Weve seen some valuable app and game databases recently keeping track of all the software out there thats optimized for Apple Silicon. Now a free open source app from developer DigiDNA who makes iMazing means its super easy to check all the apps on your Mac locally for M1 app compatibility.

As we shared before, official Apple Silicon support for apps offers finely tuned efficiency and really impressive performance, but even non-supported apps running through Rosetta 2 translation run really well (which happens automatically after macOS Big Sur prompts you to download Rosetta 2 for the first time). Rosetta translation is so good that M1 Macs can even run x86 instructions faster than Intel Macs in many cases.

But its still important and exciting to see official M1 compatibility arrive, particularly for your most important or critical apps.

Weve seen the above resources launch and theyre really useful. But if you want to check your own apps in a more seamless way, iMazing has made a free open source app to check for Apple Silicon M1 Mac compatibility called Silicon. While you can check individual apps for M1 support with the Get Info option, thats a clunky way to check multiple apps (or all your apps). Silicon solves that.

You can find the free download for Silicon on iMazings website here (4th app down). And you can check out the source code for the app (and also download it) on GitHub here.

Silicon lets you drag and drop individual apps to check for compatibility as well as checking your entire Applications folder at once. You can see Universal or Intel compatibility in the About This Mac > System Report > Software > Applications section. But Silicon offers a more polished UI for sure.

Swiss developer DigiDNA makes iMazing which is a much more powerful iPhone, iPad, iPod manager than whats available from Apple in Finder/iTunes. And makes a variety of other useful apps too, you can check out all of the free software from them here.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Continued here:

Check M1 compatibility for all your Mac apps with this free open source tool - 9to5Mac

President-elect Joe Biden's team has hidden a secret job advert within the source code of their website, which has now been found by Internet sleuths.

Hiding fun easter eggs in the back-end of websites is almost as old as html itself.Job adverts have been hidden within code on sites for any developer to see, completely hidden from the average user so uncurious they've probably never even tried out the inspect element tool, except that one time when they did it accidentally, panicked, and immediately called IT.

Some cool ones in the past have been by Apple and The Guardian.

-

-

In a recent hidden easter egg, Google hid a text adventure game within Chrome's development console. No stranger to hiding fun games to play around with (it once hid a version of Mario Kart within Google Maps), the tech giant hid the new retro adventure within a specific search.

If you want to play it yourself, visit Google and type in "text adventure", then open up the console by right-clicking and pressing "inspect" and it will ask you if you want to play. Which you do. It's awesome and makes Joe Biden's hidden message look like an amateur made it, frankly.

The message hidden in Biden's transition website is far simpler. It was discovered by self-described "cyber minuteman" and "hacktivist" The Jesteron the Build Back Better website.

-

"If you're reading this, we need your help building back better," the message reads, with a link to the recruitment websiteof the US Digital Service (USDS), likely looking for coders and website specialists to join the Biden administration's staff.

"This harkens back to the likes of the UK's MI5 and MI6 who I believe used to recruit the type of people they were looking for by publishing obscure crossword and puzzle competitions in newspapers," The Jester wrote on Twitter.

Is it a good recruitment process? Well, it certainly weeds out anybody who isn't interested in the Biden administration, as well as anybody who isn't nerdy enough to poke around in the code of any website they happen to be on. Some coders have replied to say that they will do this, just to see what it's like in there.

"I do it pretty frequently just to poke around and see what their front-end architecture looks like," one Redditor said. "You can quickly see if it's something rolled in-house or a customized blog platform or common framework, etc. Some sites will even surface information about their server architecture/versions and even internal networking details (which is a big no-no, generally. You don't want to reveal what your back-end is because it narrows down which vulnerabilities you may be susceptible to)."

So if you're tech-savvy enough (and mature enough not to find the phrase "back-end" amusing), it may be worth poking around on the websites where you'd like to work.

View post:

Joe Biden's Team Hid A Job Advert Within The Source Code Of Their Transition Website - IFLScience

Hidden risks with third-party software and how to mitigate those risks | 2020-11-27 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

See the rest here:

Hidden risks with third-party software and how to mitigate those risks - Security Magazine

The team behind scripting language PHP has announced PHP version 8.0, a major release that may require developers to review code for any breaking changes.

This version of 25-year old PHP introduces an improved type system, a new JIT compiler in the PHP engine and some features borrowed from Python and JavaScript, such as named arguments and null safe operators.

PHP isn't particularly liked as a language but it is widely used among web developers. Developers rank PHP as the sixth 'most dreaded' language in Stack Overflow's 2020 developer survey, but it also emerges as the eighth most commonly used language.

SEE: Hiring Kit: Python developer (TechRepublic Premium)

Developer analyst RedMonk currently positions PHP as the fourth most popular language, only behind Java, Python and JavaScript. Tiobe Software puts PHP in eighth place. And, according to job search engine Indeed, job postings for entry-level PHP developer roles have increased over 800% in the past year.

PHP is maintained by the PHP core development team and Zend, a US-based PHP-focused development consultancy co-founded by Andi Gutmans, general manager and vice president of databases engineering at Google. Gutmans says he's "excited" about the just-in-time (JIT) compiler.

The JIT compiler is meant to bring performance improvements to web applications. However, Brent Roose, a Belgian developer behind stitcher.io, says it doesn't necessarily deliver when it comes to web requests.

As an interpreted language like JavaScript and Python PHP code is translated at runtime. It's not a compiled language like C, Java or Rust, and needs to be translated for the CPU to understand PHP code.

"A JIT compiler may improve the performance of your program significantly, but it's a difficult thing to get right," notes Roose.

The pros of having a JIT compiler is that it could make PHP a better language for use outside the web, but it could make it more difficult to debug code in the compiler. Roose notes that if there is a bug, users of PHP will depend on the maintainers of the JIT compiler, which could mean slower security patches and bug fixes.

"With just a few people being able to maintain [the PHP] code base today, the question whether the JIT compiler can be maintained properly seems justified. Of course, people can learn how the compiler works. But it is complex material nevertheless," says Roose.

He questions whether the compiler should be included in PHP due to the cost of maintenance. He also says that PHP users should "be aware that some bugfixes or version updates might take longer than what we're used to right now".

Additionally, PHP 8 as a major release may mean older PHP code could be broken after upgrading. However, Roose notes that most of the breaking changes were deprecated before the 7.x versions.

Zend has also posted a reminder that PHP 7.2 is reaching end of life on November 30, 2020 and that means PHP core contributors won't be offering security fixes for that version of PHP anymore, which could spell trouble for enterprise web applications.

SEE: Programming languages: Julia users most likely to defect to Python for data science

But PHP users can always pay a consultancy like Zend for long-term support and they will get patches after November 30.

"For users of operating systems with long-term support offerings, your PHP binary often continues to receive patches by the OS vendor even once the community support window has ended," says Matthew Weier O'Phinney, an engineer at Zend.

"In the case of Ubuntu 18.04 and RHEL/CentOS 8, which each ship with PHP 7.2, this means you may continue to get patches going forwards. If the operating system you are on is not under an LTS policy, however, then your version will become vulnerable to new exploits as time progresses."

Read more here:

Programming language PHP 8 is out: This new JIT compiler points to better performance - ZDNet

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as there are known exploits for one of cores dependencies and some configurations of Drupal are vulnerable.

CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities found in the open source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP.

(The) vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them, the Drupal Security Team explained. Thus, preventing untrusted users from uploading these types of files serves as mitigation.

But, as the maintainers of the library have updated it with fixes, the Drupal team has already implemented it and the best course of action for users is upgrade their Drupal installation to versions 9.0.9, 8.9.10, 8.8.12, or 7.75 (depending on which branch they use).

The known exploits the Drupal team referenced can be found here.

They also pointed out that these newly patched vulnerabilities arent connected to some of those patched nearly a year ago, though similar configuration changes may mitigate the problem until you are able to patch.

This is the second time in the span of a week that the Drupal core receives security updates: the earlier ones fixed a code execution vulnerability (CVE-2020-13671) that could have been triggered by malicious files with a double extension.

Go here to read the rest:

Out-of-band Drupal security updates fix bugs with known exploits - Help Net Security

E-commerce holiday sales are expected to generate up to US$196 billion this season a year-over-year increase of 25% to 35%, according to Deloittes annual forecast.

And rounding off a year of rampant crisis-time cyberattacks, hackers are ready to target the holiday shopping frenzy to access customer information the most valuable data for most attackers, according to Ernst and Young.

The rise of online shopping and working from home has created new vectors for attackers. In spite of increasingly advanced cybersecurity measures taken by retailers, disruptive cyber-attacks have become more common according to Bloomberg, nearly 400 million customer records were exposed through attacks on retail companies in the last year.

With Black Friday sounding the bell for a seasonal e-commerce crescendo, NordVPN shared four cyber-threats faced by the online retail industry.

Web-skimming, or Magecart, is an attack where malware infects online checkout pages to steal payment and personal information of shoppers. Its a common type of attack in e-commerce and is attributed to 7 to 12 attack groups, who are behind the theft of millions of online shoppers credit card information.

Overall, there has been an average of 425 Magecart incidents per month in 2020. In many cases, attackers deploy social engineering tactics, such as sending shoppers a bogus promotion for a site. When shoppers respond to the fake offer, they enter their personal data on a page that is actually a skimming scam.

The Gocgles malicious campaign, which hit hundreds of shopping websites, demonstrates how hackers used Googles legitimate tool for impersonation in order to compromise the code and steal valuable information.

In November 2019, Macys confirmed there was a credit card-skimming Magecart malware on its checkout and wallet pages just as Black Friday and the holiday shopping season approached. Macys indicated that the malware allowed a third party to capture customers data on the pages if they input their credit card information and clicked Place order.

The fact that there are multiple third-party vendors that support online sales further exposes retailers to possible threats. Cybercriminals often target third parties because theyre the weak links in the supply chain. On average, e-commerce sites use 40 to 60 third-party tools and intend to add three to five new third-party technologies each year, amplifying the risks.

Outdated or fake plugins also add to the risk package. When used on companies websites, these compromised plugins can lead to the spread of malware.

Open-source software uses code that anyone can view, modify, or enhance. And while it has been hugely valuable to e-commerce businesses, it also carries a number of cybersecurity challenges.

Open-source software is popular because it is often free to use or can be modified to suit the individual needs of a business. But this popularity means that any vulnerabilities found in the code can be a massive problem across a huge number of websites. Add the changes COVID-19 has brought, and the problem has intensified even more. Companies should really start making technical improvements to their websites fast if they want to avoid a potentially catastrophic breach. If they continue using unpatched, open-source software with vulnerabilities, theyll leave themselves open to attacks, commented Juta Gurinaviciute, chief technology officer at NordVPN Teams.

Other security threats to e-commerce sites include phishing, ransomware, SQL injection, DDoS attacks, and cross-site scripting (XSS).

The minute retailers see unusual traffic patterns, they should assume an attack designed to slow the site down, take it offline, or steal data is underway, Gurinaviciute added.

E-commerce security is never a done deal. Threats and hacking methodologies evolve at an alarming rate, so maintaining awareness and a security-focused mindset is a key to staying secure. Layering multiple solutions for business security is one of the best ways to keep an online business safe against cyber-attacks.

Implement Zero Trust: Its essential to enforce zero-trust solutions that restrict third parties to information the website has authorized them to access while blocking access to consumers private and payment information, also known as least privilege.

View your site as a customer: Too many businesses only see their website as it appears on the server-side, instead of viewing it from the customers browser perspective. The browser page is what customers see when they shop, and these pages are subject to compromise. Therefore, you need to assess what youre doing to protect your pages once they leave the webserver.

Bonus: implement firewalls (including web application firewalls), making sure the connection is secure and passwords are strong, implementing multi-factor authentication, using intrusion detection systems, and constantly monitoring and updating web platforms.

Originally posted here:

4 cyber-threats coming to an e-store near you - TechHQ

BTCPay Server, a self-hosted, open-source digital currency payment processor that claims to be secure, private, censorship-resistant and free to use, recently expanded its ability to bring Bitcoins (BTC) values to global digital commerce with a Shopify integration

The BTCPay Server team, which is one of OKCoins Open-Source Developer Grant recipients, is developing a free Bitcoin payment processor. Theyve implemented an integration with Shopify, an established e-commerce platform. This is notably the most recent step in the organizations effort to create the foundations of a Bitcoin-powered digital commerce infrastructure.

BTCPay Server is described as a self-sovereign payment processor. As explained by OKCoin, the BTCPay Server is free because anyone may use it without having to pay high processing charges, and its considered open-source because the servers code has been shared on GitHub repositories and may be audited by any third-party.

The cryptocurrency payment processor is self-sovereign because theres no intermediary between the sender and the recipient of transactions. The BTCPay Server may be self-hosted or hosted by an independent third-party.

OKCoin writes in a blog post:

Just like Bitcoin could be the future of currency, BTCPay Server could be the future of payment processing. Before Nicolas Dorier started BTCPay Server, there already existed Bitcoin payment processors, such as BitPay. These other solutions are closed source and come with processing fees, which makes for an easier business model. So, why would one launch a competing solution that cannot make profit and distributes its work freely? And, why would its founder see it as a way to make the closed source competitors obsolete?

According to OKCoin, the short answer is that BTC Pay Servers decentralized nature makes the fundamental flaws of centralized payment processing a thing of the past. The crypto exchange adds that it does so by allowing payment recipients such as online merchants to use a full node, a computer program that relays and validates (or rejects) Bitcoin transactions and blocks. This decentralized way of processing has several advantages when compared to other options.

An important feature of using a full-node (which has a record of all BTC transactions that have ever taken place) is that it lets merchants transact without having to worry about any meddling by third-parties. This is the censorship-resistance characteristic thats notably a key part of Bitcoins main value proposition, OKCoin explains.

They also mentioned that this is, for example, the main reason Wikileaks turned to Bitcoin payments when Paypal and Visa had blocked their donations. This is also why the Human Rights Foundation (HRF) has been using BTCPay Server to accept donations. In some nations, the residents are not permitted to fund the Foundation through traditional methods.

As noted by OKCoin:

All centralized payment processing alternatives are subject to being targeted by political or legal pressures. This is not to say that centralized options are happy to censor only that, having the technical option to do so, they might be forced to use it.

The average vendor is probably not going to get censored but they do need to ensure that payments theyre getting are from a legitimate source. This is somewhat similar to how the majority of merchants would like to be able to verify the authenticity of the paper currency notes they may receive.

By working with a trusted third-party which handles the payment processing, however, merchants are required to trust them not to be compromised, OKCoin notes. But with BTCPay Server, trusted intermediaries are not needed. Thats because merchants can, by using a full node, check directly if the coins received as payment are counterfeit, the exchange explained. This brings digital commerce closer to Bitcoins famous motto: Dont trust, verify.

OKCoin further notes:

Another important reason for a merchant to use a full [Bitcoin] node is that full nodes are directly connected to Bitcoins peer-to-peer network. Peer-to-peer networks are much more reliable than centralized networks. If the Bitcoin peer-to-peer network was to go down it would imply that Bitcoin itself has stopped working. A centralized third party however is much more fragile and liable to downtime. Using a full node is therefore a net gain in payment reliability for merchants.

(Note: to learn more about BTCPay Server and the Shopify integration option, check here.)

Read more from the original source:

BTCPay Server Expands its Ability to Bring Bitcoins Values to Digital Commerce with Shopify Integration - Crowdfund Insider

LAS VEGAS, Nov. 24, 2020 (GLOBE NEWSWIRE) -- (via Blockchain Wire) -Aspire Technology, developer of digital asset creation technologies, today introduced its unique broadcasting on the blockchain feature. With Aspire, users can now broadcast special messages permanently on the blockchain, an ideal channel for brand marketing, making predictions (such as when bitcoin will hit a new all-time high), declaring special milestones like birthdays, or even marriage proposals.

To send a broadcast through Aspire, users simply log into their wallet, select Address Actions then Broadcast Message. From there, users can send text-only messages with up to 58 characters for the cost of a small percentage of a GASP token. These memos are stored publicly on the Aspire blockchain and can be viewed on the Aspire explorer.

Everything is virtual these days and with all of the information available online, its hard to record and store messages or claims permanently, said Jim Blasko, Founder and CEO of Aspire. Aspire gives brands and individual users alike the chance to create their own low-cost asset and now broadcast messages that are stored forever on the blockchain.

The Aspire platform, which consists of the Aspire (ASP) digital asset creation platform and Aspire Gas (GASP) blockchain, is the first digital asset creation platform to be free of double spending, resisting both mining exploits and 51 percent attacks that are common to proof-of-work blockchains. By improving upon legacy Counterparty open-source code and grafting in automated checkpoints and mining difficulty mechanisms, Aspire is immune to takeovers or mining exploits that have caused many other blockchains to lose funds or collapse entirely.

Aspire (ASP) improves on speed, cost, and security for creating both fungible and non-fungible (NFT) tokens. It allows professional developers and hobbyists alike to create extensive digital assets involving up to 92 billion tokens per asset, as well as unlimited sub-assets, with no programming experience required, for about a dollar per asset. Aspire Gas (GASP) powers Aspire transactions for thousandths of a penny per transaction.

Aspires ASP and GASP tokens are now available on cryptocurrency exchanges including HitBTC, Changelly, and Bitcoin.com. Track Aspire on CoinGecko here.

To learn more about Aspire, join the projects Telegram Community.

About Aspire Technology and the Aspire platformAspire Technology is a leading developer of digital asset creation technologies. It was incubated from the bCommerce Labs accelerator fund and other angel investors. The Aspire platform, which consists of the Aspire (ASP) digital asset creation platform and Aspire Gas (GASP) blockchain, is the first digital asset creation platform to resist both mining exploits and 51 percent attacks that are common to proof-of-work blockchains. For more information, contact info@aspirecrypto.com.

View post:

Aspire Introduces 'Broadcasting on the Blockchain' Messaging Feature - GlobeNewswire

Microsofts Android apps project for Windows 10 is reportedly codenamed Latte and it will use Windows Subsystem for Linux as a compatibility layer. On top of Windows Subsystem for Linux, Microsoft plans to use the Android subsystem to enable native support for Android apps.

Windows Subsystem for Linux is required for running Linux binary executables natively on Windows 10. Microsoft has also enabled support for a real Linux kernel in Windows 10 to facilitate advanced Linux experience, and now Android.

Android apps support for Windows 10 is likely to arrive in the second half of 2021 as part of the major Windows 10 21H2 upgrade.

Project Latte will allow developers to convert their Android apps into MSIX format, which is a Windows-only package format that provides a modern packaging experience.

As you may know already, anyone can take the Android Open Source Project (AOSP) code and make their own version of Android or can use it as the basis for their own services or platforms.

In this case, Microsoft is planning to take the Android subsystem and Android Runtime to translate the apps bytecode into native apps for Windows 10.

Developers will be able to submit their converted MSIX package in the Microsoft Store, but theres a catch the converted apps will lack support for Google services.

Google services are very handy, but most apps dont have to use them. Android subsystem is enough to run all Google APIs independent mobile apps and Microsoft might allow developers to replace Google Maps, Gmail, Calendar, and other services integration by its own products, such as Windows Maps and Outlook.

If the top Microsoft leadership approves the project and it meets the companys internal expectations, Windows Store would soon see Android apps available to run, alongside UWP, PWAs and converted desktop apps.

However, apps sideloaded by users manually may not work correctly. This is because Microsoft is using some kind of compatibility layer and developers will be required to recompile their apps using a software solution offered by the tech giant.

See the original post here:

Heres how Windows 10 will run Android apps without Google Play Store - WindowsLatest