Real-Time UML (RTUML) refers to the application of the Unified Modelling Language (UML) for the analysis, design, and implementation of real-time and embedded systems, where timing constraints, concurrency, and resource management are critical. It extends standard UML with profiles, notations, and semantics to handle hard and soft real-time requirements, such as modelling predictable response times and fault tolerance. RTUML is not a separate language but a methodology leveraging UML diagrams (e.g., statecharts, sequence diagrams) for time-sensitive applications like automotive controls, avionics, and medical devices. The term is closely associated with Bruce Powel Douglass, who popularised it through his books and the Harmony process for embedded software development. As of 2025, RTUML remains relevant in industries requiring certified systems, though its adoption varies with agile methodologies and model-driven engineering tools. == Background == Real-Time UML emerged in the late 1990s as UML was standardized by the Object Management Group (OMG) in 1997, addressing the need for object-oriented modeling in real-time systems previously dominated by procedural languages like C. Traditional real-time development relied on "bare metal" programming or theoretical models, but RTUML introduced visual notations for object structure, behaviour, and timing. Bruce Powel Douglass’s 1999 book, Real-Time UML: Developing Efficient Objects for Embedded Systems, formalised the approach, emphasising statecharts for concurrency and timing constraints. Later editions (2004, 2006) incorporated UML 2.0 features like activity and timing diagrams, aligning with OMG’s Real-Time Profile (now part of MARTE—Modelling and Analysis of Real-Time and Embedded Systems). The Harmony process integrates RTUML with executable models for simulation and code generation. RTUML addresses hard real-time systems (e.g., strict deadlines in avionics) versus soft real-time (e.g., media streaming), using UML extensions for schedulability analysis. == Key concepts == RTUML adapts UML diagrams and techniques for real-time needs: Statecharts and Behaviour Modelling: Extended state machines model reactive behaviour, using and-states for concurrency, pseudostates for transitions, and timing constraints (e.g., {duration < 10ms}). Examples include cardiac pacemaker models. Sequence and Interaction Diagrams: Capture message timing, priorities, and resource allocation in multi-threaded systems. Architectural Patterns: Define logical and physical architectures with active objects for concurrency and patterns like observer or publisher-subscriber. Timing and Constraints: Use Object Constraint Language (OCL) for specifying deadlines and priorities. Profiles and Extensions: OMG’s UML Profile for Schedulability, Performance, and Time (SPT) and MARTE add stereotypes like RT::ActiveObject. These support iterative development, from requirements to deployment, often with tools like IBM Rhapsody or Enterprise Architect. == Applications == RTUML is used in: Embedded Systems: Modelling automotive ECUs or UAV controls. Avionics and Defence: DO-178C-compliant designs for fault tolerance. Medical Devices: Pacemakers or ventilators with precise timing. Industrial Automation: RTOS task visualisation via sequence diagrams. Tools like IBM Rhapsody support RTUML for model-based development and code generation in C/C++. == Criticism and adoption == RTUML’s complexity can overwhelm simple systems, and its use in agile environments is limited, where lightweight diagrams are preferred. Surveys indicate UML (including RTUML) is used in 30–50% of embedded projects, often for documentation rather than full model-driven engineering. It remains standard in academia and certified industries like aerospace.
Paint.NET
Paint.NET (sometimes stylized as paint.net) is a freeware general-purpose raster graphics editor program for Microsoft Windows, developed with the .NET platform. Paint.NET was originally created by Rick Brewster as a Washington State University student project, and has evolved from a simple replacement for the Microsoft Paint program into a program for editing mainly graphics, with support for plugins. == History == Paint.NET originated as a computer science senior design project by Rick Brewster during spring 2004 at Washington State University. Version 1.0 consisted of 36,000 lines of code and was written in four months. In contrast, version 3.35 has approximately 162,000 lines of code. The Paint.NET project continued over the summer and into the autumn 2004 semester for both the version 1.1 and 2.0 releases. Development continued with one programmer who worked on previous versions of Paint.NET while he was a student at WSU. As of May 2006 the program had been downloaded at least 2 million times, at a rate of about 180,000 per month. Initially, Paint.NET was released under a modified version of the MIT License, with the exclusion of the installer, text, and graphics. However, citing issues with the open source code being plagiarized by others that had rebranded the software as their own and bundled user content without their permission, the availability of the source code was restricted, in December 2007 Brewster announced his intent to restrict access to components of the program (including its installer, resources, and user interface). In November 2009, the software was made proprietary, restricting the sale or creation of derivative works of the software. Starting with version 4.0.18, Paint.NET is published in two editions: A classic edition remains freeware, similar to all other versions since 3.5. Another edition, however, is published to Microsoft Store under a trialware license and is available to purchase for US$14.99. According to the developer, this was done to enable the users to contribute to the development with more convenience, even though the old avenue of donation was not closed. In May 2026, Brewster revealed that he obtained the paint.net domain after attempting to do so for 22 years. Historically, the editor was hosted on getpaint.net, and according to Brewster, the previous owners of paint.net would not sell the domain and asked for "lots and lots of money". In December of the previous year, paint.net began hosting content that impersonated Paint.NET, therefore becoming a clear case of trademark infringement and domain squatting. Brewster stated that he was able to obtain the domain afterwards with the help of a lawyer. == Overview == Paint.NET is primarily programmed in the C# programming language. Its native image format, .PDN, is a compressed representation of the application's internal object format, which preserves layering and other information. == Plugins == Paint.NET supports plugins, which add image adjustments, effects, and support for additional file types. They can be programmed using any .NET Framework programming language, though they are most commonly written in C#. These are created by volunteer coders on the program's discussion board, the Paint.NET Forum. Though most are simply published via the discussion board, some have been included with a later release of the program. For instance, a DirectDraw Surface file type plugin, (originally by Dean Ashton) and an Ink Sketch and Soften Portrait effect (originally by David Issel) were added to Paint.NET in version 3.10. Hundreds of plugins have been produced; such as Shape3D, which renders a 2D drawing into a 3D shape. Some plugins expand on the functionality that comes with Paint.NET, such as Curves+ and Sharpen+, which extend the included tools Curves and Sharpen, respectively. Examples of file type plugins include an Animated Cursor and Icon plugin and an Adobe Photoshop file format plugin. Several of these plugins are based on existing open source software, such as a raw image format plugin that uses dcraw and a PNG optimization plugin that uses OptiPNG. == Forks == === paint-mono === Paint.NET was created exclusively for Windows and has no native support for other operating systems. Due to its former open-source licensing, the development of alternative versions was possible. In May 2007, Miguel de Icaza officially started a porting project called paint-mono. This project had partially ported Paint.NET 3.0 to Mono, an open-source implementation of the Common Language Infrastructure on which the .NET Framework is based. This allowed Paint.NET to be run on Mono-supported platforms, such as Linux. This port is no longer maintained and has not been updated since March 2009. Newer Mono runtime 6 versions are able to run original Paint.NET releases up to 3.5.11 with only minor issues. === Pinta === In 2010, developer Jonathan Pobst started a project called Pinta, describing it as a clone of Paint.NET for Mono and Gtk#. Pinta reused the adjustments and effects code from Paint.NET but otherwise is original code.
Trazzler
Trazzler is a travel destination app that specializes in unique and local destinations. The initial concept was developed by Adam Rugel and Biz Stone in 2006 at Twitter's original offices under the name "71 miles". More than 10,000 writers and photographers have contributed and more than $350,000 in freelance contracts have been issued as a result of Trazzeler's weekly writing and photography contests. Investors in the company include SV Angel, AOL Founder Steve Case, and the Twitter founders, Evan Williams, Jack Dorsey, and Biz Stone. The company's partners are the City of Chicago, Hawaii Tourism Authority, Fairmont Hotels & Resorts, Salon.com, and Air New Zealand. Trazzler is designed for use on the iOS, Android, and Facebook.
Transparency in the software supply chain
Transparency in the software supply chain is a condition in which participants involved in the development, procurement, operation, auditing, or regulation of software can determine which components, dependencies, build stages, identifiers, and relationships within the supply chain make up the delivered product. The disclosure of information about software components, their interrelationships, origins, and development methods—for the purposes of risk management, vulnerability detection, and compliance—takes place throughout the software lifecycle. Transparency is one of the key security attributes of the software supply chain, as a deeper understanding of the chain enables participants to identify vulnerabilities and mitigate threats. Problems in the software supply chain can cause billions in losses and create operational challenges for government and commercial entities, as demonstrated by incidents involving SolarWinds, Bybit, 3CX, Jaguar Land Rover, GitHub, and NotPetya. Modern software is often assembled from third-party libraries and open-source components. According to research by the Linux Foundation and Synopsys, 96% of the commercial codebases analyzed contained open-source software, and 70–90% of a typical codebase may consist of open-source components. Without transparency, any software component can become a threat. As a result, companies may spend billions of dollars building robust external defenses, but this will not protect against vulnerabilities in legitimate software inside the perimeter. At the same time, supply chain attacks also erode trust between customers and their IT providers, as malicious code is often embedded in official updates with certificates and digital signatures. One of the primary ways to ensure transparency is through a software bill of materials, which documents the components used to create the software and the relationships within the supply chain. == Concept == The software supply chain is the collection of systems, devices, people, artifacts, and processes involved in the creation of the final software product. Attacks on the software supply chain differ from conventional attacks in that they follow a four-stage pattern: compromise, modification, distribution, and subsequent exploitation of the compromised or modified component. A defining feature of a supply chain attack is the introduction or manipulation of a change at an upstream stage, which is subsequently exploited at a downstream stage. Transparency refers to the availability of knowledge about the chain, while validity concerns the integrity of operations and artifacts and the authentication of participants, and separation involves reducing unnecessary trust relationships and the radius of impact through compartmentalization. In this framework, transparency primarily helps during the pre-compromise and detection phases, as a clearer understanding of participants, operations, and artifacts makes it easier to identify weak links before attackers exploit them. Current major attack vectors include dependencies and containers, build infrastructure, and human participants, such as maintainers or developers. == History == Software supply-chain transparency developed from earlier efforts to document software components, long before the term came into widespread use in the cybersecurity field. Early component-documentation formats included SPDX, first published in 2011, and CycloneDX, first published in 2017. Initially, these formats were created to support license compliance, package identification, and tool compatibility. Their development helped shape a broader concept of software supply chain transparency, encompassing component documentation, disclosure practices, risk management, security analysis, and regulatory compliance. In 2018, the U.S. National Telecommunications and Information Administration launched a multistakeholder process on promoting software component transparency. This process helped move work on SBOMs from a specialized technical practice into the realm of policy and procurement to identify components used in software products. The 2020 compromise of the SolarWinds Orion platform made software supply chain security a central issue in government cybersecurity policy. An analysis of the “Sunburst” campaign prepared by the Atlantic Council noted that the vulnerability of the software supply chain had become a realized risk for national-security agencies. In May 2021, U.S. President Joe Biden issued Executive Order 14028, which directed federal agencies to improve cybersecurity and increase transparency in the software supply chain, including requirements related to SBOMs. Reuters reported that the executive order required software developers selling their products to the federal government to provide greater visibility into their software and make security data available. In July 2021, the NTIA published the document “The Minimum Elements for a Software Bill of Materials (SBOM)”, defining the basic data fields and practices for creating SBOMs. Between 2021 and 2025, the U.S. Cybersecurity and Infrastructure Security Agency updated its guidance on “Framing Software Component Transparency”, expanding the set of SBOM attributes, metadata requirements, and operational recommendations for the creation, exchange, and use of SBOMs. Major incidents that occurred following the SolarWinds attack have underscored the importance of transparency in vulnerability management and supply chain security. The Log4Shell vulnerability in the Log4j library, disclosed in December 2021, demonstrated how difficult it can be for organizations to identify a vulnerable component deeply embedded within applications and services. In 2024, an attempt to plant a backdoor in XZ Utils showed how attackers could exploit trust in open-source maintenance processes to introduce malicious code into widely used infrastructure software. By the mid-2020s, software supply chain transparency had become part of international cybersecurity coordination and regulation. On September 3, 2025, Japan's Ministry of Economy, Trade and Industry and the National Cybersecurity Office, in collaboration with cybersecurity agencies from 15 countries, released the document “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity.” In the European Union, the Cyber Resilience Act required manufacturers of products with digital elements to create, maintain, and retain SBOMs as part of the technical documentation for software placed on the EU market. == Transparency mechanisms == The primary mechanism for ensuring transparency is the software bill of materials (SBOM). An SBOM is a structured list of components, libraries, and tools used to build and distribute a software product, and it records dependencies in a way that helps organizations understand and assess their software supply chains. It can also be described as a formal record of components and their interdependencies, which gives users insight into their actual exposure to risks and threats. Five key areas of SBOM application in software supply chain security have been identified: vulnerability management, ensuring transparency, component evaluation, risk assessment, and ensuring supply chain integrity. In software supply chains, an SBOM documents all components, both open-source and proprietary. Under Executive Order 14028, U.S. federal agencies require software suppliers to provide SBOMs for government-procured software. The list of minimum required SBOM elements defined by NTIA includes three main categories: required data fields for describing each component (name, version, identifiers), automation support (machine-readable format, generation tools), and recommendations for creating SBOMs during development and purchasing. The post-2021 push for SBOMs was intended to provide visibility into the components used within software and to expose parts of an application that would otherwise remain hidden. This information can be used to prioritize patches, manage vulnerabilities, and support compliance work. Transparency also supports software traceability, which is becoming a standard feature of developer platforms. Traceability has become important because organizations are increasingly required to demonstrate how software was created, rather than simply listing its components. Higher levels of assurance require signed, tamper-proof traceability and more isolated, verifiable build environments. A related mechanism is build reproducibility. Reproducible builds are defined as build processes that make the compilation process deterministic, ensuring that the same source code always produces the same binary file. These builds are considered a foundational element for distributed verification, transparency-log maintenance, supply-chain workflow integration, and the creation of keyless signatures based on verifiable logs. Although reproducibility does not replace inventory or attestation, it gives external par
Voyages: The Trans-Atlantic Slave Trade Database
Voyages: The Trans-Atlantic Slave Trade Database is a database hosted at Rice University that aims to present all documentary material pertaining to the transatlantic slave trade. It is a sister project to African Origins. The database breaks down the kingdoms and countries that engaged in the Atlantic trade. By 2008, the project had gathered data on nearly 35,000 transatlantic slave voyages from 1501 to 1867. For each voyage they sought to establish dates, owners, vessels, captains, African visits, American destinations, numbers of slaves embarked, and numbers landed. They have been able to find much of this material for an estimated 80 percent of the entire transatlantic African slave trade. With corrections for missing voyages, the Project has estimated the entire size of the transatlantic slave trade with more comprehension, precision, and accuracy than before. They reckon that in 366 years, slaving vessels embarked about 12.5 million captives in Africa, and landed 10.7 million in the New World. A horrific discovery is a careful estimate that the Middle Passage took a toll of more than 1.8 million African lives. In this quantitative database, the numbers are enslaved people.
Whitelist
A whitelist or allowlist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognized, or ostracized. == Email whitelists == Spam filters often include the ability to "whitelist" certain sender IP addresses, email addresses or domain names to protect their email from being rejected or sent to a junk mail folder. These can be manually maintained by the user or system administrator - but can also refer to externally maintained whitelist services. === Non-commercial whitelists === Non-commercial whitelists are operated by various non-profit organizations, ISPs, and others interested in blocking spam. Rather than paying fees, the sender must pass a series of tests; for example, their email server must not be an open relay and have a static IP address. The operator of the whitelist may remove a server from the list if complaints are received. === Commercial whitelists === Commercial whitelists are a system by which an Internet service provider allows someone to bypass spam filters when sending email messages to its subscribers, in return for a pre-paid fee, either an annual or a per-message fee. A sender can then be more confident that their messages have reached recipients without being blocked, or having links or images stripped out of them, by spam filters. The purpose of commercial whitelists is to allow companies to reliably reach their customers by email. == Advertising whitelist == Many websites rely on ads as a source of revenue, but the use of ad blockers is increasingly common. Websites that detect an adblocker in use often ask for it to be disabled - or their site to be "added to the whitelist" - a standard feature of most adblockers. == Network whitelists == === LAN whitelists === A use for whitelists is in local area network (LAN) security. Many network admins set up MAC address whitelists, or a MAC address filter, to control who is allowed on their networks. This is used when encryption is not a practical solution or in tandem with encryption. However, it's sometimes ineffective because a MAC address can be faked. === IP whitelist === Firewalls can usually be configured to only allow data-traffic from/to certain (ranges of) IP-addresses. === Application whitelists === One approach in combating viruses and malware is to whitelist software which is considered safe to run, blocking all others. This is particularly attractive in a corporate environment, where there are typically already restrictions on what software is approved. Leading providers of application whitelisting technology include Bit9, Velox, McAfee, Lumension, ThreatLocker, Airlock Digital and SMAC. On Microsoft Windows, recent versions include AppLocker, which allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create rules based on file names, publishers or file location that will allow certain files to execute. Rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to a report-only policy that will allow administrators to understand the impact before moving that user to a higher enforcement level. Linux systems typically have AppArmor and SE Linux features available which can be used to effectively block all applications which are not explicitly whitelisted, and commercial products are also available. On HP-UX introduced a feature called "HP-UX Whitelisting" on 11iv3 version. == Controversy regarding name == In 2018, a journal commentary on a report on predatory publishing was released making claims that "white" and "black" are racially charged terms that need to be avoided in instances such as "whitelist" and "blacklist". The premise of the journal is that "black" and "white" have negative and positive connotations respectively. It states that since "blacklisting" was first referred to during "the time of mass enslavement and forced deportation of Africans to work in European-held colonies in the Americas," the word is therefore related to race. There is no mention of "whitelist" and its origin or relation to race. This issue is most widely disputed in computing industries where "whitelist" and "blacklist" are prevalent (e.g. IP whitelisting). Despite the commentary nature of the journal, some companies and individuals in others have taken to replacing "whitelist" and "blacklist" with new alternatives such as "allow list" and "deny list". Those adopting this change consider using the "whitelist"/"blacklist" names as a code smell. Those that oppose these changes question its attribution to race, citing the same etymology quote that the 2018 journal uses. According to the remark, the term "blacklist" evolved from the term "black book" about a century ago. The term "black book" does not appear to have any etymology or sources that support racial associations, instead originating in the 1400s as a reference to "a list of people who had committed crimes or fallen out of favor with leaders", and popularized by King Henry VIII's literal use of a black book. Others also note the prevalence of positive and negative connotations to "white" and "black" in the Bible, predating attributions to skin tone and slavery. It wasn't until the 1960s Black Power movement that "Black" became a widespread word to refer to one's race as a person of color in America (alternate to African-American) lending itself to the argument that the negative connotation behind "black" and "blacklist" both predate attribution to race.
Nagarik App
Nagarik App (translation: Citizen App) is a mobile application launched by the Government of Nepal to provide government-related services in a single online platform. The app was developed to facilitate an easier, systematic, and simplified delivery of government services to Nepali citizens digitally. The app was launched to play a pivotal role in revolutionizing the way citizens interact with the government. It offers government services through a single unified platform, minimizing the need for citizens to navigate multiple channels or physical offices for their diverse needs of government services. The services are added gradually according to the needs and services required. The government aims to reduce the physical queues and the need to be physically present to get services from the different government offices. One can get services online round-the-clock even during holidays. As of now, 25 services are included in the app, ranging from Police Clearance Report to Voters Card. The app contains and provides a vast range of government services. The app was launched on the occasion of the fourth National Information and Communication Technology Day, 2021 (2078 BS). The event marked a significant milestone in Nepal’s digital transformation journey. It aims to reduce all the bureaucratic hurdles that the citizens have been facing and make government services more efficient and convenient. In Oct 20, 2024, a E-Chalan was introduced for managing traffic violations in initially piloting in Kathmandu Valley. The Kathmandu Valley Traffic Police Office announced that physical licenses would no longer be confiscated for traffic rule violations. Instead, a "Digital Chit (E-Chalan)" system was implemented, allowing drivers to pay fines electronically. Integrated with the NagarikApp, the system enables police to access drivers' licenses, record violations, and update details directly in the app. == Features and Services == Inland Revenue Department (Nepal) PAN Registration Election Commission (Nepal) Voter Card Pre-Registration and Details Nepal Police Online Clearance Report Traffic Violations and Fine Payment Nepal Passport, Driving License, National Identity Card (NID), Citizenship, and Voter ID link details My Municipality (Includes contact info of the representatives, services such as ambulance, nearby police, and budget programs and plans) The Government Press ID card PF/PAN/SST/CIT statements can be viewed Nagarik Pahichan Dwar (Online bank accounts can be opened and KYC can be verified for selected banks using the QR) == Awards and honors == Each year, World Summit Award honors outstanding digital applications and solutions across various categories. The winners of the World Summit Award represent the pinnacle of innovation in their respective categories. Nagarik App was selected among 180 participants and won the World Summit Award of 2022 in Government and Citizen Engagement category. == Latest Statistics & Usage Trends (2082 BS / 2025 AD) == As of August 2025, over 1.5 million Nepali citizens have registered and actively use the Nagarik App, according to the National Information Technology Center (NITC). The majority of daily logins come from: Kathmandu Valley – 37% of total users Province 1 (Koshi) – 19% of total users Bagmati Province – 15% of total users On average, 45,000+ transactions (service requests, document verifications, and payments) are processed through the app each day. The most-used services include: PAN Card Registration – 28% of total requests Police Clearance Report – 22% Driving License Linking & E-Chalan Payment – 18% Vehicle Tax Payment – 14% Source: Internal report from NITC, July 2025 == Step-by-Step: How to Link Your Driving License with Nagarik App == Update the App – Install the latest version from Play Store or App Store. Login or Register – Ensure your SIM is registered in your own name. Go to “Transport Services” in the menu. Select “Driving License” – Enter your license number and date of birth. Verify via OTP – Sent to your registered mobile number. Confirmation – Your digital license will appear inside the app. This guide is continuously updated to reflect the latest rules from the Kathmandu Valley Traffic Police Office and changes in NITC’s backend system. For in-depth details, step-by-step tutorials, and the most recent Nagarik App updates, visit the full article on The Bipin Blog.