Tech News

Last week, Sway, the i3-compatible Wayland compositor, released its version 1.0-beta.1. The community mentions that the Sway 1.0-beta.1 is 100% compatible with the i3 X11 window manager. Sway works well the existing i3 configuration and supports most of i3's features. The community also maintains the wlroots project to provide a modular basis for Sway and other Wayland compositors to build upon, and have also published standards for interoperable Wayland desktops. This version includes many input and output features alongwith other features such as auto-locking, idle management, and more. New features in Sway 1.0-beta.1 Output features The Sway 1.0 beta.1 version includes a new output features where the users can get the names of the outputs for use in their config file by using swaymsg -t get_outputs. Following are some examples of how outputs can be used: To rotate display to 90 degrees, use: output DP-1 transform 90 To enable Sway’s improved HiDPI support, use: output DP-1 scale 2 To enable fractional scaling : output DP-1 scale 1.5 Users can now run sway on multiple GPUs In this version, sway picks up a primary GPU automatically. Users can also override this by specifying a list of card names at startup with WLR_DRM_DEVICES=card0:card1:... Other features include support for daisy-chained DisplayPort configurations and improved Redshift support. Users can now drag windows between outputs with the mouse. Input features Users can get a list of their identifiers with swaymsg -t get_inputs. Users can now have multiple mice with multiple cursors, and can link keyboards, mice, drawing tablets, and touchscreens to each other arbitrarily. Users can have a dvorak keyboard for normal use and a second qwerty keyboard for a paired programming session. The coworker can also focus and type into separate windows from what a user is working on. Addition of third-party panels, lockscreens, etc. This version includes a new layer-shell protocol which enables the use of more third-party software on sway. One of the main features in sway 1.0 and wlroots is to break the boundaries between Wayland compositors and encourage standard inter-operable protocols. The community has also added two new protocols for capturing user’s screen; screencopy and dmabuf-export. These new protocols are useful for screenshots and real-time screen capture, for example to live stream on Twitch. DPMS, auto-locking, and idle management The new swayidle tool adds support for DPMS, auto-locking, and idle management, which even works on other Wayland compositors. To configure it, start by running the daemon in the sway config file: exec swayidle \    timeout 300 'swaylock -c 000000' \    timeout 600 'swaymsg "output * dpms off"' \       resume 'swaymsg "output * dpms on"' \    before-sleep 'swaylock -c 000000' This code will lock user’s screen after 300 seconds of inactivity. After 600 seconds, it will turn off all of the outputs (and turn them back on when the user simply wiggles the mouse). This configuration also locks the screen before the system goes to sleep. However, none of this will happen if while watching a video on a supported media player (mpv, for example). Other features of Sway 1.0 beta.1 The additional features in the Sway 1.0 beta version include: swaylock has a config file Drag and drop is supported Rich content (like images) is synced between the Wayland and X11 clipboards The layout is updated atomically, meaning that user will never see an in-progress frame when resizing windows Primary selection is implemented and synced with X11 To know more about Sway 1.0 beta.1 in detail, see the release notes. Chrome 70 releases with support for Desktop Progressive Web Apps on Windows and Linux Announcing the early release of Travis CI on Windows Windows 10 IoT Core: What you need to know  

Python 3.7.1 and 3.6.7 are maintenance releases for Python 3.7 and Python 3.6 respectively. They contain a variety of fixes. New features in Python 3.7 Python 3.7 was released in June and is the next branch after Python 3.6. Some of the new features in Python 3.7 are: Postponed evaluation of annotations By postponing the evaluation of annotations in Python, two bugs were fixed: Annotations were restricted to using names which were already available in the current scope. That is, they did not support forward references. Annotating source code had negative effects on starting a Python program. Legacy C locale coercion Determining a sensible default strategy for handling the 7-bit ASCII text encoding is a problem in Python 3. It is implied by the use of the default C or POSIX locale on non-Windows platforms. With PEP 538, the default interpreter command line interface is updated to automatically coerce that locale to an available UTF-8 based locale. Automatically setting LC_CTYPE using this method means that both the core interpreter and locale-aware C extensions will assume the use of UTF-8 as the default text encoding. Forced UTF-8 runtime mode The new -X utf8 command line option and PYTHONUTF8 environment variable can now be used to enable the CPython UTF-8 mode. While in UTF-8 mode, CPython ignores the locale settings to use the UTF-8 encoding by default. Built-in breakpoint() The new built-in breakpoint() function is included as an easy and consistent way to enter the Python debugger. The built-in breakpoint() function calls sys.breakpointhook(). A new C API for thread-local storage Anew Thread Specific Storage (TSS) API is added to CPython which annuls use of the existing TLS API within the CPython interpreter. It deprecates the existing API. Customization of access to module attributes Python 3.7 allows defining __getattr__() on modules. It will be called whenever a module attribute is not found otherwise. Also, defining __dir__() on modules is now allowed. New time functions with nanosecond resolution The range of clocks in modern systems can exceed the precision of a floating point number returned by the time.time() function. For having greater precision, six new nanosecond variants are added. Show DeprecationWarning in __main__ The default handling of DeprecationWarning has been changed in Python 3.7. These warnings are again shown by default. It happens only when the code triggering them is running directly in the __main__ module. Core support for typing module and generic types Earlier, any changes to the core CPython interpreter were not made by PEP 484. Since type hints and the typing module are extensively used by developers, this restriction is now removed. Hash-based .pyc Files The pyc format is extended to allow the hash of the source file to be used for invalidation instead. This was previously used for the source timestamp. Such .pyc files are considered “hash-based”. Hash-based .pyc files come can be of the types checked and unchecked. New documentation translations Three new translations namely Japanese, French and Korean are added. Some fixes in Python 3.7.1 Fix for a possible null pointer dereference in bytesobject.c. Fix a bug where iteration order of OrderedDict was not copied. A Fix for async generators not being finalized. This used to happen even when the event loop was in debug mode and garbage collector runs in another thread. Fix self-cancellation in a C implementation of asyncio.Task. Fix for a reference issue inside multiprocessing.Pool that caused the pool to remain alive on being deleted without being closed or terminated explicitly. Ensure that PyObject_Print() returns -1 on error every time. Also, Python 3.6.7 is released as the seventh maintenance release for Python 3.6. Visit the Python documentation for a complete list of bug fixes in Python 3.7.1 visit the Python documentation and know more about features in Python 3.7 in the documentation. Meet Pypeline, a simple python library for building concurrent data pipelines Python comes third in TIOBE popularity index for the first time Home Assistant: an open source Python home automation hub to rule all things smart

Mozilla has announced a collaboration with Khronos Group and developers of existing open source Blender tools, to bring GL Transmission Format (glTF) import and export add-on for Blender. This release supports the upcoming release of Blender 2.8 which will feature physically-based rendering (PBR) and improved user interface. The glTF format is the foundation for interoperable 3D tools and services. Basically, it’s the “JPEG of 3D”. It is royalty free and coordinated by the Khronos consortium. With gITF support for Blender, mixed reality developers, designers, and creators anywhere in the world, can create, edit, and remix glTF models without having to purchase the specialized software. How did the collaboration come to be? Mozilla’s Mixed Reality (WebXR) Team conducted a joint ecosystem analysis focusing on content creators, their motivations, current pain points, and the expected impact of tools that could empower them. After the joint ecosystem analysis Khronos, UX3D, and Mozilla decided to co-fund the development of the Blender importer and exporter tool. Airbus was also declared as one of the partners in the development of the Blender glTF tools. They are using the glTF format internally to visualize their Blender created mock-ups in VR and AR. They came up with an ecosystem partners model to accelerate the advancement of the glTF standard and the WebXR ecosystem. The team hopes that “the Blender tools will unleash the creativity of the global community.” The glTF Blender import and export tool will be released and ready for beta testers around the time of the Blender conference in late October. Mozilla will also be sharing a detailed analysis of the tool on Mozilla’s Hacks blog in the coming weeks. Read more about the collaboration on Medium. Building VR objects in React V2 2.0: Getting started with polygons in Blender Is Mozilla the most progressive tech organization on the planet right now? Mozilla announces $3.5 million award for ‘Responsible Computer Science Challenge’ to encourage teaching ethical coding to CS graduates

Radionomy has made the official announcement that it has released Winamp 5.8 with bug fixes and improvements, fully compatible with Windows 8.1 and Windows 10. Earlier this week, Radionomy revealed that it would be re-launching the media player in 2019 for both desktop and mobile. It also announced that it will soon be launching a forthcoming minor update to the existing player. Following this announcement, a beta version of the update was leaked online and was being distributed heavily. To avoid the illegal download of Winamp, that might contain malicious software, Radionomy pushed the release forward and made Winamp 5.8 available for download ahead of schedule from the Winamp website. Winamp 5.8 comes with bug fixes and improvements along with support for Windows 8.1 and Windows 10. Major fixes include: A new Windows Audio (WASAPI) Output plug-in (w.i.p.) An option to completely disable Winamp's video support An auto-fullscreen option to video prefs Added /ENUMPLAYLISTS to the command-line support OpenMPT-based Module Player (replaces old MikMod player) Added browse path & edit title functions in Ctrl+E editor Updated scrollbars and buttons and other tweaks Added a Playlist Search feature New URLs not being remembered after using Reset history in Open URL dialog Minimum required OS is now Win XP sp3 (Windows 7 or higher recommended) Moved shared DLLs to WinampShared folder Radionomy bought Winamp from AOL in 2014, just as AOL was about to let go of the Winamp media player. Since then, the world has been waiting to get a glimpse of a new Winamp. In a recent interview by Techcrunch, Radionomy CEO Alexandre Saboundjian spilled the beans that Winamp 6 will be coming in 2019 as a complete revamp of the traditional media player. "You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built," said Saboundjian. Per Saboundjian, Winamp will be platform-agnostic and will exist primarily as a mobile app that aggregates multiple forms of audio. “People want one single experience,” he added. “I think Winamp is the perfect player to bring that to everybody. And we want people to have it on every device.” Winamp enthusiasts were quite pleased with the release. A hacker news user, ralgozino pointed out, “I've just clicked the link in my phone expecting a big "you can't use this on your phone, please use a proper computing device" message and instead I got a fully working Winamp. Color me impressed. Hats off to the developers.” Read more such comments on Hacker News. For more details about Winamp 5.8, visit Winamp website. Google releases Oboe, a C++ library to build high-performance Android audio apps. How to perform Audio-Video-Image Scraping with Python. Implementing Unity 2017 Game Audio [Tutorial]

Last week, the team at Opus announced the general availability of Opus Audio Codec version 1.3. Opus 1.3 comes along with a new set of features, namely, a recurrent neural network, reliable speech/music detector, convenience, ambisonics support, efficient memory, compatibility with RFC 6716 and a lot more. Opus is an open and royalty-free audio codec, which is highly useful for all audio applications, right from music streaming and storage to high-quality video-conferencing and VoIP. Six years after its standardization by the IETF, Opus is included in all major browsers and mobile operating systems, used for a wide range of applications and is the default WebRTC codec. New features in Opus Audio Codec 1.3 Reliable speech/music detector powered by machine learning Opus 1.3 promises a new speech/music detector. As it is based on a recurrent neural network, it is way simpler and reliable than the detector used in version 1.1.The speech/music detector in earlier versions was based on a simple (non-recurrent) neural network, followed by an HMM-based layer to combine the neural network results over time. Opus 1.3 introduces a new recurrent neuron which is the Gated Recurrent Unit (GRU). The GRU does not just learn how to use its input and memory at a time, but it also promises to learn, how and when to update its memory. This, in turn, helps it to remember information for a longer period of time. Mixed Content encoding gets better Mixed content encoding, especially at bit rates below 48 kb/s, will get more convenient as the new detector helps in improving the performance of Opus. Developers will experience a great change in speech encoding at lower bit rates, both for mono and stereo. Encode 3D audio soundtracks for VR easily This release comes along with ambisonics support. Ambisonics can be used to encode 3D audio soundtracks for VR and 360 videos. Opus detector won’t take much of your space The Opus detector has just 4986 weights (that fit in less than 5 KB) and takes about 0.02% memory of CPU to run in real-time, instead of thousands of neurons and millions of weights running on a GPU. Additional Updates Improvements in Security/hardening, Voice Activity Detector (VAD), and speech/music classification using an RNN are simply add-ons. The major bug fixes in this release are CELT PLC and bandwidth detection fixes. Read more about the release on Mozilla’s official website. Also, check out a demo for more details. YouTube starts testing AV1 video codec format, launches AV1 Beta Playlist Google releases Oboe, a C++ library to build high-performance Android  audio apps How to perform Audio-Video-Image Scraping with Python

Last week, the Molly Rocket team released a high-speed hash function called Meow hash. It is named after the character Meow in the game Meow the Infinite. Meow the Infinite is a fun little game in which a cat runs infinitely and tries to save its life from dogs and other obstacles. The new hash function will be used in the asset pipeline of 1935, a historical fiction game about the criminal underworld of New York City in the 1930s. Why Meow Hash is developed? Building game packages demand a faster, non-cryptographic hash for use in change detection and deduplication. Earlier, the Molly Rocket team relied on SHA-1, which was unnecessarily slowing things down. Also, they did not find a well-optimized, large-data hash function to address their game development needs. Currently, most of the hash work seems to focus on small input sizes or on cryptographic quality. Instead of focusing on the cryptographic quality, this hash function focuses on speed, large datasets, and is collision-free in practice. How fast and robust it is? Meow hash hashes 16 bytes per cycle single-threaded. It hashes at a rate of 64 gigabytes per second on a 4.2 GHz machine in the cache. Out of cache, it can hash at whatever speed your main memory bus can provide to a single core since that is usually the limiting factor on modern x64 CPUs. But actually, hashing 16 bytes per cycle is the lower bound for Meow hash. In future, once the VAES debuts, it would be able to hash 64 bytes every cycle in the cache for a clean 4x speedup. Talking about its robustness, it is extremely robust for its designed purpose. It was able to pass every test in smhasher without any collisions on their large datasets. It produces a full 512 bits of usable hash every time. It also passed smhasher cleanly at every truncation level down to 32 bits, so you can safely truncate a Meow hash value to the size you want to store. Also, one thing to note here is it is not designed for cryptography, so it is completely insecure. You can read more about Meow hash on the official website of Molly Rocket. Also, check out its GitHub repository. HashiCorp announces Consul 1.2 to ease Service segmentation with the Connect feature Django 2.1.2 fixes major security flaw that reveals password hash to “view only” admin users Say hello to Sequoia: a new Rust based OpenPGP library to secure your apps

OpenSSH 7.9 has been released with some new features and bug fixes. There are new features like support for signalling sessions and client and server configs. In bug fixes, invalid format errors and bugs in closing connections are solved. New features in OpenSSH 7.9 Most port numbers are now allowed to be specified using service names from getservbyname(3). This is typically /etc/services. The IdentityAgent configuration directive is allowed to accept environment variable names. This adds the support to use multiple agent sockets without having to use fixed paths. Support is added for signalling sessions via the SSH protocol. However, only a limited subset of signals is supported. The support is only for login or command sessions and not subsystems that were exempt from a forced command via authorized_keys or sshd_config. Support for "ssh -Q sig" to list supported signature options is added. There is also "ssh -Q help" that will show the full set of supported queries. A CASignatureAlgorithms option is added for the client and server configs. It allows control over which signature formats are allowed for CAs to sign certificates. As an example, this allows to ban CAs that sign certificates using the RSA-SHA1 signature algorithm. Key revocation lists (KRLs) are allowed to revoke keys specified by SHA256 hash. Allowing creation of key revocation lists straight from base64-encoded SHA256 fingerprints. This supports removing keys using only the information contained in sshd(8) authentication log messages. Bug fixes in OpenSSH 7.9 ssh(1), ssh-keygen(1): Avoiding Spurious "invalid format" errors while attempting to load PEM private keys when using an incorrect passphrase. sshd(8): On receiving a channel closed message from a client, the stderr file descriptor and stdout are closed at the same time. Processes don’t stop anymore if they were waiting for stderr to close and were indifferent to the closing of stdin/out. ssh(1): You can now set ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding endlessly. In previous versions, ForwardX11Timeout=0 was undefined. sshd(8): On compiling with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This behaviour avoids sandbox violations when GSSAPI authentication was enabled later in a Match block. sshd(8): Closing a connection does not failed when configuration is done with a text key revocation list that contains a very short key. ssh(1): Connections with specified ProxyJump are treated the same as ones with a ProxyCommand set with regards to hostname canonicalisation. This means that unless CanonicalizeHostname is set to 'always' the hostname should not be canonicalised. ssh(1): Fixed a regression in OpenSSH 7.8 that could prevent public- key authentication using certificates hosted in an ssh-agent(1) or against sshd(8) from OpenSSH 7.8 or newer. For more details, visit the OpenSSH website. How the Titan M chip will improve Android security IBM launches Industry’s first ‘Cybersecurity Operations Center on Wheels’ for on-demand cybersecurity support low.js, a Node.js port for embedded systems

Update, 23rd October 2018: As of Monday at 23:00 UTC, all the GitHub services returned back to normal. The GitHub team posted an update on their blog mentioning, "we take reliability very seriously and sincerely apologize for this disruption. Millions of people and businesses depend on GitHub, and we know that our community feels the effects of our availability issues acutely. We are conducting a thorough and transparent root cause analysis and mitigation plan, which will be published in the coming days".  Github is facing issues due to a failure in its data storage system which left the site broken for a complete day. The outage started at about 23:00 UTC on Sunday. GitHub engineers are working on fixing this issue and the GitHub team tweeted out about 2 hours ago saying: https://twitter.com/githubstatus/status/1054224055673462786 What’s confusing about this outage is that there's no obvious way to tell the site is down as the website’s backend git services are still up and running. However, users are facing a range of issues such as not being able to log in, outdated files being served, branches missing, unable to submit Gists, bug reports, posts, etc. The team updated their status to “We continue working to repair a data storage system for GitHub.com. You may see inconsistent results during this process”.  The GitHub team further updated the users, "During this time, information displayed on GitHub.com is likely to appear out of date; however no data was lost. Once service is fully restored, everything should appear as expected. Further, this incident only impacted website metadata stored in our MySQL databases, such as issues and pull requests. Git repository data remains unaffected and has been available throughout the incident". The team also mentioned that it will continue to update the users and will provide an estimated time to resolution via their status page. GitHub is a very popular web-based hosting service for software development projects that use the Git revision control system. It is used extensively by software engineers, developers and open source projects all around the world. Since a major chunk of people’s daily work depends on GitHub, developers are venting their frustration over social media sites. https://twitter.com/AmeliasBrain/status/1054149648108085248 https://twitter.com/michaelansaldi/status/1054175097609732096 https://twitter.com/sajaraki/status/1054189413616373761 GitHub is also used by major corporates such as Twitter, Yelp, Adobe and others to host their open source projects. There haven’t been any further updates from the GitHub team and we can only wait to know the real problem behind the outage. Developers rejoice! Github announces Github Actions, Github connect and much more to improve development workflows GitHub is bringing back Game Off, its sixth annual game building competition, in November GitHub comes to your code Editor; GitHub security alerts now have machine intelligence

In a turn of events that sound like they were formed by a random headline generator, Nick Clegg, the ex-Deputy Prime Minister of the UK, has agreed to join Facebook. Clegg will be leading the company's Global Affairs and Communications team. Clegg will be working at Facebook's Menlo Park HQ from Monday for a week, but he will be moving to Silicon Valley full time in the new year. He's taking over from Elliot Schrage, who announced his departure in the summer. Coincidentally, Schrage's departure was announced just a couple of months before Rachel Whetstone - Whetstone is married to Steve Hilton, who was advisor to Clegg's coalition partner David Cameron. In a statement, Clegg said: "Having spoken at length to Mark and Sheryl over the last few months, I have been struck by their recognition that the company is on a journey which brings new responsibilities not only to the users of Facebook's apps but to society at large. I hope I will be able to play a role in helping to navigate that journey." Why Nick Clegg and Facebook might be a perfect match The move might look odd, but there are a number of reasons it could just work. Facebook has faced a series of scandals in 2018 that has seriously damaged the company's reputation. With the political dimension of many of these scandals becoming clearer - from fake news to fake accounts - having an experienced political figure at the helm of its global communications department could be precisely what the organization needs to move forward. But Facebook's challenges don't end with political scandals - the spectre of government regulation represents a threat to Facebook's power. With the EU's copyright directive widely regarded as an attempt to thwart the power of tech platforms like Facebook, it makes a lot of sense to have Nick Clegg on board to build a better relationship with Brussels. As a former MEP (Member of European Parliament) and trade negotiator for the EU Commission, Clegg will bring some real insight into the inner workings of the EU to Silicon Valley. Tech and politics: the next chapter begins in 2019 2018 might be the year of the 'techlash' but don't expect it to reach an end any time soon. Nick Clegg joining Facebook might look strange, but from the company's perspective it's a vital step in preparing for the next chapter in this bizarre story of technological hubris and political disruption.

Yesterday, Google announced the release of Chrome 70. This version comes with support for Desktop Progressive Web apps on Windows and Linux and for public key credentials. Also, web Bluetooth is now supported for Windows 10 users. Support for Desktop Progressive Web Apps on Windows and Linux You can now install Desktop Progressive Web Apps on Windows and Linux. Once installed, they’re launched from the Start menu, and run like any other installed app, without an address bar or tabs. Credential Management API supports Public Key Credentials Signing in has become very simple with the introduction of the Credential Management API. It enables the communication between your site and the browser’s credential manager or federated account services like Google and Facebook to sign in. One more credential type named, Public Key Credential is introduced. It allows web applications to create and use, strong, cryptographically attested, and application-scoped credentials to authenticate users. Named workers With the help of workers, you can move JavaScript off the main thread and into the background. This will keep your site interactive as it will prevent the main thread from locking up when it is running an expensive or complex JavaScript computation. A new name attribute is added for workers in Chrome 70, which is specified by an optional argument on the constructor: const url = '/scripts/my-worker.js'; const wNYC = new Worker(url, {name: 'NewYork'}); const oSF = {name: 'SanFrancisco'}; const wSF = new Worker(url, oSF); You can now easily distinguish dedicated workers by name when you have multiple workers with the same URL. Miscellaneous updates Web Bluetooth is available for Windows 10 users. It allows your site to securely communicate with nearby user-selected Bluetooth devices. Chrome can now send intervention and deprecation messages to your servers using the Report-To HTTP Response header field or surface them in the ReportingObserver interface. Deprecations in Chrome 70 AppCache from insecure contexts removed AppCache potentially allows persistent online and offline cross-site scripting attacks, when used over insecure contexts. To avoid these attacks, AppCache is now only supported on origins that serve over HTTPS. Developers are advised to use service workers as an alternative. Gamepads.item() deprecated and removed The legacy item() accessor is no longer a part of the Gamepads array. This change improves compatibility with Firefox, the only browser to implement GamepadList. SpeechSynthesis.speak() without user activation deprecated Now an error is thrown by the speechSynthesis.speak() function if a document has not received a user activation. You can expect its removal in Chrome 71 by late November. They have listed all the deprecations in Chrome 70 on their official website. Read the full list of changes on the Google Developers website. Chrome 69 privacy issues: automatic sign-ins and retained cookies; Chrome 70 to correct these Google announces Chrome 67 packed with powerful APIs, password-free logins, PWA support, and more Google Chrome, Mozilla Firefox, and others to disable TLS 1.0 and TLS 1.1 in favor of TLS 1.2 or later by 2020

Yesterday, Mozilla announced that Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension. This prevents on-path observers from intercepting the TLS SNI extension and using it to determine which websites users are visiting. Why SNI is needed? SNI is required when multiple servers are sharing the same IP address. It is an extension to the TLS protocol using which clients are able to indicate which hostname they are attempting to connect to. This permits servers to present multiple certificates on the same IP address and TCP port number. To put this in simple words, SNI helps make large-scale TLS hosting work. How encrypted SNI (ESNI) works First, a public key is published by the server on a well-known DNS record, which is then fetched by the client before connecting. Next, the client replaces the SNI extension in the ClientHello with an encrypted SNI extension. The encrypted SNI is basically, the original SNI extension, but encrypted using a symmetric encryption key derived using the server’s public key. The server owns the private key and derives the symmetric encryption key as well. It can then decrypt the extension and therefore terminate the connection or forward it to a backend server). Since the encryption key can only be derived by the client and the server it is connecting to, encrypted SNI cannot be decrypted and accessed by third parties. How you can enable encrypted SNI (ESNI) Currently, ESNI is not supported for all the Firefox users. However, Firefox Nightly users can try out this feature by following these steps: First, ensure that you have DNS over HTPPS (DoH) enabled. To do that you can check out this article posted by Mozilla. Next, you need to set the network.security.esni.enabled preference in about:config to true. Head over to Mozilla Security Blog to read more about encrypted SNI. Is Mozilla the most progressive tech organization on the planet right now? Google Chrome, Mozilla Firefox, and others to disable TLS 1.0 and TLS 1.1 in favor of TLS 1.2 or later by 2020 Mozilla announces $3.5 million award for ‘Responsible Computer Science Challenge’ to encourage teaching ethical coding to CS graduates

Microsoft announced an open-source model for Component Firmware Update (CFU), for Windows developers. CFU enables delivering firmware updates for peripheral components through Windows Update by using CFU drivers. This protocol aims to enable system and peripheral developers to leverage the CFU protocol. It allows them to easily and automatically push firmware updates to Windows Update for their firmware components. CFU aims to bring smooth updates via Windows updates and verify the firmware version before download. CFU permits but does not specify authentication, encryption, rollback policies/ methods, or recovery of bricked firmware. Overview of CFU The CFU driver is the host and is created by the device manufacturer. It is delivered via a Windows Update. Then the driver is installed once the device is detected by Windows. Primary and sub-components A hierarchical system with a primary component and subcomponents is followed in a CFU compatible system. A primary component implements CFU on the device side and can receive updates for itself and the connected sub-components. A device may have multiple primary components with or without additional sub-components. Offers and payloads A CFU driver which is the host, may contain multiple firmware images for a primary component and its sub-components. A package in the host consists of an offer, a payload and other information. The offer contains information about the payload to allow the primary component in deciding if it is acceptable. A payload is the firmware image. Offer Sequence The primary component can accept, reject, or skip the offer of firmware update. On accepting, the payload is delivered immediately. On rejecting or skipping, the host cycles through all other offers in the list. Host independence The host’s (CFU driver) decisions are independent of the offers’ contents or payloads. It does not necessarily use any logic and simply sends the offers and the accepted payloads. Payload delivery On an offer being accepted, the host proceeds to download the firmware image or referred as the payload. Delivery is done in three phases—beginning, middle, and end. The payload is a set of addresses and fixed-size arrays of bytes. Payload validation and authentication Validation of the incoming firmware update is an important aspect. The primary component should verify bytes after each write ensuring that the data is stored properly before proceeding with the next set of data bytes. A CRC or hash should also be calculated on download, to be verified after the download is complete, ensuring the data wasn’t modified in transit. In addition, a cryptographic signature mechanism is recommended to provide end-to-end protection. An encryption mechanism can also be employed for confidential downloads. On image authentication, the properties should be validated against the offer and other rules the device manufacturer may specify. CFU does not specify any rules to be applied. Payload Invocation The CFU Protocol is run at the application level in the primary component. The component can continue to do other tasks as long it can receive and store the incoming payload without significant disruptions. The only real disruption occurs when the new firmware must be invoked. There are two recommended ways to avoid that disruption. A very generic approach is to use a small bootloader image to select one of multiple images to run when the device is reset. This is typically at boot time. The image selection algorithm is specific to the implementation. It is typically based on an algorithm which involves code version, and an indication of successful image validation. Another invocation method is to physically swap the memory of the desired image with the active address space. This is done upon reset. A disadvantage of this method is that it requires specialized hardware. The advantage being all images are statically linked to the same address space eliminating the need for a bootloader. CFU limitations There are some limitations of the protocol. It cannot update a bricked component that can no longer run the protocol. CFU does not provide any security. The CFU protocol requires extra memory to store the incoming images which helps in non-disruptive updates. Updating sub-component images larger than the component’s available storage requires dividing the sub-component image into smaller packages The CFU protocol allows pausing the download, so care needs to be taken for proper validation. CFU assumes that the primary component has set validation rules. If they need to be changed, the component must first be successfully updated by using the old rules first, only then new rules can be applied. For more details, visit the Microsoft website. How the Titan M chip will improve Android security Microsoft fixing and testing the Windows 10 October update after file deletion bug Paul Allen, Microsoft co-founder, philanthropist, and developer dies of cancer at 65

On 18th October Brave Software, announced the general availability of their latest browser- Brave 0.55. The ad-blocking Brave browser is redesigned to work on Chromium and is available for Windows, macOS, and Linux. Brave 0.55x was originally released to developers and early adopters on September 6th, and then as an initial beta for a larger base on September 27th. This Chromium-based desktop version replaces the previous Muon-based browser which is no longer available for download on the Brave site. Users who browse with Muon (latest version is 0.25.2) will continue to receive necessary updates until they are fully upgraded to this new release in the near future. The upgrade comes with significant performance boost as confirmed by a test conducted by Andrius Aucinas, a performance researcher at Brave, and Dr. Ben Livshits, Brave’s Chief Scientist. The test measured how quickly the browser loads the pages and how much resources it uses- specifically focusing on CPU usage. The test proves that the Brave browser has a 22% faster load time, which means 8-second faster page loading times on major sites. The other important upgrade was to the Bat Attention token (BAT) reward system, making it more intuitive. The team has introduced ‘Brave Rewards (beta)’ that will replace Brave Payments granting more usability, visibility, and new features. The release also includes multiple updates from the September 27th beta version: Better Interface including Tab shape and color changes, URL bar centered changes Several Tor-related privacy enhancements which include disabling features that can leak information like the IP address A private search engine can now be set separately PDF files can now load file:// URLs Removing links to unused sign-ins to Google Localization updates Multiple web compatibility fixes Various crash fixes To know more about this release, head over to Brave.com. You can find the entire release schedule on Github. Dejavu 2.0, the open source browser by ElasticSearch, now lets you build search UIs visually Opera Touch browser lets you browse with one hand on your iPhone, comes with e2e encryption and built-in ad blockers too! Vivaldi 2.0, a hyper-customizable browser, releases with Vivaldi Sync, Resizable Tab Tiling, and more!

Yesterday, the founder of OpenBSD, Theo de Raadt announced the release of a new version of its free and open-source security-focused OS, OpenBSD 6.4. The interesting feature in the OpenBSD 6.4 is the unveil() system call, which allows applications to sandbox themselves, blocking their own access to the file system. This is especially useful for programs which operate on unknown data which may try to exploit or crash the application. OpenBSD 6.4 also includes many driver improvements, which allow OpenSSH's configuration files to use service names instead of port numbers. Also, the Clang compiler will now replace some risky ROP instructions with safe alternatives. Other features and improvements in OpenBSD 6.4 Improved hardware support The new version includes an ACPI support on OpenBSD/arm64 platforms. New acpipci(4/arm64) driver providing support for PCI host bridges based on information provided by ACPI. Added a sensor for port replicator status to acpithinkpad(4). Support for Allwinner H3 and A64 SoC in scitemp(4). New bnxt(4) driver for Broadcom NetXtreme-C/E PCI Express Ethernet adapters based on the Broadcom BCM573xx and BCM574xx chipsets. Enabled on amd64 and arm64 platforms. The radeondrm(4) driver was updated to code based on Linux 4.4.155. IEEE 802.11 wireless stack improvements The OpenBSD 6.4 has a new 'join' feature (managed with ifconfig(8)) using which the kernel manages automatic switching between different WiFi networks. Also, the ifconfig(8) scan performance has been improved for many devices. Generic network stack improvements Addition of a new eoip(4) interface for the MikroTik Ethernet over IP (EoIP) encapsulation protocol. Also, new global IPsec counters are available via netstat(1). The trunk(4) now has LACP administrative knobs for mode, timeout, system priority, port priority, and ifq priority. Security improvements OpenBSD 6.4 introduces a new RETGUARD security mechanism on amd64 and arm64. Here, one can use per-function random cookies to protect access to function return instructions, making them harder to use in ROP gadgets. It also includes an added SpectreRSB mitigation on amd64 and an added Intel L1 Terminal Fault mitigation on amd64. clang(1) includes a pass that identifies common instructions which may be useful in ROP gadgets and replaces them with safe alternatives on amd64 and i386. The Retpoline mitigation against Spectre Variant 2 has been enabled in clang(1) and in assembly files on amd64 and i386. The amd64 now uses eager-FPU switching to prevent FPU state information speculatively leaking across protection boundaries. Simultaneous MultiThreading (SMT) uses core resources in a shared and unsafe manner, it is now disabled by default. It can be enabled with the new hw.smt sysctl(2) variable. The audio recording feature is now disabled by default and can be enabled with the new kern.audio.record sysctl(2) variable. The getpwnam(3) and getpwuid(3) no longer return a pointer to static storage but a managed allocation which gets unmapped. This allows detection of access to stale entries. sshd(8) includes improved defence against user enumeration attacks. To know more about the other features in detail, head over to the OpenBSD 6.4 release log. KUnit: A new unit testing framework for Linux Kernel The kernel community attempting to make Linux more secure  

Today, the team at Dejavu announced a new version update to the open-source browser of ElasticSearch. Dejavu 2.0 is now generally available and comes with upgrades like search previews, improvements to the UI, better navigation and much more. While working with NoSQL databases or Elasticsearch, Dejavu helps users to import data, map it to data types, create and share filtered data views, and export this data out. Features of Dejavu 2.0 The browser now comes with a Search preview Functionality which will enable viewers to create a visual search UI from their Elasticsearch index. The browser has a better UI color scheme. The team has added navigation to help users perform tasks like importing their dataset via Import,  browsing data via Browse, performing Search Preview and managing their schemas using Mappings View. In the previous version of the browser, when a user tried to perform a query, it showed ‘Refused to execute JavaScript URL’, because it violated a certain Content Security Policy directive. The issue stands fixed and Dejavu's chrome extension can run in incognito mode after being enabled by a user. Another suggestion when creating mappings via Dejavu's UI was to use ignore_above setting. This could be done to ignore very long characters from being set as keyword. Now, the Mappings created from Dejavu's UI set an ignore_above value to set a max term limit to 256 which is the same as ElasticSearch's default limit. In the previous version, when trying to add a URL with a / at the end of it, Dejavu threw an authentication error. This bug now stands fixed. Dejavu's build process dropped the use of Bower, resulting in more maintainability. Why use Dejavu? Dejavu allows users to connect to any of the indexes present in their cluster. It makes clusters easily accessible while browsing as it caches each connected index locally. Visual filters allow sorting through data, finding information visually, hiding irrelevant data and helps users interpret all the numbers and text they see. Based on the ElasticSearch query, Dejavu shows filtered views, as well as bulk updating or deleting documents via the query DSL. Besides this, the browser supports an infinite scroll based UI. Users can also update and delete data either individually or via queries in bulk. You can check out the GitHub page for more information on the other features of Dejavu as well as its comparison with other data browsers. After this update, the team is focusing on completely rewriting Dejavu to improve its performance. The browser will then support multi-index and full cluster views out of the box. It will allow a configurable page size view while supporting a mobile responsive view mode. You can head over to their Github Page to know more about the features of this release. How does Elasticsearch work? [Tutorial] How to perform Numeric Metric Aggregations with Elasticsearch Installing and Configuring X-pack on Elasticsearch and Kibana