Microsoft has whipped the covers off yet another take on code-in-the-browser with a lightweight version of Visual Studio Code, while unveiling the version 1.0 release of support for Red Hat Java in the freebie source wrangler.

It comes after last month's preview of the code editor that runs entirely in the browser, and will doubtless have some users pondering the difference between this and Microsoft-owned GitHub's github.dev, which also pops a development environment into the browser. One of the biggest of those differences is a lack of compulsory integration with the VS source-shack; this is unavoidable with github.dev (the clue is, after all, in the URL.)

VSCode.dev, on the other hand, will permit the opening up of a file from a local device (if the browser allows it and supports the File System Access API) in what looks for all the world like an instance of Visual Studio Code, except surrounded by the gubbins of a browser.

We fired it up on Chrome, Edge and Safari without issue. Developers will be unsurprised to learn that Internet Explorer was not happy with whatever was going on behind the scenes and vomited up a blank screen. The Chromium browser on a Raspberry Pi-400 worked well and even Safari on an iPhone produced a useable environment, if perhaps more suitable for a keen-eyed masochist.

As for what one can do, the answer is... not a huge amount by virtue of what is possible locally in the browser. For full-on remote development and debugging, something like Gitpod or the aforementioned GitHub Codespaces is a better bet (and, unsurprisingly, moving to the latter is relatively straightforward.)

That said, the convenience of being able to view and edit files, and review PRs without requiring a full install is undeniable. Particularly in places where the desktop version of Visual Studio Code fears to tread.

Very much requiring the desktop version of Visual Studio Code (if one wants to spit out apps) is the long-awaited version 1.0 of the Java extension, more than five years after Red Hat first announced it.

It has taken a while (and a good many iterations) and this week's emission, replete with Java 17 support, represents quite the milestone. Performance has been upped, and the language server is more responsive, according to Microsoft, and there's some basic Kotlin support.

In the future, the team plans to embed a Java runtime in the extension and continue working on the performance of language server. This would be handy, because when we took the extension for a spin, we wouldn't describe it as eye-poppingly quick. More "acceptable".

As for alternatives, the team is looking to "eventually reach feature parity" with what is on offer in the Eclipse Java IDE. However, for Java-wrangling Visual Studio Code users right now, this release 1.0 will be more than welcome.

View post:

Developers offered browser-based fun in VSCode.dev and Java action in Visual Studio Code - The Register

A Florida man has been accused of breaking the copyleft license of Mastodon by running an online instance of the software without providing its source code as required.

And not only that, the real-estate baron and wannabe tech tycoon has been told he has a month to fall in line with the fine print or put himself potentially at risk further action.

Mastodon is a Twitter-like microblogging service that you host yourself. Servers running this software can form a larger, decentralized social network.

The code is made available under version three of the Affero GPL. That means if someone modifies the software and runs it as a network-accessible service, such as a website, their users need to be offered a way to get hold of that customized source.

The aforementioned Palm Beach businessman, known for his failed casino, discontinued line of steaks, and a recent stint in public office, chairs an online media group that this week promised to launch a social network for selected users next month. A wider rollout is expected in the new year following a period of beta testing, apparently.

The web service, which alleges it wants to foster "honest global conversation without discriminating against political ideology," has curiously in its terms-of-use banned one of its supremo's most favorite things in the whole wide world: "excessive use of capital letters."

After an announcement went out about the social network, netizens found they were able to sign up early at will to what looked like a test deployment of the platform, and posted prank announcements and other material on it. Someone was even able to create a profile in the name of the cancelled reality TV star, using it to share a photo of a pig defecating on itself.

The service, which was soon taken down, appeared to be powered by a version of Mastodon modified to mostly remove any mention of its origins, though its HTML source and design signaled where the code came from.

Now the Software Freedom Conservancy a non-profit that defends free software and just now sued TV manufacturer Vizio for allegedly breaking the GPL has called out the half-baked social network project, accusing it of violating the Affero GPL by not distributing its modified source code as necessary. The platform has 30 days to remedy the situation, and if it doesn't, it opens itself to legal action.

Bradley Kuhn, a policy fellow at the conservancy, said in a statement on Thursday that "early evidence strongly supports" claims that the social network was "based on the AGPLv3'd Mastodon software platform."

"Many users were able to create accounts and use it briefly," he continued.

"However, when you put any site on the internet licensed under AGPLv3, the AGPLv3 requires that you provide to every user an opportunity to receive the entire corresponding source for the website based on that code. These early users did not receive that source code."

Kuhn also said "very public requests" for the code were being ignored, adding that the source code must be made available by the online media group:

Also, addressing concerns that the social network was compromised by pranksters, Kuhn concluded:

Spokespeople for the botched social network did not reply to a request for further comment.

Originally posted here:

Florida man accused of breaking Mastodon's open-source license with botched social network launch - The Register

A remote code execution vulnerability existed in an old and free trial version of WinRAR, according to infosec firm Positive Technologies.

While a vuln in version 5.7 of WinRAR may not seem like an immediate threat given that version was first released two years ago and has been superseded since, simple shareware/free-to-use software has a habit of being used long after its due date.

The vuln, tracked as CVE-2021-35052, has since been patched. Users should check their installed versions of WinRAR and update if it isn't v 6.02 or later, though the practicality of the attack seems limited unless your device or network is first compromised by other means.

WinRAR offers users a free trial licence before gently nagging users to buy a licence. Its most closely associated file compression format, the .rar archive, is not opened by Windows Explorer so WinRAR is popular among those who have to work with the format, or those who simply had to download a .rar archive once and needed a utility to open it.

Positive Technologies' Igor Sak-Sakovskiy acknowledged that many people have old versions of WinRAR installed in his firm's blog post about the vuln, writing: "We had installed and used the application for some period."

The RCE itself could be induced through a WinRAR dialogue box which happened to spawn an Internet Explorer instance.

"This window uses mshtml.dll implementation for Borland C++ in which WinRAR has been written," noted Positive Technologies. Sniffing WinRAR traffic with Burp Suite allowed researchers to identify and then modify traffic being sent to and from the dialogue box.

If the dialogue box received an HTTP 301 response indicating a permanent redirect away from WinRAR's servers, it would faithfully follow that allowing the researchers to send it wherever they liked and inject their own content into the box.

Spoofed address resolution protocol (ARP) packets sent to the dialogue box from a hostile domain gave the researchers enough access to retrieve localhost information, run Windows Calculator, and so on. File types that could be opened without triggering further warnings in Windows, according to Positive Technologies, included Word documents, PDFs, Python scripts and .rar archives.

We have asked WinRAR for comment; CVE-2021-35052 was fixed back in July when the vuln was first discovered. WinRAR noted: "Such attacks are only possible if the intruder has managed to spoof or otherwise control user's DNS records."

A couple of years ago a nearly-two-decades-old bug was found in WinRAR, affecting an ancient file compression format first developed in the 1990s.

As for Positive Technologies, the Russian company was sanctioned by the US government earlier this year, with America alleging the firm had passed vulns to Russian state hackers instead of disclosing them. The firm has strenuously denied this and continues to publish security research.

Application security expert Sean Wright said of the vuln: "Remote Code Execution vulnerabilities should always be taken seriously and handled with a sense of urgency, as the risk they pose is significant.

"Even so, in the case of WinRAR's vulnerable trial, the likelihood of an attacker being able to successfully exploit the vulnerability in question seems fairly limited, as there are a number of conditions and stages that the victim would need to fulfil before the attacker could achieve RCE.

"Interestingly, the vulnerability highlights some of the challenges developers face when combining web application functionality within a traditional desktop application. This opens up the application to many of the vulnerabilities which web applications face within a desktop application. The end result is the threat profile being increased."

Here is the original post:

We regret to inform you there's an RCE vuln in old version of WinRAR. Yes, the file decompression utility - The Register

Microsoft has further teased the arrival of the Windows Subsystem for Android by detailing how the platform will work via a newly published document for Windows Insiders.

The document, spotted by inveterate Microsoft prodder "WalkingCat" makes for interesting reading for developers keen to make their applications work in the Windows Subsystem for Android (WSA).

WSA itself comprises the Android OS based on the Android Open Source Project 1.1 and, like the Windows Subsystem for Linux, runs in a virtual machine.

This is currently on the Windows Insider blog. (Note the "LINK COMING SOON")

The brief note details how developers should set things up in Windows 11, deal with the inputs and outputs of Microsoft's wares and finally submit apps. The latter step requires the use of the Amazon app-store.

"Your device," warned Microsoft ominously, "also must meet specific Windows 11 requirements."

The document was rapidly followed by a lengthier blog post detailing the tech's arrival for Windows Insiders.

To kick things off, the Amazon Appstore (or an Android or Amazon app from the Microsoft Store) must be installed, which will also install the WSA. Once set up, a Settings app permits developers to adjust the platform, which includes options to disable hardware-accelerated graphics and choose whether or not WSA should be continually open in the background (and thus speed the opening of apps.)

Dev Channel Insiders on the bleeding edge of things might be forgiven for feeling a little left out, as - for the time being at least - the initial preview appears targeted at Windows Insiders in the Beta Channel.

In addition, only US users with a US-based Amazon account need apply (so a simple switch of Windows region is unlikely to do the trick.)

Other elements for app developers to consider are mouse and keyboard input on Windows devices. Resizing of the app (since it will be in-window) also merits consideration. "Android apps running on Windows 11," said Microsoft, "can be freely resized, should be responsive in their resizing, and can be snapped using Windows actions/gestures."

As expected, ARM applications will run on x86-based processors, although at an as-yet unknown cost to performance. "For optimal performance please submit your application for the x86-64 architecture," said Microsoft.

Android applications on Windows 11 were trailed by Windows supremo Panos Panay during an occasionally wobbly stream unveiling the operating system in June. Intel Bridge Technology was required to work the magic, comprising a runtime post-compiler to permit ARM apps to fire up on AMD and Intel devices.

Amazon has also trumpeted the coming of the its Appstore (and a "limited selection" of apps) to Windows 11 today.

Read this article:

Microsoft unveils Android apps for Windows 11 (for US users only) - The Register

Twilioquest

Writing code is a skill almost anyone can make use of, and now theres a video game that will teach you how.

Set in an old school, Super Nintendo-like, 16-bit world, TwilioQuest teaches common coding languages like Python, JavaScript, and Open Source and combines the satisfying sense of progression inherent in role-playing games, with actual skills instead of virtual ones, allowing users to level-up in real life just as they level-up in the game.

Twilio is now releasing a version 3.2 of the game, which is free for Windows, Mac, and Linux systems, and which features better graphics and more levels, as well as a feature that allows players to code their own additional extensions into the game.

This peculiar way of teaching started back in 2013, and is now welcoming other platforms to contribute to the games content, such as media processing-software company Cloudinary, who are currently designing an extension to teach players how to use their video-processing APIs, a body of code that provides access to server infrastructure necessary to deliver video content.

Our mission is to unlock the imagination of builders, CEO Jeff Lawson told Fast Company.

MORE: Boys Who Play Video Games Linked With Lower Depression Risk, UK Shows Study

Each level is set to a different language. For Python coders, there are adventures in The Pythonic Temple, or you could risk a trek through The Forest of Open Source.

Their most recent level is The Arcane Academy of API Arts, set in a wizardry school reminiscent of the one in Harry Potter or The Magicians.

TwilioQuests popularity (its even used in middle and high schools as a fun way to help kids practice coding skills) is naturally beneficial to Twilio, a cloud-based communications company which offers clients solutions for video APIs, and automated emailing and text messaging.

But the lean team of just six developers responsible for making and updating TwilioQuest is proud of their work, and plan to continually introduce many, many more features over time to expand the capacity of their user base to develop their skills.

RELATED: Video Game Industry Is Nudging 250 Million Gamers To Protect The Planet

Being a fellow nerd who definitely did play a bunch of Chrono Trigger and other classics of the 16-bit era, the metaphor of a role-playing game where you could kind of level up at your own pace seemed like a useful thing to build upon for training, Kevin Whinnery, the games creator and head of the TwilioQuest team, told Fast Company.

(WATCH the TwilioQuest video below.)

CODE a Little Good News Into Mates Feeds by Sharing This Story

View original post here:

Want to Learn to Code? This Nintendo-Style Video Game Will Teach You And It's Free - Good News Network

Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.

It has been a while coming. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year (https://www.theregister.com/2021/03/03/microsoft_ups_security/) and as 2021 nears its end appears to have delivered, in preview form at least.

The company's rival in the conference calling space, Zoom, added E2EE for all a year ago, making Microsoft rather late to the privacy party. COO at Matrix-based communications and collaboration app Element, Amandine Le Pape, told The Register that the preview, although welcome, was "long overdue."

"It's worth noting," she went on, "that even if the calls are encrypted, users will be completely dependent on a single supplier (Microsoft) to host and secure them - they are putting all their eggs in one basket. Meanwhile, text chat and voip/video conferences remain unencrypted."

Then again, as Element found to its embarrassment, everything in E2EE is not entirely straightforward after a whoopsie in the Matrix key sharing scheme could have resulted in the compromise of user keys.

As for Microsoft's implementation in Teams, only real-time media flow (voice and video) for one-to-one calls can be encrypted and the feature must first be enabled by an administrator before users can turn it on. It is not activated by default.

4 stories

The platforms are a bit limited too. The latest Teams desktop client for Windows or Mac is needed, or an up to date app on iOS and Android. Once a user turns on E2EE in one place, however, it will be turned on for all their other supported endpoints. Teams' Public Switched Telephone Network (PSTN) functionality does not support E2EE and chat in E2EE calls remains secured by Microsoft 365 encryption.

Other features such as live captioning and transcription, call transfer and merging or adding another participant to turn a one-to-one call into a group call are not supported, although Microsoft said: "We will work to bring end-to-end encryption capabilities to online meetings later."

In the meantime, customers will just have to put their faith in Microsoft 365 encryption where E2EE is not an option.

See the original post:

Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls - The Register

In this article, we will talk about how you can add a secondary taskbar clock on a secondary monitor on Windows 11. Windows 11 is officially out for all the eligible users and as we have already reported, it has a lot of new and redesigned features. One of the prominent upgrades is the enhanced taskbar in Windows 11. As the taskbar is redesigned and written in the modern language from scratch, it has lost some features in Windows 11. The lost features include no taskbar context menu, no option to lock the taskbar, Show Desktop button is removed, etc.

Windows 11s taskbar has also lost another significant feature which is showing a clock on the other connected displays/ screens. The date and time are no more shown on the secondary displays in Windows 11, unlike Windows 10. However, it is not like you just cant add a clock to the secondary taskbar in Windows 11. There is a way out. Here, we are going to show you how you can add a clock to the taskbar on a secondary display on Windows 11.

To be able to show the date and time on all your monitors and screens in Windows 11, we will be using a third-party application called ElevenClock. It is free and open-source software that enables you to add a secondary taskbar clock on Windows 11 which the new OS is missing as of now. As the software is open-source, you can also download and study its source code. The source code and the executable file are available on GitHub. However, this application can only be used for non-commercial usage as instructed by its developer.

Now, let us find out the features this application has to offer and how you can use it.

TIP: How to show Taskbar across multiple monitors in Windows 11

There are a lot of good functions offered by this software. Here are some of the key features to look forward to in this useful app called ElevenClock:

So, these are the good features of ElevenClock. Now, let us find out how exactly to use this app to add a taskbar clock on your secondary monitor on Windows 11 PC.

Read: How to show Multiple Clocks on Windows Taskbar.

Here are the main steps to add a taskbar clock on your secondary monitor on Windows 11:

Firstly, download the installer of this handy application from github.com. After that, run the installer to initiate the installation of this software. You will have to bypass Windows Defender SmartScreen by clicking on the Run anyway button. Then, proceed with the onscreen instruction to install the software on your Windows 11 PC.

Now, launch ElevenClock and a clock will be added to your taskbar on the secondary monitor. This app sits in the system tray on your primary taskbar. You can easily access it from there. Also, it runs on Windows startup by default. So, whenever you restart your PC with dual monitors, it will display a clock on your secondary taskbar.

See: How to add a day of the week to Taskbar Clock?

Furthermore, you can open the ElevenClock settings and customize various clock settings, You can enable or disable options including Hide the clock in the fullscreen mode, Hide the clock when RDP client is active, Force the clock to be at the bottom of the screen, Force the clock to have white text, and Show the clock at the left of the screen.

You can also configure date and time settings as per your preferences.

It lets you enable or disable options like show seconds on the clock, show date on the clock, and show time on the clock. You can also change the date and time format i.e., regional settings.

Simply click on the Regional settings button present under the Date & Time Settings section and then you will be able to select and configure date and time format, language, etc.

Read: How to display seconds in Taskbar Clock in Windows 11/10.

You can easily enable extended display on Windows 11 by using its Settings app. Here are the steps you can follow to do that:

Now the displays will be extended to connected monitors.

See: How to add a clock to Start Menu using Alarms & Clock app in Windows.

The extended display might not be working due to incorrect display settings. So, first, make sure you have chosen the Extend these displays option under the Settings > System > Display. If the settings are good, there might be some other reasons behind the extended display not working. To fix it up, make sure you have installed all pending Windows updates and updated your GPU drivers. Other than that, you can also try disconnecting all peripherals and checking the cable connection that the monitor is properly connected to your system. If this doesnt work for you, you can try using a different port to plug in the secondary display on your PC.

Read: Windows Clock Time wrong? Here is the working fix for Windows 11.

The answer is Yes. You can connect 4 displays on Windows 11/10 via DVI, VGA, or HDMI cables provided that your display and graphics card driver support additional hardware.

Now read: Best free Time synchronization software for Windows PC.

Visit link:

How to add Taskbar Clock on Secondary Monitor in Windows 11 - TWCN Tech News

Apple's seventh-gen Watch has managed to maintain its iFixit repairability rating on a par with the last model unlike its smartphone sibling.

The iFixit team found the slightly larger display of the latest Apple Watch a boon for removal via heat and a suction handle. Where the previous generation required a pair of flex folds in its display, the new version turned out to be simpler, with just the one flex.

Things are also slightly different within the watch itself. Apple's diagnostic port has gone and the battery is larger. That equates to a slight increase in power (1.094Wh from 1.024Wh between 40mm S6 and 41mm S7) which, when paired with the slightly hungrier display, means battery life is pretty much unchanged.

Components of the Watch ... Source: iFixit. Click to enlarge

Other than some tweaks to the speaker modules, the team noted that changes were "small, but impactful." Pulling things apart was simply less effort, with the Taptic Engine being released without recourse to fiddly brackets and, perhaps most importantly, components being swappable.

The latter is in marked contrast to the latest iPhone Pro.

The team were able to switch screens and Taptic Engine modules between Series 7 watches with little drama and all features still working. A battery lifted from a Series 6 also worked in the latest model.

"Not exactly recommended," the team observed, "but nice to know it works in a pinch!"

It all meant that while the repairability score of the iPhone Pro dropped to a 5 out of 10 this iteration, the Apple Watch has clung to its 6. Marks were added for the modular construction and ease of access but deducted for the fact the screen would need to be deglued and reglued for every repair.

Bonus points for the straps still being swappable, right back to the original.

Originally posted here:

While the iPhone's repairability is in the toilet, at least the Apple Watch 7 is as fixable as the previous model - The Register

Credit: Microsoft

Microsoft made available on October 20 a preview version of its Visual Studio Code (VS Code) tool for the Web. VSCode for the Web enables developers to use a lighter-weight version of VSCode directly in the browser without having to install it on their PCs.

By going to https://vscode.dev, users can get a version of VS Code that works in their browsers. Officials are calling it a "zero-installation local development tool."

Microsoft officials suggested several scenarios where people might want VS Code for the Web. Among them: Local file viewing and editing for taking notes quickly and previewing in Markdown; building client-side HTML, JavaScript and CSS applications in conjunction with he browser tools for debugging; editing code on machines where it's not easy to install VS Code, such as Chromebooks; and even developing on iPads.

Browsers that support the File System Access APIs -- which means Microsoft Edge and Google Chrome so far -- are supported. And if a browser doesn't yet support local File System Access APIs, users still will be able to open individual files by uploading and downloading them via the browser.

"Bringing VS Code to the browser is the realization of the original vision for the product. It is also the start of a completely new one. An ephemeral editor that is available to anyone with a browser and an internet connection is the foundation for a future where we can truly edit anything from anywhere," Microsoft's blog post concluded.

View post:

Microsoft makes its VS Code tool available directly in the browser - ZDNet

Arm is putting virtual models of its chip designs in the cloud so developers can write and test applications before the physical hardware gets into their hands.

The Arm Virtual Hardware offering is part of new product portfolio called "ARM Total Solutions for IoT." Cringe-worthy marketing jargon aside, Arm wants to give developers a head-start in coding for Internet of Things applications, like cars, robots and refrigerators.

Here's how it works.

Arm licenses chip designs and intellectual property for chips used in devices ranging from battery-operated devices to cars and servers. Once Arm releases the building blocks for chips to silicon partners, it will also make a virtual representation of the chip stack available to developers in the cloud.

Developers can then start writing, testing and debugging applications and test them on simulated hardware. Historically everything happened in sequence, with ARM releasing chip design IP to silicon providers, and there was a three-year wait before development of apps could begin.

Now, chip design and software development can happen almost in parallel, Mohamed Awad, vice president of IoT and Embedded at Arm, told The Register.

"It represents a new way for software developers to innovate and develop for all those diverse devices, but they can do so in the cloud without hardware," Awad said.

This is the first time Arm is offering virtual hardware, and it'll initially be for IoT, Awad said.

The Virtual Hardware will initially be available for the Corstone-300 subsystem from Arm SoC partners, incorporating the Arm Cortex M55 AI processor and Arm Ethos U55 microNPU.

Awad declined to say whether something similar would be available for mobile chip designs, and he highlighted why it needed to first be in IoT.

The overwhelming number and diversity of IoT chips makes it costly and challenging to test and deploy software, and virtual hardware provides a better model on which to program. Compare that to mobile phones, which replicates one chip design over a number of devices.

Testing software on virtual hardware isn't new, with examples being flight simulation and wind-tunnel testing in engineering applications.

Arm is relying on a modern development methodology called DevOps, an iterative software cycle so developers can track performance improvements, the quality of code, and achieve a level of comfort for code across a range of devices, all while the chip is being developed. The iterative and collaborative DevOps methodology is used by Amazon, Facebook and Google to quickly deploy code to test new features in their products.

"Arm Virtual Hardware allows them to do that in the cloud ... as opposed to what they had to do before which was just have a massive hardware farm and run flash on those devices every time they had to make the code change," Awad said.

Amazon used Arm Virtual Hardware to test Alexa features on a myriad of devices, Awad said. Amazon gave its wake word recognition software to multiple vendors for use in devices like fridges and thermostat. Amazon used Arm Virtual Hardware to virtually test the code and it's performance without deploy hundreds of hardware units using that feature.

The company also announced Project Centauri as part of ARM Total Solutions for IoT, which is an effort to find a common language on which devices, chips and cloud services can interface and talk.

Go here to see the original:

Arm puts virtual hardware in the cloud so you won't have to wait for the actual chips - The Register