Social Items



Web authentication (WebAuthn) makes it possible for browser users to access websites with an authentication device like biometric identity proof using a smartphone's fingerprint reader or Face ID, and some other alternatives, without resorting to a username and password.

While the major browsers have already enabled support for the Web authentication API, with Microsoft Edge, Google Chrome and Firefox (Starting from Firefox 60) allowing direct access to secure websites that are compatible with WebAuthn using physical security keys.

The Firefox maker, Mozilla has promised to extend support for Windows Hello with Firefox 66 to bring more ease to the password-less experience for the users of the browser; this means that if you sign in to Windows 10 PC using fingerprint sensor, facial recognition, FIDO2 security device or PIN via Windows Hello, it’ll be easier to sign in to Microsoft services with Firefox 66.

Windows Hello logs you into your devices 3x faster than a password using your camera to recognize your face or sensor to read your fingerprint, either way Windows Hello recognizes you instantly.

Mozilla had been battling with the Web authentication bug, which according to J.C. Jones, the web authenticator editor for Mozilla, “WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface, basically, u2f-hid-rs will stop supporting Windows 10+.

But starting with Firefox 66 or 67 (and ESR 60) the Windows Hello API will be enabled to interact with Web Authentication.

The fact that Firefox is the first browser to support WebAuthn, with the technology now fully advanced, it is now significantly more capable than earlier attempts to support physical authentication keys.

Firefox 66 (and ESR 60) to support Windows Hello API for Web authentication



Mozilla has entered into a partnership with Scroll, a premium news service startup that charges monthly subscription for ad-free news from select publishers, in its bid to try and separate web contents from advertisements.

While Scroll's model is still in the works, which when officially launched will charge subscribers a flat monthly fee for access to ad-free news from a variety of notable publishers, with the promise of delivering better returns than what the publishers get from conventional on-page ads.

The collaboration with the Firefox browser maker is yet another revenue exploration model for Scroll, with the separation of online advertising from Web content giving more exposure to the nearly 30 media companies who have shown interest in the deal.

Scroll is currently funded by top media organizations which include, the New York Times and some venture capitalists, with the goal of building a web where users satisfaction is first priority without compromising on revenue.

It has proposed a $5 monthly subscription which give users access to premium ad-free content on anything not behind a publication-specific paywall.

Mozilla have from inception advocated for an internet that puts users first, and also leading the effort to better the users experience on the web, with issues such as tracking and data privacy on the front burner.

Mozilla partners with Scroll to help separate Web contents from advertisements



The emerging new cellular networking technology, 5G is already saddled with serious flaws that could transform it into a snooping risk, which can be used to intercept phone calls and track the location of mobile devices, according to reports by a group of academic researchers.

While the vulnerabilities mark the first time such flaws have been discovered to affect both 5G and the most widely used wireless cellular technology at the moment, 4G which hitherto has been hailed as a super-speed and more secure technology.

The three-pronged attacks scenario recorded by the researchers is described in details in the paper presented at the Network and Distributed System Security Symposium (NDSS 2019) which is holding in San Diego, starting from February 24-27, 2019. With the first attack, called Torpedo, which exploit is tied to weakness in the standards' paging protocol used in notifying phones of an incoming call or messages; while the researchers attempted multiple calls in a short duration which allowed them to pinpoint the device and send fake text messages.

They were also able to mount a denial-of-service attack, and Torpedo facilitated two other additional exploits, making it possible for any attacker to access a device's ISMI, that is, the unique identifying number for the GSM subscriber's device, using IMSI-Cracking brute-force attack.

And the third attack, called Piercer, tend to pair the ISMI with the target's phone number, allowing full location tracking, with all attacks haven been evaluated and validated using commodity hardware and software, as claimed by the researchers in their paper.

The 5G cellular protocol is even vulnerable to Stingrays, the surveillance tools used by the FBI to surreptitiously track the locations of targets' mobile devices.

The emerging cellular technology, 5G is supposed to enable supercharged speeds for mobile devices, with low latency, and perhaps opens door for more technological innovations such as self-driving cars, mixed and virtual realities, and also deliver a higher level of security.

How 5G Cellular Networks can intercept phone calls and track the location of mobile devices



Microsoft unveiled HoloLens 2 at the Mobile World Congress (MWC 2019) in Barcelona, with the company's head of AI and Mixed Reality pinpointing some significant changes to the first generation of the Mixed Reality device.

While the original Mixed Reality device was introduced in 2016, but the many shortcomings of the first generation HoloLens made it less suitable for business usage as it lacks support for modern graphic technologies, and so, saddled with low processing capabilities.

HoloLens 2 will work with Microsoft's Azure cloud, bringing the Remote Rendering technology from the power of Azure cloud to boost the headset’s image processing capabilities.

Microsoft has also redesigned the display system, now holographic objects look more real and sharp, with the promise of bringing the Unreal engine to HoloLens 2 in May. The company have equally added a time-of-flight depth sensor, and enabled direct manipulation of digital objects.

Alex Kipman, the inventor of the original HoloLens, announced what he calls Spatial Anchors, ways in which “Internet of holograms” could be developed to share three-dimensional images with ARCore by Google and Apple’s ARkit.

Some other key improvements in HoloLens 2, include: more than double field of view from the first-generation HoloLens, measuring approximating 2,000 pixels while still keeping the original’s pixel density.

And there's the capability of ten-point touch interaction for holograms, complete with hand sensing, and a new UI allowing users to interact with buttons and holograms.

Microsoft had only published very few specifications on the HoloLens 2, but some key known facts are that it will run on a Qualcomm Snapdragon 850, and will be lighter and more comfortable to wear than the former.

Additionally, HoloLens 2 will adapt to the movement of your hands or fingers, which will enable the manipulation of objects in the real world; and besides the gestures, it will also listen and react to vocal commands.

Is Microsoft's Hololens 2 the Future of Mixed Reality? #MWC2019



WinRAR, a file archival utility for Windows, which enable users to create and view archives in RAR or ZIP file formats, developed by Eugene Roshal of win.rar GmbH has a bug that has gone undetected since 2005.

According to security research firm, Check Point, the WinRAR bug prompt users to buy the software, though there is an option to click on “next time” and continue the extraction of files, but it leaves over 500 Million Windows users at risk.

The researchers found several crashes in the extraction of archival file formats, including: RAR, LZH and ACE that resulted by a memory corruption vulnerability as Out-of-Bounds Write, while the vulnerabilities isn't trivial because the primitives offered limited control over the overwritten buffer.

WinRAR employs a dll (Dynamic Link Library) named unacev2.dll for parsing ACE archives, and this dll turned out to be a dated dll compiled in 2006 without any protection mechanism.

The WinRAR bug allow attackers to extract executable files from a Windows PC’s startup folder, which makes it to automatically run on every bootup, and the vulnerability is further exacerbated by the fact that any malicious ACE archive can rename to a RAR compression format without escaping the exploit.

The developers of the popular file archival tool WinRAR has already issued a patch for this vulnerability. However the software will need to be updated to version 5.70 beta 1, released last month, by the users to ensure security for their devices from this major flaw.

How WinRAR Flaw can allow Hackers to load Malware unto Windows PCs



WhatsApp launched a biometric authentication feature for its App on iOS in January, whereby users can choose to require Face ID or Touch ID authentication in order to unlock the application, as additional security measure.

But with recent findings, the new security feature isn't quite secure after all, as a bug is allowing iPhone users to bypass the security mechanism and able to launch the WhatsApp application without any verification either via Touch or Face ID through the iOS share sheet.

The security feature allowed users to set verification to be required immediately upon log-in, with the need to apply Touch ID or Face ID each time they wish to access WhatsApp, or at specific intervals which could be up to an hour.

Albeit, the security feature failed whenever a user select any interval option other than “immediately" and when users need to select WhatsApp on sharing media via the share sheet, resulting the users to be taken to the WhatsApp app, while the Touch ID or Face ID options fail to pop up for authentication.

The failure to authenticate happens if the user has set the time to enable Touch ID or Face ID for authentication to either “after one minute”, “after 15 minutes”, or “after one hour” which makes it possible for anyone to access WhatsApp without fingerprint or facial recognition.

It remains unclear if the bug is from WhatsApp end or if it is rooted in the iOS platform, however WhatsApp has responded by acknowledging the bug and promising that a fix will be available shortly. It is recommended that users should set the screen lock option to "immediately” to mitigate the flaw until a patch is made available.

WhatsApp Touch ID & Face ID Security Features on iOS beaten from the share sheet



WootCloud, an IoT security research firm disclosed its discovery of a botnet based on Mirai dubbed OMNI that infects business video conferencing systems from Polycom, with additional three known botnets targeting same systems, and also Linux-based embedded devices.

While the discovery was announced in August, 2018, almost all models of Polycom HDX series of enterprise audio/video conferencing devices were vulnerable, which vulnerability could allow an attacker to launch a brute-force attack, DDoS attack and also turn the compromised conferencing devices to a proxy for Command and Control (C&C) routing communications.

OMNI represents one of the most severe IoT security concerns in the enterprise conferencing systems, which is harnessing the power of open-source software packages like BusyBox and WGet that comes with the Polycom devices through bypassing the various authentication mechanisms.

According to the researchers, the attacks evades traditional security controls and procedures, while companies have developed blind spots for monitoring such devices, so can't see the attacks to thwart them, which reemphasized the fact that smart connected devices inside enterprises remain the new attack vectors in the IoT era.

And Mirai infected hundreds of thousands of IoT devices which were used to launch some of the largest distributed denial-of-service (DDoS) attacks in history. It primarily spread in a worm-like manner through Telnet connections by taking advantage of the fact that most users don't change their default administrative details on smart devices.

Albeit, the original Mirai botnet is now inactive, but the source code has been replicated as base for at least 13 new other botnets, bringing more sophistication and improved infection methodology.

WootCloud has since reported the botnets to Polycom, and the company had on February 20, 2019 issued security advisory warning customers that Polycom HDX endpoints running software versions older than 3.1.13 contain security vulnerabilities that have been previously listed on the Polycom Security Center which can render HDX endpoints vulnerable to takeover by a botnet.

Polycom also issued a security advisory back in January to warn customers about the persistent cyber threats that target unified communications devices deployed in a less secure manner for which the default credential haven't been changed.

Internet of Things (IoT) botnets exploiting Polycom video conferencing systems



Opera Software retired its free VPN app in April last year, which allowed users to avail the unlimited VPN to browse on smartphones and tablets, but little did users know that the company was cooking something new; Opera's free VPN is back.

Now, it’s available within the Opera browser for Android, and just as free, unlimited and easy to set up and use as the VPN app that was shutdown, basically its more like the VPN on the desktop version of the browser.

While VPN is required for privacy and security purposes, as it allows you to route your device's data via a secure connection on linking out into the open internet. Albeit, many free VPNs have come to serve ulterior motives, by retaining logs of users activities especially for targeted advertising. Opera, however has assured that its free VPN service will keep zero logs, and will not track your online activities.

Steps to set up Opera Browser for Free VPN service

Firstly, you’ll have to download Opera browser for Android, which is quite different from Opera mini browser. And install it on your Android phone, then tap the “O” icon from the bottom right corner, and tap on Settings to flip the VPN toggle to Enabled.

Within the VPN setting there are options for limiting to private tabs, virtual location and bypassing the VPN for search engines, and also a snapshot of data, mostly as it offers automatic protection without any fuss.

And you're not required to sign in to Opera account to start using the free VPN service, once enabled, it replaces IP address with virtual IP that makes it more difficult for sites to track you.

There are also options to choose a VPN server region or let the app decide, and it is recommended to use the VPN only for private tabs. But, you can use it always with the exception of when searching if you want to get local results.

How to set up Opera browser's free VPN on Android smartphone



The Debian-derived Linux distribution designed for penetration testing and digital forensics, Kali Linux has received its first update for 2019 with a bevy of new features, which includes: support for Metasploit version 5.0, Linux kernel 4.19.13 and several bug fixes.

Kali Linux is maintained and funded by Offensive Security Ltd, and serves as the go-to operating system for cyber security enthusiasts. While Kali Linux has satisfactorily served the cybersecurity world by providing bespoke packages for theHarvester, DBeaver and many more tools that help Penetration testers in various stages of the test to gather information such as emails, hosts, employee details, open ports and domains from different sources.

The updated Kali Linux comes with a number of improvements and new features including new json-rpc daemon, search engine, and integrated web services, and new evasion modules coupled with the support for writing shell-code in C.

And the support for Metasploit version 5.0, introduces multiple new features like the Metasploit’s new database and automation APIs, expanded language support, evasion modules and libraries, improved performance and more. Albeit, the update to Metasploit was released last month, coming after almost 8 years with the last version 4.0 haven been released in 2011.

Kali Linux 2019.1 also boasts of an upgraded kernel version 4.19.13 which supports the use of Banana Pi and Banana Pro single board computers, and Veyron has been moved to a 4.19 kernel.

The virtual machine and ARM images have been updated to 2019.1 and Raspberry Pi images simplified, with no separate Raspberry Pi images available for users with TFT LCDs as Kali Linux 2019.1 comes with re4son’s kalipi-tft-config script. You can find more information from the changelog to know the details of the bug fixes.

Offensive Security releases Kali Linux 2019.1 with support for Metasploit version 5.0



While Windows 10 users had to resort to the “AppData” folder for the viewing or modifying of Linux files, Microsoft with the next Windows 10 update will be making it easier to access Linux files via WSL filesystem, as the former process is fraught with issues of data loss or corruption.

The upcoming Windows 10 Version 1903 changes the Windows Subsystem for Linux (WSL), bringing support for easy access to Linux files, and users will be able to view and modify items from the File Explorer, by simply using the Command Line.

According to Microsoft, Windows service and driver will act as client and communicate with the 9P server, whereby a 9P protocol file server facilitates file-related requests, which then, the server containing the protocols is also responsible for handling the Linux metadata which ensures that files remain intact even after the access.

The process is as simple as typing in “explorer.exe” within a Linux shell environment and following the command, you would find a File Explorer within the Linux Distro. Then type “\\wsl$\\” in the Explorer window to access the Linux files.

And you can perform several operations on the Linux files like dragging, copy & paste and more. Also, you can use the feature with Windows 10 Power Shell by simply typing “cd \\wsl$\Debian\” to change the root directory of the installed Debian system.

Microsoft created the feature based on its community feedback! It welcome users to file any issues that they may find on its Github page: https://github.com/Microsoft/WSL for faster actions.

Microsoft's next Windows 10 update to bring support for easy Linux files access



The second point release of Ubuntu 18.04 LTS (Bionic Beaver) is now live, which follows closely on the heels of Ubuntu 18.04.1 LTS released in July last year, and as the norm, it is released in three editions: Desktop, Server and Core (for IoT devices and robots).

While the popular operating system newest version is also available for Cloud platforms, along with the different flavors, such as Lubuntu, Kubuntu, Ubuntu Budgie, Ubuntu MATE, Ubuntu Kylin and Xubuntu.

Developed by Canonical, Ubuntu is an open-source Linux distribution based on Debian, and of course free, with the community under a meritocratic governance model. Canonical provide updates on security and support for all Ubuntu releases, from the release date until it reaches the designated end-of-life (EOL) date.

And the point releases ensure that every user downloading a fresh ISO from the official website get all updates and fixes in one bundle.

The new support for hardware enablement stack (HWE) and Linux 4.18 kernel will enable Ubuntu to run on more devices and to deliver better graphics performance, for instance, this new update brings support for Pi 3, with Pi 2 supported image target, which is a good news to Raspberry Pi enthusiasts.

Ubuntu update is released every six months, with long-term support (LTS) releases happening every two years. The newest release is 18.10 (Cosmic Cuttlefish), while the most recent long-term support release is 18.04 LTS (Bionic Beaver), with support till 2028.

Ubuntu new release supports Hardware Enablement Stack (HWE) and Linux 4.18 kernel



The JavaScript and React framework, Next.js 8 comes with support for serverless deployment, whereby applications are separated into smaller lambdas or parts, to allow code to run on demand and scale automatically, with each page in the directory serving as a serverless lambda.

While Next.js is for building server-rendered apps with the React UI library and JavaScript, now the version 8 has brought with it serverless capabilities, and low-level API for serverless deployment.

And the framework also help to reduce build-time memory usage and speeds up static export, with other improvements in Next.js Version 8 including: better static export, with faster static rendering through next export on multi-CPU machines. It is performed on output files which can be served directly without code execution on server.

It offers build-time memory usage reduction, through contributions to the Webpack module bundler and this resulted in 16 times better memory usage without degradation in performance.

And there are also improvements in prefetch performance, with Next.js router enabling the prefetching of pages for easier navigation, while a sample API authentication is included to show how to authenticate against external API in programming language.

Finally, the inline JavaScript tag has been changed to JSON for safe transfer to client. Though with previous Next.js versions, the enabling of the Content Security Policy security layer required enabling script-src unsafe-inline in their policy, the change means that no inline scripts are included by Next.js, as it creates an inline script tag.

The JavaScript and React framework, Next.js 8 support for serverless applications



Instagram, the Facebook owned company is testing direct messaging for the web that allow users to chat outside the app, while this means that users on PC or Mac will be able to chat on Instagram, and users can also access Instagram via a mobile web browser to privately message others on the platform.

The general adoption of the service has been hitherto hampered by the unavailability of web continuum, as full web support could mean Instagram will be a more full-fledged messaging system, with mobile and desktop clients to serve as alternatives rather than just a feature for sharing photo and video contents.



Even as messaging remains the fulcrum of engagement on Instagram, it also made people addicted to the app, but with the availability on the web users can be able to receive messages anywhere and could send from anywhere as well.

While Facebook’s chat feature started from the web before been extended to mobile, it has continued to record huge growth; it’s possibly the more reason for Instagram Direct to embrace the web. Albeit, there is another possibility that it could be paving the way for the upcoming unification of the back-end infrastructure for Facebook Messenger, Instagram Direct and WhatsApp to allow cross-platform chat support, as reported by The New York Times.

The Instagram Direct web version is available from the arrow icon in top right of the homepage, with some features using an Instagram.com/direct/…. URL structure. And perhaps, Facebook will adopt a Direct destination website similar to https://www.messenger.com, if the feature becomes hugely popular.

Instagram Direct Messaging coming to the Web to allow users to continue chats



Google is currently testing AR navigation feature for Maps, which will allow users to use their smartphone camera and arrows on the screen to find their way around a given location.

The feature, first teased at Google I/O developer conference in May, is now rolling out to a number of users under the Local Guides program, Google Maps community members who volunteers to contribute information about local businesses, and also engaged for the testing of new features on Maps.

While the blue dot on Maps calibrates a meter or so away from real position, making the navigation feature unreliable most times, Google hopes to deploy the Maps AR navigation to makeup for the short comings.

And once navigation is turned on, the “Start AR” button will appear on Google Maps, to avail the user a real-time view using their phone's camera.

It helps by orientating the users when they are following a walking map, and also solves the common problem in getting out of a subway which is a great annoyance in many big cities around the word.

And you'll have an idea of which way you're facing, so you won't have to wait for the little blue dot on Maps to point you in the correct direction.

Google is seriously building more capabilities to Maps to make the app more useful and appealing to users, with bevy of new features like the "for you" tab offering tailor-made recommendations and the "match score" to show you how much likeness you may have for a local restaurant or business.

Google Maps AR navigation undergoes testing with select Local Guides



While high-end Android devices have specialized hardware that handles encryption using the Advanced Encryption Standard (AES), but smartphones in the budget segments run on low processors on which the AES can not run efficiently, Google is looking to solve the security puzzle with Adiantum.

Adiantum is designed to make encryption more efficient for devices without cryptographic acceleration, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR/HCH using the ChaCha stream cipher in a length-preserving mode. For ARM Cortex-A7, the decryption on 4096-byte sectors is about 10.6 cycles per byte, around 5x faster than AES-256-XTS.

Encryption has become hugely essential for security and privacy with the proliferation of public Wifi and the need to secure the data on our smartphones, albeit it comes as a trade-off for speed as it can take quite a while to resolve traffic through the system.

And this issue of slowness is the more reason it can not be supported on low processor powered devices, as AES would result in a very poor user experience and apps would take much longer to launch; since storage encryption has been required for most devices running Android 6.0, those devices with poor AES performance (50 MiB/s and below) remains exempted.

But Google seeks to change that because encryption is now necessary for everyone, even so much so that a device becomes practically unusable.

The ChaCha20 stream cipher offers faster encryption than AES when hardware acceleration is unavailable, because it relies on operations that all CPUs natively support: additions, rotations, and XORs. So, Google selected ChaCha20 along with the Poly1305 authenticator, which is also fast in software, for a new TLS cipher suite to secure HTTPS internet connections.

With ChaCha20-Poly1305 standardized as RFC7539, it greatly improves HTTPS performance on devices that lack AES instructions. And the end result is Adiantum, which is named after the genus of the maidenhair fern, and in the Victorian language of flowers (floriography) represents sincerity and discretion.

Going forward, device manufacturers are required to enable Adiantum for either full-disk or file-based encryption on devices with AES performance <= 50 MiB/sec and launching with Android Pie. For Android Q, Adiantum will be a part of the platform, and the Android Compatibility Definition Document (CDD) will be updated to require that all new Android devices be encrypted using any of the allowed encryption algorithms.

Google to bring Encryption to low-processor powered Android devices with Adiantum



Google launched a new Chrome plugin dubbed Password Checkup, that will alert users when their login details have been compromised, whose information is found in their recent “Collections” leak, and will prompt a warning message to update their information.

While the “Collections” leak is Google's Archive of about 4 billion usernames and passwords, and all credentials that it feels have been compromised in recent times.

On installation, all your login details entered across various sites will be checked against the database of breached usernames and passwords and a warning will be issued if your details matches any compromised record.

The Password Checkup extension automatically identify when a login details is compromised in any third-party data breach, with the passwords stored in an encrypted form, and the warnings against it stored locally on your machine.

Google maintains that users personal information are safe, as such sensitive data are encrypted, there is no way anyone can intercept or access the data.

As Chrome already offers password generator tool, if it detects that your credentials has been stolen, the Password Checkup will ask you to change the login details, and Chrome will store the new password automatically in a password credential file, that is if you choose the option, and use it to log you into a site automatically in any future visits.

Google also rolled out a related security feature called Cross Account Protection, to help in availing another line of defense to users using third-party apps, that is if you use your Google account to log into other sites.

The company will be working with the Internet Engineering Task Force (IETF) and OpenID Foundation, with other major technology companies to secure users accounts using the Cross Account Protection tool behind the scene.

And any event your account is compromised, Google will notify all the apps and websites that you’ve logged into with your Google account to make sure your other accounts are protected.

How Chrome's Password Checkup plugin can help in securing against data breaches



ClusterFuzz, which offers scalable fuzzing infrastructure that finds security and stability issues in software, used by Google for the fuzzing of Chrome Browser, and serves as the backend for OSS-Fuzz is now open source.

It has helped to unravel over 16,000 bugs in Chrome and more than 11,000 bugs in other 160 open source projects integrated into OSS-Fuzz.

While the term fuzzing implies the method for detecting bugs in software by feeding unexpected inputs to target program, which is very effective at finding memory corruption issues that's often the cause of some serious security problems.

Especially applicable in software projects written in C or C++, fuzzing is crucial in ensuring their security and stability as these languages are mostly unsafe.

Albeit, these issues can be manually sorted out, but it's difficult and rather time consuming, as bugs can often slip through even a rigorous code review, ClusterFuzz offers effective, continuous debugging at scale and fully integrated into the development process of a software project.

ClusterFuzz is able to detect bugs in software within hours after they are live and verify a fix within days.

Google had earlier offered ClusterFuzz as a free service to the open source projects via OSS-Fuzz. Now, the company has fully open sourced ClusterFuzz, making it available for anyone to use via GitHub, with instructions provided for guidance.

Google open sources ClusterFuzz, the fuzzing infrastructure for detecting bugs



If you've been following recent happening in the torrent ecosystem, then you must have known about the growing onslaught against torrent sites, with almost every major torrent sites like the Pirate Bay (TPB) and KickAsss Torrents haven been shutdown by the government authorities at one time or the other.

But no matter how hard the government kicks, they just can’t stop users from visiting torrent sites. Still, there are quite a lot of working Piratebay proxy sites available now, and many serving as torrent search engine which does not host torrent files, but provide ways for users to find good torrents on different active torrent sites.

While the Pirate Bay remains the largest and most popular torrent site, offering numerous torrent files via magnet links for the latest movies, games, software and much more; but sadly, TPB has had many ups and downs over the recent years.

Albeit, the Pirate Bay has notorious reputation for copyrighted files, the more reason its various domains have been taken down by different countries, but torrenting is not all about illegalities, as many users do share bits of larger files via torrents as it enable potentially fast download speeds.

And the rise in torrenting also meant a rise in the popularity of VPNs, which ensure you are safe and your connections secure as you sort out the different torrents. Similarly, with many ISPs in different countries constantly blocking the Pirate Bay, you can use a VPN to bypass the blockade.

3 Best VPN for TPB torrenting in 2019

1. ExpressVPN: With availability and support in over 90 countries, ExpressVPN is arguably the top notch VPN to consider for safe torrenting given the extensive support it offers. Moreover, it also allows access to the Pirate Bay from virtually anywhere in the world securely and anonymously.

ExpressVPN is equally super-fast, and offers tons of great features which makes performing tasks like torrenting an absolute pleasure.

2. NordVPN: NordVPN pride itself as one of the first service with ultra-secure connection, supporting OpenVPN and protocols like: IKEv2/IPsec, PPTP and L2TP, armed with ‘Double VPN’ servers which passes your data through two separate servers for extra security.

Additionally, NordVPN supports Onion over VPN for extra privacy, making it the number one for security and privacy conscious users.

3. Ivacy VPN: Ivacy VPN offers tons of robust features for privacy and rock-solid grade encryption to keep your data secure while torrenting, and possess highly optimized servers in several locations for a seamless experience.

And when it comes to pricing, Ivacy VPN has the cheapest prices combined with awesome features that makes it one of the most favorite VPN for the Pirate Bay any day.

If you wish to know more about these listed VPN Services, do check out their respective websites for comprehensive pricing and free options available.

And always remember, using the Pirate Bay or any other torrent site without VPN can be pretty dangerous, you just don't want to experience any nasty surprises, as these sites are infamous for hosting pirated contents, and the authorities are always in the lookout for offenders.

But with VPN you are amply covered, and VPNs have made the torrenting experience so much better with their network encryption and IP masking features.

The Ultimate List of Best VPN (Both Paid & Free) for the Pirate Bay Torrents in 2019



Cranelift, an open source project developed by Mozilla in conjunction with Fastly Labs aims to help in the translation of the functions of WebAssembly portable code format to native machine-code functions, for more efficient execution on the web.

It is being built with the support of Crane Station, the Crane Compiler Organization; the Cranelift will also be useful for the running of WebAssembly code outside of the web, as it makes WebAssembly fully readable as input with native machine code as output. And the functions can be converted into static single assignment (SSA) form, with optimizations performed before the conversion to machine code, and packaged into native object files (.o files) or executed directly as a just-in-time (JIT).

Though still in developmental stage, and the APIs unstable, it has enough functionality to run certain programs such as WebAssembly MVP (minimum viable product) functions execution, with WebAssembly embedded externally as part of the complete implementation.

While the currently finished Cranelift-based product is available in Fastly’s Terrarium, a browser-based editor and deployment platform that uses Cranelift in its compiler and server launched in November 2018.

Mozilla is also working to integrate Cranelift into Firefox browser, which will be useful to generate native code to the Rust compiler, albeit Cranelift is seen as a library for bigger products rather than a product on its own. It is also working on an embeddable, nonbrowser VM for WebAssembly, which uses Cranelift for compilation and runs WebAssembly outside the web, called Wasmtime.

Wasmtime can be used as command-line utility or as library embedded in bigger application; and quite similar to LLVM compiler project, with both having textual and in-memory factors of their intermediate representation and cross-compile without rebuilding the code generator by default.

The Cranelift intermediate representation (IR), however is less friendly for mid-level optimizations, but it doesn't currently perform any by itself, and Cranelift has a larger set of instructions and no intrinsics.

Cranelift: An Open Source Project to translate WebAssembly into native Machine-code functions



A project tagged “Met x Microsoft x MIT” partnership born out of last December collaboration between New York City’s Metropolitan Museum of Art, is a combination of Microsoft’s AI technology and the museum’s data, part of the Met’s Open Access Program, designed to make the museum’s art collections more accessible on the Web.

Microsoft partnered with New York City’s Metropolitan Museum of Art on a series of “hackathon projects" - with Microsoft Azure cloud services, including Azure Cognitive Services, conversational AI, and Azure Machine Learning, employed in the making of the projects that pair the company’s AI with Met’s collection of artwork to transform connections between people and art.

Albeit, the projects are still in developmental stage, it's not yet certain if and when it will become publicly available, but the different collaborations include: Tag, that’s it!: Which suggests the pairing of humans with machines to crowdsource keywords for art works from the Met archives, and using those keywords, they will suggest related art on the Web in conjunction with the Wikimedia platforms.

Another instance, Artwork of the Day: Utilizes Bing search engine's photograph on homepage, tagged Artwork of the Day in a slightly different genre. It uses AI to match a piece of art in the Met collections that relates to events of the day or an individual, based on available public information.

Third on the list, Storyteller: Takes a different perspective from the “Tag!” hack: with telling a story out loud, Microsoft’s conversational AI listens in for related keywords and select the appropriate art to illustrate the story. And Microsoft plans to make it possible to share the resulting stream of arts on social media or print out.

Then, My Life, my Met: Changes the focus to you and your social media feed; it intelligently matches the images in on Instagram feed with the over 400,000 images that are available via The Met’s Open Access program.

Finally, the Gen studio: Makes images the actual hack, whereby each image is matched against other works of art in the Met archive, with the intent that users will be able to explore cross-cultural connections, that is enact visual relationships between cultures. For instance. the images of the sun in Mayan art works could lead into depictions of the sun in Native American or African art.

Microsoft AI can transform Instagram Feed into literal art with Met's art collection



Piggybank.ng platform was started by the trios: Odunayo Eweniyi, Somto Ifezue and Joshua Chibueze, all former students of Covenant University, Nigeria, with the aim of solving the endemic problem of lack of savings across the country.

According to statistics, about 80% of Nigerians are required to save at least 40% of their monthly earnings to be able to survive the hard times. And especially in our society, where there is no credit system, people tend to depend on the accumulated savings to make any headway in business startup, and the majority of payments are made in cash.

The Piggybank concept is pretty straightforward and simple; just deposit as little as $1 a day in your online Piggybank.ng account, which you can not touch until an agreed withdrawal date, except perhaps for an emergency, albeit you are required to pay a 5% early withdrawal fee.

Whilst the accumulated savings are entitled to around 6% interest per annum, you can always set an agreed withdrawal date, unless perhaps you are okay with 5% early withdrawal charges.

Unlike conventional banking system, the platform restricts withdrawals until an agreed date or users can set to withdraw their savings on a quarterly basis.

The idea of a fee is actually to discourage unnecessary withdrawals, which in itself will defeat the real purpose of the platform - to help users save up some tangible amount of funds - instead of ending up using all income in servicing some unforeseen expenses.

It is particularly targeted at Nigeria’s Millennials, whom online activities via mobile phones for day-to-day communications and transactions are becoming hugely popular, and currently these demography make up about 60% of its registered users.

Piggybank.ng recorded some staggering growth in savings of 3000% between 2016-17, with savings amounting to over $5M, which statistics drew the attention of a group of investors, led by Olumide Soyombo, Co-Founder of Leadpath, who have been instrumental in the raising of $1.1M by the company.

To get started is as easy as signing up via PiggyBank.ng portal, and there’s a Quick Save option that allows you to quickly save money at hand. Both Quick Save and Auto Save can work at the same time.

You can add funds to your PiggyBank.ng account by choosing from the different payment options, including: debit cards (VISA, MASTERCARD, etc), or other means that are available on the dashboard.

Additionally, there is PiggFlex Account which is different from the Core Savings account, that gets you rewarded with points which can be converted to cash from your use of the PiggyBank.ng app, and also offer upfront interest for using the SafeLock feature within the PiggyBank app.

Piggybank.ng Review: The Platform that Let's Nigerians Save Money with Ease



Google with Chrome 70 brought the full desktop take-on on the Progressive Web Apps (PWAs) functionality, which feature served as a way to deliver amazing experiences on the web, whereby mobile applications behave more like a hybrid of regular web pages and mobile applications.

The desktop PWAs also appears in the Start Menu just like you'd expect a native app on Windows to function, and it can serve up notifications using the Action Center with the added support for native notifications in Chrome.

Now, the PWAs API has finally arrive with latest Chrome version 72, and with the Trusted Web Activity functionality, so that developers can be able to distribute PWAs on the Play Store. While developers are currently using two ways to integrate the browser experience within app, namely: Web view and Custom tabs; the Trusted Web Activity feature will help developers to incorporate their own contents, and serve it directly from the Web.

It came as no surprise as Google has been advocating for Progressive Web Apps (PWAs), with the initial touting of it as a way of improving applications and alternative to native desktop apps.

Starting with Chrome 72, which is now rolling out for Android including the Trusted Web Activity functionality, which means that it will open Chrome in standalone mode devoid of any toolbar or UI experience within the scope of native Android package, and as a new way to integrate web content with an Android app.

Albeit, the publishing process on the Play Store won't be as normally applicable, that is using the currently available WebAPK to publish it. As Java API, it will need to communicate with Chrome through web services, which still in the early stages, there are possibly lots of manual works to be involved.

Google is most definitely shooting for the best native experience, and there is no denying of the fact that the implementation remains a core Chrome functionality.

Finally, Progressive Web Apps (PWAs) are now supported on Google Play Store



Google's latest mobile software iteration, Android 9 Pie has got lots of tricks and options available for users, whether you're just getting on with your first taste of Pie, or you've been on Android 9 for a while now, there's certainly something new to discover.

While many OEMs modify the original Android operating system to infuse their own unique features and UI experiences, some fundamental functionality remains the same, but may look quite different on certain devices.

Here, we'd be highlighting Android 9 Pie's most common features, and showcasing its distinct functionality from earlier versions of the renown operating system.

Unique Features of Android 9 Pie

  • Adaptive Battery & Brightness: Android 9 Pie makes your phone even smarter through learning from you and adapting to your usage patterns. With features like Adaptive Battery, which learns the apps you use most and prioritizes battery for them, and Adaptive Brightness, learns how you set the brightness in different settings, and does it automatically for you.




  • Navigation System: Android 9 Pie brings a new gesture navigation system that makes it easier to get to the app drawer by swiping up from the navigation bar twice, and also by doing a long-swipe up from the screen bottom to halfway point or higher. And either of those gestures will work from anywhere on your phone, not just from your home screen.


  • Gesture Commands: Android 9 Pie's gesture commands for moving between apps via swiping right to scrolling between recently used apps will work from anywhere in the navigation bar area, and there's no need to begin with your finger on the base.




  • App Actions: This nifty feature helps you get things done faster, by predicting what you’ll want to do next based on context and displays action right on your phone. Pie will try to guess what you're up to next and offer you specific commands within apps, like you’re preparing for your commute, it will suggest actions like navigation on Google Maps.


More Control Options for Android 9 Pie

The coolest options of all is that you can select and copy any text within an image right from the overview screen, such as words in a screenshot, or even words within a website. And you can copy selected text, or share it to any of the social media apps.

Android 9 Pie offer some more powerful commands, by touching and holding your finger on text within an app's card to select the text and take action on it: like copying, sharing, or even performing some context-specific actions like navigating to an address, or opening a website's URL.

Additionally, you can press and hold an image within an app's thumbnail overview, an image on a web page and share it to any other app on your smartphone.

Android Tips: Google's latest mobile operating system, Android 9 Pie tricks



Google is working on the introduction of autosuggestion for lookalike URLs on Chrome browser, with the aim of warning users when accessing a possible clone website, which are often coded with malicious intent to trick users into entering their personal or banking details.

Starting with the release of Chrome Canary 70, Google has been testing a feature called "Navigation suggestions for lookalike URLs" - Chrome Canary been Google's testing ground for new features on Chrome - the feature when live will attempt to correct users who misspell's a website’s name in the Chrome Omnibox.



The feature which is now only available for Chrome Canary users, can simply be enabled by typing “chrome://flags/#enable-lookalike-url-navigation-suggestions” in the Omnibox. While the flag is present in the stable version of Chrome, it is not working as at the time of the post, which possibly means Google is still fine-tuning the feature before enabling it on the stable version.

Google's effort to make Chrome safer for users surfing the Web also led to the earlier introduction of some basic antivirus features last year, with the Chrome Cleanup Tool (CCT) for Windows which runs on ESET’s antivirus engine.

Though the Chrome Cleanup Tool is not a general purpose anti-virus, its sole purpose is to detect and remove unwanted software that could affect the browser's performance.

Google is poised to continue making massive improvements to the browser for better security and ultimately the best web experience.

Chrome to Warn users on entering URL with close resemblance to a more Legitimate Site



Facebook Research app available for iOS devices, is targeted at teenagers who opted for the tracking service in exchange for $20 gift card reward, while the company claims to use it for analyzing the smartphone usage patterns of the teenagers.

The social media company scout for participants by putting up ads on Instagram, and also via Snapchat, and seeks to monitor all the activities of the users who installed the spy app, without the required permissions.

While Facebook maintains that parental consent forms were filled by the parents of the consenting teenagers to participate in the research, there is no concrete proof to validate that it's actually the parents that filled the forms.

Facebook had to bypass the App Store by directly rewarding the teenagers to download the Research app and sort for root access to network traffic so that it can decrypt and analyze their phone activity, which is an outright violation of Apple's policy.

And to cover its track, the research app is administered by some beta testing services, including: BetaBound, Applause and uTest which conceals Facebook’s actual involvement, and it refers to it in the documentation as “Project Atlas” and serves as its effort to map new trends from rivals around the world.

Apple had responded by blocking the app as it presents a stark breach of it’s policies, and thus revoked Facebook’s Enterprise Developer Certificate for distributing such creepy apps to consumers.

It also warns that anyone using Facebook Enterprise Certificates to distribute apps in the App Store will have their certificates revoked, which is exactly what it did in this case to protect Apple users.

The Creepiness of the Facebook Research App that spy on teenagers

Subscribe to: Posts (Atom)