.NET Core

Microsoft has launched an experimental developer tool, Project Tye, which is intended to make the building, testing, and deployment of microservices and distributed applications easier.

Project Tye is a .NET Foundation project designed to help developers to run multi-application components simultaneously and easily deploy distributed apps to platforms like Kubernetes. It will among other things ease the common pain developers encounter when building applications that interface with a database or microservices.

The project has been scheduled to last for at least November 2020, which time the .NET 5 will make debut, and will be re-evaluated, if it worths taking to the next level.

What's the Projects main Goal?

If you're a developer having an app that talks to a database, or that is made up of different processes that communicate with each other, then Tye will be helpful in easing some of the tasks. Meanwhile, the main goals of Project Tye include:

  • Automate Deployment of .NET Applications to Kubernetes: by automatically containerizing .NET applications, generating Kubernetes manifests with minimal knowledge or configuration using a single configuration file.
  • Make Development of Microservices easier: by running many services with one command, using dependencies in containers and discovering addresses of services using simple conventions.

The demo of Project Tye is available in a few Build sessions which you can watch via these links: Journey to one .NET and Cloud Native Apps with .NET and AKS.

Getting Started with Project Tye

Microsoft is working to make Tye deployable to a variety of runtime environments. If you'd like a spin with Project Tye, kindly note that it requires .NET Core 3.1 to be installed as a global tool using the following command:

dotnet tool install -g Microsoft.Tye --version "0.2.0-alpha.20258.3"

It has also posted further instructions for running single and multiple services using Project Tye along with tips on deployment to Kubernetes.

The development features have been oriented towards local development, therefore developers are advised to avoid running Project Tye in a container.

Microsoft's Project Tye to Automate the Deployment of .NET Applications to Kubernetes

coreos exit

Fedora CoreOS is the combination of the underlying technology of CoreOS Container Linux and Fedora Atomic Host; which after Red Hat's acquisition of CoreOS, was initially released as a preview version.

Red Hat subsequently made Fedora CoreOS available for general use, while announcing the scheduled end-of-life support for CoreOS and Fedora Atomic Host, with Fedora CoreOS as the official replacement and successor to both of them.

As scheduled, CoreOS received its last updates on May 26 and will no longer get patches for any bugs or vulnerabilities going forward, and after September 1, Red Hat will take down all CoreOS image listings from marketplaces such as Amazon AWS, Azure, and Google Compute Engine.

Therefore, it is recommended that all Fedora Atomic Host and CoreOS users should switch to Fedora CoreOS, which will be automatically-updated, and serves as a multi-platform operating system for running containerized workloads at scale.

How to Migrate from CoreOS to Fedora CoreOS

Fedora CoreOS is the official successor of CoreOS Container Linux, which reached its end of life on May 26, 2020. It is recommended that users should follow the steps below to migrate from CoreOS to Fedora CoreOS.

If you are switching from CoreOS Container Linux, you must first convert your old Ignition configs, Container Linux Configs, or cloud-config files to a Fedora CoreOS Config (FCC) and adapt the contents for FCOS. And as many of the configuration details have changed, you must also reference this through the CL migration issue on GitHub.

The following installation changes will be made as follows: the coreos-install script will be replaced with coreos-installer, which offers similar functionality. The coreos.autologin kernel command-line parameter is not currently supported in FCOS, so to access recovery purposes, follow the instructions available here.

And certain CL platforms, like Vagrant, are not currently supported in FCOS. You should refer to the download instructions to see the available image types.

However, if you’re trying Fedora CoreOS for the first time, you'll need to download the ISO image for a fresh installation. It is multi-platform compliant, which means, you can deploy it on a variety of platforms such as VMware, Cloud image, OpenStack, and bare-metal hardware.

Fedora CoreOS: The Official Replacement for CoreOS Container Linux

Strandhogg 2.0

The researchers at Promon, a Norwegian cybersecurity company has unveiled details of a new critical vulnerability (CVE-2020-0096) affecting almost all the Android operating system versions that could allow attackers to carry out a more sophisticated Strandhogg attack.

While Strandhogg attack was a security vulnerability that affects Android devices which malicious apps can exploit by masquerading as legitimate apps installed on a target device to display fake interfaces and tricking users into giving out their sensitive account information.

Now, the current strain of the vulnerability is dubbed 'Strandhogg 2.0' and affects all Android devices, except those running Android 10, which unfortunately, is only running on about 15 - 20% of the total Android-powered devices, leaving billions of smartphones vulnerable to the attack.

How the Malware has evolved from StrandHogg 1.0 to 2.0?

The malware, StrandHogg 1.0 resided in the multitasking feature on Android, whereas the new strain, Strandhogg 2.0 is an elevation of privilege vulnerability that allows attackers to gain access to almost all Android apps.

strandhogg malware attack

If a device is infiltrated, once a user taps the icon of a legitimate app, the malware exploits the Strandhogg vulnerabilities to intercept and hijack this activity to display a fake interface to the user instead of launching the actual application. But, unlike StrandHogg 1.0 which only attacks one app at a time, the latest vulnerability could allow attackers "dynamically attack nearly all apps on a given device simultaneously at the touch of a button," without requiring a pre-configuration for the targeted apps.

With StrandHogg 2.0, attackers can gain access to private SMS messages and photos, or even steal victims' login credentials, including online banking accounts; make and/or record phone conversations, and spy through the phone's camera and microphone.

How to Mitigate the Risks of the Malware

StrandHogg flaws are potentially dangerous, and besides stealing users login credentials through a convincingly fake UI screen, the malware can also escalate its capabilities by tricking users into granting it sensitive permissions while posing as a legitimate app.

And StrandHogg 2.0 will also be harder for any anti-virus or security scanners to detect, as such, it poses a significant danger to Android users. Albeit, the researchers had responsibly reported the new vulnerability to Google since December last year.

Google subsequently pushed out a patch for it in April 2020, but with the delays in compliance on the part of smartphone manufacturing companies, who have only started rolling out the software updates to their respective users for this month.

Therefore, if you wish to safegurad your device, prior to getting the security patch, keep an eye on permission popups that don't contain an app name, or permissions asked from an app that shouldn't need the permissions.

Strandhogg 2.0: New Android Flaw affecting all devices; exception of Android 10

workplace rooms

Workplace, the enterprise collaboration platform by Facebook, now offers a variety of new features designed to attract more enterprise users to the platform and help them to better collaborate during this global lockdown.

While Facebook claims the app now has over 5 million paid users, with about 2 million added since October 2019. The growth rate is in line with what's recorded by other collaboration and videoconferencing companies, which have all rapidly gained more users this year as a result of the COVID-19 outbreak.

The importance of videoconferencing now cannot be overemphasized, as market leaders like Microsoft Teams, Google Meet, Zoom, Slack, and others are already pushing for more efficient videoconferencing system.

Facebook on its part, has made it possible for users to set up ‘Workplace Rooms’ which is essentially an enterprise version of Messenger Rooms launched last month. For Workplace Rooms, teams can host spontaneous video calls via desktop, mobile or the Workplace app on Portal.

And they can even invite individuals who doesn't have Workplace accounts to join the video calls: using Portal TV for Workplace video calls, Workplace Live on Portal or set up a Workplace Room on Portal.

Why the use of videoconferencing has gained more traction?

The COVID-19 pandemic heated up the demand for videoconferencing, as a result of the global lockdown that has forced many enterprises to have their workers working from home.

And the remote work demands caught many companies off guard and now, they've recognized the importance of keeping their employees always connected, engaged and productive.

Facebook also announced that the company will permanently embrace remote work, even after the current lockdown is lifted. While the company would aggressively open up remote hiring and expects about half of the workforce to work remotely over the next five to 10 years.

Other Changes coming to Workplace

Other changes coming to Facebook Workplace include new VR (virtual reality) capabilities built around the company's virtual reality technology, Oculus, which started largely as a consumer product.

But as VR is increasingly used by companies for training and education; Facebook claims that over 400 Oculus business apps now exist and can be integrated with the Workplace platform.

Facebook is also working on bringing its Portal video hardware to the office with a dedicated Workplace app, which is one among a handful of other updates to the enterprise collaboration platform.

Workplace Rooms: Facebook lures Enterprises with new videoconferencing system


Fluid Framework is an ambitious project from Microsoft, whereby users can create discrete pieces of content — such as tables, graphs or lists — that live on the web and are fully browser compatible.

Microsoft at Build 2020, opened up Fluid Framework as a preview for Microsoft 365 Enterprise and education subscribers who are enrolled in Targeted Release, and also promised to open-source the software; with the code and SDK made available on GitHub.

While the goal behind Fluid is for such contents as text, tables, graphs or lists to live on the web instead of the desktop or a SharePoint drive and these artifacts can be collaborated on or snapped together with other elements in real-time across a variety of environments.

What's the Concept behind Fluid Framework?

Microsoft envisions a model where bots like its virtual assistant, Cortana can work alongside users to easily translate text, suggest edits and perform fact checks directly within the Fluid components.

The overall aim is to find its way to making Office "a development environment" where organizations can start to "embed Fluid" in business processes and deeper collaboration environments. Albeit, Microsoft does feel a bit of pressure to break the silos within various applications out there, whether it's Google's or other collaboration software, that are pushing the boundaries of what it is to collaborate.

And it is believed that the success of Fluid will depend mainly on the developer community, as they are the starting point to take Fluid in the direction that will bring more innovation into Microsoft 365 and Office eventually.

How it Works?

Fluid environment is essentially a blank slate, with the option to create a document or artifact that can then be shared within your network. These elements can be easily dropped in an email via Outlook or other Microsoft productivity apps through Office.com for starters.

And by open-sourcing the Fluid framework, Microsoft will afford developers to work Fluid elements into a variety of other platforms in the future, allowing these artifacts free roam on the internet and in various productivity apps in use.

However, the full potential of the Fluid Framework can only be accomplished through creating diverse, open, and vibrant developer community.

Microsoft Fluid Framework: Here's a look at the Concept and How it works


NuTyX is a GNU/Linux distribution inspired by the Linux from scratch (LFS) project that gives you full control of your operating system; the latest release NuTyX 11.5 continues on the highly flexible OS philosophy.

The latest release, NuTyX 11.5 brings some improvements and package updates, with NVIDIA graphics card drivers and utilities now available for all 5 kernel versions, which are the 4 versions of LTS kernel in addition to the last stable kernel.

While NuTyX is built around the unique concepts of Collections and Groups which in turn provides high flexibility, along with its custom package manager called ‘Cards’ that made debut in NuTyX 11.5; the latest version of Cards is v2.4.115.

Now, let’s take a further look at the major new features and enhancements in NuTyX 11.5.

What's new in NuTyX 11.5 Release?

The latest release, NuTyX 11.5 ships with the Long-term support (LTS) Linux kernel 4.19.123 for the 64-bit base system and also continues the development of its 32-bit version which features Kernel 4.9.224.

And the ‘kernel-419’ package replaces the ‘kernel-lts’ package, with the four versions of LTS kernel along with the last stable kernel making 5 in total, namely: kernel 4.9, 4.14, 4.19, 5.4, and 5.6.

Additionally, NVIDIA graphics card drivers and utilities, along with VirtualBox support are now available for all five kernel versions.

How to Get Started with NuTyX 11.5

NuTyx offers 64-bit ISO images for installing a ‘rolling’ base system that requires no internet connection. For existing users of NuTyX, simply run the single command below to upgrade your system to the latest version, NuTyX 11.5:

sudo cards upgrade

And if you are coming new to NuTyX, then you'll need a fresh installation, by downloading the ISO image of NuTyX 11.5 from the official website. The complete installation guide from creating a bootable USB to booting NuTyX, is available on the official docs.

NuTyX 11.5 Linux Distro Release: New kernels, with NVIDIA Graphics card drivers


Jailbreak is akin to rooting on Android, it's a privilege escalation that exploit known flaws in iOS to gain root access and thus, grant users full control over their devices.

While the popular jailbreaking tool, known as "unc0ver" has released a new version of the software dubbed unc0ver v5.0.1 which is capable of unlocking any iPhone, including those running iOS 13.5. This tool allows iOS users to remove restrictions imposed by Apple, thereby allowing them access to additional customization and to run prohibited apps.

The developers also highlighted the extensive testings carried out to ensure compatibility on a broad range of iOS devices, from iPhone 6S to even the newer iPhone 11 models, which encompasses version iOS 11.0 through iOS 13.5; though versions 12.3 to 12.3.2 and 12.4.2 to 12.4.5 are excluded.

How Jailbreaking actually Works?

Jailbreaking is simply the removal of software restrictions imposed by Apple, thereby allowing users access to additional features like customization and use of otherwise prohibited apps.

It tend to be device specific and based on previously known vulnerabilities, therefore, jailbreaking is very much dependent on the iPhone model and iOS version, in order to be successfully replicated. However, it also weakens a device's security, which opens the door to all kinds of malware attacks.

The security risks, coupled with Apple's hardware and software lockdown, have made it pretty difficult a decision to jailbreak devices deliberately.

Downloading the new Unc0ver v5.0.1 Jailbreak

The new Unc0ver v5.0.1 jailbreak leverages a yet-unknown zero-day vulnerability, which the iPhone maker will eventually roll out a security update for likely in the coming weeks to patch the hole exploited by unc0ver.

But until then, the jailbreak can be downloaded and installed using an iOS, macOS, Linux, and Windows devices from the official website. And the usage instructions are available on the unc0ver website as well.

Unc0ver v5.0.1 can Jailbreak any iPhone, even with latest iOS 13.5 version


Microsoft has unveiled .NET MAUI (Multi-platform App UI), a framework for building cross-platform apps on the Microsoft .NET 6, due for preview release in November and to be generally available in 2021.

The .NET MAUI is rather an evolution of Xamarin.Forms toolkit used for building native UI for Windows, iOS and Android with a single codebase. Though .NET MAUI includes MacOS support, and will also support devices such as the Microsoft Surface Duo.

It works with the Visual Studio IDE or the Code Editor, and as a single stack support workload on the different platforms, with native features and UI controls for each supported platform via a cross-platform API.

What .NET MAUI is bringing to the Table

Microsoft .NET MAUI simplifies project structure into a single project with target for multiple platforms. It is built with developer productivity in mind, as such, includes the project system and cross-platform tools that developers need.


The .NET MAUI means developers can now easily deploy their apps to any target platform, including desktop, emulators, simulators, or even mobile devices with a single click. And with the built-in cross-platform resources, they will be able to add images, fonts, or translation files into their single project.

It has native hooks automatically setup, so that developers can concentrate only on the code. And finally, it grants them access to the native underlying operating system APIs to make it easier with new platform specific integrations.

The Growing Modern App Patterns

Microsoft .NET MAUI offer developers better choice in the area of productive .NET usage. And this is more manifest in the IDE used, whether Visual Studio IDE or the Code Editor, as .NET MAUI will be available for all of those, and support both existing MVVM and XAML patterns as well as Model-View-Update (MVU) with C#, or even Blazor.

The predominant pattern and practice among .NET developers for decades now, Model-View-ViewModel (MVVM) and XAML, are first-class features in .NET MAUI and this will continue to evolve to help productive building and maintaining of apps.

Additionally, Microsoft will enable developers to write fluent C# UI and implement the popular Model-View-Update (MVU) pattern. With MVU promoting a one-way flow of data and state management, as well as a code-first experience that updates UI by applying only the necessary changes.

Microsoft .NET MAUI to allow Developers build Cross-platform Applications

dns vulnerability

The DNS delegation mechanism forces DNS resolvers to generate more DNS queries, which flaw is tagged as NXNSAttack, to authorize attacker's servers, thus causing a botnet-scale disruption to online services.

According to Israeli cybersecurity researchers, the new flaw impacts DNS protocol and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks on targeted websites.

The researchers promptly reported the flaw to the companies in charge of the internet infrastructure, which include CZ.NIC (CVE-2020-12667), PowerDNS (CVE-2020-10995), Google, Amazon, Microsoft, Cloudflare, Oracle-owned Dyn, Verisign, and IBM Quad9, who have responded with patches for their respective software.

How the NXNSAttack was carried Out

Through a recursive DNS lookup, a DNS server communicates with multiple authoritative DNS servers in a sequence to locate an IP address associated with a given domain (for instance, www.amazon.com) and return to the client.

And the resolver passes the request to an authoritative DNS name server, if unable to locate the IP address for a given domain name. But if first authoritative DNS name server doesn't hold the desired records, it returns the message with addresses to second authoritative servers.

It typically starts with DNS resolver controlled by public DNS servers, like Google ( or Cloudflare (, and whichever is configured with your system.

The researchers discovered that the large undesired overheads can be exploited to trick recursive resolvers to continuously send a large number of packets to a targeted domain instead of the legitimate authoritative servers. Though, the attacker must be in possession of an authoritative server to mount the attack from a recursive resolver.

How to Mitigate against the Attacks

The key factors of the attack are the ease with which one can control the authoritative name server, and the usage of nonexistent domain names and the extra redundancy placed in the DNS structure for fault tolerance and to achieve fast response time.

So, it's recommended that network admins who run their own DNS servers should update their DNS resolver software to the latest version.

Hackers leveraged on DNS Vulnerability to launch Large-Scale DDoS Attacks


The Internet has made it possible to reach the most diverse places to get your supply of original items, such as Genuine leather Watch Bands; more so, now that there is a global lockdown.

HemsutWatchbands.com is a top online store for crafted leather bands, with a delivery record of efficiency and high-quality watch bands, founded by renown leather artisans some few years ago. The Hemsut team comprises of about 30 members, with the crafts a handmade to machine-made combination, numbering over 60,000 quality straps in a month.

The prduct line ranges from nylon straps, leather straps, Canvas Straps to stainless steel straps; including various kind of nato watch band, and classical watch band as well as apple watch band.

How to be sure the Genuine leather Watch Bands fit

If you want to be sure of your fit, then you have to get one that has an easily adjustable build system, such as quick release watch wraps, which you can also have a collection of so that you can exchange it as you wish. The Quick Release Watch Band is a great choice, and you can easily change the band as well.


Leather wraps and NATO watch wraps enable you to adjust the size very easy so that it is sure to fit you. But, Quick Release Watch Wraps are easier to change than the others, as it enables you to change the band in only a minute without the use of any tools.

Also, it comes with an extra rod to push the spring device into the pin instead of making use of a tool. Albeit, if you feel better in using a tool, it works with it too.

Why the Choice of HemsutWatchbands.com

Though many third party watch band use quick release spring bard system, but you can find only a few model like the very easy Quick Release Watch Wraps from HemsutWatchbands.com.

You’ll most definitely be able to find what you're looking for and also get something that will stand the test of time. So take the time to browse around HemsutWatchbands.com to find your perfect watch band today, and either for repair or to liven up your old watch, which you can give the love it deserves.

And best of all, when you shop on HemsutWatchbands.com, you get excellent deals on watch bands from the highest Citizen quality.

HemsutWatchbands.com — Best for Handcrafted Genuine leather Watch Bands


Microsoft at the Build 2020 virtual conference, announced some new improvements coming to its Windows Subsystem for Linux 2 (WSL2), which includes support for the Linux Graphical User Interface (GUI) Apps on the Windows platform.

While Windows users can currently access Linux system on WSL2 through a command line, but of course, it does not come easy for some users. So, Microsoft's recent introduction of full Linux file integration to the File Explorer app was to ease things up.

And now, Microsoft has gone ahead to bring Linux Graphical User Interface (GUI) apps to WSL2 together with Windows 10 apps. Along with support for Linux app, Microsoft will also be bringing GPU hardware acceleration for Linux apps running on WSL2, with the first draft of the brand new Microsoft Virtual GPU (vGPU) driver already started.

How Linux GUI Apps Can Run Alongside Windows Apps

Microsoft had demonstrated samples of Linux GUI-based apps running directly via WSL and opening a WSL instance, doesn’t require any third-party X server to run Linux GUI app.

Linux GUI Apps

Before now, you could only run Linux GUI apps within Windows 10 using a third-party X server, though it resulted poor graphics performance as the technical configuration didn’t integrate properly with the Linux system.

The latest WSL2 update, brings Linux GUI apps integration with Windows 10 using Wayland display server protocol that runs within WSL; it communicates with an RDP (Remote Desktop Protocol) client on the Windows host in order to run the GUI app.

What's Microsoft Virtual GPU (vGPU) driver for Linux kernel?

Microsoft Virtual GPU (vGPU) driver exposes a paravirtualized GPU to applications running in a virtual machine on a Windows host. It enables hardware acceleration in environment such as WSL (Windows Subsystem for Linux) whereby the Linux virtual machine is able to share the GPU with the host.

And it accomplishes this by exposing the WDDM (Windows Display Driver Model) interface as a set of IOCTL, which allows APIs and user mode driver (written against the WDDM GPU abstraction on Windows) to be ported to run within a Linux environment.

This, in turn, enables the port of the D3D12 and DirectML APIs and their associated user mode driver to run on Linux. Also, it enables third party APIs, such as the popular NVIDIA Cuda compute API, as hardware accelerator within a WSL environment.

Finally, support for GPU hardware acceleration will arrive for Insiders in the Fast Ring for initial testing with the upcoming Windows 10 2004 update. And subsequently, Linux GUI apps support will come later this year via Windows 10 updates.

Linux Graphical User Interface (GUI) Apps coming to Windows 10 via WSL2

Google wants to scrub websites of ads that are intense in the use of network and CPU resources starting with a Stable build of Chrome 85, which is scheduled for release on August 25.

The company last week said that Chrome would remove such resource-hogging ads, including ads for unauthorized crypto-mining operations, arguing that only a small number of online ads from all of the web (three-tenths of a percentage point) are disproportionately accounting for major portions of network and CPU consumption.

Those ads that promote unauthorized crypto-mining operations, are poorly programmed, or not optimized for network usage, which can drain PC and mobile device battery life, and saturate networks, which of course cost money.

How Google will scrub resource-heavy ads in Chrome

Chrome was built to be fast and responsive without any harmful or annoying experiences, and lately, the Better Ads Standards have taken steps to address ads that people find offensive. While Google initially implemented Chrome ad-blocking feature on Feb. 15, but it was received with mixed feelings from both the side of web users and advertisers, as merely serving to forestall users from turning to third party ad-blockers.

The Coalition for Better Ads standards have identified several ad types that CBA-released research claimed are the most annoying of all online advertisements. And Chrome 85 will squash a mix of ads from over a dozen originally scrutinized formats running on the Web, Android and iOS devices.

Chrome will set the thresholds to 4MB of network data or 15 seconds CPU usage in a 30-second period 60 seconds of total CPU usage, which only 0.3% of ads exceed this threshold today, and accounts for 27% of network data used by ads; 28% of all ad CPU usage.

How Chrome fares against other Browsers Ad-blocking

Mozilla's Firefox already blocks crypto-miners by targeting all domains that accommodate such scripts. And it relies on domain blacklist made available by Disconnect.

But it isn't any surprise that Google took a metrics-based route here, since it typically bases its decisions on data collected by Chrome and/or its search engine. Chrome also look-up from a set of ad "fingerprints" from EasyList, the open-source ad-identification-and-removal rules list used by most browser ad blockers, such as Adblock Plus.

The scrub on ads from a website will last for at least 30 days, while review submissions can't be made until 30 days have elapsed. With any failing-grade sites added to a list that Google maintains on its servers.

Google to Kill Ads hogging Network and CPU resources with Chrome 85


The popular video-conferencing service, Zoom has been saddled with privacy and security issues, owing to lack of end-to-end encryption which is required to secure messaging on the platform.

Now, Zoom has scheduled to publish a draft of its cryptographic design on May 22, before preceeding on discussions with industry experts which is a necessary step to improve transparency, as independent third-party attestation is increasingly common for cloud-provided applications.

The move is possible through its acquisition of Keybase, a secure messaging and identity management firm that has been at the forefront of end-to-end encryption technology. It will give Zoom access to Keybase’s encryption technology, as well as its team of engineers, to secure the Zoom platform.

How Keybase’s Encryption technology will be Integrated with Zoom

Keybase was launched in 2014, and it allows users to encrypt social media messages or shared files with public key encryption which ensures that communication stays private.

Going forward, Keybase’s cofounder Max Krohn will head Zoom’s security team, along with other engineers, as a first step for Zoom as it aims to build a “truly private” video communications platform that will scale hundreds of millions of participants and help the firm to improve security and privacy on its platform as usage soars.

Albeit, Zoom has faced criticism for overstating its end-to-end encryption capabilities, which it subsequently apologized for the “confusion” around its definition of the encryption technology.

What's Next for Zoom?

Zoom has unveiled a 90-day strategy aimed at addressing its security concerns, including the hiring of Alex Stamos, the former CSO at Facebook, as a security consultant. It also initiated a freeze on non-security product features, amidst the plan to incorporate Keybase’s technology to provide full end-to-end encryption for its platform.

As at now, Zoom audio and video data are encrypted as it’s sent out before being decrypted on the receivers end. But with the Zoom upgrade last month to 256-bit encryption with the launch of Zoom 5.0, the keys are still generated at Zoom’s own servers.

Zoom plans to make full end-to-end encryption available as a paid service, in which case, the encryption keys will be generated from the meeting host, that is, even Zoom will not be able to view the data sent over its network.

Though it will continue to generate keys on its own servers when necessary, like for users who want to call into a third-party meeting system or use cloud recording features.

Zoom already offers Live Video Meeting notes integration with access to live transcripts, through partnership with Otter.ai, which is available to Zoom Pro users, allowing meeting participants to highlight, add comments and pictures via the Otter.ai web or mobile app.

Zoom set to bring end-to-end Encryption to the video-conferencing software

QRNG chipset

Samsung has launched a new smartphone, called Galaxy A Quantum, which might look like any regular Android phone, but under-the-hood, it packs some futuristic technology to protect users from hackers.

While the trail-blazing smartphone come equipped with a Quantum Random Number Generator (QRNG) chip, which is developed by ID Quantique based out of Switzerland, a subsidiary of SK Telecom. The quantum encryption capabilities coming to the mobile device, means that you can generate unpredictable random numbers to create security keys for apps and services.

And this is first smartphone to come equipped with a Quantum Random Number Generator (QRNG) chip, which protect users persoanl data by using the information to analyze quantum randomness to come up with a truly random number.

What is the QRNG chipset all about?

QRNG chipset is the SKT IDQ S2Q000 that enhances the security of the Galaxy A Quantum's data by using quantum encryption technology to generate random numbers to create unpredictable secure keys.

It comprises of an LED and a CMOS image sensor, which help to detect the light emitted by the diode to generates random numbers. The random numbers are assigned to services that require identification and certification, such as mobile payments, or apps to generate encryption keys and enhance the security.

The quantum key distribution encryption system relies on the quantum mechanics architecture, which in contrast to traditional public key cryptography, cannot provide any mathematical proof as to the actual complexity of reversing its one-way functions.

Samsung Galaxy A Quantum specifications

Samsung Galaxy A Quantum boots Android 10 out-of-the-box, and based on One UI with a total of five cameras, a 32MP selfie shooter on the front and 64MP primary camera at the back, coupled with 12MP ultrawide, 5MP macro and 5MP depth sensor units.

It packs a 4,500 mAh battery with 25W fast charging support and available in three color options, namely: Black, Silver, and Blue. It also comes in a single 8GB/128GB configuration at a price of $530/€490 and now available for pre-booking in South Korea, with public sales commencing on May 22.

The Galaxy A Quantum will come with a pair of Galaxy Buds for those who pre-ordered it, and those who buy after the pre-booking period will get a discount coupon worth $40/€38 to purchase the Galaxy Buds.

Samsung claims the First Smartphone With Quantum Key Distribution Encryption


If you are searching for Free Movie Download Sites, then sit back and enjoy, as the global lockdown has made it difficult for anyone to step out even on weekends or Holidays.

Everyone love watching movies, but most don't know which websites to download movies in full HD quality, or where they can watch and download free movies legally. Don’t worry, we've got you covered, with top free movie download websites, that you can download best HD Movies Online.

And if you're wondering whether any site constitutes illegality to download movies for free, the answer is yes. Some sites host illegal contents and poses huge risks for online users, but here we have taken the time to compile sites where you can get safe and legal movies online.

Top Free Movie Download Sites

The Internet have brought the convenience to search for lots of movie sources online for download and watching on your various devices, find the top free movie download sites below!

1. MoviesFoundOnline


MoviesFoundOnline.com offers a variety of contents including TV shows, free movies, independent films, and stand-up comedy video. The free movies hosted on the website ranges from cult classics to short films and documentaries, including comedy and adult movies.

It is a free movie download website that list video contents from around the world, and allows you to browse the contents by different categories.

2. The Internet Archive


The Internet Archive’s Movies collection is one of the best places online to download free movies, with a wide variety of movie titles uploaded by users for free. The movie categories ranges from full-classic films to documentaries, cartoons and concerts, and lots more.

And you can download movies in many different formats, most of which are supported by your PC’s in-built video player.

3. FZMovies


FzMovies is one of the hottest free web sites to download movies in different international flavors, including Hollywood and Bollywood, with plenty of newest film titles.

It offers a huge collection of Hindi and English movies. And you do not need to spend a dime to download movies and shows on FZMovies.

Top Free Movie Download Sites — Best HD Movies Online

Microsoft released a patch for the Reverse RDP Attack vulnerability (CVE-2019-0887) as part of Patch Tuesday update in July 2019, but it turned out that replacing the backward slashes with forward slashes in paths still bypasses it.

While the Reverse Remote Desktop Protocol (RDP) Attack resulted a client system flaw to a path traversal vulnerability which could be compromised by remotely accessing a server through Microsoft's Remote Desktop Protocol.

The company acknowledged the improper fix and re-issued a patch for the flaw in February 2020 Patch Tuesday update, marked as CVE-2020-0655; though Microsoft added a separate workaround in Windows, it left out the root of the bypass issue, the "PathCchCanonicalize" API function.

Why Microsoft’s core Path-Traversal check still wasn’t fixed?

According to researchers at Check Point, the Path-Traversal vulnerability was due to lack of sanitation checks on the file paths that included inside the incoming FileGroupDescriptorW clipboard format.

Albeit, Microsoft followed their own best practice by adding a validation check based on the function PathCchCanonicalize, which can be seen in below image:

The canonicalized output, if successful is then compared to the original filename, and any mismatch results in an error. That is to say, if the filename contains strings of the form . or .., it changes to the canonicalized form when converted, and thus failing the validity check.

How third-party Clients are Still Vulnerable

As Microsoft neglected to fix the vulnerability in the official API, all programs that were written with Microsoft's best practices will still be vulnerable to a Path-Traversal attack.

The main vulnerability is still not rectified, therefore Check Point cautions that the implications of a simple bypass to a core Windows path sanitation function still poses a serious risk to other software products.

Interestingly, the flaw was discovered when the researchers tried to examine Microsoft's Remote Desktop client for Mac, which RDP client was left out from the initial analysis last year, and surprisingly, the macOS RDP client in itself isn't vulnerable.

Microsoft Patch for Reverse RDP Attacks leaves third-party Clients Vulnerable


Firebase is used by several apps to store users data, which data are not properly secured, thus allowing anyone access to databases containing these users' personal information, including: access tokens and other data without any form of authentication.

While Firebase is a cloud-based mobile and web application development platform used across several operating systems, acquired by Google in 2014.

According to security researchers at Comparitech, an analysis of 15,735 Android apps, which comprises about 18 percent of apps on Google Play store, shows that 4.8 percent of apps using Firebase to store user data are not properly secured.

The vulnerable apps mostly spanning games, education, entertainment, and business categories, are installed over 4 billion times by Android users, making the chances that an Android user's privacy may have been compromised by at least one app.

How Firebase misconfiguration allow Hackers to steal data

Firebase misconfiguration allow hackers to steal data from storage by simply appending “.json” at the end of a Firebase URL, the attacker can easily view and download contents from the vulnerable databases.


Though Google had taken steps to scrubs these vulnerable Firebase database URLs from its search results, but still, they are indexed by other search engines like Bing. The researchers were able to find exposed databases, through searching each app’s resources for strings indicating that Firebase is used, such as text ending in “.firebaseio.com”.

Albeit, Firebase provides simple REST API to access stored data, and the data is stored in JSON format, so public databases are accessible by making request to the database URL appended by “.json”.

How to Secure Your Data and Prevent unauthorized access

The researchers promptly notified Google of their findings on April 22, and the Internet giant promised to reach out to affected developers in order to patch the flaw.

Until then, it's recommended that app developers should adhere to some database rules to secure data from their apps and prevent unauthorized access. And users, on their part, are advised to stick to trusted apps and be cautious of the information they share with any app.

Android Apps exposing Users' Personal Data via Google's Firebase flaw


Kali Linux has released its second update for 2020, Kali Linux 2020.2 with major features like non-root user policy and Nexmon support, bringing WiFi monitor and frame injection to wlan on mobile devices.

While Kali NetHunter, the penetration testing platform with Android ROM overlay was initially available for Nexus devices and OnePlus One, as well as some Samsung models, but has now been updated to include more devices.

Kali Linux 2020.2 Release eliminates the ‘kali-linux-everything’ option from the installer, instead it now caches ‘kali-linux-large’ meta-packages and every desktop environment in the ISO image. Albeit, the image is now larger than before, and works perfectly for offline installation.

Major Kali Linux 2020.2 Changes and Enhancements

Kali Linux had introduced dark and light themes in the previous version for its Xfce and GNOME desktop, now with the current version, the theme variant is also available for KDE Plasma desktop.


The KDE Plasma Makeover as part of Kali Linux look and feel update, brings it back to its roots (days of backtrack-linux), giving some love and attention to KDE Plasma, with the introduction of dark and light themes for KDE Plasma. Other changes include:

  • Python 3.8
  • OpenPlus 3T ISO images
  • PowerShell Installation During System Setup
  • Refreshed package logos
  • Default non-root policy for ARM images

Furthermore, Kali Linux 2020.2 now requires a 16GB Minimum SD card for ARM images, and GNOME has been updated to its latest version 3.36 which brings redesigned desktop looks along with other new features.

How to Update to the Kali Linux 2020.2 Release

As Kali Linux is a rolling release distro with continuous updates, users only need to upgrade their package to get the latest version. So, if you’re already running Kali Linux, simply enter the following command to upgrade your system to the latest version:

sudo apt update && sudo apt -y full-upgrade

However, those that are new to Kali Linux can download the ISO image of Kali Linux 2020.2 from the official website. Also, you can download the images for ARM-based devices such as Pinebook and Raspberry Pi.

Kali Linux 2020.2 Release brings Nexmon support for NetHunter on mobile devices

Microsoft's switch to the Blink rendering engine is perhaps a win-win for all Chromium-based browsers, as the company is spear-heading innovations coming to the open source browser engine.

Now, the company is working on a dual-screen emulator for the Chromium open-source browser, which feature was first spotted in a Chromium Gerrit commit, to be enabled by users through an experimental flag. The emulator feature follows the growing trends of foldable devices which are appearing more and more in the market.

While the first point-of-call for Microsoft Chromium Edge was the introduction of 'tracking prevention' for the browser, which serves same purpose as the cookie blockers on both Firefox and Safari browsers.

Chrome remains the only browser without the implementation of ad blockade, which reason is very much obvious, Google is the single biggest advertising company on the Web; but Microsoft wants to distance its browser from the creepiness that's associated with Chrome.

Devices to support the Dual-screen Emulator

The most intereting aspect of the dual-screen emulator feature is that it is meant for mobile devices only, and currently supports Galaxy Fold and Surface Duo which are expected to launch later this year.

Microsoft also released the Windows 10X emulator for the dual-screen Surface Neo, with listed changes that are included in the emulator.

It also supports the different settings for dual-screen devices in vertical or horizontal positions, and the new controls have been added to the browser UI from single-screen to dual-screen. Any device with a hinge in dual screen mode will be shown in the emulator as well.

How is the Emulator meant to be used?

The emulator is meant for web developers who need it to optimize their sites for dual-screen devices. However it can also be used by regular web users who wants a sneak peek into how a page will look like on a dual-screen device.

Eventually, the new feature will be made available to the Micrsoft Edge Chromium browser when the development is completed. And the Emulator from Microsoft’s Windows dev tool site will also be available for developers to design apps for dual-screen devices.

Microsoft prepping a dual-screen emulator for the open-source Chromium browser

As part of Facebook's ambitious program to bring free Internet to third-world countries, is the launch of a new secure proxy for browsing the Web for free called Discover.

While the erstwhile Free Basics service, available as a mobile web and Android app, allows users to browse the Internet using free daily data caps, similar to the new Facebook Discover currently being tested in Peru, that also rout all traffic through a proxy.

The main differentiator, however is that it treats all websites as the same, whereas Free Basics is limited to a handful of websites that meet some technical criteria set by Facebook.

Why A Web-Based Proxy?

Facebook Discover is a quite similar to its Free Basics program in that all traffic is routed through a proxy, but only the device interacts with the proxy servers, acting as a "client" to the requested website by users.

It runs in a whitelisted domain under same "freebasics.com" which the operator makes available for free (for instance, "https://example.com" is rewritten as "https://https-example-com.0.freebasics.com"), and fetches the webpage on behalf of the user and delivered to their device.

Additionally, the web cookies are stored encrypted on the server to prevent browsers from reaching a cookie limit. And the encryption key is stored on the client so that contents of the key can't be read without decoding by the user with the key.

How Secure is Facebook Discover?

Facebook Discover uses an authentication tag called "ickt" which is derived from the encryption key and a browser identifier cookie known as "datr", stored on the client.

And the tag is embedded in every proxy response, which is then compared against the 'ickt' on the client-side to check for signs of security tampering. If it mismatches, the cookies will be deleted. It makes use of a "two-frame solution" that embeds third-party site within an iframe secured by an outer frame, making use of the aforementioned tag to ensure the security of the content.

It thus prevent impersonation of the Discover domain by phishing sites, by blocking navigation attempts to such links through sandboxing the iframe, which prevents it from executing untrusted code.

Facebook testing New Secure Proxy for Browsing the Web for Free


Deepin Linux-based Unified Operating System (UOS) is a Chinese commercial version that's supposed to replace foreign OSes like Windows and macOs in the coming years.

As the most appealing Linux distro, Deepin brings the same awesome UI to UOS as with the Deepin desktop environment (DDE). According to Deepin Linux founder Liu Wenhuan, who also oversees the development of Deepin Linux-based Unified Operating System (UOS), it will take at least 3 to 10 years to truly match up with foreign operating systems.

And remarkably, Linux usage surged by a 1.5 percentage points to end at 2.9% in April, the highest since October 2017, with Windows accounting for 86.9% of global OS share, a decline of 2.3 percentage points.

How UOS intends to Replace Windows as preferred Chinese OS

Deepin Linux distribution is available for free, and UOS is an enterprise-focused distribution maintained by Union Tech, both of which are geared as Chinese native OS to replace Windows in the Chinese market.


While there is certainly no doubt about Linux dominance for enterprise servers and running supercomputers, but in the normal desktop vertical, Linux still needs more years to match up with Windows and macOS.

Notwithstanding, the NetApplications Linux usage report, it is a long way to go to actually beat the already dominant players. Albeit, the fact that desktop market of Microsoft’s Windows is still a mammoth 86.67% in China, and 9.94% for macOS, with only a meagre of 0.6% for Linux.

What Linux Desktop Market Share in China represents?

The mere 0.6% of Linux usage in China is further broken down to show that the data share is dominated by Ubuntu, with a large percentage of users at about 17.4% and even those still use Windows as their primary OS.

Though Windows' overall share did slid, but the individual editions like Windows 10, actually climbed in usage for April, ending at 64.5% share, which is a two-tenths percentage point.

Now, given that the latest data indicates an increase in Linux desktop market share by 1.5% and a decline in Windows shares by about 2% between March to April 2020. Does it then mean users of Windows 10 are switching to the open source alternative, Linux?

Deepin Linux-based Unified Operating System (UOS) aims for China dominance


The Firefox-maker, Mozilla has been at the forefront on implementation of security measures that looks to secure web users, with Firefox 76 password manager, which is dubbed Lockwise, as a special area of emphasis for the browser-side security.

Firefox 76 comes with enhanced password protections which include warnings about sites that are reportedly victims of data breach, and also help to alert users if their passwords are known to have been leaked in breaches on such sites.

Again, Firefox is significantly faster than Google's browser or Microsoft's Edge in its updates, with the latest upgrade of the browser, Firefox 76 released on April 7 and next update expected on June 2, which is only four weeks interval.

Firefox Lockwise protection to keep your passwords safe

There’s a new feature in Firefox 76 password manager, Lockwise, that is meant to protect users saved passwords. If you try to view or copy a password from the “Logins and Passwords” page, you'll be prompted for your device’s account password, which once added, you will be able to view and copy for up to five minutes.


The Lockwise dashboard, now powered by Firefox Monitor, makes it easier for you to check your passwords as often as you wish to keep your personal information safe, and to access your Lockwise dashboard, you simply need to click on the hamburger menu button located on the far right of your toolbar.

And this new feature automatically check your encrypted list of passwords against breached website information, to help you stay on top of your accounts security.

How to Download Firefox Lockwise to your iOS or Android devices

You can download Firefox Lockwise to your iOS or Android devices from their respective app stores to get access to your Firefox passwords on the go.

It also works by syncing your logins from the browser to the app, allowing you to take your login information securely with you. To get started, simply sign into your Firefox account on your PC, and then sign into Lockwise on your device to sync your logins.

Mozilla looks to stymie Data breach with Firefox Lockwise protection

A new botnet campaign with Chinese origins, dubbed "Kaiji" targeting Linux servers and IoT devices through SSH-brute forcing, was discovered by researchers at Intezer Labs.

While other such attackers get implants from popular sources like open source or blackmarket toolsets, this particular botnet employs a custom implant, from which its name Kaiji is derived based on one of the functions. Also, the botnet was built using the Golang programming language, which is very rare in the IoT botnet ecosystem.

Albeit, the security analysts believed that the botnet isn't advanced enough to exploit most devices, as Kaiji uses a brute force attack to target those IoT devices and Linux servers with their SSH ports exposed.

How Kaiji targets IoT devices with exposed SSH ports

The botnet, Kaiji spreads exclusively through SSH-brute force attacks targeting root users only, and access to root is important for its operation as such DDoS attacks are possible via crafting own network packets. While for Linux, such custom network packets are given to privileged users such as a root user.

If an SSH connection is established, it executes a bash script which sets up the environment for the malware, thus:
A /usr/bin/lib directory is created and then Kaiji is installed under the filename ‘netstat’, ‘ps’, ‘ls’, or some other system tool name.

Kaiji main features consists of multiple DDoS attacks like synack and ipspoof attacks, with an ssh bruteforcer module to maintain the spread, through an ssh spreader that relies on hijacking local SSH keys to infiltrate known hosts which the server connected in the past.

How to Protect your Linux and cloud servers

Malware threats targeting Linux are on the rise, with Kaiji as a new DDoS operation in its early stages.

Another major threat is the Mirai botnet that infected hundreds of thousands of IoT devices used to launch some of the largest DDoS attacks in history. It spreads in a worm-like manner through Telnet connections by taking advantage of default administrative details on smart devices, which unfortunately, most users don't change.

Therefore, it is recommended that Linux users should make sure that their servers are patched as at when due, and the server software are up-to-date, and more importantly, ensure that they change the default administrative password.

New IoT Botnet targets Linux Servers via SSH-Brute force attacks

Microsoft Windows witnessed a slide in share for all operating systems in April, which is the first month of the global lockdown following the surge in coronavirus (COVID-19) pandemic.

While Linux (made up of all distributions) surged by a remarkable 1.5 points to end at 2.9% in April, the highest since October 2017, and Windows accounted for 86.9% of global OS share, a decline of 2.3 percentage points.

As the largest loss by Microsoft Windows since 2017, which according to Net Applications, after major adjustments to its share numbers after purging it of bogus traffic from bots.

How individual Windows editions, such as Windows 10, fared?

Windows overall witnessed a ripple effect, which caused individual editions, such as Windows 10, to have similar losses. But if measured as portion of all Windows, the decline by Windows 10, were much less significant.

And given the so-called zero-sum game, as operating system share is often perceived, if an OS goes down, another must have gone up, so April's share saw major advances by rival operating systems, such as Apple's macOS climbing by eight-tenths of a percentage point to end at 9.8%, its highest mark since 2019.

And the biggest surprise, Linux, including all distributions hit a remarkable 1.5 points to end at 2.9%, the highest mark since 2017 and perhaps, just before the Net Applications data purge.

How the different Linux distros fared?

Ubuntu, the most popular Linux distro, was pegged at a whopping 1.9% or 66% of the Linux overall share, which is a gigantic increase from the three-tenths of a percentage point the previous month.

The fact that there were suddenly more machines running the Canonical distro in April is a bit of puzzle, though people are more likely using personal Macs while working from home, as corporate-owned Windows machine remained at the office, but the big uptick in Linux is still a puzzle.

Albeit, Windows' overall share did slid, but the impact on individual editions was pretty minor. And for Windows 10, it actually climbed in April, ending at 64.5% share, which is two-tenths of a percentage point.

OS Wars 2020: Linux surges, while Windows' share took a tumble


elementary OS is a Linux distro that's mainly targeted at non-technical users, and serves as open and privacy-focused replacement for macOS and Windows, with a so-called pay-what-you-want model.

While the current elementary OS 5.1 "Hera" has recently received some new changes in the latest point version v5.1.4 release, which includes a revamped app menu, renaming of the parental control app, and several performance improvements.

The upcoming elementary OS 6 "Odin" will make debut with Ubuntu 20.04 LTS, and some of the new enhancements expected in the new OS version are as follows. 

Upcoming Features & Release date for elementary OS 6

The upcoming elementary OS 6 with the UI development phase update, according to Cassidy James Blaede, Co-founder & CXO, will make debut with an Ubuntu 20.04 base.

While Ubuntu 20.04 LTS was released on April 23, 2020 and the most notable features is support for Linux kernel 5.4 which provides the latest kernel capabilities, such as lockdown mode and exFAT support.

Other expected features include:

  • Improved Flatpak package management
  • Support for Wayland display server protocol
  • New libraries for Ubuntu 20.04 LTS (focal fossa)
  • New Setting to change the terminal and code color scheme
  • Improved gesture support for one-to-one touch

Additionally, the elementary OS team has renamed the Parental Controls app to “Screen Time & Limits” which is perhaps a more straightforward name, and now, you can use it on non-admin accounts.

Though, the official release date for elementary OS 6 is yet to be announced, it is a possible estimation that elementary OS 6 Odin may hit the market in November 2020.

If you’re new to elementary OS and need a fresh installation, you can download the latest ISO image from the official site.

elementary OS 6 Odin: Upcoming Features and Release date

The ubiquitous to-do list app, Wunderlist since its creation in 2011, has helped millions of people in organizing their ideas for perfect execution. But as the May 6 shutdown of Wunderlist is almost upon us, this is perhaps the best time to move to an alternative service.

While Microsoft had acquired Wunderlist about five years ago, and later debuted its own to-do list app called Microsoft To Do, which incorporates several of the features in Wunderlist. Now, Wunderlist users will no longer be able to use the list-making app, and Microsoft's To Do list app will replace it in May 2020.

If you're looking for alternatives to Wunderlist, here are three (3) to-do list app alternatives that allow you to import your data from Wunderlist directly.

3 Best Free Alternative To-Do list Applications

If you’re a user of Wunderlist, it is recommended that you shouldn’t wait until the last minute to get a replacement app; so you can choose from the below list.

1. Microsoft To Do

Microsoft To Do is the successor to Wunderlist, built by Microsoft itself based on Wunderlist's features. The To Do app got a redesign that makes it look a bit more like Wunderlist last year, with some major cosmetic changes, like a dark mode option and background color options.

Also, it features other capabilities including steps (subtasks), listing groups (folders), and file attachments, and sharing and task assignments, coupled with the ability to sync across Android, iOS, Mac, and Windows.

Microsoft To Do is available for Android and iOS as a free download and also as a web app. It requires that you sign in with your Microsoft account, but if you don't have a Microsoft account, you can also create an account with your preferred email service, including Gmail, Hotmail, or Yahoo mail.

2. Google Keep

Google Keep is pre-installed on almost all modern Android device, and so, it’s perfect for those who need to make the simplest of do-to lists on the go.

And it is completely free, albeit, its list-making feature is quite limited, which it makes up for with non-bloated and clean UI. Another disadvantage is that you can't import directly from Wunderlist into Google Keep.

It is most ideal for people who have just reevaluated their list-making needs or perhaps, have only recently gotten on board into the to-do lifestyle; you may have to take a look at Google Keep.

3. Todoist

The productivity app, Todoist is helpful in managing tasks, projects and your daily goals. It is able to syncs across Windows, Mac, Android, iOS and via web and browser extensions, coupled with direct apps like Google Calendar and Dropbox integrations.

Also, you can use Todoist to delegate tasks and set goals, with daily or weekly productivity trends.

Todoist is free to download on iOS and Android, or as a web app, and you can import data from your Wunderlist lists, using Todoist's import tool. But, you'll have to authorize the data transfer, which can then move all of your projects, tasks, and files to the Todoist app.

Wunderlist Alternatives: 3 Best Free To-Do list Applications for 2020