebstoff) would also make the bypass less feasible. 
-Verification that the random pattern hasn't changed can be done manually with what astronomers call a "blink comparison". This is used in astronomy to detect small changes in the night sky: you quickly flick between the original photo and the current one, which makes it easier to see any changes. Alternatively, if you have an Android smartphone (either [GrapheneOS](/posts/grapheneos/) or a cheap one for [intrusion detection](/posts/tamper/#physical-intrusion-detection) that has an inferior camera), you can use an app called [Blink Comparison](https://github.com/proninyaroslav/blink-comparison), which makes it less likely to miss something. It can be installed like any other [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software), i.e. not through F-Droid. 
+Verification that the random pattern hasn't changed can be done manually with what astronomers call a "blink comparison". This is used in astronomy to detect small changes in the night sky: you quickly flick between the original photo and the current one, which makes it easier to see any changes. Alternatively, if you have an Android smartphone (either [GrapheneOS](/posts/grapheneos/) or a cheap one for [intrusion detection](/posts/tamper/#physical-intrusion-detection)), you can use an app called [Blink Comparison](https://github.com/proninyaroslav/blink-comparison), which makes it less likely that you will miss something. It can be installed like any other [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software), i.e. not through F-Droid. 
 The Blink Comparison app encrypts its storage to prevent an adversary from easily replacing the photos, and provides a helpful interface for comparing them. The app helps you take the comparison photo from the same angle and distance as the original photo. Blink Comparison then switches between the two images when you touch the screen, making direct comparison much easier than manually comparing two photos. 
-## Getting Started
+## In practice 
-Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it — if you are going to [install HEADS](/posts/tamper/#tamper-evident-software-and-firmware), do that first so the nail polish doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above. 
+Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it — if you are going to [install Heads firmware](/posts/tamper/#tamper-evident-software-and-firmware), do that first so the nail polish doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above. 
 * First, take a photo of the bottom of the computer and use a program like GIMP to number the screws to make it easier to verify. For example, the ThinkPad X230 shown above has 13 screws that need to be numbered so that in the future you know which screw the photo `3.jpg` refers to. 
-* Apply the glitter nail polish directly to each screw, making sure there are enough glitter elements without being too thick. 
+* Apply the glitter nail polish directly to each screw, making sure there are enough glitter elements without it being too thick. 
 * Once it is dry, take good close-up photos of each screw — either with the Blink Comparison app on a smartphone or with a regular camera. It is a good idea to use lighting that is reproducible, so close the blinds on any windows and rely on the indoor lighting and the camera flash. Number the file names of the photos and back them up to a second storage location. 
 If you ever need to remove the nail polish to access the inside of the laptop, you can use a syringe to apply the nail polish remover to avoid applying too much and damaging the internal electronics. 
 # Tamper-Evident Storage 
-Now that you understand the concept, you need a tamper-evident storage solution for all sensitive electronics when you are away from home (laptops, external drives, USBs, phones, external keyboards and mice). Safes are often used to protect valuable items, but they can be bypassed in several ways, and some of these bypasses are difficult to detect (see [below](/posts/tamper/#appendix-cracking-safes)). It is not trivial or inexpensive to make a safe tamper-evident, if it can be done at all. 
+You also need a tamper-evident storage solution for all sensitive electronics when you are away from home (laptops, external drives, USBs, phones, external keyboards and mice) — a laptop can be tampered with in ways that don't require removing the screws. Safes are often used to protect valuable items, but they can be bypassed in many ways, and some of these bypasses are difficult to detect (see [below](/posts/tamper/#appendix-cracking-safes)). It is not trivial or inexpensive to make a safe tamper-evident, if it can be done at all. 
 <p>
 <span class="is-hidden">
-![](/posts/tamper/linsen.jpg) 
+![](/posts/tamper/lentils.jpg) 
 </span>
-<img src="/posts/tamper/linsen.jpg" class="no-dark">
+<img src="/posts/tamper/lentils.jpg" class="no-dark">
 </p>
 A better and cheaper solution is to implement [dys2p's guide](https://dys2p.com/en/2021-12-tamper-evident-protection.html#kurzzeitige-lagerung):
@ -82,72 +84,72 @@ A better and cheaper solution is to implement [dys2p's guide](https://dys2p.com/
 Several colorful mixtures are described: [red lentils & beluga lentils](https://dys2p.com/en/2021-12-tamper-evident-protection.html#rote-linsen-und-belugalinsen), [yellow peas & white beans](https://dys2p.com/en/2021-12-tamper-evident-protection.html#gelbe-erbsen-und-wei%C3%9Fe-bohnen), etc. For a box that is transparent on all sides and fits a laptop, a small fish tank works well. For longer-term storage, [vacuum seals](https://dys2p.com/en/2021-12-tamper-evident-protection.html#laengerfristige-lagerung-oder-versand) can be used. 
-This excerpt assumes that we take the cell phone with us, but [as discussed elsewhere](/posts/nophones/#do-you-really-need-a-phone), this has its own security issues and is not recommended. So the smartphone we use to take a picture of the storage will have to stay in the house outside of the storage. [In the next section](/posts/tamper/#physical-intrusion-detection), we recommend that you get a cheap Android phone that only runs an app called Haven when you are out of the house. This device will stay out of storage anyway, so you can use it to take pictures of the storage. Alternatively, if you don't have a dedicated Haven phone but do have a [GrapheneOS](/posts/grapheneos/) device (or if the Haven phone's camera is too low quality), you can use it to take photos of the storage and then hide it somewhere in your house while you're away. If you don't have a phone, you can use a camera. However, cameras don't have encryption, so it's much easier to modify the photos, and you won't be able to use the Blink Comparison app. 
+This excerpt assumes that we take the cell phone with us, but [as discussed elsewhere](/posts/nophones/#do-you-really-need-a-phone), this has its own security issues and is not recommended. So the smartphone we use to take a picture of the storage will have to stay in the house outside of the storage. [As discussed below](/posts/tamper/#physical-intrusion-detection), we recommend that you get a cheap Android phone that only runs an app called Haven when you are out of the house. This device will stay out of storage anyway, so you can use it to take pictures of the storage. Alternatively, if you don't have a dedicated Haven phone but do have a [GrapheneOS](/posts/grapheneos/) device, you can use it to take photos of the storage and then hide it somewhere in your house while you're away. If you don't have a phone, you can use a camera. However, cameras don't have encryption, so it's much easier for an adversary to modify the photos and you won't be able to use the Blink Comparison app to facilitate the comparison. 
-<details>
+## In practice 
 <summary>
-**If you are using a dedicated Haven phone (preferred)**
+* Once you have placed the bagged electronic devices in the container and covered them with a colorful mixture, take photos using the Blink Comparison app. Optionally, send them to another device of your own (that is currently in storage) via [Molly](/posts/e2ee/#signal) or [SimpleX Chat](/posts/e2ee#simplex-chat). Close Blink Comparison so that the storage is encrypted. 
-
+	* *If you are using a dedicated Haven phone (preferred)*: Set up Haven for physical intrusion detection before leaving, as described below. 
-</summary>
+	* *If you are using a GrapheneOS phone*: Turn off the device and hide it somewhere. If the phone is found and the firmware or software is modified, Auditor will notify you. 
-<br>
+* When you return, use Blink Comparison to verify the mosaic with new photos. 
-
+	* Optionally, if you sent the photos to yourself on Molly/SimpleX Chat, once your devices are out of storage you can verify that they don't differ from the reference photos saved in Blink Comparison. However, the Blink Comparison encryption makes it very unlikely that these reference photos were modified in your absence. 
 * Once you have placed the bagged electronic devices in the container and covered them with a colorful mixture, take photos on this Haven phone using the Blink Comparison app. Send them to yourself via [Molly](/posts/e2ee/#signal) (with the Note to Self feature), or a [Cwtch group](/posts/e2ee/#cwtch). Close Blink Comparison so that the storage is encrypted. 
 * When you return, use Blink Comparison on the Haven phone to verify with new photos.  
 * Extra: once your devices are out of storage, you can verify that the pictures you sent to yourself on Signal/Cwtch don't differ from those on your Haven phone, and also compare the timestamp. Once the verification is complete, you can delete the photos so there is no confusion about which photos to use for future verifications. 
 <br>
 </details>
 <details>
 <summary>
 **If you are using a GrapheneOS phone, but not a dedicated Haven phone**
 </summary>
 <br>
 * Once you have placed the bagged electronic devices in the container and covered them with a colorful mixture, take photos using the Blink Comparison app. Send them to yourself via [Molly](/posts/e2ee/#signal) (with the Note to Self feature), or a [Cwtch group](/posts/e2ee/#cwtch). Turn off the device and hide it somewhere. 
 * When you return, use Blink Comparison to verify with new photos.
 * Extra: once your devices are out of storage, you can verify that the pictures you sent to yourself on Signal/Cwtch don't differ from those on your GrapheneOS phone, and also compare the timestamp. Once the verification is complete, you can delete the photos so there is no confusion about which photos to use for future verifications. If the phone is found and the firmware or software is modified, Auditor will notify you. 
 <br>
 </details>
 # Physical Intrusion Detection 
 "Defense in depth" means that there are multiple layers of security that an adversary must bypass in order to succeed. [Physical intrusion detection](https://notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in place in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it. 
 Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphone’s many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. Unfortunately Haven is currently unmaintained and unreliable on many devices. Until [a good alternative is developed](https://github.com/guardianproject/haven/issues/465), make sure to test the functionality of Haven on your device before relying on it. We don't recommend using home surveillance cameras without privacy features, because then the police can have easy knowledge of your comings and goings without needing to set up their own surveillance cameras. 
 Haven should be used on a dedicated cheap Android device that is otherwise empty — an older [Pixel](https://www.privacyguides.org/android/#google-pixel) is a good choice because it is cheap but has good cameras. Make sure [full disk encryption](/glossary/#full-disk-encryption-fde) is enabled. If you have a smartphone in addition to the dedicated Haven phone, it should be turned off in the tamper-evident storage — if Haven was running on it instead and was discovered by the intruder, they would now have physical access to it while it was turned on. 
 * Place the Haven smartphone in a location that has a line of sight to where an intruder would have to pass, such as a hallway that must be used to move between rooms or to access where the tamper-evident storage is located. It should be plugged in so the battery doesn't die; fairly long microUSB cables are available for this purpose. 
 * Set a countdown to turn Haven on before you leave the house. The Haven app will log everything locally on the Android device. Sending remote notifications is currently [broken](https://github.com/guardianproject/haven/issues/454).
 * Check the Haven log when you get home. 
 # Tamper-Evident Software and Firmware  
-So far, we have only looked at making hardware compromise tamper-evident. It is also possible to make software and firmware tamper-evident. This is required for "defense in depth" — to trust an electronic device, you must trust the hardware, firmware, and software. Software or firmware compromise can occur [remotely](/glossary/#remote-attacks) (over the Internet) as well as with physical access, so it is especially important because the other measures won't detect a remote firmware compromise. Tamper-evident software and firmware are compatible with our [recommendations](/recommendations): Qubes OS or Tails on laptops, or GrapheneOS on a smartphone. 
+So far, we have only looked at making hardware compromise tamper-evident. It is also possible to make software and firmware tamper-evident. This is required for "defense in depth" — to trust an electronic device, you must trust the hardware, firmware, and software. Software or firmware compromise [can occur remotely](/posts/tails-best#2-running-tails-on-a-computer-with-a-compromised-bios-firmware-or-hardware) (over the Internet) as well as with physical access, so it is especially important because the other measures won't necessarily detect it. Tamper-evident firmware is compatible with our [recommendations](/recommendations): Qubes OS or Tails on laptops, or GrapheneOS on a smartphone. 
-For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you to be notified if firmware or software has been tampered with —  you will receive an email when Auditor performs a remote attestation. 
+For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you to be notified if firmware or operating system software has been tampered with — you will receive an email when Auditor performs a remote attestation. 
-For Tails or Qubes OS, [HEADS](https://osresearch.net/) can do the same before you enter your boot password (on [supported devices](https://osresearch.net/Prerequisites#supported-devices)). However, installation is advanced. Keep the HEADS USB security dongle with you when you leave the house, and have a backup hidden at a trusted friend's house in case it ever falls in a puddle. For more information, see [Tails Best Practices](/posts/tails-best/#to-mitigate-against-remote-attacks). 
+For Tails or Qubes OS, [Heads](https://osresearch.net/) can do the same before you enter your boot password (on [supported devices](https://osresearch.net/Prerequisites#supported-devices)). However, installing Heads is advanced, though using it is not. Keep the Heads USB security dongle with you when you leave the house, and have a backup hidden at a trusted friend's house in case it ever falls into a puddle. For more information, see [Tails Best Practices](/posts/tails-best/#to-mitigate-against-remote-attacks). 
 # Physical Intrusion Detection 
 [Physical intrusion detection](https://notrace.how/threat-library/mitigations/physical-intrusion-detection.html) is the process of detecting when an adversary enters or attempts to enter a space. As the Threat Library notes:
 > A video surveillance system that monitors a space can have the following characteristics:
 >
 >* The cameras can be motion-activated and send you an alert if they are detected and tampered with.
 >* The cameras can be positioned with the space entrances in their line of sight and/or in a discreet location.
 >* To prevent the system from monitoring you while you are in the space, you can turn it on just before you leave the space and turn it off as soon as you return.
 We recommend employing physical intrusion detection in addition to all of the tamper-evident measures. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it. 
 Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphone’s many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. Unfortunately Haven is currently unmaintained, remote notifications are [broken](https://github.com/guardianproject/haven/issues/454), and it is unreliable on many devices. 
 Until [Haven is fully functional](https://github.com/guardianproject/haven/issues/465), we recommend also using a video surveillance system so that you can receive remote notifications — this is important to protect against the local logs being modified by an intruder. Choose a model with privacy features (e.g. it doesn't function through the cloud) so that the police cannot easily learn the timing of your comings and goings from it. 
 ## In practice 
 Haven should be used on a dedicated cheap Android device that is otherwise empty. An older [Pixel](https://www.privacyguides.org/android/#google-pixel) is a good choice because it is cheap but has good cameras, which is important for both Haven and Blink Comparison — it may even [still be supported by GrapheneOS](https://grapheneos.org/faq#device-lifetime). Make sure that [full disk encryption](/glossary/#full-disk-encryption-fde) is enabled. If you have a smartphone in addition to the dedicated Haven phone, it should be turned off in the tamper-evident storage — if Haven was running on it instead and was discovered by the intruder, they would now have physical access to the device while it was turned on. 
 * Place the Haven smartphone in a location that has a line of sight to where an intruder would have to pass, such as a hallway that must be used to move between rooms or to access where the tamper-evident storage is located. It should be plugged in so the battery doesn't die; fairly long cables are available for this purpose. 
 * Set a countdown to turn Haven on before you leave the house. The Haven app will log everything locally on the Android device. As mentioned above, sending remote notifications is currently broken.
 * Check the Haven log when you get home. 
 # Wrapping Up 
 With the measures described above, any 'evil maid' would have to bypass:
-1) Haven detection, and
+1) Physical intrusion detection, and
 2) The tamper-evident storage, and
-3) The tamper-evident glitter nail polish (for an attack that requires opening the laptop), or HEADS/Auditor (for a software or firmware attack)
+3) The tamper-evident glitter nail polish (for an attack that requires opening the laptop), or Heads/Auditor (for a software or firmware attack)
 These layers are all important, although they may seem redundant. The expertise and cost required to successfully execute the attack increases significantly with each layer, making it much less likely that an adversary will attempt it in the first place. The best practice is to [obtain a fresh device in such a way that it cannot be intercepted](/posts/tails-best/#to-mitigate-against-physical-attacks), and then consistently implement all of these layers from the beginning. 
-This means that every time you leave the house with no one home for a significant amount of time, you put the turned-off devices into tamper-evident storage, take the necessary photos, and activate Haven. This may sound tedious, but it can be done in less than a minute if you leave unused devices in storage. When you get home, first check the Haven log. Next, verify the tamper-evident storage. 
+## In practice 
-Laptop screws can be verified monthly, or when something suspicious happens. Neither HEADS nor Auditor require much effort to use properly once set up; Auditor runs without interaction and HEADS becomes part of your boot process. 
+To summarize, take the following measures every time you leave the house with no one home for a significant amount of time: 
 1) Put the turned-off devices into tamper-evident storage 
 2) Take the necessary photos 
 3) Activate Haven 
 This may sound tedious, but it can be done in less than a minute if you leave unused devices in storage. When you get home: 
 1) Start by checking the Haven log 
 2) Next, verify the tamper-evident storage with Blink Comparison
 Laptop screws can be verified when something suspicious happens. Neither Heads nor Auditor require much effort to use properly once set up; Auditor runs without interaction and Heads becomes part of your boot process. 
 # Further Reading
--- a/content/posts/tamper/lentils.jpg
+++ b/content/posts/tamper/lentils.jpg
--- a/content/posts/tamper/linsen.jpg
+++ b/content/posts/tamper/linsen.jpg