Microsoft has further teased the arrival of the Windows Subsystem for Android by detailing how the platform will work via a newly published document for Windows Insiders.

The document, spotted by inveterate Microsoft prodder "WalkingCat" makes for interesting reading for developers keen to make their applications work in the Windows Subsystem for Android (WSA).

WSA itself comprises the Android OS based on the Android Open Source Project 1.1 and, like the Windows Subsystem for Linux, runs in a virtual machine.

This is currently on the Windows Insider blog. (Note the "LINK COMING SOON")

The brief note details how developers should set things up in Windows 11, deal with the inputs and outputs of Microsoft's wares and finally submit apps. The latter step requires the use of the Amazon app-store.

"Your device," warned Microsoft ominously, "also must meet specific Windows 11 requirements."

The document was rapidly followed by a lengthier blog post detailing the tech's arrival for Windows Insiders.

To kick things off, the Amazon Appstore (or an Android or Amazon app from the Microsoft Store) must be installed, which will also install the WSA. Once set up, a Settings app permits developers to adjust the platform, which includes options to disable hardware-accelerated graphics and choose whether or not WSA should be continually open in the background (and thus speed the opening of apps.)

Dev Channel Insiders on the bleeding edge of things might be forgiven for feeling a little left out, as - for the time being at least - the initial preview appears targeted at Windows Insiders in the Beta Channel.

In addition, only US users with a US-based Amazon account need apply (so a simple switch of Windows region is unlikely to do the trick.)

Other elements for app developers to consider are mouse and keyboard input on Windows devices. Resizing of the app (since it will be in-window) also merits consideration. "Android apps running on Windows 11," said Microsoft, "can be freely resized, should be responsive in their resizing, and can be snapped using Windows actions/gestures."

As expected, ARM applications will run on x86-based processors, although at an as-yet unknown cost to performance. "For optimal performance please submit your application for the x86-64 architecture," said Microsoft.

Android applications on Windows 11 were trailed by Windows supremo Panos Panay during an occasionally wobbly stream unveiling the operating system in June. Intel Bridge Technology was required to work the magic, comprising a runtime post-compiler to permit ARM apps to fire up on AMD and Intel devices.

Amazon has also trumpeted the coming of the its Appstore (and a "limited selection" of apps) to Windows 11 today.

Read this article:

Microsoft unveils Android apps for Windows 11 (for US users only) - The Register

Twilioquest

Writing code is a skill almost anyone can make use of, and now theres a video game that will teach you how.

Set in an old school, Super Nintendo-like, 16-bit world, TwilioQuest teaches common coding languages like Python, JavaScript, and Open Source and combines the satisfying sense of progression inherent in role-playing games, with actual skills instead of virtual ones, allowing users to level-up in real life just as they level-up in the game.

Twilio is now releasing a version 3.2 of the game, which is free for Windows, Mac, and Linux systems, and which features better graphics and more levels, as well as a feature that allows players to code their own additional extensions into the game.

This peculiar way of teaching started back in 2013, and is now welcoming other platforms to contribute to the games content, such as media processing-software company Cloudinary, who are currently designing an extension to teach players how to use their video-processing APIs, a body of code that provides access to server infrastructure necessary to deliver video content.

Our mission is to unlock the imagination of builders, CEO Jeff Lawson told Fast Company.

MORE: Boys Who Play Video Games Linked With Lower Depression Risk, UK Shows Study

Each level is set to a different language. For Python coders, there are adventures in The Pythonic Temple, or you could risk a trek through The Forest of Open Source.

Their most recent level is The Arcane Academy of API Arts, set in a wizardry school reminiscent of the one in Harry Potter or The Magicians.

TwilioQuests popularity (its even used in middle and high schools as a fun way to help kids practice coding skills) is naturally beneficial to Twilio, a cloud-based communications company which offers clients solutions for video APIs, and automated emailing and text messaging.

But the lean team of just six developers responsible for making and updating TwilioQuest is proud of their work, and plan to continually introduce many, many more features over time to expand the capacity of their user base to develop their skills.

RELATED: Video Game Industry Is Nudging 250 Million Gamers To Protect The Planet

Being a fellow nerd who definitely did play a bunch of Chrono Trigger and other classics of the 16-bit era, the metaphor of a role-playing game where you could kind of level up at your own pace seemed like a useful thing to build upon for training, Kevin Whinnery, the games creator and head of the TwilioQuest team, told Fast Company.

(WATCH the TwilioQuest video below.)

CODE a Little Good News Into Mates Feeds by Sharing This Story

View original post here:

Want to Learn to Code? This Nintendo-Style Video Game Will Teach You And It's Free - Good News Network

A remote code execution vulnerability existed in an old and free trial version of WinRAR, according to infosec firm Positive Technologies.

While a vuln in version 5.7 of WinRAR may not seem like an immediate threat given that version was first released two years ago and has been superseded since, simple shareware/free-to-use software has a habit of being used long after its due date.

The vuln, tracked as CVE-2021-35052, has since been patched. Users should check their installed versions of WinRAR and update if it isn't v 6.02 or later, though the practicality of the attack seems limited unless your device or network is first compromised by other means.

WinRAR offers users a free trial licence before gently nagging users to buy a licence. Its most closely associated file compression format, the .rar archive, is not opened by Windows Explorer so WinRAR is popular among those who have to work with the format, or those who simply had to download a .rar archive once and needed a utility to open it.

Positive Technologies' Igor Sak-Sakovskiy acknowledged that many people have old versions of WinRAR installed in his firm's blog post about the vuln, writing: "We had installed and used the application for some period."

The RCE itself could be induced through a WinRAR dialogue box which happened to spawn an Internet Explorer instance.

"This window uses mshtml.dll implementation for Borland C++ in which WinRAR has been written," noted Positive Technologies. Sniffing WinRAR traffic with Burp Suite allowed researchers to identify and then modify traffic being sent to and from the dialogue box.

If the dialogue box received an HTTP 301 response indicating a permanent redirect away from WinRAR's servers, it would faithfully follow that allowing the researchers to send it wherever they liked and inject their own content into the box.

Spoofed address resolution protocol (ARP) packets sent to the dialogue box from a hostile domain gave the researchers enough access to retrieve localhost information, run Windows Calculator, and so on. File types that could be opened without triggering further warnings in Windows, according to Positive Technologies, included Word documents, PDFs, Python scripts and .rar archives.

We have asked WinRAR for comment; CVE-2021-35052 was fixed back in July when the vuln was first discovered. WinRAR noted: "Such attacks are only possible if the intruder has managed to spoof or otherwise control user's DNS records."

A couple of years ago a nearly-two-decades-old bug was found in WinRAR, affecting an ancient file compression format first developed in the 1990s.

As for Positive Technologies, the Russian company was sanctioned by the US government earlier this year, with America alleging the firm had passed vulns to Russian state hackers instead of disclosing them. The firm has strenuously denied this and continues to publish security research.

Application security expert Sean Wright said of the vuln: "Remote Code Execution vulnerabilities should always be taken seriously and handled with a sense of urgency, as the risk they pose is significant.

"Even so, in the case of WinRAR's vulnerable trial, the likelihood of an attacker being able to successfully exploit the vulnerability in question seems fairly limited, as there are a number of conditions and stages that the victim would need to fulfil before the attacker could achieve RCE.

"Interestingly, the vulnerability highlights some of the challenges developers face when combining web application functionality within a traditional desktop application. This opens up the application to many of the vulnerabilities which web applications face within a desktop application. The end result is the threat profile being increased."

Here is the original post:

We regret to inform you there's an RCE vuln in old version of WinRAR. Yes, the file decompression utility - The Register

Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.

It has been a while coming. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year (https://www.theregister.com/2021/03/03/microsoft_ups_security/) and as 2021 nears its end appears to have delivered, in preview form at least.

The company's rival in the conference calling space, Zoom, added E2EE for all a year ago, making Microsoft rather late to the privacy party. COO at Matrix-based communications and collaboration app Element, Amandine Le Pape, told The Register that the preview, although welcome, was "long overdue."

"It's worth noting," she went on, "that even if the calls are encrypted, users will be completely dependent on a single supplier (Microsoft) to host and secure them - they are putting all their eggs in one basket. Meanwhile, text chat and voip/video conferences remain unencrypted."

Then again, as Element found to its embarrassment, everything in E2EE is not entirely straightforward after a whoopsie in the Matrix key sharing scheme could have resulted in the compromise of user keys.

As for Microsoft's implementation in Teams, only real-time media flow (voice and video) for one-to-one calls can be encrypted and the feature must first be enabled by an administrator before users can turn it on. It is not activated by default.

4 stories

The platforms are a bit limited too. The latest Teams desktop client for Windows or Mac is needed, or an up to date app on iOS and Android. Once a user turns on E2EE in one place, however, it will be turned on for all their other supported endpoints. Teams' Public Switched Telephone Network (PSTN) functionality does not support E2EE and chat in E2EE calls remains secured by Microsoft 365 encryption.

Other features such as live captioning and transcription, call transfer and merging or adding another participant to turn a one-to-one call into a group call are not supported, although Microsoft said: "We will work to bring end-to-end encryption capabilities to online meetings later."

In the meantime, customers will just have to put their faith in Microsoft 365 encryption where E2EE is not an option.

See the original post:

Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls - The Register

In this article, we will talk about how you can add a secondary taskbar clock on a secondary monitor on Windows 11. Windows 11 is officially out for all the eligible users and as we have already reported, it has a lot of new and redesigned features. One of the prominent upgrades is the enhanced taskbar in Windows 11. As the taskbar is redesigned and written in the modern language from scratch, it has lost some features in Windows 11. The lost features include no taskbar context menu, no option to lock the taskbar, Show Desktop button is removed, etc.

Windows 11s taskbar has also lost another significant feature which is showing a clock on the other connected displays/ screens. The date and time are no more shown on the secondary displays in Windows 11, unlike Windows 10. However, it is not like you just cant add a clock to the secondary taskbar in Windows 11. There is a way out. Here, we are going to show you how you can add a clock to the taskbar on a secondary display on Windows 11.

To be able to show the date and time on all your monitors and screens in Windows 11, we will be using a third-party application called ElevenClock. It is free and open-source software that enables you to add a secondary taskbar clock on Windows 11 which the new OS is missing as of now. As the software is open-source, you can also download and study its source code. The source code and the executable file are available on GitHub. However, this application can only be used for non-commercial usage as instructed by its developer.

Now, let us find out the features this application has to offer and how you can use it.

TIP: How to show Taskbar across multiple monitors in Windows 11

There are a lot of good functions offered by this software. Here are some of the key features to look forward to in this useful app called ElevenClock:

So, these are the good features of ElevenClock. Now, let us find out how exactly to use this app to add a taskbar clock on your secondary monitor on Windows 11 PC.

Read: How to show Multiple Clocks on Windows Taskbar.

Here are the main steps to add a taskbar clock on your secondary monitor on Windows 11:

Firstly, download the installer of this handy application from github.com. After that, run the installer to initiate the installation of this software. You will have to bypass Windows Defender SmartScreen by clicking on the Run anyway button. Then, proceed with the onscreen instruction to install the software on your Windows 11 PC.

Now, launch ElevenClock and a clock will be added to your taskbar on the secondary monitor. This app sits in the system tray on your primary taskbar. You can easily access it from there. Also, it runs on Windows startup by default. So, whenever you restart your PC with dual monitors, it will display a clock on your secondary taskbar.

See: How to add a day of the week to Taskbar Clock?

Furthermore, you can open the ElevenClock settings and customize various clock settings, You can enable or disable options including Hide the clock in the fullscreen mode, Hide the clock when RDP client is active, Force the clock to be at the bottom of the screen, Force the clock to have white text, and Show the clock at the left of the screen.

You can also configure date and time settings as per your preferences.

It lets you enable or disable options like show seconds on the clock, show date on the clock, and show time on the clock. You can also change the date and time format i.e., regional settings.

Simply click on the Regional settings button present under the Date & Time Settings section and then you will be able to select and configure date and time format, language, etc.

Read: How to display seconds in Taskbar Clock in Windows 11/10.

You can easily enable extended display on Windows 11 by using its Settings app. Here are the steps you can follow to do that:

Now the displays will be extended to connected monitors.

See: How to add a clock to Start Menu using Alarms & Clock app in Windows.

The extended display might not be working due to incorrect display settings. So, first, make sure you have chosen the Extend these displays option under the Settings > System > Display. If the settings are good, there might be some other reasons behind the extended display not working. To fix it up, make sure you have installed all pending Windows updates and updated your GPU drivers. Other than that, you can also try disconnecting all peripherals and checking the cable connection that the monitor is properly connected to your system. If this doesnt work for you, you can try using a different port to plug in the secondary display on your PC.

Read: Windows Clock Time wrong? Here is the working fix for Windows 11.

The answer is Yes. You can connect 4 displays on Windows 11/10 via DVI, VGA, or HDMI cables provided that your display and graphics card driver support additional hardware.

Now read: Best free Time synchronization software for Windows PC.

Visit link:

How to add Taskbar Clock on Secondary Monitor in Windows 11 - TWCN Tech News

Apple's seventh-gen Watch has managed to maintain its iFixit repairability rating on a par with the last model unlike its smartphone sibling.

The iFixit team found the slightly larger display of the latest Apple Watch a boon for removal via heat and a suction handle. Where the previous generation required a pair of flex folds in its display, the new version turned out to be simpler, with just the one flex.

Things are also slightly different within the watch itself. Apple's diagnostic port has gone and the battery is larger. That equates to a slight increase in power (1.094Wh from 1.024Wh between 40mm S6 and 41mm S7) which, when paired with the slightly hungrier display, means battery life is pretty much unchanged.

Components of the Watch ... Source: iFixit. Click to enlarge

Other than some tweaks to the speaker modules, the team noted that changes were "small, but impactful." Pulling things apart was simply less effort, with the Taptic Engine being released without recourse to fiddly brackets and, perhaps most importantly, components being swappable.

The latter is in marked contrast to the latest iPhone Pro.

The team were able to switch screens and Taptic Engine modules between Series 7 watches with little drama and all features still working. A battery lifted from a Series 6 also worked in the latest model.

"Not exactly recommended," the team observed, "but nice to know it works in a pinch!"

It all meant that while the repairability score of the iPhone Pro dropped to a 5 out of 10 this iteration, the Apple Watch has clung to its 6. Marks were added for the modular construction and ease of access but deducted for the fact the screen would need to be deglued and reglued for every repair.

Bonus points for the straps still being swappable, right back to the original.

Originally posted here:

While the iPhone's repairability is in the toilet, at least the Apple Watch 7 is as fixable as the previous model - The Register

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relay servers in order to conceal a users location and usage from anyone conducting network surveillance or traffic analysis.

Tor used to stand for The Onion Router; however, this acronym has since been removed in favour of a simple name of the same spelling (Tor).

The Onion Router is a reference to the several layers of encryption wrapped around a users internet traffic.

The dark web is of course a reference to websites/services that use the Internet but require specific software, configurations, or authorisation to access them. Tor is the largest of these services/private networks.

These restricted websites hosted on Tor use to be called Hidden Services but are now called Onion Services.

Websites hosted as Onion Services are anonymous, so their location cannot be tracked. As a result, Onion Services are often used to sell stolen credit card information, sell drugs/illegal paraphernalia, or are used by whistle-blowers to publish stolen information or communicate with journalists.

Some examples of Onion Services hosting illegal content include the Silk Road, Agora, and the Tor Carding Forum.

To access these sites, one simply needs to download Tor, open the Tor browser and enter the domain name (.onion domain similar to .com). Due to these restrictions, the dark web is not indexed by web search engines/content change and detection services like Google/Google Alerts.

AlerTor was created by Luke Millanta, a Sydney-based software developer, esports entrepreneur, and the current chief technology officer at Hive Gaming.

Millanta explains how this technology works and writes as follows from this point forward

The system I have developed, AlterTor, allows for the indexing of Onion Services and may assist in tracking illegal activity across the Tor network.

AlerTor is an open source content change detection and notification service that has been developed to specifically monitor Tor-based Onion Services (the dark web) for particular keywords.

AlerTor can be used in a number of different ways:

To be alerted when your company is being mentioned on dark web forums or message boards.

To track user activity across one or multiple forums or message boards.

To detect illegal activity (sales of drugs, stolen credit cards etc.).

To monitor extremist forums for information relating to protests (both the pre-planning and the aftermath where people often brag about what they have done).

There are three main components to AlerTor:

A database for storing both the user inputs (alert strings) and a list of Onion Services.

A data cache for storing text-only (individual page source code) caches of Onion Services.

A Python service that:Is able to crawl and cache Onion Services listed in the database. It can also append newly discovered Onion Services to the database (if website1.onion links to website2.onion, the service checks to see if website2.onion is present in the database table. If it is not, it will be added and subsequently cached). Plus it can also scan newly cached/updated pages for alert strings and notify (by email) users to the presence of any alert strings.

So How many sites does AlerTor have access to? AlerTor is able to access and scan an infinite number of websites, just like any web crawler or content change detection service.

At the moment, however, due to the service still being in somewhat of an MVP stage, the service has only had a small period of time to grow. At the moment AlerTor monitors just over 200 Onion Services, approximately half of which are engaged in some sort of criminal activity (drug marketplaces/carder message boards etc).

Read this article:

Slicing open The Onion Router (Tor) with no tears - ComputerWeekly.com

Arm is putting virtual models of its chip designs in the cloud so developers can write and test applications before the physical hardware gets into their hands.

The Arm Virtual Hardware offering is part of new product portfolio called "ARM Total Solutions for IoT." Cringe-worthy marketing jargon aside, Arm wants to give developers a head-start in coding for Internet of Things applications, like cars, robots and refrigerators.

Here's how it works.

Arm licenses chip designs and intellectual property for chips used in devices ranging from battery-operated devices to cars and servers. Once Arm releases the building blocks for chips to silicon partners, it will also make a virtual representation of the chip stack available to developers in the cloud.

Developers can then start writing, testing and debugging applications and test them on simulated hardware. Historically everything happened in sequence, with ARM releasing chip design IP to silicon providers, and there was a three-year wait before development of apps could begin.

Now, chip design and software development can happen almost in parallel, Mohamed Awad, vice president of IoT and Embedded at Arm, told The Register.

"It represents a new way for software developers to innovate and develop for all those diverse devices, but they can do so in the cloud without hardware," Awad said.

This is the first time Arm is offering virtual hardware, and it'll initially be for IoT, Awad said.

The Virtual Hardware will initially be available for the Corstone-300 subsystem from Arm SoC partners, incorporating the Arm Cortex M55 AI processor and Arm Ethos U55 microNPU.

Awad declined to say whether something similar would be available for mobile chip designs, and he highlighted why it needed to first be in IoT.

The overwhelming number and diversity of IoT chips makes it costly and challenging to test and deploy software, and virtual hardware provides a better model on which to program. Compare that to mobile phones, which replicates one chip design over a number of devices.

Testing software on virtual hardware isn't new, with examples being flight simulation and wind-tunnel testing in engineering applications.

Arm is relying on a modern development methodology called DevOps, an iterative software cycle so developers can track performance improvements, the quality of code, and achieve a level of comfort for code across a range of devices, all while the chip is being developed. The iterative and collaborative DevOps methodology is used by Amazon, Facebook and Google to quickly deploy code to test new features in their products.

"Arm Virtual Hardware allows them to do that in the cloud ... as opposed to what they had to do before which was just have a massive hardware farm and run flash on those devices every time they had to make the code change," Awad said.

Amazon used Arm Virtual Hardware to test Alexa features on a myriad of devices, Awad said. Amazon gave its wake word recognition software to multiple vendors for use in devices like fridges and thermostat. Amazon used Arm Virtual Hardware to virtually test the code and it's performance without deploy hundreds of hardware units using that feature.

The company also announced Project Centauri as part of ARM Total Solutions for IoT, which is an effort to find a common language on which devices, chips and cloud services can interface and talk.

Go here to see the original:

Arm puts virtual hardware in the cloud so you won't have to wait for the actual chips - The Register

FDC3 workbench accelerates adding FDC3 support and provides a test harness for app developers to validate compliance.

FDC3 standardsdefine a common language and API that applications can use to easily communicate with each other. FDC3-compliant applications can interoperate immediately once installed on a desktop equipped with an FDC3 Desktop Agent, such as Finsemble.

Before, vendors and banks that wanted to get started with adding FDC3 interoperability to their applications faced many challenges. There were no example apps, learning materials, or reference implementations for compliance testing. Developers struggled to get FDC3 compliance projects off the ground. The FDC3 workbench solves this problem.

"Time and time again I've seen developers building their own test tools to start adding FDC3 support to their apps, which adds effort and results in throwaway code," says Cosaic's Principal Engineer Kris West, who recently presented the FDC3 workbenchto a live audience at OSSF London - the main conference for open-source in finance. "To make FDC3 easier to adopt and easier to test against, we needed a robust workbench, available at no-cost for developers."

See the FDC3 workbench in action.

FDC3 workbench accelerates adding FDC3 support to apps, simplifies learning for app developers, and provides a test harness for apps to validate compliance. "The FDC3 workbench brings tremendous value to the standard, furthering its adoption by drastically reducing developer friction," says Gabriele Columbro, founder and Executive Director of FINOS. "Providing open source tooling to accelerate open standards adoption is at the heart of FINOS' core values, and in this case it has the potential to enable a truly open financial desktop ecosystem."

As an open-source contribution, the workbench can be used in any desktop agent/container. Additionally, application vendors can develop in the fully-featured desktop agent Finsemble at no cost for any non-production use case. Learn more about the FDC3 standard at fdc3.finos.org and the FDC3 Github repository.

For more information about the industry's only no-code smart desktop platform, Finsemble, which allows FDC3-enabled applications to communicate out-of-the-box, visit https://cosaic.io/finsemble/.

About Cosaic

Cosaic provides state-of-the art software for firms that want to promote ingenuity, evolve intelligently, and improve end-user efficiency. Products include ChartIQ, the world-renowned financial charting software, and Finsemble, the world's first no-code smart desktop platform. As a workflow solutions provider, Cosaic is revolutionizing the way people work with over 300 global customers around the world, including Yahoo! Finance, E*TRADE, Charles River, and Fidessa. Founded in 2012 as ChartIQ, Cosaic is a fast-growing firm based in Charlottesville, VA with offices in New York, London, and Hong Kong. For more information, please visit https://cosaic.io.

SOURCE Cosaic

cosaic.io

Read this article:

Cosaic Open-Sources FDC3 Workbench to Bolster Interoperability Across the Finance Industry - PRNewswire

Credit: Microsoft

Microsoft made available on October 20 a preview version of its Visual Studio Code (VS Code) tool for the Web. VSCode for the Web enables developers to use a lighter-weight version of VSCode directly in the browser without having to install it on their PCs.

By going to https://vscode.dev, users can get a version of VS Code that works in their browsers. Officials are calling it a "zero-installation local development tool."

Microsoft officials suggested several scenarios where people might want VS Code for the Web. Among them: Local file viewing and editing for taking notes quickly and previewing in Markdown; building client-side HTML, JavaScript and CSS applications in conjunction with he browser tools for debugging; editing code on machines where it's not easy to install VS Code, such as Chromebooks; and even developing on iPads.

Browsers that support the File System Access APIs -- which means Microsoft Edge and Google Chrome so far -- are supported. And if a browser doesn't yet support local File System Access APIs, users still will be able to open individual files by uploading and downloading them via the browser.

"Bringing VS Code to the browser is the realization of the original vision for the product. It is also the start of a completely new one. An ephemeral editor that is available to anyone with a browser and an internet connection is the foundation for a future where we can truly edit anything from anywhere," Microsoft's blog post concluded.

View post:

Microsoft makes its VS Code tool available directly in the browser - ZDNet