Microsoft Edge browser now has the same Chromium base as Chrome, and offers access from Microsoft account and features like Bing search engine by default; also supports browser add-on and extensions.

While Microsoft Edge is available for desktop and mobile platforms, with the same consistent and powerful web platform and developer tools as on macOS or Windows; but until now, Linux users have been missing in the great fun.

Microsoft Edge for Linux release, currently supports Ubuntu, Debian, Fedora, and openSUSE distributions, with plans to release weekly builds follow up typical of Dev Channel cadence alongside other supported platforms.

Introducing Microsoft Edge for Linux preview builds



Microsoft launched a preview version of its Edge browser for Linux this month, after officially confirming plans for Edge on Linux earlier in the year; now Linux users will be able to download the preview of the browser.



The company maintained that Web platform and developer tools features for Edge on Linux, including the core rendering behaviors, extensions, browser DevTools, and automation features, should be consistent with other platforms like macOS and Windows. And as this is a Dev Channel preview, it'll receive weekly updates in sync with the Dev Channel on other platforms.

This preview is available from Microsoft’s Edge Insider site or through the native Linux package manager and it is specifically meant for developers who want to build and test their sites and apps on Edge for Linux.

How to Install Microsoft Edge on Linux



Microsoft Edge for Linux can be installed in two ways, with the simplest approach as downloading and install a .deb or .rpm package directly from the Microsoft Edge Insider site, which will configure your system to receive any future updates automatically.

And the second approach is to install Microsoft Edge from Microsoft’s Linux Software Repository using your distribution’s standard package management tools, by following the “Command line installation” instructions on the Microsoft Edge Insider site (deb/rpm).

Kindly note that you can share feedback or feature requests or report any issues via the “Send Feedback” tool, either through the “…” (“Settings and More”) menu in Microsoft Edge, or by simply pressing Alt+Shift+I.

Microsoft Edge for Linux: Release date & Update for Chromium Edge browser

Pop!_OS is an Ubuntu-based Linux distribution featuring a custom GNOME desktop, which primarily is bundled with the computers built by System76, but also can be downloaded and installed on other computers.

While System76 has announced the latest release, Pop!_OS 20.10 based on the upstream Ubuntu 20.10 “Groovy Gorilla” - albeit, the new Pop OS includes its own tweaks that make it rather different from just any other Ubuntu variant.

Pop!_OS 20.10 provides full out-of-the-box support for both AMD and Nvidia GPUs, which makes it an easy Linux distribution to set-up for gaming due to its built-in GPU support.

What's New in Pop!_OS 20.10 Release?



Pop!_OS 20.10 is based on Ubuntu 20.10, including all the upstream changes such as updated GNOME 3.38, Linux Kernel 5.8, and several bug fixes. Besides these, the latest Pop OS brought support for deb822 repository format, making the system sources list even more compact and easier to navigate.



The support for Deb822 Repository Format also added a new library for repository management, with features such as the ability to reset mirrors to defaults, change the default system repository mirrors, and change the names of repositories.

Also, Pop OS has introduced an interesting feature called Stacking that makes the OS more resourceful, allowing users to switch between tabs in the web browser, and arrange tiled windows in Pop!_OS 20.10. And for the stacking tiled windows, the below Keyboard shortcuts can be used as follows:

  • Super+/ (Launches an app into the stack).
  • Super+Left or Right Arrows (switch between windows in the stack).
  • Super+Enter+arrow keys (Windows in and out of the stack).
  • Super+S (Converts a window into a stack).


Another notable feature is the tiling, which is no doubt one of the best features that Pop OS offers out-of-the-box. Although, the application windows sometimes are too small to tile efficiently, but with Pop!_OS 20.10 you can set the Floating Window Exceptions to restrict windows from tiling.

Other major features include: Fractional Scaling In Pop OS, and External Monitor Support in Hybrid Graphics mode, which feature allows you to work easily by adding support for external monitors in the Hybrid Graphics mode.

How to Upgrade to Pop!_OS 20.10



For existing Pop OS users, running the old version of the Linux OS, you can upgrade your system to Pop OS 20.10 simply by going to the Settings application, navigate to the OS Upgrades menu, and click “Downloads” to Upgrade. Also, you can run the below single command in your terminal to upgrade to Pop!_OS 20.10:

pop-upgrade release upgrade


The ISO image of Pop!_OS 20.10 can be downloaded from the official page, with two images available as follows: the normal and the proprietary NVIDIA drivers image.

Pop!_OS 20.10 Release: Brings support for Deb822 Repository Format

Adversarial machine learning is a technique that attempts to trick models by supplying deceptive input, of which the most common reason is to cause malfunctions in the machine learning model.

Now, Microsoft in collaboration with IBM, MITRE, NVIDIA, and a host of other tech companies, has launched an open framework called the Adversarial ML Threat Matrix, to help security analysts in detecting, and remediating adversarial attacks against machine learning (ML) systems.

The initiative is perhaps the first attempt to organize the different techniques used by adversarial attackers in subverting ML systems, and even more crucial as AI (artificial intelligence) and ML are being deployed in a variety of novel applications.

What are the Adversarial Attacks and Defenses in Deep Learning?



The rapid developments in AI and deep learning (DL) techniques, makes it critical to ensure the security and robustness of the deployed algorithms. And recently, the vulnerability in DL algorithms to adversarial attack samples has been widely documented, with the fabricated samples leading to various misbehaviors of the DL models.



As such, adversarial attack and defense techniques is beginning to attract increasing attention from both ML and security communities at large. And threat actors not only are able to abuse the technology to run malware, but also leverage it to trick machine learning models, thereby causing the systems to make incorrect decisions, which poses a threat to the safety of AI applications.

Security researchers have also documented what's called model-inversion attacks, which provides access to a model that's abused to infer information about training data. Albeit, most machine learning techniques are designed to work on specific problem sets in which the training data were generated from same statistical distribution (IID).

What Adversarial ML Threat Matrix brings to the table?



Adversarial ML Threat Matrix aims to address the issue of threats against data weaponization with a curated set of vulnerabilities and adversary behaviors which Microsoft and MITRE have vetted to be effective against ML systems.

Thus, organizations can use the Adversarial ML Threat Matrix to test their own AI models' resilience by simulating attack scenarios using a list of known tactics to gain access to the environment, contaminate training data, execute unsafe ML models, and exfiltrate sensitive information via the model stealing attacks.

The overall goal, however, is that the framework will help security analysts to orient themselves in the new and upcoming threats scenarios to stay abreast of the threats actors.

Open Framework to protect Machine Learning (ML) Systems from Adversarial Attacks

Trisquel GNU/Linux is a 100% free operating system that comes with a complete package of programs which can be easily extended using a graphical installer, including several editions like the mini edition for netbooks and old computers and the network-based installer for server installations.

While the latest version, Trisquel 9.0 is based on Ubuntu 18.04.5 LTS, but with all the proprietary software and firmware removed from the codebase, and all supported packages are up-to-date with security patches.

Trisquel GNU/Linux is among the few operating systems directly endorsed and listed under the “Free GNU/Linux Distributions” by the Free Software Foundation (FSF), as such Trisquel is 100% free and contains only free software with Linux-libre kernel, which means that non-free firmware like drivers, and everything deemed non-free by the FSF are completely eliminated.

Trisquel has “Abrowser” as the default web browser, which is Trisquel's version of Mozilla's popular web browser with the trademarked logos removed; it now includes all the latest updates from the upstream Mozilla Firefox. And Trisquel 9.0 has added backports to provide extended hardware support, with latest software like LibreOffice.

What's New in Trisquel 9.0 “Etiona” Release



Trisquel 9.0 runs the lightweight GNOME 2.x fork, known as MATE as the default desktop environment, and under the hood is Ubuntu 18.04 LTS, albeit the Trisquel team added a little tweak to make the Ubuntu-derivative truly unique.



And the Trisquel Mini with the LXDE desktop environment is perfect for those who want a low-resource hungry desktop for older machines and netbooks, but if you’re looking for a modern look and highly customizable desktop, then you should go for the Triskel edition featuring KDE plasma.

Additionally, LibreOffice is added to Trisquel 9.0, also added is GIMP, Icedove (Thunderbird replacement), and other useful tools, and applications, including: VLC, Brasero, Rhythmbox, and the MATE software/tools collection.

How to Download and Install Trisquel 9.0



If you're new to Trisquel and want to give the new Trisquel 9.0 a spin, you can get the ISO image from the official download page. With all the different editions, including: Trisquel MATE, Triskel KDE, Trisquel Mini and Trisquel Sugar Toast, available in both 32-bit and 64-bit versions.

Trisquel 9.0 Etiona as an LTS release, means that the development team has already begun work on the next version, Trisquel 10 and you can join the community forum for help in installing the operating system or to contribute to the project.

Trisquel 9.0 “Etiona” Release: 100% Free Operating System with Linux-libre kernel

Google Vulnerability Reward Program (VRP) classifies the address bar as the most reliable security indicator in validating the authenticity of the website; but not wiith recent discovery about an address bar spoofing vulnerabilities affecting multiple mobile browsers.

According to Rafay Baloch, a cybersecurity researcher, the address bar spoofing vulnerabilities affects multiple mobile browsers, including Apple Safari, Opera Touch, Yandex Browser, UCWeb, Bolt Browser, and RITS Browser, which flaw leaves the door open for spear-phishing and malware attacks.

While UCWeb and Bolt are yet to release patches for their respective browsers, Opera is expected to release a fix for Opera Touch on November 11, 2020.

How the Address Bar Spoofing Vulnerabilities Affects Multiple Mobile Browsers?



The Address Bar Spoofing Vulnerabilities stem from the use of malicious executable JavaScript code in compromised website to force the browser to update the address bar, even while the page is still loading, changing the destination URL to another address of the attacker's choice.



And the vulnerability in Safari occurs due to the browser's preserving of address bar of the URL when requested over an arbitrary port, with the set interval function reloading bing.com:8080 every 2 milliseconds; hence users are unable to recognize the redirection from original URL to the spoofed URL.

Similar issues have also been found in several other major browsers, and once the coordinated disclosure timeline has elapsed, they will be made public. However, what makes the Safari vulnerability more pronounce is that the browser by default doesn't reveal port number in URL unless focus is set via cursor.

How Web users can stay safe from such Address Bar Spoofing Vulnerabilities



It is now pretty easy to coax users into disclosing their personal information which hackers steal and use in distributing malware with the address bar seemingly pointing to a trusted website and giving no indicator of forgery, which exploits a specific flaw in the browser, to evade several anti-phishing solutions.

Therefore, web users are enjoined to always look out for browser-based vulnerabilities such as the address bar spoofing which may exacerbate the success of spear-phishing attacks and hence, could prove to be more dangerous.

Address Bar Spoofing Vulnerabilities In Multiple Mobile Browsers

Similar to Y2K bug, also called Millennium Bug, there is a problem in the coding of computerized systems that's projected to create havoc in computers and server networks around the world in the year 2038.

As computers are programmed to store the last two digits of the year only because it saves storage space, there’s only one day left in the year 1999 (99); which is a day later, therefore the systems would supposedly fail to understand if it’s the Year 2000 (00) or 1900 (00), so was the argument.

While the storage of a combination of date and time within a fixed binary field is often considered the solution, albeit the possibility for software to misinterpret dates still remains as date and time representations are relative to some known origin.

What's the Year 2038 Bug?



The Year 2038 bug is as a result of the original Unix time datatype (time_t) which stores a date and time as a signed long integer on 32-bit systems a 32-bit integer, representing the number of seconds since January 1, 1970. After 2038, this number will exceed 231 − 1, the largest representable by a signed long integer on 32-bit systems.



It will cause the Year 2038 bug, also referred to as the Unix Millennium bug, which unlike 64-bit systems which uses 64 bits, the problem doesn't exist on 64-bit systems as they use the LP64 model.

And the maximum value of a 32-bit interger, which is 2,147,483,647 will starting from 19th January 2038, at exactly 3:14:07, result to the value of stored time since January 1, 1970 to equal the value of a 32-bit integer, that is, 2,147,483,647, thereby causing the issue.

How Linux Kernel 5.10 Solves the Year 2038 Bug



The XFS file system in Linux Kernel 5.10 has been extended to the year 2486, which change fixes the Year 2038 bug. With “Large Timestamps” function that has now fixed this problem by refactoring their timestamp and inode encoding; and the timestamps will now be dealt with as a 64-bit nanosecond counter and bit shifting to extend the measurement.

It is made possible by a brand new XFS file-system with bigtime enabled, which permits the timestamp from December 1901 to July 2486, and for the preservation of backward compatibility, the large timestamps function isn't enabled by default.

Thus, XFS also takes care of the year 2038 problem, whereby the storing of the time since 1970 in seconds will now not slot in a signed 32-bit integer and a wraparound till the year 2486.

Linux Kernel 5.10 Solves Year 2038 Bug with new XFS file system

Digital contents are increasingly available in numerous formats and platforms, and many people are interested in downloading and saving such contents as video or music from YouTube!

While there are several free YouTube downloaders, we've sifted the list to present to you, Snappea which makes it super-easy to download YouTube videos in any format of your choice, the YouTube downloader is perhaps the best free YouTube downloader right now.

The free software comes in both a web version and an Android app, with the YouTube to MP3 online converter putting many paid-for tools to shame, allowing you to download and save videos without any hindrances, and even lets you extract the audio from a video, or downloading an entire playlist.

And coupled with a colorful, easy-to-use interface, you'll definitely love Snappea and the fact that you can get around it in no time. Now, let’s take a look at how to use this wonderful software.

Why should you choose Snappea Online Downloader?



Snappea online downloader is a fully web-based platform that enables users to download and save YouTube videos, even the 1080p videos online. You can easily download as many YouTube 1080p files as you want through the web portal, without having to download any app to your smartphone or desktop system.



It’s unique features are as follows:

  • 100% Free!
  • Fully Online Video downloader with YouTube support.
  • Supports downloading of videos in various formats, such as MP3 and MP4.
  • User-friendly interface, and easy to navigate web portal.


Additionally, there are no download limits as you can download multiple 1080p videos on your smartphone or computer and the best part is that the platform doesn’t charge you anything. It is 100% free for use as long as you want to continue to use it.

Steps to Download YouTube Videos Using Snappea Online Downloader



Step 1: Simply navigate to the Snappea Online Downloader



Start by typing the URL address: www.snappea.com on your web browser and as the platform is extremely simple, you won't be needing any tutorial to get around it, it only needs you to visit the site and start downloading videos right away.



The process involves pasting the YouTube video links you want to download onto the search bar. You can also explore using the search function on the top downloads section to start downloading videos on your smartphone or computer.

Step 2: Search or Paste YouTube Video link to Start Downloading



After successfully accessing the website, once you're on the site, you'll need to either paste a YouTube link or use a keyword to search for any particular YouTube Video.



You don’t necessarily need to go away from the site to get the video link as you can do the search right on the portal. Also, you can search for the video of YouTube and paste the address on Snappea to download it.

Step 3: Start the Downloading of YouTube Video



Once you find the video you want to download, simply click on the downward arrow and wait for the download process to commence. From the next dialog page, select the file format and resolution you want to download it on to your phone or computer.

Then, the website would take only a few seconds, depending on the size of the files to process your video.

Conclusion



Snappea online downloader offers plenty of added extras, such as the ability to convert videos from one format to another, video merging, and disc burning. Isn't it amazing that you get all these for FREE? Visit Snappea.com today to start downloading 1080p YouTube videos right away!

Snappea Online Downloader lets You Download YouTube Videos and Music Easily

The latest release, antiX 19.3 “Manolis Glezo” is the third iteration in the antiX-19 series. It is comparatively lightweight and suitable for older computers, and also provides cutting edge kernel and applications, as well as updates via the apt-get package system and Debian-compatible repositories.

While antiX is a Debian GNU/Linux-based operating system specifically for Intel-AMD x86 compatible systems.

It is available in four versions, namely: Full, Base, Core, and Net with support for both 32-bit and 64-bit computers, and the ISO images of all variants comes with bug fixes, package upgrades, and other major improvements.

What's new in antiX-19.3 Release?



As antiX-19.3 is based on the Debian 10 “Buster” - it supports both SysV and Runit init systems and subsequently, it is backported to the latest firmware from Debian sid with added security upgrades from upstream Debian.



It also included latest software packages such as Libreoffice 7.0.2.2 and Firefox-ESR 78.3.0, and the antiX Wi-Fi switch tool in antiX-19.3 allows you to choose Wi-Fi manager, with ConnMan and Ceni network managers available by default.

Other major core component updates, includes the upgrade of its default window manager IceWM from the previous version 1.6.5 to latest upstream version 1.8.3 and the kernel from version 4.9.212 to the new version 4.9.235.

How to Upgrade to antiX-19.3 Release



If you're a new user and want to try out the new antiX-19.3, you can download the ISO image to download and install on your supported devices. And if you’re an existing user running the antiX-19 series OS already, you can simply initial the command to upgrade your system.

But note that with the inclusion of latest firmware and support for old and new hardware, the size of the ISO images for the latest point version has increased a bit.

Lightweight Linux Distribution antiX-19.3 Released with upgraded IceWM

BlueZ is an open-source protocol stack that offers support for the core Bluetooth layers used in Linux-based systems.

Now, a security researcher at Google, Andy Nguyen, has disclosed a new set of zero-click vulnerabilities in BlueZ, which flaws in the Linux Bluetooth software stack could allow an unauthenticated remote attacker to execute arbitrary code potentially leading to escalation of privilege via adjacent access.

And the most severe of the vulnerabilities is a heap-based type confusion, tracked as CVE-2020-12351, with a CVSS score of 8.3 out of 10, affecting Linux kernel 4.8 and higher, which is present in the Logical Link Control and Adaptation Protocol (L2CAP) that provides multiplexing of data between higher layer protocols.

How the BlueZ Vulnerabilities affects Linux Systems



According to Andy Nguyen, the three flaws collectively are called "BleedingTooth", and resides in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols used for Linux-based systems.



The first flaw is a heap-based type confusion (CVE-2020-12351), which a remote attacker could leverage in a short distance by sending a malicious l2cap packet and cause a DDOS or possibly arbitrary code execution with kernel privileges, knowing the victim's Bluetooth device name.

And the second vulnerability (CVE-2020-12352) is concerned with the stack-based information disclosure flaw affecting Linux kernel 3.6 and higher, which resulted from a 2012 change to the core Alternate MAC-PHY Manager Protocol (A2MP).

Finally, the third flaw trackeed as CVE-2020-24490, was discovered in the Host Controller Interface (HCI), a standardized Bluetooth interface employed for sending commands, and for transmitting data, is a heap-based buffer overflow impacting Linux kernel 4.19 and higher.

The flaw allows a nearby remote attacker to "cause denial of service or possibly arbitrary code execution with kernel privileges on victim machines if they are equipped with Bluetooth 5 chips and are in scanning mode", according to Google security researchers.

How to Mitigate against the BlueZ Vulnerabilities



Intel has issued a security advisory, as it has significant investments in the BlueZ project, warning of the potential security vulnerabilities in BlueZ that may allow escalation of privilege or information disclosure. And BlueZ has released Linux kernel fixes to address these potential vulnerabilities.

Therefore, it is recommended that users should install the latest kernel fixes in order to mitigate the risk associated with these security issues.

BlueZ Vulnerabilities could potentially affect several Linux Systems

Rescuezilla is an Ubuntu-based Linux distribution forked from the erstwhile Redo Backup and Recovery distro, with point-and-click free bare metal restore solution to backup and restore entire computer.

While the previous Rescuezilla 1.0.6 release brought support for booting on EFI-only systems along with Secure Boot enabled for the 64-bit version. Now, the latest release, Rescuezilla 2.0 has switched to creating backups in Clonezilla format with full interoperability to Clonezilla.

The switch means that you can now restore your full backups created using Clonezilla via Rescuezilla and vice versa. Albeit, you can't be able to restore your backups created with Rescuezilla 2.0 using old versions of Rescuezilla.

What's New in Rescuezilla 2.0 Release?



Rescuezilla 2.0 brings the ability to restore individual partition, SD card (mmcblk) and RAID (md) devices. And it also included backup/restore confirmation and summary pages, with filesystem-aware backup/restore of Linux Logical Volume Manager (LVM).



Given that Rescuezilla 2.0 is based on Ubuntu 20.04.1, it is also available as a standalone Debian file for advanced users on Ubuntu 20.04 LTS. Find the other major improvements in Rescuezilla 2.0 below:

  • Addition of nouveau-firmware package.
  • Frontend rewritten in the Python3 programming language.
  • Switched from unmaintained SLiM (Simple Login Manager) to LightDM for reliability.
  • Existing photorec start menu shortcut renamed to “Photograph deep scan”!
  • Separate ‘Safe Mode’ boot menu: namely, “Graphical fallback mode” and “Load USB into RAM”!
  • Disabled Linux time sync to prevent hardware clock modification.


Additionally, Rescuezilla 2.0 has switched from GTK Bluebird theme to Breeze theme, and it is available for use in English (en-US), French/Français (fr-FR), German/Deutsch (de-DE), and Spanish/Español (es-ES).

How to Upgrade to Rescuezilla 2.0



If you're a new user and want to try out the latest Rescuezilla 2.0, you can download the 64-bit ISO image, and write it to a USB stick using a USB bootable tool like balenaEtcher, and run directly from USB without installation.

And for a 32-bit ISO image, you’ll have to wait for the next release because Rescuezilla has disabled support for 32-bit temporarily until the Python virtual environment is fully configured.

Rescuezilla 2.0 Release: Forked from Redo Backup & Recovery distro for system rescue

Every social media user must have come across a fascinating video or audio music that they’d like to download to their devices, but alas, some platforms like Instagram makes it pretty impossible to download contents.

If perhaps, you've found a video on Instagram or YouTube and wish to save it to your smartphone for later consumption or sharing with friends, then you'll definitely need the Snaptube app to extract audio from video, which might just be the one app you've been searching for so long.

Snaptube is a free app for Android which enables users to easily download video and audio music from social media platforms, including Facebook, Instagram, Twitter, and many more.

Highlight Features of the Snaptube app



Snaptube offer tons of local video contents in different countries, with the ability to search, save video and audio from multiple sites in one place and also create personalized playlists with your media files.



Find other major highlight features of the Snaptube app below:

  • Smart Night Mode: Snaptube also offers Night Mode to help protect your eyes, so that you can enjoy your favorite videos at night too.
  • Support for Multiple Resolutions: Snaptube allows you to stream and download videos ranging from 240P to 4K HD, and downloading of 240p, 360p, 720p videos direct to mobile storage and enjoy the high quality.
  • Easily Convert Videos to MP3: Snaptube can directly convert music videos from MP4 to MP3 files, which is supported on many devices for you to enjoy more popular songs for free.
  • Floating Player Utility: You can save time with the Floating Player, which allows you to chat, play games, browse news, and do those things you want to do while still keeping an eye on your videos.


Additionally, the Snaptube app is light weight and fast, making it staright-forward and easy to use. And without any extensive guide, you'll easily find your way around the app in no time.

How to Download the Snaptube app to Your Android Device



Firstly, Snaptube is currently not available on the Play Store, and you have to learn how to convert videos to MP3 either from the official website if you'd prefer audio music. Snaptube can be downloaded from third party app stores like APTOiDE, AppGallery, uptodown, GetApps and Softonic.

And as usual to download apps from third-party sources, it requires additional steps. Simply go to Settings > Security and toggle on Unknown Sources for older devices. While for Android 10 devices, you'll be automatically prompted to allow the download from third-party sources.

This procedure will enable you to install any application from third-party app stores.

Steps to Download Videos and Audio Music using the Snaptube app



Snaptube is a straight forward app, which you can just use to find a video either by scrolling through the list of trending videos or by searching for a particular video using the search bar. Once you find what you are looking for, tap the download icon in the bottom right corner of the video’s thumbnail to begin the download process.

And the best part, Snaptube gives you an option to select the resolution you want to download your video. As the higher the resolution, the better the quality, but the higher the data that will be required to download the video.



You can also see the data required to download the video at each resolution. So, it is recommended to save data by downloading at a lower resolution.



You can easily tap on any of the buttons of the resolution you want to pick a choice, however, 720p HD Video is the preferred resolution as it is just 36.4 MB for most tests.

Snaptube makes it super-easy to login to any social site by clicking on the icon of the social networking site on the Snaptube home screen and then login to the social site using the built-in browser in the app.

You can browse to find any of the videos you want to download and all the videos will have a download button on their bottom right corner.

Our Verdict!



The simple concept of Snaptube is great and also is its layout. And the unique features will be appreciated by many users such as the ability to add more sites from the bookmark page by clicking on the More button in the Video Sites page.

In fact, Snaptube is far more than just for killing boredom, as it makes it possible for users to watch unlimited videos and listen to music free and equally save on data by allowing the download on your device to watch later. You have no reason not to try it out today!

Snaptube Review: Free app for Downloading Video and Audio Music on Android

The latest release of Android Studio, version 4.1 includes improvements to the importing of TensorFlow Lite models into Android apps and also features a database inspector.

While the previous version of the official IDE for Android development, Android Studio 4.0 brought some exciting features like Motion Editor and Build Analyzer; with the new Motion Editor as a simple visual design editor for the MotionLayout type, making it easier to use the MotionLayout API to manage motion and widget animation in applications.

Now, Android Studio 4.1 improves on machine learning support via TensorFlow Lite models within Android projects, and generates classes so that the models can be run with less code and better type safety.

What's New in Android Studio 4.1?



Android Studio 4.1 made debut on October 12, boasting of the inclusion of database inspector, which enables querying of an app’s database, irrespective of if it uses the Android platform version of SQLite directly or the Jetpack Room library.



The values can then be modified using the database inspector, with the changes seen in apps and it also makes it easier to navigate dependency injection code by providing a new gutter action and extending support in the Find Usages Window. Find other new capabilities in Android Studio 4.1 below:

  • Android Studio Memory Profiler now includes a Native Memory Profiler for apps deployed to devices running Android 10 or later.
  • Android Emulator can now run directly in Android Studio, which conserve screen real estate and enable navigation quickly between the emulator and editor window using hotkeys.
  • Templates in the create New Project dialog use Material Design Components and conform to updated guidance for themes and styles by default.
  • Android Studio Profilers can now be accessed in a separate window from the primary Android Studio window, essentially for game development.


Additionally, C/C++ dependencies can now be exported from AAR (Android Archive) files, and there is symbolification for native crash reports, with updates to Apply Changes allowing for faster builds.

How to Get Started with Android Studio 4.1



Android Studio 4.1 can be downloaded from the Android Studio developers website, with the latest versions of the Android Gradle plugin and Google Maven dependencies to build your project offline available here.

And if perhaps, you don't want to install Android Studio, you can download the basic Android command line tools and use the included sdkmanager to download other SDK packages.

Android Studio 4.1 improves on the importing of TensorFlow Lite models

Porteus Kiosk is a single-purpose, Gentoo-based Linux distribution designed for web kiosks with limited web browser support, Firefox or Google Chrome.

While the latest release of Porteus Kiosk v5.1.0 comes with Linux kernel 5.4.70 and other updated system components, including update to the latest version of Gentoo stable branch. Porteus Kiosk can be used for several purposes such as displaying advertisements, or as an Internet kiosk, or even at other publicly available web terminals for schools, libraries, cafes, and hotels.

It only allows the running of a web browser at a time and users are not able to tamper with settings or download and installing of software.

What's New in Porteus Kiosk 5.1.0 Release



The latest Porteus Kiosk 5.1.0 Release includes the latest Chrome 85.0.4183.121 and Firefox 78.3.1 ESR, with the full list of changes and updates to the packages available here.



Find the other key updates in Porteus Kiosk 5.1.0 below:

  • Creation of PTY nodes during system boot in ThinClient edition.
  • Ctrl+Shift+d keyboard shortcut is now Disabled by default.
  • Broadcom and Realtek PHY drivers are now compiled directly into the kernel to resolve PXE booting issues on some PCs.
  • Double mounting of the kiosk’s client file system in Porteus Kiosk Server “Premium” is now prevented.
  • Enabling of the feature to wipe the guest’s home folder from the persistent partition using the ‘persistence=wipe’ parameter in remote kiosk config.


Additionally, kiosk 5.1.0 has added Video Acceleration API (VAAPI) info in the debug log for users to find which video codecs could be hardware decoded by the GPU. Also, it has enabled EFI stub support in the kernel config which allows booting on some HP PCs equipped with EFI firmware.

How to Upgrade to Porteus Kiosk 5.1.0



If you are a new user and want to try out the new Kiosk 5.1.0, you need to get the ISO image from the official download page.

And kindly note that Porteus Kiosk is released as a standalone 'hybrid' ISO image which can be either burned on a CD/DVD or other bootable media including hard drives, usb sticks, SSD/eMMC devices, and removable SD/MMC cards.

Porteus Kiosk 5.1.0 Release: Gentoo-based Linux distro for web kiosks

Microsoft has issued a warning about a new strain of ransomware targeting Android by taking advantage of call notifications and devices' security lock, to effectively lock-out the device owner, thereby demanding a ransom.

According to Microsoft, the ransomware detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B is a variant of a known family of Android ransomware dubbed "MalLocker.B" which has made a comeback with some new techniques, with delivery of ransom demand on compromised Android devices and evading of security solutions using obfuscation mechanism.

The MalLocker ransomware is known for being circulated via online forums using social engineering lures, such as by masquerading as popular games or video players.

How AndroidOS/MalLocker.B indicates continuous evolution



This latest ransomware is a variant of the malware family that has undergone different stages of evolution, with the various techniques that has been seen used by the malware, including the abusing of system alert window, accessibility features, and recently, the notification services.



While the most recent variants have code derived from an open-source machine learning module known as TinyML model, commonly used by developers to automate the resizing and cropping of images based on screen size, which is a valuable function given the growing variety of Android devices.

The TinyML model ensure that images fit the screen without any distortion, but in the ransomware use case, the model would ensure that the ransom note would be close to appear less contrived and more believable mimicking fake police notice or explicit images supposedly found on the device, thus increasing the chances of the user paying for the ransom.

Additionally, the ransomware code is heavily obfuscated, making it unreadable through name mangling or deliberate use of meaningless variables and junk code to thwart analysis in an attempt to mask its true purpose.

How organizations can protect data from threats across platforms



As Mobile threats continue to evolve, and attackers now attempting to sidestep technological barriers by finding ways to accomplish their goals of financial gain or access to broader network server, there is need to introduce a comprehensive defense system.

Such as Microsoft Defender for Endpoint on Android, which is now generally available, and extends Microsoft’s industry-leading endpoint protection to Android devices. It effectively detected this ransomware (AndroidOS/MalLocker.B), as well as some other malicious applications using cloud-based protection powered by deep learning and heuristics, in addition to content-based detection.

Microsoft warns on New Android malware spreading ransomware attack

Microsoft's Azure App Service is a cloud-based service for hosting web applications available in both Azure Cloud and on-premise installations.

According to researchers at Intezer Labs, there are two security flaws in Microsoft's Azure App Services that could enable an attacker to execute arbitrary code or carry out server-side request forgery (SSRF) attacks to take over the admin server.

The first flaw could enable an attacker with access to the server to take over the Azure App Service’s git repository and implant maliciously crafted pages accessible via the Azure Portal. While the second flaw allowed attackers with an existing low-severity vulnerability on the application (SSRF) to gain full code execution on the App Service and thus, trigger the first flaw.

Albeit, the the flaws were promptly reported to Microsoft since June, after which the company subsequently issued security fixes to address the vulnerabilities.

How the flaws in Azure App Services affect Linux



Azure deployments on Linux are managed by a service known as KuduLite, that offers diagnostic data about the system, which consists of a web interface to SSH into the application node (called "webssh").



The first flaw, which is a privilege escalation vulnerability allows for a takeover of KuduLite via hard-coded credentials ("root:Docker!") which makes it possible to SSH and log in as root, thereby enabling an attacker to completely control the Software Configuration Management (SCM) webserver.

And it could also enable an attacker to listen to a user's HTTP requests via the SCM web page, add their own pages, and inject malicious JavaScript into the user's web page.

Additionally, the second flaw that concerns with the way the application node sends requests to the KuduLite API, could also potentially allow a web app with an SSRF vulnerability to access the node's file system and steal sensitive assets.

How to Mitigate against the Flaws in Azure App Services



Microsoft was promptly contacted with the findings as part of responsive disclosure process and the vulnerabilities were quickly fixed.

However, it is recommended that users should resort to runtime cloud security as an important last line of defense if they detect malicious code injections and other threats that took place after a vulnerability has been exploited by an attacker.

Critical Security flaws in Microsoft's Azure App Services affecting Linux

Swift Atomics is an open source package that makes it possible to build synchronization constructs, like concurrent data structures, directly within the Swift language.

While Atomic operations are enabled on Swift types including integers and pointer values, with the APIs for atomic operations provided which follows the design principles for Swift APIs.

Albeit, atomics are difficult to use correctly, unlike other low-level concurrency constructs, but the underlying operations work on a very low level of abstraction. Therefore, approach atomic code with extreme caution.

What are the Supported Atomic Types



Atomics enables the creation of higher-level constructs for managing concurrency without having to resort to importing implementation from any other language.



The atomic operations for the following Swift types, all of which conform to public AtomicValue protocol, are as follows:

  • Unmanaged references.
  • Strong references to class instances that opted into atomic use (by conforming to the AtomicReference protocol).
  • Standard pointer types (UnsafeRawPointer, UnsafeMutableRawPointer, along with their optional-wrapped forms.
  • Any RawRepresentable type whose RawValue is in turn an atomic type (such as simple custom enum types).
  • Standard unsigned integer types (UInt, UInt64, UInt32, UInt16, UInt8).


Additionally, Atomic strong references are implemented in terms of DoubleWord operations, and atomic operations can be performed from multiple, concurrent threads as long as the value is accessed through atomic operations.

How to Get started with Swift Atomics



If you want to get started with Swift Atomics, start by trying out the Atomics library that is publicly available on GitHub.

And there is also an Atomics forum for discussing the technology, and you can get support for atomic floating point operations when requested.

Swift Atomics: Apple adds low-level atomic operations to Swift language

Google has launched Android Partner Vulnerability Initiative (APVI) program to tackle Android security issues, especially those affecting many of the Android OEMs.

While APVI aims to provide transparency at driving remediation on security issues discovered by Google that affect any phone model that is shipped by Android partners.

The program will also alert users of the security vulnerabilities in their Android phones manufactured by third-party companies, with all the detected security issues made available on Google’s catalog, and tips on how to migitage against those vulnerabilities.

How APVI will improve Android OEM devices' security



APVI targets Google-discovered security issues on Android that could potentially affect the security of any device running Android or its user and it's aligned to ISO/IEC 29147:2018 Information technology, which security techniques include vulnerability disclosure recommendations.



Also, the initiative covers issues impacting device code which is not particularly serviced or maintained by Google; it aims to close the security gap, by adding another layer of security for targeted set of Android OEMs. This is perhaps the first time Google is providing a clear way to process Google-discovered security issues outside the AOSP code that can impact a much smaller set of specific Android OEMs.

The company had earlier made it possible to report vulnerabilities in Android code through the Android Security Rewards Program (ASR), and vulnerabilities in third-party Android apps via the Google Play Security Rewards Program, and also, releases ASR reports in Android Open Source Project (AOSP) based code via the Android Security Bulletins (ASB).

How APVI Protects Android users



APVI has currently processed several security issues that affect Android users, including protection against permissions bypasses, code execution in the kernel, and credential leaks, among others.

Google is working hard to incorporate industry-leading security features with the partnership of developers and device OEMs to keep the Android ecosystem secure and safe for users.

Google launches APVI to tackle Android Security Issues On Non-Pixel Phones

Angular is a popular platform for building mobile and desktop applications, with the latest version of the Google-developed web framework, Angular 11 having five beta releases in September.

There are several new additions and changes in the framework, including router performance improvements, and stricter types, which is added for DatePipe and number pipes to catch misuses, such as passing an array at compile time.

While Angular 10.0 was released on June 24, bringing tools and ecosystem capabilities; Angular 10.1 point release brought compiler and router improvements, and was released on September 8.

What’s new in Angular 11?



Angular 11 is currently in beta release as at now, and there is no official information regarding Angular 11 release date; albeit you can update your applications to Angular 11 pre-release versions.



The beta releases of Angular 11 are currently available on GitHub and some improvements that have been proposed for Angular 11 include:

  • Removal of support for the Microsoft IE 9 and IE 10 browsers, including IE mobile support.
  • Router in Angular 11 changes the default value of relativeLinkResolution from “legacy” to “corrected” and the migration updates RouterModule configurations uses the default value to specifically use “legacy” to prevent update breakages.
  • Improvements to router performance, with ngDevMode used to tree-shake error messages.
  • Improvement to typing of common pipes and other bug fixes that ensure TestBed is not instantiated after the override provider.
  • Interfaces for the compiler-cli are now defined to be used for TemplateTypeChecker, with performance improvements been made to compiler-cli.
  • Angular compiler now has keySpan added to the Variable node.


Additionally, the service-worker, which is an UnrecoverableStateError notification is being added to fix the issue in which a broken state would arise whereby only some parts of an application would load properly, when the browser has evicted eagerly cached assets from the cache that can't be found on the server.

How to Upgrade to Angular 11 pre release versions?



If you are already running Angular 10 and want to upgrade to Angular 11, you can use the following command to upgrade your application to pre-release version of Angular 11.

ng update --next


And add --next flag as Angular 11 version is still in pre-release state, however it is strongly recommended that you should update your application to Angular 10 before upgrading to Angular 11.

Angular 11 Update: What’s new and the final release date

GitHub code scanning technology is based on the CodeQL semantic code analysis system, which it acquired from Semmle; with the code scanning service helpful in discovery of security vulnerabilities in code bases.

It's supposed to run actionable security rules by default, which will enable developers to remain focused on their project, without being overwhelmed with bug issues. As the code is created, it is scanned while actionable security reviews are compiled within pull requests, and coupled with other GitHub experiences.

The code scanning technology integrates with the GitHub Actions CI/CD platform or other CI/CD environment, which process is intended to ensure that vulnerabilities never make it into the finished project.

How Developers can leverage GitHub code scanning technology



Developers can use GitHub code scanning technology to write a query that finds all variants of a vulnerability, and share with other developers. And if a developer could create a query with a bug class for cross-site scripting, then it can be used to find any bug class.



The tool leverages the over 2,000 queries created by GitHub community at large, or through custom queries built to address new security concerns. With the GitHub code scanning built on the SARIF standard, developers can also include open source and commercial static app security testing solutions in the same GitHub-native experience, as it is extensible.

While third-party scanning engines can also be integrated to view results from any of the developer’s security tools using a single interface and the results can be exported through a single API.

How to get Started with GitHub code scanning



GitHub code scanning is completely free for public repositories, and available for the fee-based GitHub Enterprise service through GitHub Advanced Security for private repositories.

The first beta of GitHub code scanning has scanned about 12,000 repositories 1.4 million times and discovered more than 20,000 security issues including SQL injection, remote code execution, and cross-site scripting vulnerabilities.

GitHub releases Code Scanning technology for detection of security bugs

Flutter is a cross-platform toolkit designed to allow code reuse across operating systems, such as iOS and Android, allowing applications to interface directly with the underlying platforms.

While the Flutter SDK has been broaden to include other platforms including web, macOS, and Linux; now, the alpha release of Flutter for Windows has been announced. As Windows remains a popular desktop choice, with over one billion active devices running Windows 10, it’s a natural target for Flutter.

Flutter for Windows Alpha can build standard .exe files and the supporting libraries, to run on PCs as dated as Windows 7, all the way up to Windows 10. And just like Flutter on other platforms, you can make use of the exact Dart code for Android/iOS app for Windows and other supported desktop platforms.

What the Flutter SDK will bring to the Windows platform



Flutter expands the core framework of each platform it is added on with new services to enable it to shine on that platform.



Furthermore, the new platform doesn’t only influence the Flutter framework and engine, but several other things as well, including:

  • Plugins: Mixture of Dart code and native code available for each of the platforms which the plugin supports. And the native code has to be added for each plugin compiled into Flutter app.
  • Toolchain updates: It adds a new target to the CLI and IDE tools, which in this case, on Windows platform.
  • Shell: The support for handling input from Windows via WM_* messages and output via ANGLE, uses Skia to render at native speed for underlying DirectX surface.


Additionally, every new project gets a shell application for the supported targets, like on Windows, there is a Win32/C++ program that loads Flutter code and executes it at runtime, which is a good place to add native code to your app if needed.

How to Get Started with Flutter for Windows



The Flutter SDK can be installed according to the Windows installation instructions, here. And you need to target Windows desktop, which you first need to install the tooling described in the desktop docs. Flutter by default assumes that you’re building production software and it isn’t configured to develop Windows apps. But, the following command line, fixes it:

$ flutter channel dev
$ flutter upgrade
$ flutter config --enable-windows-desktop


And note that every time you create a new Flutter app, using the extension support for Android Studio or Visual Studio Code, or from the command line, it creates a new windows subfolder.

Flutter for Windows: Google’s Popular SDK comes to the Windows platform

Fedora 33 Beta is the pre-stable release version which is now available for download and testing, with all new features and updates expected in the final release.

While the stable version, Fedora 33 is scheduled for release at the end of October; the beta includes KDE Plasma, Xfce, and other desktop environments, as well as images for ARM devices, with the previous version, Fedora 32 haven introduced Comp-NeuroFedora lab to enable computational neuroscience.

The different desktop variants of Fedora 33 Beta, including Fedora Workstation, Fedora KDE, and the others, will also use BTRFS as the default filesystem.

What's New in Fedora 33 Beta



Fedora 33 Beta includes all the important changes that will land in the final version, for instance, the transition to Btrfs filesystem for Fedora Workstations and Spins along the x86_64 and ARM architectures, and more approachable GNU Nano editor, enabling earlyOOM by default to improve system memory performance.



The default to nano editor is more welcoming to new users, and those who wish to use emacs, vim, or any other editor are equally covered. And it also incudes GNOME 3.38, which now includes a welcome tour to help users learn about the great new features, which offers full of performance enhancements and improvements.

Fedora 33 Beta also provides better thermal management and peak performance for Intel CPUs by including thermald by default, and as the desktop, Fedora 33 Workstation Beta includes animated backgrounds by default as well.

Additionally, Fedora IoT is now an official Fedora Edition, which is geared towards edge devices with a variety of hardware platforms. Fedora IoT is based on ostree technology for safe update and rollback, including the Platform AbstRaction for SECurity (PARSEC), an open-source initiative that offers a common API to hardware security and cryptographic services.

How to Get Started with Fedora 33 Beta



Though Fedora 33 Beta release is code-complete and bears a strong resemblance to the final release, but you should take your time to download and try it out, and make sure the things that are important to you are covered.

You can donwload the ISO image from the official page, with the images of all editions and variants available, and as for torrent downloads, you can check out this page.

As expected, there may be bugs in the Beta, so you should report them promptly to help in improving the experience of millions of Fedora users, with your feedback helping not only Fedora, but Linux and free software as a whole.

Fedora 33 Beta precedes the Final Release coming at the end of October