SitePoint Premium New Releases: More Vue, Nuxt.js + JS Data Structures

We're working hard to keep you on the cutting edge of your field with SitePoint Premium. We've got plenty of new books and mini-books to check out in the library — let us introduce you to them.

Learning JavaScript Data Structures and Algorithms Third Edition - Packt

Create classic data structures and algorithms such as depth-first and breadth-first search. You'll also learn about recursion, heap data structures using JavaScript, how to implement common data structures and more.

Read Learning JavaScript Data Structures and Algorithms Third Edition.

A Beginner’s Guide to Working With Components in Vue

An introduction to working with components in Vue. We'll look at how to create components, how to pass data between components (via both props and an event bus) and how to use Vue’s <slot> element to render additional content within a component.

Read A Beginner’s Guide to Working With Components in Vue.

A Beginner’s Guide to Working with Forms in Vue

Learn how to work with forms in Vue. We’ll start off by creating a simple form and look at how to use two-way data binding to keep user input in sync with our data model. We’ll then take a look at modifiers and filters, and finish off with validation. Each section has a runnable CodePen demo.

Read A Beginner’s Guide to Working with Forms in Vue.

Build Your Own Link-sharing Site with Nuxt.js and vue-kindergarten

In this tutorial, we’ll create our own link-sharing news site, much like Echo JS or Hacker News, complete with comments and upvoting. The tech stack we’ll be using consists of Vue.js, the Nuxt.js Vue framework, and an access-control/authorization library called vue-kindergarten.

Read Build Your Own Link-sharing Site with Nuxt.js and vue-kindergarten.

And More to Come…

We're releasing new content on SitePoint Premium almost every day, so we'll be back next week with the latest updates. And don't forget: if you haven't checked out our offering yet, take our 7 day free trial for a spin.

The post SitePoint Premium New Releases: More Vue, Nuxt.js + JS Data Structures appeared first on SitePoint.

Latest Hacking News Podcast #230

A data leak exposes Dow Jones Watchlist and an alleged UN aviation agency cyberattack cover-up on episode 230 of our daily cybersecurity podcast.

Latest Hacking News Podcast #230 on Latest Hacking News.

Working with Design Thinking, Lean and Agile

Design Thinking is the latest buzz phrase to have taken over the business and technology world. In seems like the phrase is popping up in nearly every context. A few years ago, Lean UX was all the rage, following a few years focused on the Lean Startup. A few years before that, every tech company I knew was rushing to implement Agile development processes. Experts like Lou Rosenfeld are already making predictions about what new approaches are coming next.

It’s not that any of these approaches have become less useful over time, but people are experimenting with new ways to build products and successful techniques to get attached to as “The Next Big Thing” that will prove to be a magical solution for everyone. The problem is that in the excitement of discussing something new, we don’t always connect the dots of our existing methods and people can be left confused as to how to best implement things all together.

Read on to better understand Design Thinking, Lean UX, and Agile, and how to implement elements of each for your team.

Before we get too far, let’s take a step back to understand each approach.

Agile

Let’s be clear: Agile is a software development approach. It was born out of frustration with traditional “waterfall” software practices, with a long period of upfront requirements gathering and design work, then a long development stage of implementing said designs but without the ability to understand or respond to changing needs. The outcome was that teams were spending a long time building things that people didn’t really want or need, and companies were struggling.

Software developers started experimenting with new ways to build, and came up with a set of shared values and principles to guide teams to do better work.

• The official Agile Manifesto was released in 2001, and called for valuing:
• individuals and interactions over processes and tools
• working software over comprehensive documentation
• customer collaboration over contract negotiation
• responding to change over following a plan

The Agile Alliance has also defined 12 detailed principles to follow, but does not prescribe any particular processes, so dev teams often end up using specific frameworks, like Scrum or Kanban, to help them figure out how to organize, plan, and execute their work. There’s a strong focus on teams’ independence to self organize, so no two Agile teams look the same, even within the same departments or organizations.

In theory, Agile approaches not only play well with UX practices, but actively require ongoing UX research to constantly understand the changing needs of the customers. However, in practice, teams can get caught up on trying to release more working code faster, and it can be hard to dedicate any time at all to conducting research or focusing on design decisions. Agile teams often struggle with how to best incorporate UX team members and their work into their practices.

Lean UX

Lean UX was born out of the struggle that so many teams had incorporating UX best practices as they adjusted their development processes to Agile methods and attempted to speed up time from idea to implementation. Lean UX is the umbrella term for altering traditional UX methods to fit faster timeframes, which often means shifting focus away from detailed deliverables.

But beware: you may also hear about Lean and Lean Startup, which often get conflated but do have specific meanings and distinct elements. Lean is derived from manufacturing best practices and focuses on general business and management practices to reduce waste and maximize value. Lean Startup is a broader business and product development approach that suggests incorporating periods of experimentation in order to reduce waste and risk. The terms aren’t mutually exclusive but nor are they interchangeable.

Back to Lean UX: the core idea is to alter traditional UX design methods to become faster. Rather than spending a lot of time thoroughly designing and documenting each element, the team is meant to quickly and collaboratively visualize ideas and gather feedback as soon as possible, from both other team members and stakeholders and the users.

Jeff Gothelf lays out the following Lean UX process: concept, prototype, internal validation, external validation, learn, iterate, and repeat. This process mirrors the “regular” UX process but each step is shortened.

Let’s say a team is working on integrating a new feature. The team might first have a quick whiteboarding session to flesh out the core workflow. Once the group agrees on a direction, they can show a low-fidelity design to users and incorporate the feedback found during a joint sketch session where they sort out more interaction details.

You’ll notice this example doesn’t have any fully functional prototypes or detailed test reports, but Lean UX isn’t an excuse to skip steps. Rather, it’s an invitation to do just enough to build a shared vision and get feedback, scaling up and back different tools or methods as it makes the most sense for your specific context.

Lean UX also doesn’t suggest you completely abandon documentation, nor that the experience decisions are taken away from UX professionals. Rather, it suggests that the whole team is involved with the design process so there are no surprises or unforeseen technical challenges. Feedback is collected early and often, and if changes need to be made, they can be done quickly and easily before much time has been invested in final designs.

The post Working with Design Thinking, Lean and Agile appeared first on SitePoint.

Coinhive cryptocurrency miner to call it a day next week

The service became notorious for its use by ne’er-do-wells looking to make a quick buck by hijacking the processing power of victim machines to generate virtual money

The post Coinhive cryptocurrency miner to call it a day next week appeared first on WeLiveSecurity

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. <!-- adsense --> For a brief

Latest Hacking News Podcast #229

Coinhive to shut down on March 8th, a new free hacking toolkit, and Thunderclap Thunderbolt vulnerabilities on episode 229 of our daily cybersecurity podcast.

Latest Hacking News Podcast #229 on Latest Hacking News.

MassBleed – An Open Source SSL Vulnerability Scanner

MassBleed is an open source tool used for scanning SSL vulnerabilities in web applications. The tool can scan Heartbleed, CCS,

MassBleed – An Open Source SSL Vulnerability Scanner on Latest Hacking News.

Hackers Begin Exploiting WinRAR ACE Vulnerability To Install Backdoor

A few days ago, we reported a WinRAR ACE vulnerability that existed for 19 years. While the vendors got rid

Hackers Begin Exploiting WinRAR ACE Vulnerability To Install Backdoor on Latest Hacking News.

The Phishing Campaign That Uses Variations of Attack Patterns To Evade Detection

Researchers have come across a peculiar phishing campaign delivering Trojans to target machines. While this sounds similar to any other

The Phishing Campaign That Uses Variations of Attack Patterns To Evade Detection on Latest Hacking News.

Static Site Generators: A Beginner’s Guide

Let's say your next project is going to be a simple HTML website for a resumé, marketing a product or service, documenting your software, or something along those lines. A great option for you is to build your website using static site generators (SSG).

There are tons of static site generators in a range of programming languages, such as JavaScript, Ruby, Go — the list goes on.

In this article, I'm going to list five popular static site generators and their main features, so that you can form a better idea of which one among them would be a good fit for your project.

I'm not claiming that I've provided the definitive list of SSGs or that I personally favor any of the software I include in my list over any other that's available out there. However, all of the products in the list are popular, performant, well-documented and well-supported.

What Is a Static Site Generator?

A common CMS (Content Management System), like WordPress for instance, builds the web page dynamically as it is being requested by the client: it assembles all the data from the database, and processes the content through a template engine.

On the other hand, a static site generator:

takes a different approach and generates all the pages of the website
once when there's actually changes to the site. This means there's no
moving parts in the deployed website. Caching gets much easier, performance goes up and static sites are far more secure. - StaticGen.

If you're curious and would like to learn more, this great article by Brian Rinaldi looks closely at the inner workings of static site generators.

Now, let's go through some options.

The post Static Site Generators: A Beginner’s Guide appeared first on SitePoint.

Vulnerability in IBM SoftLayer Technology Allows Old Customers to Access New Customer Data

The firmware of a cloud server is one of the latest vulnerabilities hackers can exploit granting them unauthorised access to

Vulnerability in IBM SoftLayer Technology Allows Old Customers to Access New Customer Data on Latest Hacking News.

YAWAST – Open Source Web Application Information Gathering Toolkit

YAWAST is a web application penetration testing toolkit that can perform information gathering and basic vulnerabilities (misconfiguration) assessment tasks related

YAWAST – Open Source Web Application Information Gathering Toolkit on Latest Hacking News.

Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited. It’s a lucrative career, and anyone can find work

‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads

The post ‘Highly critical’ bug exposes unpatched Drupal sites to attacks appeared first on WeLiveSecurity

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of

Facebook Removed Onavo Protect From Google Play Store Voluntarily

Facebook has taken a bold yet appreciable voluntary step that may provide a hint to their concern towards users’ privacy.

Facebook Removed Onavo Protect From Google Play Store Voluntarily on Latest Hacking News.

How to spot if your password was stolen in a security breach

Following the revelation that a list containing millions of stolen usernames and passwords had appeared online, we tell you a few different ways to find out if your credentials were stolen in that—or any other—security breach

The post How to spot if your password was stolen in a security breach appeared first on WeLiveSecurity

Latest Hacking News Podcast #228

On episode 228 of our daily cybersecurity podcast we look at new research out of NDSS Symposium 2019 including a browser-based botnet attack and ExSpectre, which hides malware using speculative execution.

Latest Hacking News Podcast #228 on Latest Hacking News.

Yahoo Mail Vulnerability Nets Researcher $10,000 Bounty

Yahoo Mail has already made it into the news many times regarding cybersecurity issues. Once again, the service provider comes

Yahoo Mail Vulnerability Nets Researcher $10,000 Bounty on Latest Hacking News.

Google aims for password-free app and site logins on Android

With FIDO2 certification for Android, Google is setting the stage for password-less app and website sign-ins on a billion devices

The post Google aims for password-free app and site logins on Android appeared first on WeLiveSecurity

Point-of-Sale Firm Suffered Malware Attack Affecting More Than 130 Outlets

Point-of-Sale (POS) attacks always entice criminal hackers due to the considerable financial gains they achieve. Nonetheless, such attacks always frighten

Point-of-Sale Firm Suffered Malware Attack Affecting More Than 130 Outlets on Latest Hacking News.

Facebook Launches Better Background Control Privacy For Android Users

Facebook and Google – both firms do not really hold a good reputation when it comes to users’ privacy. Both

Facebook Launches Better Background Control Privacy For Android Users on Latest Hacking News.

The Xfinity Hacks You Need To Know

Xfinity is a fantastic tool that is hugely popular all over the world. But it isn’t without its flaws. While

The Xfinity Hacks You Need To Know on Latest Hacking News.

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers

It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week. A few days ago, The Hacker News reported about a 19-year-old remote code execution

Hackers Actively Exploiting Latest Drupal RCE Flaw Published This Week

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal

How To Ensure Your Tech Business Uses Only The Cleanest Of Services

When it comes to working with people and using services, it can be a bit of a nightmare for a

How To Ensure Your Tech Business Uses Only The Cleanest Of Services on Latest Hacking News.

Office 365 Phishing Strategy Tricks Users With Live Chat Support

Phishing attacks have now become something of a daily occurrence for many. Yet, the reason why these malicious campaigns remain

Office 365 Phishing Strategy Tricks Users With Live Chat Support on Latest Hacking News.

Latest Hacking News Podcast #227

Apex Legends players targeted by malware and scam campaigns, WinRAR ACE vulnerability exploited, and Adobe patches critical Reader flaw twice on episode 227 of our daily cybersecurity podcast.

Latest Hacking News Podcast #227 on Latest Hacking News.

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means, instead of remembering complex passwords for your online accounts, you can now actually use your

LinkedIn Direct Messages Exploited Via “more_eggs” Backdoor

It hasn’t been that long since we reported phishing campaigns targeting Facebook users. Now, however researchers have discovered another such campaign.

LinkedIn Direct Messages Exploited Via “more_eggs” Backdoor on Latest Hacking News.

Escalating DNS attacks have domain name steward worried

The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications

The post Escalating DNS attacks have domain name steward worried appeared first on WeLiveSecurity

IIS Vulnerability Triggers a Denial-of-Service

Microsoft has recently rolled-out updates for addressing a vulnerability in its Internet Information Services (IIS). Allegedly, this Microsoft IIS bug

IIS Vulnerability Triggers a Denial-of-Service on Latest Hacking News.

Banking Malware uses Fake reCAPTCHA page to target banking customers

A fake Google reCAPTCHA is one of the latest email campaigns to target a Polish bank. Sucuri researchers reported their

Banking Malware uses Fake reCAPTCHA page to target banking customers on Latest Hacking News.

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information," the new attacks could allow remote attackers to bypass security protections

Latest Hacking News Podcast #226

TurboTax credential stuffing attacks, malware spread via LinkedIn messaging system, and a new tool to analyze Chrome extensions on episode 226 of our daily cybersecurity podcast.

Latest Hacking News Podcast #226 on Latest Hacking News.

Another Patch Released For A Critical Adobe Reader Vulnerability

Adobe’s scheduled patch Tuesday updates for February brought fixes for a range of security vulnerabilities in Adobe Reader. While most

Another Patch Released For A Critical Adobe Reader Vulnerability on Latest Hacking News.

Cisco Patched Multiple Security Flaws In Cisco HyperFlex And Others

Cisco has released fixes for a bunch of security vulnerabilities affecting various products. This includes 16 medium and high-severity rating

Cisco Patched Multiple Security Flaws In Cisco HyperFlex And Others on Latest Hacking News.

Hackers Mimic Google reCAPTCHA For Banking Malware Attacks

Another phishing campaign has surfaced online targeting banks. The attackers allegedly impersonate Google reCAPTCHA to leverage their attack. The campaign

Hackers Mimic Google reCAPTCHA For Banking Malware Attacks on Latest Hacking News.

SitePoint Premium New Releases: Vuex, Vue CLI, Squarespace + More

We're working hard to keep you on the cutting edge of your field with SitePoint Premium. We've got plenty of new books and mini-books to check out in the library — let us introduce you to them.

Getting Started with Vuex: a Beginner’s Guide

Handling state in single-page apps can be a tricky process, especially as an application gets larger and more complex. In this tutorial, you'll discover how Vuex, Vue's state management solution, simplifies state management.

Read Getting Started with Vuex: a Beginner's Guide.

A Beginner’s Guide to Vue CLI

In this tutorial, we'll introduce you to the latest version of Vue CLI, the command-line utility that allows you to choose from a range of build tools, which it will then install and configure for you. We'll demonstrate how to install Vue CLI and how to create, serve and build an example project.

Read A Beginner’s Guide to Vue CLI.

Building Business Websites with Squarespace 7 - Packt

Build, design and launch professional websites with Squarespace quickly, without needing to learn any code. Discover time-saving tricks and best practices to avoid common pitfalls. And understand how to monitor, measure, and manage your site after launching it.

This book is part of a new partnership with Packt, which will allow you to read a range of Packt titles within our next-gen reader experience.

Read Building Business Websites with Squarespace 7.

7 Day Free Trial

If you're curious about SitePoint Premium or have been on the fence about joining, you can now check out our entire library for free for 7 days! Go on, take it for a spin!

Earlier This Month...

We've published some big releases throughout February! Here are a few we prepared earlier…

Jump Start Vue.js

Get started with a JavaScript framework that boasts an approachable learning curve, powerful feature-set, and fantastic documentation. Covering the basics, tools, components, routing and more, this book will give you a jump start to using Vue.js.

Read Jump Start Vue.js.

Psychology for Designers

Learn how to apply psychological theory to solve your design problems - from better understanding your users, to effectively communicating your design ideas.

Read Psychology for Designers.

Bash Quick Start Guide - Packt

Increase the power of your commands using Bash shell scripts. Implement automation, interactive system administration, filtering and transforming text input and much more.

Read Bash Quick Start Guide.

Continuous Delivery with Docker and Jenkins - Packt

Take your project deployment speed and reliability to a new level by using one of the world's most popular continuous delivery systems.

Read Continuous Delivery with Docker and Jenkins.

Android 9 Development Cookbook

Build feature-rich, reliable Android Pie apps with the help of more than 100 proven industry standard recipes and strategies. You'll find solutions for working with the user interfaces, multitouch gestures, location awareness, web services, and much more!

Read Android 9 Development Cookbook.

And More to Come…

We're releasing new content on SitePoint Premium almost every day, so we'll be back next week with the latest updates. And don't forget: if you haven't checked out our offering yet, take our 7 day free trial for a spin.

The post SitePoint Premium New Releases: Vuex, Vue CLI, Squarespace + More appeared first on SitePoint.

An Old WinRAR Vulnerability Left Users At Risk For Two Decades

Have you ever thought that an apparently harmless yet useful tool like WinRAR could pose security threats? Certainly seems so

An Old WinRAR Vulnerability Left Users At Risk For Two Decades on Latest Hacking News.

Kali Linux 2019.1 Released

Kali Linux 2019.1 is now available for download, updating many of its features, as well as introducing a few more.

Kali Linux 2019.1 Released on Latest Hacking News.

How to Stop Facebook App From Tracking Your Location In the Background

Every app installed on your smartphone with permission to access location service "can" continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the history of your precise location. If you

Cyber-extortionists take aim at lucrative targets

A new report shines some light on multiple aspects of the growing threat of cyber-extortion

The post Cyber-extortionists take aim at lucrative targets appeared first on WeLiveSecurity

Week in security with Tony Anscombe

Head of the AI/ML Team at ESET, Juraj Jánošík, looks at machine learning and cybersecurity and considers whether it is a step toward a safer world or a step closer to the brink of chaos

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Hacking Virtual Reality – Researchers Exploit Popular Bigscreen VR App

A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying

ML-era in cybersecurity: A step toward a safer world or the brink of chaos?

As the use of this technology grows so to does the risk that attackers may hijack it

The post ML-era in cybersecurity: A step toward a safer world or the brink of chaos? appeared first on WeLiveSecurity

The Facebook Login Phishing Campaign Can Even Trick Savvy Users

It hasn’t been a while sine we last reported on phishing campaigns targeting Facebook accounts. Now, another Facebook login phishing

The Facebook Login Phishing Campaign Can Even Trick Savvy Users on Latest Hacking News.

How to Avoid DOM Blocking in JavaScript

JavaScript programs run on a single thread in the browser and in runtimes such as Node.js. When code is executing in a browser tab, everything else stops: menu commands, downloads, rendering, DOM updates and even GIF animations.

This is rarely evident to the user because processing occurs quickly in small chunks. For example: a button is clicked which raises an event that runs a function which makes a calculation and updates DOM. Once complete, the browser is free to handle the next item on the processing queue.

JavaScript code can’t wait for something to occur; imagine the frustration if an app froze every time it made an Ajax request. JavaScript code therefore operates using events and callbacks: a browser or OS-level process is instructed to call a specific function when an operation has completed and the result is ready.

In the following example, a handler function is executed when a button click event occurs which animates an element by applying a CSS class. When that animation completes, an anonymous callback removes the class:

// raise an event when a button is clicked
document.getElementById('clickme').addEventListener('click', handleClick);

// handle button click event
function handleClick(e) {

  // get element to animate
  let sprite = document.getElementById('sprite');
  if (!sprite) return;

  // remove 'animate' class when animation ends
  sprite.addEventListener('animationend', () => {
    sprite.classList.remove('animate');
  });

  // add 'animate' class
  sprite.classList.add('animate');
}

ES2015 provided Promises and ES2017 introduced async/await to make coding easier, but callbacks are still used below the surface. For more information, refer to “Flow Control in Modern JS”.

Blocking Bandits

Unfortunately, some JavaScript operations will always be synchronous, including:

• running calculations
• updating the DOM
• using localStorage or IndexedDB to store and retrieve data.

The following pen shows an invader which uses a combination of CSS animation to move and JavaScript to wave the limbs. The image on the right is a basic animated GIF. Hit the write button with the default 100,000 sessionStorage operations:

See the Pen
DOM-blocking animation by SitePoint (@SitePoint)
on CodePen.

DOM updates are blocked during this operation. The invader will halt or stutter in most browsers. The animated GIF animation will pause in some. Slower devices may show a “script unresponsive” warning.

This is a convoluted example, but it demonstrates how front-end performance can be affected by basic operations.

The post How to Avoid DOM Blocking in JavaScript appeared first on SitePoint.

Running Unikernels from Existing Linux Applications with OPS

Unikernels are an emerging deployment pattern that engineers are choosing over Linux and Docker because of their performance, security and size. Researchers from NEC are reporting boot times in 5ms while other users talk about how small their VMs can get – in the kilobyte range if you’re using c. Still others like OSv have measured up to a 20% performance advantage in popular databases. However they have remained out of a lot of developers reach because of their low level nature.

That is until we decided to open source a tool called ops.city (OPS). OPS is a new free open source tool that allows anyone, including non-developers to instantly build and run unikernels on linux or mac from their existing software. There is no complicated re-compilation. There is no LDFLAG twiddling or random patching of various libraries you’d never patch yourself. OPS goal is to democratize access to unikernels.

Ok – enough of that – let’s build some unikernels.

First thing you’ll want to do is download ops itself:

curl https://ops.city/get.sh -sSfL | sh

Let’s start with a short example:

Let’s create a working directory:

mkdir p

Now put this into test.php:

<?php

echo ‘test\n’;

?>

From a fresh install you’ll see that there are several pre-made packages available:

Let’s go ahead and download the php package. The package contains everything that you’ll need to build and run php unikernels but absolutely nothing more. The idea is not to strip things out that aren’t necessary – it’s more of only putting things in to make it work. You’ll notice if you get into the tarball you’ll find an ELF file along with some libraries. This was built for linux but your application won’t actually run on linux. Linux is now 28 years old and predates both commercialized virtualization and what has become known as “the cloud” – namely Amazon Web Services and Google Cloud – both of which heavily use virtualization underneath.

Now if you run the example you’ll see that we boot up our php application and run the code but if you are paying attention you’ll see that this not like Linux where it starts hundreds of programs before it runs yours. Again this is more than just replacing the init manager and applying seccomp. We’ve tailored your application to become it’s own little operating system – how cool is that?

Let’s try another one – put this into test.js :

console.log(“we are all crazy programmers!”);

This time we’ll try out node.js:

It’s important to note that we’ve only showed some basic examples here. OPS is actually capable of loading and running arbitrary ELF binaries.

If you are using docker or kubernetes now you’ll definitely want to pay attention and get involved early in the unikernel ecosystem. If you are a microservices aficionado or serverless fan you should also be paying attention as a lot of people are predicting this to be the underlying infrastructure for these paradigm changing technology growths.

So what are you going to build? Go check out https://github.com/nanovms/ops – fork/star the repo and let us know!

The post Running Unikernels from Existing Linux Applications with OPS appeared first on The Crazy Programmer.

Your Website Can Earn More with Google’s Auto Ads

This article was created in partnership with Google AdSense. Thank you for supporting the partners who make SitePoint possible.

Effective websites build businesses. They raise your profile, strengthen your brand, and bring in new clients. They can also generate their own money, and the easiest way to get started is pay-per-click advertising.

If that sounds like a lot of work, it doesn’t have to be. And it doesn’t have to turn your site into a flashy billboard, either. Once set up, your site will continue to generate supplementary income—even while you sleep.

The sooner you get started, the quicker it will add up. So let’s get into it.

Why AdSense?

Google AdSense is the easy way to start monetizing your content. After a simple setup process, you have access to the world’s largest network of online advertisers, and you get paid for every click, whether that visitor converts to a sale or not.

“Let us grow your revenue while you focus on growing your business.” (The AdSense Team)

Because the ads are relevant and unobtrusive, you keep faith with your visitors. Google is focused on good user experience, not confusing or misleading the user. When you win, they win.

One of the best things about AdSense ads is that they follow all of Google’s rules on user experience, which means that they tend to be more unobtrusive, less flashy and (hopefully) more targeted than other banner and display advertising – their contextuality is a big plus as relevance is the main game here—the more relevant the ad the more likely you are to get paid. (Adsense and AdWords – why use them?)

How much will you make? That’s hard to say, and depends on the quality and uniqueness of your site’s content, the amount of traffic you get, and even the type of traffic. So keep working on your site and content.

Serious money may take thousands of visitors a day. But you don’t need to wait till then—see it as a work in progress. Make a start now, learn as you go, and track your progress over time.

Why Auto ads?

Auto ads make AdSense even easier to set up by using machine learning. Google intelligence does the work for you, choosing ads that will perform well, and placing them where they’ll have maximum effect.

This is a game changer, allowing you to add ads to your site in a simple way, and make incremental revenue from them without the cost of additional time and effort. It does requires handing control over to Google, who uses page crawling techniques to analyze and understand each page, so that the AI can adapt to improve ad performance.

And it works. During the beta test, participating publishers made on average 10% more revenue using Auto ads than they had been making on their own.

To get started, you just need to add a code snippet to each page you want ads on. After that you adjust the settings in your AdSense account by using the toggles to choose which ad formats are displayed, without ever having to edit the code.

Additionally, make sure you take advantage of Ad sizes optimization, a feature Google added in 2019. It automatically optimizes your fixed-size ads on mobile, taking into account the screen size and orientation of your visitor’s device.

Setting up your account

There’s an application process you’ll need to complete before you can use AdSense on your website. It’s simple, free, and only takes a minute or two. Approval may take a few days.

The post Your Website Can Earn More with Google’s Auto Ads appeared first on SitePoint.

Password Bypass Vulnerability In Facebooks’ “Download Your Information” Feature

Facebook recently patched a serious vulnerability that could let an attacker download user information. The flaw allegedly existed in Facebook

Password Bypass Vulnerability In Facebooks’ “Download Your Information” Feature on Latest Hacking News.

Google Partially Steps Back From Chrome API Changes That Blocks Ad Blockers

Google has received lots of criticism since it announced Chrome API updates regarding ad blockers and extensions. It seems the

Google Partially Steps Back From Chrome API Changes That Blocks Ad Blockers on Latest Hacking News.

Almost Half A Million Delhi Citizens' Personal Data Leaked Online

A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens... thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without the password. In a report, Bob Diachenko shared with The Hacker News, disclosed that two days ago he found a 4.1 GB-sized highly

How costly are sweetheart swindles?

And that’s on top of the heartache experienced by the tens of thousands of people who fall for romance scams each year

The post How costly are sweetheart swindles? appeared first on WeLiveSecurity

Cryptocurrency Broker Had 450,000 of its Users Credentials Leaked on The Darkweb

Cryptocurrency broker, Coinmama, suffered a data breach with around 500,000 customers’ emails and password credentials compromised. Customers affected stretch back

Cryptocurrency Broker Had 450,000 of its Users Credentials Leaked on The Darkweb on Latest Hacking News.

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites

Latest Hacking News Podcast #225

Microsoft Edge whitelists flash autorun on Facebook, WinRAR vulnerability existed for up to 19 years, and researcher Ken Munro says hackers could easy sink ships at seas on episode 225 of our daily cybersecurity podcast.

Latest Hacking News Podcast #225 on Latest Hacking News.

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the

Cryptojacking Apps Removed From Microsoft App Store

After Apple and Google, the malefactors are turning their attention to the Microsoft app store as well. We have already

Cryptojacking Apps Removed From Microsoft App Store on Latest Hacking News.

Android Deep Linking Example

In this tutorial you will learn about android deep linking with an example.

In deep linking first we have to understand what does an URI means. Let us consider an example of URI,

https://ift.tt/2SOunxu

Here,

• https is a scheme
• www.example.com is a host
• /demo is a path, directing the specific resource
• ?userid=100&client=android is a query string with key-value pairs like the hashmap in java.

Deeplink is defined as a source of content to content web to your android application and in deeplink whenever user opens an URI and if that URI is deep link with any application then it opens a dialog prompt that open with that app or open with browser only.

We can create deeplink over network that is connecting website directly to the application or we can create custom deplink also like myApplication://….

Android Deep Linking Example

First of all create a new android project to understand deeplink in android app.

Now make intent filter in the activity that you want to open when user click on weblink.

<intent-filter android:label="@string/app_name">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="myapp"
android:host="myhost"
android:pathPrefix="/help"/>
</intent-filter>

What we are doing in this project is when we are clicking on weblink then we are opening the app and showing the weblink in the text view.

activity_main.xml

<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    xmlns:tools="http://schemas.android.com/tools"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    tools:context=".MainActivity">

    <TextView
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:layout_centerHorizontal="true"
        android:layout_centerVertical="true"
        android:textSize="20sp"
        android:id="@+id/deepLinkText"
        android:textColor="#000000"/>

</RelativeLayout>

Now we are designing its java class to represent weblink when user click on it on textview.

MainActivity.java

package com.example.deeplinkdemo;

import android.content.Intent;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.widget.TextView;

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        Intent intent=getIntent();

        if(intent!=null&&intent.getData()!=null){
            ((TextView)findViewById(R.id.deepLinkText)).setText(intent.getData().toString());
        }
    }
}

Build app for about project and install it in your mobile device.

Below we are designing a custom html file when user open that html file and click on the link on that html file then our app will open.

<!DOCTYPE html>
<html>
<head>

<body>

        <a href="myapp://myhost/help">myapp://myhost/help</a>

</body>

</head>

</html>

Now you can run and test your application.

The post Android Deep Linking Example appeared first on The Crazy Programmer.

Siegeware: When criminals take over your smart building

Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities

The post Siegeware: When criminals take over your smart building appeared first on WeLiveSecurity

5 Simple UX Principles to Guide your Product Design

[caption id="attachment_106789" align="alignright" width="309"] Photo credit: Orin Zebest [/caption]

Few things in life are constant: death, taxes, and strangers asking “So what do you do?” within a minute of a handshake.

As a UX designer, I’ve had a lot of practice over the years trying to nail down my answer.

Here’s what I’ve come up with:

It’s my job to be inside a user’s brain. I need to look at design from the mindspace of a user (actually, lots of users) and squash potential problems or confusion.

This never-ending process requires keeping UX present before, during, and after the build is complete. It’s always a challenge to act with the user in mind—influences like due dates and bottom lines sometimes cloud the way.

To help keep your product on the right path, I’ve assembled a list of five UX principles I use to guide my design process. Understanding how and why to make UX decisions goes a long way in explaining things to others on the team, which goes an even longer way in getting said UX decisions into the final product.

1. Digestibility

Good design is easy to digest: the brain shouldn’t have to expend a ton of energy to figure out what the heck it’s looking at. With any luck, people will just “get it” without needing a six-section explanation.

This goes beyond clear, easy-to-read copy. People sometimes need guidance to make decisions, so a menu with a list of 12 inline items may seem daunting. Organizing with some hierarchy (size, color, icons) can help highlight the more common choices, which allows someone to find what they’re looking for faster.

Another good example of digestible design is the new-user guide, often presented as staggered tips that a person can process one at a time. But imagine the opposite—hitting a brand-new user with a whole stack of instructions, removed from the context of the product. No one likes a confusing surprise.

Consider all the decisions you’re asking someone to make with your product to get to the bottom of the funnel. The brain has a limited amount of cognitive resources during the day, so using them up needlessly is rude.

2. Clarity

Good design is honest. Aside from understanding the words in your value prop, you need the user to understand the actual value. Being coy or unclear about your product isn’t going to win any fans.

Related to value, pricing is an area where clarity is everything. Users aren’t going to click “Buy now” if they can’t figure out what you’re asking them to pay. While shady “free trials” that switch to auto-billing might be the norm, I doubt they’re winning any popularity contests.

This may sound cheesy, but a good plan is to simply follow the Golden Rule. Explain things like you’d want them explained to you. Make things as clear as you can. You know what you’d expect out of the products you choose to use, so don’t you dare build something less.

The post 5 Simple UX Principles to Guide your Product Design appeared first on SitePoint.

Latest Hacking News Podcast #224

Lazarus Group targets Russian companies for the first time, Russian nation-state hackers have quickest breakout time, and a remote code execution flaw existed in WordPress of 6 years on episode 223 of our daily cybersecurity podcast.

Latest Hacking News Podcast #224 on Latest Hacking News.

XMLHttpRequest vs the Fetch API: What’s Best for Ajax in 2019?

March 2019 celebrates the 20th anniversary of Ajax. Sort of. The first implementation of XMLHttpRequest shipped in 1999 as an IE5.0 ActiveX component (don't ask).

Before then, there had been ways to pull data from a server without a full-page refresh, but they often relied on clunky techniques such as <script> injection or third-party plugins. Microsoft developed XMLHttpRequest primary for a browser-based alternative to their Outlook email client.

XMLHttpRequest was not a web standard until 2006, but it was implemented in most browsers. Its adoption in Gmail (2004) and Google Maps (2005) led to Jesse James Garrett's 2005 article AJAX: A New Approach to Web Applications. The new term crystallised developer focus.

AJAX to Ajax

AJAX is a mnemonic for Asynchronous JavaScript and XML. "Asynchronous" definitely, but:

1. JavaScript was likely, although VBScript and Flash were options
2. The payload did not need to be XML, although that was popular at the time. Any data format could be used and, today, JSON is normally preferred.

We now use "Ajax" as a generic term for any client-side process which fetches data from a server and updates the DOM dynamically without a full-page refresh. Ajax is a core technique for most web applications and Single-Page Apps (SPAs).

Extreme XMLHttpRequest

The following JavaScript code shows a basic HTTP GET request for http://domain/service using XMLHttpRequest (commonly shortened to XHR):

The post XMLHttpRequest vs the Fetch API: What’s Best for Ajax in 2019? appeared first on SitePoint.

Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately. Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that

5 Core Elements for Building Award-Winning One-Page Websites

This sponsored article was created by our content partner, BAW Media. Thank you for supporting the partners who make SitePoint possible.

Is your next project a one-page website? You might think designing it would be an easy task compared to the multi-page website designs. You're in for a surprise.

Making a one-pager both visually appealing and user-friendly is harder than you think. The design effort alone could be a factor of 10 times greater than you normally put into a multi-page site. This is of the challenges involved in designing a one-pager. For example, you need to stuff a lot of valuable information into a much smaller space in a way that won't turn users off

This guide is centered about 5 critical elements you need to take into account. It will help your one-pager become a success. They're somewhat akin to fire, earth, water, air, and spirit, the 5 fundamental elements of nature. But they're much more important for your purposes.

The post 5 Core Elements for Building Award-Winning One-Page Websites appeared first on SitePoint.

Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability

Facebook is already going through tough times since Cambridge Analytica scandal. Nonetheless, their vigilance towards the security of their platform

Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability on Latest Hacking News.

Learn How XDR Can Take Breach Protection Beyond Endpoint Security

How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture.

Switzerland offers cash for finding security holes in its e-voting system

Anybody with hacking prowess can take a crack at reading votes or even rigging the vote count itself

The post Switzerland offers cash for finding security holes in its e-voting system appeared first on WeLiveSecurity

Criminal hacking hits Managed Service Providers: Reasons and responses

Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it?

The post Criminal hacking hits Managed Service Providers: Reasons and responses appeared first on WeLiveSecurity

LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers

Why would someone bother to hack a so-called "ultra-secure encrypted database that is being protected behind 13 feet high and 5 feet thick walls," when one can simply fetch a copy of the same data from other sources. French security researcher Baptiste Robert, who goes by the pseudonym "Elliot Alderson" on Twitter, with the help of an Indian researcher, who wants to remain anonymous,

Latest Hacking News Podcast #223

VK worm revenge prank, Wendy’s $50 million data breach settlement, and Google Earth reveals Taiwanese military sites on episode 223

Latest Hacking News Podcast #223 on Latest Hacking News.

Kali Linux 2019.1 Released — Operating System For Hackers

Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit, theHarvester, DBeaver, and more.

Google: Here’s how we cracked down on bad apps last year

Apps downloaded from Google Play were eight times less likely to compromise a device than apps from other sources

The post Google: Here’s how we cracked down on bad apps last year appeared first on WeLiveSecurity