Rolling Rhino


Ubuntu rolling release is one of the development cycle, unlike the LTS (Long Term Support) release, that continuously gets new changes or package updates.

While the most popular Linux distribution, Ubuntu requires that users download and install the new release versions, and also need to set it up to get all the new updates.

But a new command-line tool known as Rolling Rhino released by Martin Wimpress, Ubuntu Desktop head, can now convert Ubuntu’s daily build image to a “rolling-release” and also keep track of all changes in devel series.

How Rolling Rhino recreates Ubuntu Rolling Release



The command-line tool, Rolling Rhino turns Ubuntu’s daily build image into a “rolling-release” while keeping track of all the changes in devel series.

Ubuntu rolling release


Ubuntu Linux system when converted into a rolling release, syncs with the Ubuntu Development Branch of subsequent series, and gets all new changes and packages without the need for users to download the new ISO images.

And the best part, Rolling Rhino doesn't only work for Ubuntu desktop, but also all other official Ubuntu flavors, including: Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Kylin, Xubuntu, Ubuntu MATE and Ubuntu Studio.

How to get Started with Rolling Rhino



Rolling Rhino, currently can't detect PPAs or desktop meta-packages, so if you want to use the command-line tool, you need to migrate your PPAs and fix any associated issues that may occur when using repos from the development branch.

And users of Rolling Rhino are bound to get bugs or errors from all new changes or packages, which is perhaps the main reason why Martin stated that Rolling Rhino is only intended for Ubuntu developers and experienced users.

Additionally, Rolling Rhino lacks support for normal or LTS version of Ubuntu, as such, you'll need to download and install the daily build image of the Ubuntu desktop to create Ubuntu rolling release.

Rolling Rhino command-line tool converts Ubuntu to Rolling Release

Black and white photo


Almost everyone has that old black-and-white photos that are timeless, which they would love to have them reprocessed to modern color photos. Such reprocessing, albeit are often costly, but colorizing your old family pictures can give them a complete new lease of life.

That's why we've put together this in-depth guide to help you do just that, at no cost, irrespective of your photo-editing ability level.

Image Colorizer is a great utility AI tool that can colorize your old black and white photos instantly using deep learning technology. It helps to bring a splash of new life to your old and historic photos and requires no Photoshop skills and all for 100% free!

Unique Features of Image Colorizer AI Tool



Image Colorizer utilizes trained AI systems to recognize old images and choose the appropriate and best strategies to restore the color details of old photos. Find some other unique features of Image Colorizer below:

  • AI Technology: Image Colorizer is based on AI technology, which trains the system to better colorize the black and white photos in just a few seconds.
  • Easy to Use: You don't need to use Photoshop to colorize black and white photos anymore with all the hassles and difficulties. Simply upload your old photos and have the AI system to do the job.
  • High Quality Results: The AI system could easily scan your photos and choose the appropriate way to colorize your photos and images with high quality guaranteed.
  • Privacy Protection: All uploaded images and photos are deleted every 24 hours. Therefore no photos are stored and used for any other purpose without your permission.
  • 24/7 Support: You get 24/7 support whenever you encounter any problems or need suggestions. What's more, when you are getting it all for free!


There is absolutely no need to use manual approach as you can automatically colorize your photos or images using Image Colorizer without sacrificing the image quality.

How to colorize old photos on your phones using Image Colorizer



Simply download and install Image Colorizer on your iOS or Android device, and upload your old black and white photo to the server for reprocessing!

Step 1: Upload Your Old Image



Upload old photo


Step 2: Image Colorizer processes Your Photo



colorizing old photo


Step 3: Download Your New Color Photo



Download color photo


In conclusion, it's never been this easier to do photo colorization, thanks to Image Colorizer AI Tool and, of course, there is no more need for Photoshop after all. Just download and use the best Image Colorizer App now!

Image Colorizer: New AI Tool for Automatic Colorizing of Black and White Photos

Cryptojacking Malware


Docker is a popular service for packaging and deploying software applications; but lately, malicious actors are beginning to target its exposed API endpoints with malware-infested images to mine cryptocurrencies and facilitate distributed denial-of-service (DDoS) attacks.

While the purpose of Docker images is to generate funds by deploying cryptocurrency miner using Docker containers and to distribute these images leveraging the Docker Hub repository, according to Unit 42 researchers.

Docker containers offer a convenient way for packaging software, as evident by its increasing popularity and adoption rate, combined with coin mining capabilities, which makes it a huge target for malicious actors to compute resources for cryptojacking.

How Malicious actors spread the Cryptojacking Malware



The authors behind the malware images uses a Python script to trigger the cryptojacking operation and takes advantage of network anonymizing tools like ProxyChains and Tor, which enables them to evade network detection.

Cryptojacking Malware


And the mining code image exploit the infected systems to mine the blocks, using the processing power of the system. With the already taken down Docker Hub account, azurenql, consisted of eight (8) repositories that hosted six malicious images capable of mining the privacy-focused cryptocurrency, Monero.

This particular account have collectively pulled over two million times the images hosted since the start of the campaign in October 2019, and one of the wallet IDs earning more than 525.38 XMR ($36,000).

How to Mitigate against the Cryptojacking Malware



As Docker presents a renown platform-as-a-service (PaaS) solution for Linux and Windows which allows developers to package, test and deploy their applications in a contained virtual environment that isolates the service from the host system.

Therefore, the security best practices recommended are such as: Avoid pulling or using base images from untrusted repositories and install the latest apps and threat definitions on the Networks Firewall.

Cryptojacking Malware from Docker Images spreading via Docker Hub

Windows vulnerability


The Windows group policy object (GPO) mechanism was reported to have some vulnerability which permits standard user in a domain environment to perform a file system attack, which in turn, allow malicious actors to evade security solutions, and result in severe damage to an organization’s network.

This vulnerability impacts Windows systems, from 2008 or higher and capable of escalating its privileges in a domain environment.

Though, Group Policy updates don't happen in an instant by default, as usually it takes time to propagate over a network, which is more reason Windows includes a tool called GPUpdate.exe for running request on GPO updates from the domain controller.

How the Group Policy vulnerability can be exploited by an attacker



The group policy mechanism is used by admins to enforce policies across a managed environment, allowing admins to essentially do anything they want with GPOs, ranging from disabling Windows Defender and firewall to installing software and printers.

While the Windows’ group policy mechanism is considered a relatively safe way to distribute settings on a domain environment, from printers to backup devices, it needs to interact with many other components. And these many interactions result to potential vulnerabilities.

GPO vulnerability


The bane, however is that a group policy update can be requested manually by a local non-privileged user, which if there is a bug in the group policy update process, can be triggered by an attacker to make a potential attack easier. Instead of having to wait for the 90 minutes (which is the default time period to push group policy updates on a domain environment), an admin could force it immediately.

And the local group policy service, which is named gpsvc, needs to be privileged to carryout its duties, as it runs in the context of NT AUTHORITY\SYSTEM. Therefore, if an attacker manages to find an unsafe file operation, it could easily reparse to another file using a file manipulation attack.

How to mitigate against the risks of the Group Policy vulnerability



The flaw, marked as CVE-2020-1317, affects the most basic mechanisms for centrally managing the settings of Windows PCs and users in Active Directory environments, known as Group Policy.

Microsoft has issued a patch to fix the Group Policy vulnerability that could allow compromised non-privileged user accounts to place malicious DLLs on a system. The company, however failed to disclose further information in its advisory about the severity of the flaw, aside what the researchers from CyberArk who discovered the vulnerability, has already stressed about its seriousness.

Hackers exploiting the Group Policy vulnerability in Windows system

Go language


Generics, which programming allows for the representation of functions and data structures in a generic form, could arrive in Go 1.17, due for release in August 2021.

While the plan to introduce generics to the programming language was initiated by the Go project developers with a draft for type parameters to replace contracts with interface types.

The developers also introduced a transition tool to enable the translation of generic code. As the authors of the design draft discovered that the difference between contracts and interface types was a bit confusing, so they eventually dropped the contracts plan.

What generics can bring to Go language



The most important capability of generics in Go is to write functions like Reverse without minding the element type of the slice. Then developers can write the function once, also write the tests, put them in a go-gettable package, and call them up whenever they want.

Even better, since this is open source, someone else can also write Reverse once, and it can be used by others to implement theirs.

Given that Go language has two general-purpose generic data structures built into it: slices and maps. With slices and maps able to hold values of any data type, and static type checking for values stored and retrieved. The values stored are not as interface types.

What's the next step for Generics in Go language?



The Go project developers released an updated design draft for type parameters on June 16, which draft replaces contracts with interface types. And the type parameters are now constrained by interface types, while interface types can include type lists, albeit only when used as constraints.

They promise to continue to adjust it as they learn more, from their experiences and that of the community, what works and what doesn’t. If they reach that goal, then it’ll be something that can be proposed for future versions of Go. Hopefully, the generics capability will potentially arrive with Go 1.17 in August 2021, if all goes well.

Go language moving forward with Plans to introduce Generics

GPS Alternative


China has completed and fully launched its home-grown Global Navigation Satellite System (GNSS) known as BeiDou.

While GPS has gained huge popularity as the industry-first navigation system, Europe (Galileo) and Russia (GLONASS) are also working on their own respective global navigation systems. Even India is working on its own navigation system called NavIC to cater for the Indian Subcontinent navigations.

GPS which is also known as GNSS refers to NAVSTAR GPS, owned by the US Government and was originally created for the US defense forces, but afterwards, was opened for public use.

BeiDou Navigation System as credible GPS Alternative



BeiDou consists of 35 navigation satellites in total, which have been deployed in three phases, namely: BeiDou-1, BeiDou-2, and BeiDou-3, with the first launch on October 30, 2000.

BeiDou


The satellites launched as BeiDou-3 are highly advanced than the previous phases, and capable of providing higher bandwidth as they are fitted with atomic clocks for precise time measurements and navigation services.

BeiDou navigation services were opened in China back in 2012 and the global launch followed in 2018; the service as at 2019 already has about 400 million users worldwide.

Growing Competition in the Navigation technology landscape



Apart from China, Russia (GLONASS), India (NavIC) and Europe (Galileo) are already working on their global navigation systems to cater for the respective regions.

What this means is that the days of over reliance on US NAVSTAR GPS are slowing coming to an end. Meanwhile, the US isn't relaxed, as they are also busy with upgrading their own navigation system with the deployment of GPS Block III, a pool of about 10 satellites.

The GPS Block III satellite is scheduled to be launched on June 30 with the help of Space X Falcon 9 rocket.

GPS Alternative: China completes "BeiDou" Global Navigation Satellite System

macOS Big Sur


Apple at its WWDC Event unveiled macOS Big Sur, which is the next update to the iconic desktop operating system, with several new enhancements coming to it's native Safari browser.

While the major security enhancements include new "Privacy Report" feature in the toolbar that gives users insight on how websites are using their personal information, and also, the number of web trackers that have been blocked. Apple users can also choose when and which sites can use a Safari extension.

Additionally, the browser tabs have been redesigned for easy navigation with Safari becoming much faster and more powerful, and displays favicons of websites by default to easily identify tabs, which gives users a means to quickly preview a page by simply hovering over the open tab.

How Extensions support for Safari has been Improved?



The Mac App Store has a new category for extensions that includes top charts and editorial spotlights.

Safari-enhancements


And Apple users can now bring over extensions from other major browsers, and also give the extensions access for only a day, on certain website, or for all website.

Safari's inbuilt Native-translation capabilities



There is new native-translation capabilities now built into Safari, with the browser able to detect and translate an entire webpage into seven (7) languages.

Also, Apple has introduced a customizable Start Page with background image support which extends to iCloud Tabs and Reading List. Besides, Safari is also getting faster, even as Apple claims it's now 50 percent faster than Chrome in loading frequently visited sites.

Apple unveiled macOS Big Sur with big updates to its native Safari browser

Facebook AI


Facebook has launched a new technology which creates 3D models of human photos, dubbed PIFuHD, that works through multi-level architecture based on deep neural network to allow users create fully-detailed 3D models of a photograph.

While the PIFuHD technology which stands for Pixel-Aligned Implicit Function for High-Resolution 3D Human Digitization will be useful in automated image digitization in fields like medical imaging and virtual reality.

The 3D image conversion demo has been made available on Google Colab for users to try out the new technology, but as it's still in initial phase, there are few limitations, for instance, the technology currently can't accept images of over 1K resolutions.

What's the underlying technology behind PIFuHD?



Pixel-Aligned Implicit Function for High-Resolution 3D Human Digitization (PIFuHD) involves end-to-end trainable refined framework for implicit surface learning for high-resolution 3D human photo reconstruction at 1K image resolution.

PIFuHD


The technology is perhaps one of the most revolutionary achievements of 2020 as it is capable of changing the way virtual reality is perceived and work in the areas of medical imaging.

Though, there are still some limitations in the new technology, as currently, it can't accept images with resolutions greater than 1K and it first translates the image into the front and back perspective to deliver the 3D figure in high resolution.

What's the Future projections for PIFuHD?



The major breakthrough behind this technology is the accurate predictions based on context, albeit the memory limitations in current hardware is a huge challenge presently.

PIFuHD technology, however will get to an advanced level, whereby changes will be made in the hardware and such memory limitations will be a thing of the past. If you wish to give the new technology a spin, you can get more information about it from this Facebook research resource.

What is PIFuHD? Facebook’s New Technology for creating 3D Models from Photos

Text Fragments


Google is prepping a new hyperlink model that will permit Chrome users to hyperlink not just a web page, but also to any particular textual content on a web page, which is robotically highlighted.

The new model is referred to as “Text Fragments” and it's more like an anchor hyperlink, but can be created by anybody and with highlighting feature. While the capabilities are already supported in Chrome since version 80, Google is looking to bring it via Chrome extension which makes it easier to create, and works for everyone using Chrome.

The company has submitted a proposal of the new concept to the W3C and hopes other browser vendors will also undertake to implement it, albeit the hyperlinks are backward-compatible.

How the Text Fragments hyperlink model works?



The process for Text Fragments is within the string “#:~:textual content=” which the textual content need to match, and full hyperlink would always appear like this:

https://en.wikipedia.org/wiki/Dog#:~:text=A common breeding practice for pet dogs is mating between close relatives


If you copy and paste the above URL into Chrome, the browser will open Wikipedia’s dog page, and scroll to the primary textual content that matches “A common breeding practice for pet dogs is mating between close relatives,” and highlights it. But if the textual content does not match anything, the page will still load all the same.

The backward-compatibility is as a result of browsers assist of the quantity signal (#) as a URI fragment, which it uses for anchor hyperlinks. And if you paste the URL right into a browser that does not support the assist, the page will still load, and the quantity signal will simply be ignored as an anchor hyperlink.

What's the Drawback of the Text Fragments model?



The only drawback of this model is that it implies you can have areas in a URL, a webpage or discussion board, which you possibly can hand-code the hyperlink with a href tag regardless of the non-HTML and it will still work.

Although, for messengers and social media which do not enable code or use automated URL parsers, things can get a bit more sophisticated. As each URL parser treats an area as the top of the URL, so you'll have to make use of the percent-encoding to switch all of the areas with the equal “%20.”

But, the new Chrome extension, known as “Link to Text Fragment” which is also available on Github will put a brand new entry in Chrome’s right-click menu. So that users can simply spotlight textual content on a web page, right-click and hit “Copy hyperlink to chose textual content.” And just like magic, a textual content fragment hyperlink will find itself in your clipboard.

With this, all of the textual content encoding will be done robotically, so that the hyperlink will work with most websites and messengers.

Google's push for new hyperlink model via Chrome extension

RoboLinux


Robolinux is a unique Linux distro that let users run Windows alongside Linux OS without dual-booting, and create a virtual machine of Windows XP/7/10 using VirtualBox.

While the latest release of RoboLinux v11.02 highlights the introduction of the new inbuilt Robo UNTRACKER installer app, which app if installed in any Linux distro will make it impossible for the PC or laptop to be tracked.

RoboLinux 11.02 is based on the long-term Ubuntu 18.04, even though Ubuntu 20.04 LTS was released months ago; it is surprising that RoboLinux chose 18.04 when developers already found instability issues in 20.04 codebases. Albeit, RoboLinux 11.02 comes with the upgraded Linux kernel version 5.3 bringing the latest hardware support.

What's new in RoboLinux 11.02 Release?



RoboLinux 11.02 comes bundled in three editions with desktop environments, including: MATE 3D, Cinnamon, and Xfce; with several applications like Thunderbird, Deluge Torrent client, VLC, Audacious, Firefox, Simple Screen Recorder, and Stealth VM, among others.

The major highlight of RoboLinux 11.02 remains the introduction of the new Robo UNTRACKER installer app, which changes MAC address every time there is system reboot. Thus generating a completely new random, untrackable, and totally anonymous data packets over the internet.

Additionally, RoboLinux 11.02 upgraded Linux Kernel version 5.3 means that all the features as follows are also included: Support for AMDGPU Navi, and Radeon RX 5700. And Turing TU116 support in Nouveau, with 16 million new IPv4 addresses. Intel HDR display support for Icelake, Geminilake and Compute shader support in Broadcom V3D driver.

Getting Started with RoboLinux 11.02 Release



For existing users of RoboLinux, you can easily upgrade to RoboLinux 11.02 by clicking on the auto-upgrade button on the main menu. While for a fresh installation, you can download the ISO images from the official website, with the installation guide available here.

You can also install the UNTRACKER app on other Systemd-based Linux distributions, with instructions available here on how to install and activate the Robo UNTRACKER app.

RoboLinux 11.02 Release: Debian GNU/Linux OS oriented towards Windows users

JavaScript Standard


The latest standard for JavaScript, ECMAScript 2020 was formally approved on June 16 by ECMA International, and the ECMA technical committee overseeing the specification.

While ECMAScript 2020 introduces some new features ranging from the import() facility for loading modules and the BigInt type for working with arbitrary precision integers.

The proposal also adds an import(specifier) syntactic form, which acts in many ways to return a promise for the module namespace object, created after fetching, and evaluating a module’s dependencies.

What's new in ECMAScript 2020?



The matchAll method for strings, String#matchAll which produces an iterator for all matched objects generated by the global regular expression is another important new feature.

If a developer, for instance, has either a sticky or a global regular expression with multiple capturing groups, and the developer wants to iterate through all the matches, there are currently several options but with limitations. String#matchAll addresses the issues by providing access to all the capturing groups and won't visibly mutate the regular expression object.

ECMAScript 2020 brings multiple of other new features, including:

  • globalThis provides a universal way to access the global this value.
  • import.meta is a host-populated object in Modules that contain contextual information, which serves as a JavaScript metaproperty for host-specific metadata.
  • Dedicated export * as ns from ‘module’ syntax to use with modules.
  • Standardization of for-in enumeration order, which partially specify enumeration order in JavaScript.
  • Nullish coalescing is a value selection operator for handling cases involving property accesses, with a syntax feature for working with “nullish” values (null or undefined).
  • Optional chaining offers property access and function invocation operator that short-circuit the value to access/invoke if null.


Additionally, there is a new Promise combinator, dubbed Promise.allSettled, that does not short-circuit. It returns a promise that's fulfilled with an array of promise state snapshots, but only after the original have settled, that is, it has been either fulfilled or rejected.

ECMAScript 2020 specification is developed on GitHub with the help of the ECMAScript community and there are several ways to contribute to the development of this specification as enumerated here.

ECMAScript 2020 introduces new BigInt type for working with Arbitrary precision integer

FreeBSD


FreeBSD is an open-source Unix-like operating system from the Berkeley Software Distribution, which serves as operating system for powering modern servers, desktops, and embedded platforms.

While the release engineering lead at FreeBSD, Glen Barber, has announced the fifth and final version 11.4 of the FreeBSD 11-STABLE branch, with the new FreeBSD 11.4 bringing several changes to userland applications, hardware, and device drivers.

FreeBSD 11.4 now includes support for renaming ZFS bookmarks, along with improved latency of synchronous 128KB writes to increase 15 to 20% performance.

What's new in FreeBSD 11.4 Release?



While FreeBSD has supported the ZFS filesystem longer than any operating system, the additional support for renaming ZFS bookmarks, will help to further enhance its functionality in FreeBSD 11.4.

FreeBSD 11.4 has also added JMicron JMB582, D-Link DWM-222 LTE dongle, JMB585 AHCI controllers, and Intel Cannon Lake PCH, among hardware support it offers. Furthermore, several utility software has been upgraded to bring new functionality to the operating system.

The camcontrol utility, for instance now includes support for AMA (Accessible Max Address Configuration) and block description, with usbconfig utility adding the detach_kernel_driver command. And the jot utility now allows an endless stream of random data in the specified bounds and YPMAXRECORD value increase in yp subsystem for Linux compatibility. You can get the full list of new features from the official release notes.

How to Upgrade to FreeBSD 11.4 Release?



FreeBSD 11.4 release is available for armv6, amd64, i386, powerpc, powerpc64, sparc64, and aarch64 architectures. If you are new to FreeBSD, you can download the ISO images of FreeBSD 11.4 for a fresh installation from here and the in-depth installation guide is available here.

For existing users of the previous version of FreeBSD 11-STABLE branch, you can easily upgrade your system to FreeBSD 11.4 using the freebsd-update utility.

FreeBSD 11.4 Release: What's New and How to Upgrade your software?

IoT vulnerabilities


The security researchers at JSOF, an Israeli cybersecurity company discovered 19 flaws, many of which are classified as critical, which they dubbed Ripple20, that are affecting millions of IoT devices across several vendors.

The vulnerabilities reported in early 2020 have a ripple effect across the embedded supply chain, including several consumer products like IP cameras and printers to specialized inter-connected devices used across business organizations such as video conferencing systems and enterprise systems.

These systems are at risk due to the embedded TCP/IP library with flaws that allow for remote code execution over the network which could result to a full compromise of the affected devices.

How the 19 Flaws in TCP/IP software library was Discovered



JSOF collaborated with security researchers from IoT vendors and visibility firm Forescout in identifying potentially vulnerable products by using TCP/IP signatures in its knowledgebase of embedded devices.

The researchers also worked with the critical infrastructure arm of the US Cybersecurity (ICS-CERT) and Infrastructure Security Agency (CISA), in order to notify and confirm the affected products and vendors.

The vulnerabilities are all memory corruption issues stemming from errors in the handling of packets sent over the network via different protocols, including IPv4, IPv6, ICMPv4, IPv6OverIPv4, UDP, TCP, ARP, DHCP, DNS or the Ethernet Link Layer. While two of the vulnerabilities were rated 10 which is the highest possible severity score in the Common Vulnerabilities Scoring System (CVSS).

And from their findings, all products from 11 vendors have been confirmed as vulnerable, which products include infusion pumps, UPS systems, networking equipment, POS systems, IP cameras, building automation devices, and ICS devices, and the researchers believe the flaws could impact millions of devices from other vendors.

Efforts to Mitigate against the Flaws in TCP/IP software library



JSOF in partnership with Forescout have developed signatures based on traffic patterns that could be useful in identifying potentially vulnerable devices.

And they've also brought a lot of open-source intelligence gathering by way of analyzing legal and copyright documentation of products, to discover mentions of Treck in stack traces and debugging symbols on firmware analysis or relationships between the developer and various vendors.

Forescout has subsequently added the detection capability to its own IoT visibility and management products, with JSOF planning to release some of the information so that organizations can develop own scanning and monitoring capabilities for their networks to identify devices that might be at risk of Treck library to isolate them.

The researchers have also contacted affected vendors, including Schneider Electric, HP, Intel, Rockwell Automation, Caterpillar, Baxter, and Quadros, all of which have acknowledged the flaws and have taken an assessment of their products. Also, CISA has advised affected organizations to perform proper analysis and risk assessment before deploying defensive measures.

Ripple20 Flaws leaves millions of IoT Devices vulnerable to attacks

Go language


Google's statically typed, compiled programming language, Go is similar to C, syntactically - but with memory safety, structural typing, garbage collection, and CSP-style concurrency.

Now, the next version of the language, Go 1.15 beta, offers smaller binary sizes via an enhanced compiler, and the runtime and linker have been improved with the forthcoming release. While the final release is due for August, with about five percent reduction in typical binary sizes in Go 1.15, compared to Go 1.14.

The reduction is as a result of elimination of more-aggressively unused type metadata and certain types of garbage collection metadata.

How Go 1.15 Achieved Compiler Improvements?

.

The compiler improvements were achieved by the toolchain mitigation of Intel CPU erratum SKX102 on GOARCH=amd64 in aligning functions to 32-byte boundaries and padding the jump instructions.

While the compiler’s -json optimization logging now reports large copies qual to or as greater than 128 bytes, and provides explanations of escape analysis decisions. Albeit, the padding also increases binary sizes, which increase is more than compensated for by the binary size improvements. Go 1.15 brings a -spectre flag, though seldomly needed, to the compiler and assembler to enable Spectre CPU vulnerability mitigations.

And the Go 1.15 compiler rejects //go: compiler directives which have no meaning for the applied declarations, and reporting of a “misplaced compiler directive” error. These directives were previously broken, and were silently ignored by the compiler.

What are the Major Improvements in Go 1.15?



Besides the compiler improvements, the runtime allocation of small objects now performs better at high counts and has lower worst-case latency. Furthermore, the non-blocking receive on closed channels now perform as well as non-blocking receive on open channels.

Also, the Go linker has witnessed substantial reduction in linker resource usage; that for a set of large Go programs, linking is 20 percent faster and uses 30 percent less memory on average, and for ELF-based operating systems on AMD64 architectures, with more modest architecture/OS improvements.

The Key to the improved linker performance are the newly redesigned object file format and revamping of internal phases to boost concurrency.

If you wish to get started with Go 1.15 beta, it can be downloaded from the official website and you can refer to the release notes for further guidance.

Go 1.15 beta focuses on Runtime, Compiler and Linker improvements

Chrome browser


Google will commence the blockade of notifications from sites that it believes misuse or abuse the privilege of notifying users, starting with Chrome 84.

While Chrome 84 is scheduled to be released on July 14, the new browser's abusive notification protection will only affect "permission requests" newly sent from abusive sites, not those that have been unwittingly agreed to prior to this release. However, Google is looking to expand the anti-notification defense to even already accepted notifications in the future.

It will affect sites that Google thinks traffic in notifications to trick users, with such sites' notifications going to be scaled back to what Google defined as its "Quiet UI" and a Chrome warning informing the users that the website may be trying to coax them into accepting future notices.

Why the blockade of Website's abisive notifications?



According to PJ McLachlan, a Google product manager, the issue of abusive notification prompts are among the top user complaints received about Chrome.

And such abusive notifications include two broad categories: permission request issues, which is intended to mislead users, usually to allow further notifications, and notification issues, an even more nefarious notification that aid phishing attacks, linking to malicious software or trying to fake system alerts or messages.

Google claims that a large portion of such notifications actually originate from a very small number of abusive sites.

How to ensure your Website is not flagged?



Those websites that Google deems as abusive in their notifications will first be notified by email at least 30 days before Chrome begins to enforce the new rules.

In which interim, the affected sites will be given the chance to prove or mend their actions and then be able to resubmit application for review.

Google has detailed its Abusive Notifications Report here, with the mechanism it will use to highlight bad actors and the review process for site owners.

Google to target Websites for abusive notifications starting with Chrome 84

CentOS


CentOS is a free, community-supported Linux distribution that provides a computing platform compatible with its upstream source, Red Hat Enterprise Linux (RHEL).

The third iteration of CentOS 8 series, version 8.2 (2004) has been released superseding the previous CentOS 8.1 (1911). While CentOS 8.2 is rebased on the newest RHEL 8.2 source code, which makes it fully compatible with upstream RHEL 8.2 and also benefits from all the major changes.

Along with several improvements from RHEL 8.2, CentOS 8.2 now includes the latest versions of Python 3.8, GCC Toolset 9.1, and Maven 3.6, all developer tools.

What's new in CentOS 8.2 (2004) Release?



Besides acquiring several improvements from RHEL 8.2, CentOS 8.2 has added setools-console-analyses and setools-gui packages for analysis of SELinux-policy and data-flow inspections.

And some CentOS packages have been modified, including apache-commons-net, anaconda, basesystem, cloud-init, cfirefox, grub2, httpd, kernel, ockpit, dhcp, thunderbird, yum and PackageKit. It has also added extra packages that aren't part of upstream RHEL 8.2 and removed some packages as well.

Some of new packages included in CentOS 8.2 are as follows: centos-indexhtml, centos-logos, centos-obsolete-packages, centos-release, centos-backgrounds, elrepo-release and epel-release.

How to Upgrade to CentOS 8.2 (2004) Release?



For existing CentOS users, the upgrade to new CentOS 8.2 (2004) update can be initiated on your system if you run the command as follows:

sudo dnf update


But for new users, you can download the ISO images for CentOS 8.2 from the CentOS mirror repositories. And note that the images are available for three architectures: aarch64, ppc64le, x86_64. If you are a system administrator, you can easily customize system-wide cryptographic policies with the updated crypto-policies.

CentOS 8.2 (2004) Release: What's New and How to Upgrade?

Dart language


The general-purpose programming language developed by Google, Dart is easy to learn, scalable and deployable everywhere; now it has sound null safety in the works.

While null safety help developers avoid a class of hard to spot bugs when they opt for it, their codes are made non-nullable by default, meaning that the values cannot be null unless specifically made to be so. With null safety, the runtime null-dereference errors turns to edit-time analysis errors.

Dart’s null safety which is still in preview, is perhaps the biggest addition to the programming language since the release of Dart 2 in August 2018.

Overview of the Dart’s sound null safety



Dart's sound null safety analyzes code, to determine that a variable is non-nullable and ensures that it's always non-nullable. The compiler can then produce smaller and faster code as it doesn't need to add checks for nulls when it already knows a variable is not null.

As null safety is backward compatible, it will serve as an optional feature, allowing developers to be able to adopt it whenever they’re ready and the Dart core libraries have also been migrated to use null safety.

The fundamental design of Dart's null safety includes the fact that developers must explicitly note that a variable can be null, or it'll be considered non-nullable. And it is incrementally adoptable, with tools made available to help with migration.

Getting Started with Dart’s sound null safety



If you want to test the Dart’s sound null safety feature, it is currently available for testing in this version of DartPad, and also due in a production-ready Dart release by the end of 2020.

The null safety version of DartPad is the first in a series of code examples designed to illustrate the new syntax and coding patterns for null safety.

And each snippet starts off in a bad or broken state. Therefore, you’ll probably encounter warnings from the Dart analyzer, or the code probably won't compile. But by simply following the instructions and making some edits to the code, you can be able to update each snippet to a working state.

Dart Programming language null safety make codes non-nullable by default

Escuelas Linux OS


Escuelas Linux is an educational OS based on Bodhi Linux which comes with a great amount of educational software, and supported across almost all computers, including 32-bit systems.

While Escuelas Linux is a low-resource distribution, which uses Enlightenment as graphical interface, with RAM and hard disk requirements all very low, making it even possible to install on computers with at least 512 MB of RAM and 40 GB of hard disk space.

The latest Escuelas Linux release, version 6.9 includes major software updates and bug fixes; though primarily targeted at Spanish-speaking students, it also has support for English language.

What's New in Escuelas Linux 6.9 Release?



Escuelas Linux 6.9 features the latest Moksha desktop environment along with new set of themes, coupled with the major highlight of the current most popular video conferencing app, Zoom, supported by default.

Also, you can now choose Audacity as an available option to open MP4 files.

It has all the important software such as Firefox, Chrome, Adobe Flash, Blender, Geogebra, LibreOffice and Inkscape updated to its most recent versions. And Escuelas has fixed the bug in OpenShot video editor that allows openning of your projects in the OpenShot directly from the File Manager.

How to Upgrade to Escuelas Linux 6.9?



For existing users, who are upgrading from the previous version of Escuelas Linux, you can simply update your system by using the packages in Files -> actualiza-update.

While for fresh installation of Escuelas 6.9, download the ISO image from the official website which is available for both 32-bit and 64-bit systems. Also, you can download the installation manual to boot it from your VirtualBox or dual boot with Windows. If you encounter anything difficulties, there is an official guide available here.

Escuelas Linux 6.9 Release comes with tons of Educational Apps by default

TransCoder AI


Tanscoder AI is a neural transcompiler developed by Facebook researchers, which can easily convert source code from one high-level programming language to another.

While the migration of existing codebase to a more modern language requires huge amount of resources, both in manpower and finances; making use of transcompilers can help to eliminate the amount of expenses involved in rewriting the codes from scratch.

The neural transcompiler, TransCoder AI can convert codes between high-level programming languages such as C++, Java, and Python.

How Accurate is TransCoder AI?



Facebook researchers have trained TransCoder AI using a publicly available code within over 2.8 million open-source repositories on GitHub to focus on code translation at the very functional level.

TransCoder AI Accuracy


While for the evaluation of the performance of TransCoder AI, the researchers chose 852 parallel functions in C++, Java and Python from a popular platform that teaches coding through problems and offering solutions in different programming languages, known as GeeksforGeeks.

The above two data were used to develop a new metric called “computational accuracy” to check if translated functions generate the same outputs with the inputs as it did in the original source language.

And the accuracy level in results obtained by TransCoder AI during conversion of codes from C++ to Java is 74.8%; C++ to Python is 67.2%; Java to C++ is 91.6%; Java to Python is 68.7%; Python to Java is 56.1%; and Python to C++ is 57.8%!

Why TransCoder AI for the Conversion of Programming Languages?



As the migration of existing codebase to a more efficient language requires a huge amount of resources, making use of transcompilers can help to eliminate the amount of expenses involved in rewriting the codes.

But neural transcompilers are quite difficult to build in practice as a result of the fact that source and target language have differences in syntax, standard-library functions, variable types, and platform APIs.

TransCoder AI will help to tackle these challenges with an unsupervised learning approach, which can run with a minimal amount of intervention to find hidden patterns in data sets and outperform rule-based baselines by a wide margin.

TransCoder AI: Facebook's Code Converter for high-level Programming languages

Vue.js


The JavaScript framework for building web interfaces, Vue.js is moving towards a general release with the beta haven been available since early spring, which touts of improvements in such areas as TypeScript support and speed.

While Vue.js 3.0 is slated for a general release this month, the beta version is currently available on GitHub. It features a rewritten virtual DOM and compiler-informed paths for better performance, and the Vue 3.0. Server-side rendering is twice faster, based on benchmarks simulating scenarios.

Also, the component initialization is more efficient, and update performance has greatly improved. The Vue.js 3.0 codebase is written in TypeScript with type definitions auto-generated, coupled with an API that is same in both TypeScript and JavaScript.

What's New in Vue.js 3.0 beta?



The new framework has a composition API which is usable alongside the Options API, and offers a set of additive, function-based APIs for a flexible composition of component logic and reuse.

And the tree-shaking, which improves overall performance by reducing the output file size, is highlighted, with most optional features, such as the v-model directive, necessary for creating two-way data bindings. Other highlighted capabilities in the Vue.js 3.0 beta include:

  • Custom Renderer API, set to have integration with the NativeScript framework.
  • Fragments capability to solve issue where multiple root components are not allowed.
  • Explorative type-checking in SFC (Single File Components).


How to get started with Vue.js 3.0 beta?



The Vue 3.0 beta is currently available on GitHub and the open source “progressive” Vue.js framework is meant to enable development of more maintainable web user interfaces.

With Vue.js, any Web page can be split up into reusable components, as the framework is reactive; when data changes, it takes care of updating every other part of a web page where the data is used.

The Vue.js GitHub repo already has 166,000 stars, which lends to prove its usefulness to the developer community.

Vue.js 3.0: New Framework version promises improvement in TypeScript and speed

Apple iOS 14


Apple is expected to commence its virtual WWDC 2020 event on June 22, where the unveiling of the next major iOS update, iOS 14 will be announced.

While the leak of the new iOS update reveals an interesting feature of native call recording function for both iPhone and FaceTime calls, which also include an all new apps screen, new multitasking UI, and the ability to test an app without actually installing it.

The new iOS 14 is reportedly going to be supported on all current iOS 13 devices, with some features making it to the new release, though the company is said to be pushing back some features for iOS 14 due to buggy release of iOS 13 and to make the update more stable.

How the Apple iOS 14 was Leaked?



The native call recording feature that will let users record both, phone calls and FaceTime calls was leaked through the engineering image accessed by the jailbreak community and provides a look at the settings page for the feature.

iOS 14 leak


According to the leaked page, the call recording feature will lets users to simply turn on or off the ‘Audio Call Recording’ and when turned on, it records automatically.

How the iPhone and FaceTime Call recording will work?



Once the call recording is enabled on an iPhone, all incoming and outgoing calls will be recorded automatically, and until the function is turned off from the settings.

Albeit, the native call recording feature will also notify the iPhone user on the other side of call about the recordings, while reminding the recorder to respect some regulations.

The call recording feature will however be subject to some local laws, and as regards countries with stricter regulations on the matter of call recording by users. But it’s not yet clear if the call recording will be available for all regions and whether call recording by all users is allowed.

Apple to bring native Call Recording for iPhone and FaceTime with iOS 14

Firefox Developer Edition


Mozilla launched the first browser specifically built for developers known as Firefox Developer Edition, that offers access to tools and platform features before they hit the main release channel.

Now, the current Firefox 78 Developer Edition browser comes with a new regular expressions (RegExps) engine, which makes it easier to support modern RegExps features.

While RegExps are heavily used tool for manipulation of strings, which offers a rich syntax to both describe and capture character information. In 2014, Mozilla replaced its YARR regular expression engine with forked copy of Irregexp, the RegExp engine used in Google V8 JavaScript engine.

How the revamped RegExp will support SpiderMonkey JavaScript engine



Mozilla's SpiderMonkey JavaScript runtime will be outfitted with a new regular expressions (RegExps) engine, to make it easier to support modern RegExps features.

As the company rewrote Irregexp to use its own APIs, this made it possible to work with the new engine, though it was harder to import new upstream features, which over time, Mozilla fell behind in support for new ES2018 RegExp features.

The new approach, a new shim layer for IrregExp to provide full access to Google V8 functionality, from code generation and memory allocation to utility functions and data structures. Thereby, making SpiderMonkey to gain stronger foundation for future RegExp support, one that allow the SpiderMonkey team to bring new RegEx syntax more easier.

Future projection for the new engine



Mozilla's effort has resulted in full support for all ECMAScript RegExp features and the company is hopeful that its work on the new engine can be the basis for RegExp in Firefox for years ahead.

Therefore, the new RegExp engine closes the gap with regular expression features in ECMAScript. Firefox Developer Edition, which features latest developer tools in beta, can be accessed directly from mozilla.org.

Mozilla debuts new RegExp engine in Firefox 78 Developer Edition

Linux Kernel


The end-of-life (EOL) support for the LTS (Long-term Support) Linux kernel 4.19 and 5.4 has officially been extended from two to six years, which is an additional 4 years.

According to the official Linux Kernel long-term release page, Linux kernel 4.19 will now get bugs and important security fixes till December 2024 and kernel 5.4 until December 2025.

While Linux kernel is mainly released in two categories, namely: Stable and Longterm. The stable release comes every 8-10 weeks; on the other hand, the LTS release arrives every two years and provides security and bug fixes for up to two years.

Why the Upgrade of LTS kernel lifecycle from two to six years?



In 2017, Google’s Iliyan Malchev at Linaro Connect announced the upgraded lifecycle of LTS kernel from two to six years, which implementation started with Linux Kernel 4.4.

Albeit, the maintainer of LTS kernel release is responsible for the time period for the LTS life cycle. Therefore, after the release of the latest stable Linux kernel 5.7, Greg Kroah-Hartman, the current lead Linux Kernel developer and maintainer, increased the support period of the latest LTS kernel 5.4 and 4.19.

Now, this is a major change involving how the kernel support will be provided, the initial two-year lifecycle of Linux LTS kernel bumped to six years.

How to decide LTS Linux Kernel for your porject?



There are currently six LTS kernels with six years of support, as follows: v5.4, v4.19, v4.14, v4.9, v4.4, and v3.6. Therefore, any of these kernel versions are available for those who need to implement an LTS Kernel to their project.

However, you can check out the suggestions by Greg on the latest stable or LTS release for Server, and the latest LTS or older LTS release for Embedded devices.

Alternatively, you can choose from Linux distributions like Ubuntu or Debian that ship the most stable Linux kernel.

LTS Linux Kernel 4.19 And 5.4 gets extended EOL with additional 4 Years

Telegram messenger


Telegram boasts of the most powerful photo editor implemented in a messaging app, but same cannot be said about video editing, until now.

The company launched its photo editor back in 2015 to let users enhance image quality by adding drawings, stickers and text to pictures.

Now, Telegram has upgraded the media editor with support for animated stickers and editing of videos. The latest update of the app for Android, version 6.2.0 comes with cool video editing features that will take a longer time for rivals to achieve.

The new media editor brings new enhancements like support for video editing and addition of animated stickers, coupled with UI animations throughout the app and new tabs in the GIF panel for easy discovery.

What's new in Telegram Messenger version 6.2.0 for Android?



Besides the powerful video tools added to its in-built media editor, Telegram also brought some nifty features such as sliders for parameters like brightness or saturation, and a one touch button to enhance the video quality. Other new additions include:

  • Speaking of GIFs: The updated GIF panel comes with a new Trending section and emoji-based tabs covering the most popular emotions.
  • Animated Stickers on Media: Now, you can add animated stickers to any photo or video and simply putting an animated sticker on a photo turns it into a GIF.
  • Flexible Folders: For those who use use folders for chats, simply holding on any chat in the list will add it to one of your folders and it also works for removing chats from folders.


Additionally, there are few extra features to make the app slicker, such as messages now get sent, edited and deleted with new smooth animations. The video player has been improved to make sure that complicated controls and long captions are eliminated.

How to Upgrade to Telegram version 6.2.0?



The latest Telegram version 6.2.0 for Android is now available for download on the Google Play store. While existing Telegram users with automatic update enabled have nothing to do, as the system will update the app to the latest version.

But if you're coming new to Telegram, you can head to Play store to download the latest version for your Android device.

Latest Telegram Update for Android brings Video Editor and other enhancements

Face Blur Tool


Signal Messenger is arguably the most secure messaging platform, which now, has rolled out a new face-blurring feature that enable users to blur faces when sharing photos on the platform.

The new face blur feature is available in the image editor in the latest version of Signal for Android and iOS; it serves to help protect the privacy of the people in photos shared on the platform. And it is coming on the heels of the protests against racism in US which has broken an unprecedented record in multiple cities over the death of George Floyd, who was killed by a white US cop.

Now, it’s pretty easy to hide a face, or draw a fuzzy trace over a place you want to erase by simply tapping on the new blur tool icon to get started.

How the Signal Messenger Blurring Tool works?



The new blur tool leverages on platform-level libraries for Android and iOS to maintain high privacy, with all of the processes happening locally on your device.

Blur toolbar


While these system libraries are not perfect, as they don’t detect every face 100% of the time, which flaws and potential biases makes it important to extend their default functionality with the blur brush to manually obscure faces or areas in a photo.

The face-blurring feature update has been pushed to the app stores, and will be rolling out as soon as possible.

What necessitated the Face-blurring tool?



As many of the people organizing the US rally are using Signal to communicate, Signal in support of the people who have gone into the streets to make their voices heard, decided to introduce a tool that ensures their privacy.

The company is also working hard to keep up with the increased traffic, with the mapping out of additional ways to support everyone on the street.

Albeit perhaps, the year 2020 is a pretty good one to cover your face.

Signal rolls out face-blurring feature to its Messenger for iOS and Android

Google+


Currents is a software developed by Google for internal enterprise communication, which is now set to replace Google+ starting from July 6, on Google's G Suite line of products.

While Google+ was shutdown for general users, but was still made available for G Suite customers, the experience will be upgraded to Currents for all existing Google+ users on G Suite. And if you are an existing Currents beta participant, your Currents experience will remain the same.

The new Currents app has a different look and feel from Google+, with additional features for users and administrators. So, how would enterprises on G Suite prepare their users for this change?

What G Suite Customers need to know?



As Google+ was shut down in April 2019, Google announced the launch of Currents beta, which will be generally available on July 6, 2020. Therefore, all organization’s existing Google+ content will be automatically transitioned to Currents.

Google Currents


It will take up to 5 days for Currents to be fully rolled out to all organizations. And Google promises that no downtime will be experienced by users during this transition.

Additionally, the Currents mobile app will replace the Google+ for iOS and Android, as Google+ will no longer be supported after July 6, 2020, and it won't be possible to opt out of Currents or revert back to Google+.

How to Get Started with Google Currents



For existing Google+ users, no action is required, however, to ensure a smooth transition, it is recommended that the following actions be taken:

  • Advise users to upgrade their iOS and Android Google+ mobile apps to Currents starting from July 6, 2020, as the Google+ mobile app will no longer be supported.
  • Review the Guide for end users in order to get acquainted with the new Currents features and better support your users.


The super administrators will have the ability to enable certain moderation of content and administrative privileges for users in their organization.

Google Currents: The Enterprise App set to replace Google+ for G Suite

Zoom software


Zoom videoconferencing is hugely popular as a result of the global lockdown, as remote workers are using it to connect with business and social engagements; but it's recommended to make sure you're running the latest version of the Zoom software on your PC.

While the most-anticipated Zoom end-to-end encryption feature, though only available to paid users, is a welcome development to solve the critical privacy and security issues that have saddled the videoconferencing software. Besides, there is a latest warning about newly discovered vulnerabilities in Zoom chat.

According to researchers at Cisco Talos, two critical vulnerabilities have been discovered in the Zoom software that could allow hackers access into the systems of an individual recipient or group chat participants remotely.

Two Critical Flaws in Zoom videoconferencing software



The two flaws in Zoom are both path traversal vulnerabilities that can be exploited to run arbitrary codes on the systems running a vulnerable version of the video conferencing software.

The first vulnerability, marked as (CVE-2020-6109) resided in how the videoconferencing software leverages GIPHY service, which service was recently bought by Facebook, to allow its users search and use animated GIFs while chatting. While the second vulnerability (CVE-2020-6110) resided in how Zoom application process code snippets shared via chat.

The security researchers were able to successfully exploit both of the flaws, as they require very little or no interaction from targeted chat participants and can be executed by simply sending specially crafted messages via the chat feature to any individual or a group.

Zoom application failed to check whether a shared GIF is loading from Giphy service or not, which is the bane that could allow an attacker to embed GIFs from a third-party controlled server, which by design is cached/stored on the recipients' system in a specific folder associated with the Zoom application.

How to Mitigate against the Flaws



The researchers from Cisco Talos tested both flaws on the Zoom client application version 4.6.10 and had responsibly reported it to the company. And Zoom has released version 4.6.12 of its video conferencing software for Windows, macOS, or Linux with the patch for the both critical vulnerabilities.

It is therefore recommended that all users should upgrade to the latest version of the Zoom client application version 4.6.10 released last month.

Critical Flaws in Zoom that Could allow Hackers access to Systems via Chat

Android Studio 4.0


The official IDE for Android development, Android Studio 4.0 latest upgrade was released on May 28, with a set of exciting features like Motion Editor and Build Analyzer.

While the new Motion Editor is a simple visual design editor for the MotionLayout type, which makes it easier to use the MotionLayout API to manage motion and widget animation in applications. It also offered support for editing constraint sets, view attributes, transitions and keyframes.

And MotionLayout builds upon the capabilities of ConstraintLayout for the designing of large and complex Android views, with XML files generated to make the task easier for developers.

What's New in Android Studio 4.0?



Besides the new features of Motion Editor and Build Analyzer, Android Studio 4.0 other capabilities include:

  • Kotlin Android Live Templates: Live templates offers a convenient IntelliJ feature that allow developers to insert common constructs into their code by typing simple keywords. Android Studio 4.0 includes Android-specific live templates for Kotlin code.
  • Upgraded Layout Inspector: It makes debugging a UI intuitive by providing access to data sync with running app and offering insights on resource usage. Also a Layout Validation capability compares UI across multiple screen dimensions.
  • Kotlin DSL build script files (*kts) support: Kotlin build scripts that offer a suite of quick fixes from the Project Structure dialog.
  • CPU Profiler: In Android Studio 4.0, it provides CPU recordings separate from the profiler timeline, and organized in groups for easier analysis.
  • Primary language analysis engine: clangd is the primary language analysis engine for code navigation, inspection, completion and displaying code errors and warnings, with the clang-tidy linter tool now bundled with Android Studio.


Additionally, Smart Editor for R8 Rules was introduced in Android Gradle plug-in 3.4.0 to combine desugaring, obfuscating, shrinking, optimizing, and dexing in one step, resulting in build performance improvements. Build Analyzer is supported in the Android Gradle 4.0.0 plug-in via Java 8 language APIs and creating feature-on-feature dependencies between Dynamic Feature modules.

How to Get Started with Android Studio 4.0



You can get Android Studio 4.0 by downloading it from the Android Studio developers website. With the latest versions of the Android Gradle plugin and Google Maven dependencies to build your project offline available here.

But if you do not need Android Studio, you can also download the basic Android command line tools and use the included sdkmanager to download other SDK packages.

What's New in Android Studio 4.0? Animation & Builds get Special attention