Podcasts about apks

Q&A222: What are the pros and cons of Obtanium (and APKs) vs the Play Store? Do we think "Schnier's Law" can explain privacy apathy? Does anyone sell Fedora-focused devices? What are the pros and cons of Appimages and Flatpaks? Do we have thoughts on Atlas Privacy? Join our next Q&A on Patreon: https://www.patreon.com/collection/415684?view=expanded or XMR Chat: https://xmrchat.com/surveillancepodWelcome to the Surveillance Report Q&A - featuring Techlore & The New Oil answering your questions about privacy and security.❤️ Support us on Patreon: https://www.patreon.com/surveillancepod

Suscríbete para más: https://www.youtube.com/c/pixxelers Sigueme en redes: https://linktr.ee/jlrock92 Discord: https://discord.gg/EFkfqhMZDU NOTAS: - Pokémon vs Palworld: https://tinyurl.com/mwrxkdxn - Nintendo Switch 2: https://tinyurl.com/2jvabzzr - Intel PS6: https://tinyurl.com/57683dcr - PS5 Digital Foundry: https://youtu.be/fJZ6ndDACG8 - Jedi Survivor arreglado: https://youtu.be/smD4okK5-Hw - Horizon Zero Dawn Remaster: https://tinyurl.com/473kj7v4 - UE vs Videojuegos: https://tinyurl.com/dbj8mrn7 - GTA VI: https://tinyurl.com/z55cdvux - Steam Family: https://youtu.be/b248W74jcFc - Despidos Xbox: https://tinyurl.com/yc47zpzk - Unity fees cancelados: https://tinyurl.com/38f6b88s - Intel se divide: https://tinyurl.com/mrzk9wzp - AMD villano: https://tinyurl.com/5a2ba7ww - Ryzen 9000 no vende: https://tinyurl.com/4rxr8pdw - Android bloquea APKs: https://tinyurl.com/mr3zed6a - Apple baterías: https://tinyurl.com/bddzxdub - Apple Activation Lock: https://tinyurl.com/ndcuhr6n - iOS 18 iPad bug: https://tinyurl.com/mputmb3a - TikTok vs USA: https://tinyurl.com/39yvbauv - Minority Report real: https://tinyurl.com/35jrzm47 - Influencer IA: https://tinyurl.com/3zdrx2xe - Chrome Phishing: https://tinyurl.com/2u6c9fwk - Nuevo YouTube: https://tinyurl.com/yc2znedn

Un reporte hecho por el investigador de seguridad para Kaspersky, Leandro Cuazzo, revela el alza en aplicaciones que generan comprobantes de “transferencias fantasma” y comprobantes de pago falsos. Estas aplicaciones se venden a través de grupos de Telegram en donde se puede adquirir las APKs que simulan ser bancos, carteras digitales, o servicios como Mercado Pago y te permiten adquirir paquetes para generar cierto número de pantallazos que reflejan transferencias falsas, comprobantes e incluso pueden enviar mensajes de texto que simulan ser enviados por un bancos y confirman a la víctima que se hizo un pago a través de transferencia electrónica. La presencia de este tipo de fraudes ha tenido mayor presencia en países como Argentina y Perú.

✅ Se inscreva na Jornada de IA da Hashtag: https://lp.hashtagtreinamentos.com/inteligencia-artificial/jornada/inscricao?fonte=diolinuxlabs Neste episódio do Diolinux News, nós falamos sobre as novidades no Android, o novo logo do Cosmic, o lançamento do Linux Mint 22 e muito mais!

Topics covered in this episode: Leaving the cloud PEP 723 - Inline script metadata Flet for Android harlequin: The SQL IDE for Your Terminal. Extras Joke Watch on YouTube About the show Sponsored by Bright Data : pythonbytes.fm/brightdata Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Michael #1: Leaving the cloud Also see Five values guiding our cloud exit We value independence above all else. We serve the internet. We spend our money wisely. We lead the way. We seek adventure. And We stand to save $7m over five years from our cloud exit Slice our new monster 192-thread Dell R7625s into isolated VMs Which added a combined 4,000 vCPUs with 7,680 GB of RAM and 384TB of NVMe storage to our server capacity They created Kamal — Deploy web apps anywhere A lot of these ideas have changed how I run the infrastructure at Talk Python and for Python Bytes. Brian #2: PEP 723 - Inline script metadata Author: Ofek Lev This PEP specifies a metadata format that can be embedded in single-file Python scripts to assist launchers, IDEs and other external tools which may need to interact with such scripts. Example: # /// script # requires-python = ">=3.11" # dependencies = [ # "requests<3", # "rich", # ] # /// import requests from rich.pretty import pprint resp = requests.get("https://peps.python.org/api/peps.json") data = resp.json() pprint([(k, v["title"]) for k, v in data.items()][:10]) Michael #3: Flet for Android via Balázs Remember Flet? Here's a code sample (scroll down a bit). It's amazing but has been basically impossible to deploy. Now we have Android. Here's a good YouTube video showing the build process for APKs. Brian #4: harlequin: The SQL IDE for Your Terminal. Ted Conbeer & other contributors Works with DuckDB and SQLite Speaking of SQLite Jeff Triplett and warnings of using Docker and SQLite in production Anže's post and and article: Django, SQLite, and the Database is Locked Error Extras Brian: Recent Python People episodes Will Vincent Julian Sequeira Pamela Fox Michael: PageFind and how I'm using it When "Everything" Becomes Too Much: The npm Package Chaos of 2024 Essay: Unsolicited Advice for Mozilla and Firefox SciPy 2024 is coming to Washington Joke: Careful with that bike lock combination code

Das Jahr 2023 ist noch nicht vorüber und mit dem Xiaomi Auto kam nochmal ein richtiger Knaller. Nothing bringt eine Chat-App, welche mit iMessage funktioniert und der Humane Ai Pin wurde vorgestellt. Auch bewerten Thorben und Fabian in einem Blind-Ranking die Top 5 Smartphones des letzten Jahrs. Erste Bilder zum Xiaomi-Car geleakt! So sieht der Xiaomi SU7 aus ► https://www.china-gadgets.de/erste-bilder-zum-xiaomi-car-geleakt-so-sieht-der-xiaomi-su7-aus/ Nothing Chats: iMessage für Nothing phone(2) ► https://de.nothing.tech/pages/nothing-chats Amazon gives Apple ‘massive preferential treatment' in secret deal, report claims ► https://9to5mac.com/2023/11/10/amazon-apple-special-deal-online-storefront/ iPhone App Sideloading Coming to Users in the EU in First Half of 2024 ► https://www.macrumors.com/2023/11/13/eu-iphone-app-sideloading-coming-2024/ Humane Ai Pin: Weiterentwicklung des Smartphones oder KI Quatsch? ► https://www.china-gadgets.de/humane-ai-pin/ Vivo Watch 3 kombiniert 16 Tage Laufzeit mit brandneuem BlueOS ► https://www.notebookcheck.com/Vivo-Watch-3-kombiniert-16-Tage-Laufzeit-mit-brandneuem-BlueOS.767738.0.html [Exclusive] OnePlus Watch 2 5K Renders Reveal Full Design and Key Specifications; To Feature 1.43-inch AMOLED Display and Snapdragon W5 Gen 1 CPU ► https://www.mysmartprice.com/gear/oneplus-watch-2-5k-renders-key-specifications-exclusive/ Exclusive Leak: Samsung Galaxy Xcover 7 Official Renders ► https://www.androidheadlines.com/2023/11/exclusive-samsung-galaxy-xcover-7-official-renders Samsung denies rumors of cheaper foldable smartphone ► https://koreajoongangdaily.joins.com/news/2023-11-14/business/tech/Samsung-has-no-plans-for-midrange-foldable-smartphones/1912820 Honor 100 ► https://twitter.com/TECHINFO45/status/1724423291627032592 TAYLOR SWIFT | THE ERAS TOUR Concert Film ► https://www.youtube.com/watch?v=KudedLV0tP0 Shark Tank ► https://www.amazon.de/gp/video/detail/B0C59QKSMG?tag=cgtg-21 Joseph DeChangeman ► https://www.youtube.com/@dechangeman/videos

My guests today are DC Posch and Nalin Bhardwaj, co-founders of Daimo. Daimo is a stablecoin focused iOS wallet built with Passkeys and AA Smart Accounts. On this episode, DC, Nalin, and I discuss their new p256Verifier contract, which is an audited Solidity implementation of p256r1 verification. We discuss the ins-and-outs of gas optimized onchain p256 verification, compare their contract to the FreshCryptoLib implementation, and consider the limitations of precomputation. We cover EIP-7212, which DC and Nalin co-authored alongside the team from Clave, and discuss Daimo's exciting proposal for progressive precompiles, also known as precompile shadowing, which would allow precompiles to elegantly replace the p256Verifier, on chains where it is adopted. It was fantastic learning from DC and Nalin who are experts working at the intersection of WebAuthn cryptography and blockchain. I hope you enjoy the show. As always, this show is provided as entertainment and does not constitute legal, financial, or tax advice or any form of endorsement or suggestion. Crypto has risks and you alone are responsible for doing your research and making your own decisions. If you value Web3 Galaxy Brain and would like to support the show, please send me a tweet or DM saying why you listen and what makes Web3 Galaxy Brain special for you. I'll post the best testimonies to the show's website. Thank you! Links Hosted by @nnnnicholas Sign up for the Daimo beta Daimo Daimo Github DC Posch Nalin Bhardwaj EthUniversity Hack Lodge Solidity Summit p256Verifier and Github and Daimo's blog Progressive precompiles (aka Precompile shadowing) FreshCryptoLib WebAuthn Halo2 WebAuthn Circom ZK Sync Era's p256 precompile Awesome WebAuthn Dogan_Eth's State of Verifying p256 Veridise audit Chapters (00:00:00) Intro (00:01:37) How DC and Nalin met: EthUniversity and Hack Lodge (00:03:40) Decentralization and permissionlessness (00:05:57) What is Daimo (00:08:30) Advantages of Smart Contract Accounts (00:12:55) Passkeys and Enclave Keys (00:16:25) Trusted execution environments and firmware updates (00:19:55) Apple binaries and reproducible APKs (00:24:30) Self-custody UX (00:25:58) Why p256 (secp256r1)? (00:28:20) ECDSA vs ZK (00:31:10) Renaud Dubois & FreshCryptoLib's p256 implementation vs Daimo's p256Verifier (00:36:50) Wycheproof test vectors (00:38:00) CPU style optimization for EVM cryptography (00:39:40) Precomputation, or not (00:44:10) EIP-7212 (00:49:05) Progressive Precompiles (aka Precompile shadowing) (00:54:00) EVM equivalence and p256 (01:00:05) Veridise audit (01:02:00) Daimo's forthcoming Base64 encoder (01:03:40) Daimo cross-chain stablecoin wallets (01:06:00) Getting Daimo

A version of this essay was published by firstpost.com at https://www.firstpost.com/opinion/shadow-warrior-no-the-finance-mandarins-dont-always-screw-up-they-only-do-it-in-petty-ways-12678122.htmlThe Twitterverse and the media in general have been brutal on India's babu-log for several recent missteps. These, many fear, revive the ghosts of the late lamented License Raj: for instance the imposition of 20% Tax Collected at Source for overseas credit card transactions, the poorly-managed withdrawal of 2000-rupee notes, or the angel tax on domestic investments in startups (but not on investments from 21 specified countries).But let's be honest and give them credit where it's due: they shepherded India through the pandemic leaving the economy in pretty decent shape compared to the rest of the world. Even more importantly, the general handling of the economy has gone so well (of course thanks also to other tailwinds like the infrastructure push and the manufacturing thrust) that there is a genuine feeling among both locals and foreigners that India's time in the sun is finally here.This is no mean achievement, especially given the withering information warfare waged by the Deepstate. India's GDP grew in FY 2022-23 at 7.2%, pretty much the highest rate for any large economy, exceeding estimates even by the RBI. An optimistic report from Morgan Stanley, "How India Has Transformed in Less than a Decade" cites several reasons for such optimism: government reforms, demography, technology, strong economic fundamentals. “India is broken”, it ain't. And let's not go with services alone, Raghuram Rajan!And then the babus go and screw up on these relatively minor things, making everybody look bad!This is like I have always said, Indians thrive on complexity. We can do the Kumbh Mela in fine style (kudos to the much-maligned babus), but we can't queue up for an elevator to save our lives. Or desist from driving like maniacs, honking like mad and darting all over the place. Too simple, I guess. There are also habitual naysayers (some surely beholden to the Nehruvian Stalinist ecosystem or on the Deepstate/Soros payroll) who simply cannot believe that things are finally beginning to look up in and for India. There are those who are perennially on pet hobby-horses (one who gets all his wisdom from taxi-drivers, and another who thinks low-quality service jobs that add no lasting value are manna from heaven). Others are periodically astroturfed like mushrooms after rains, to mix American and Malayalam metaphors recklessly.What they fail to see (intentionally) is that the glass is half-full. Yes, there are major problems: India's education system is going from bad to worse; corruption is still a menace; the public sector continues to be an albatross around India's neck; the endless election cycle means that it is hard to think long-term (both for babus and for politicians); populist giveaways and special interest lobbies bankrupt the exchequer; the judicial system is in bad shape; and so on. On the other hand, there is proof of progress. Undeniable proof. Once the dirigiste state was partly dismantled under duress by Narasimha Rao, things improved notably, as the animal spirits of Indian entrepreneurs and traders apparently had a field day. Under Narendra Modi India's steady recent growth has been in nice contrast with tepid growth elsewhere. But the more intriguing tale is about poverty reduction on the one hand, and of the provision of services on the other. If the UN is to be believed, India has lifted 415 million people from poverty in 15 years. Furthermore, various infrastructure projects providing electricity, drinking water, roads and railways to even remote parts of the hinterland are quite likely increasing the quality of life as well as the per capita income. The other big deals, of course, are Demonetization and GST. Despite massive negative propaganda, I think the impartial observer today would be hard pressed to see these as net negatives. The giant strides made towards digitization, just by themselves, would justify the relatively minor inconvenience people went through at the time. UPI has made inroads into the remotest interior villages (Ecowrap from the SBI says that 60% of transactions by volume and value are now coming from rural and semi-urban areas). The same report says the value of UPI payments has gone up from Rs. 6947 crore in FY17 to Rs. 139,00,000 crore in FY23, a huge growth of 2004x. The use of the smartphone as a Point of Sale system has been a nice adaptation of technology, supported by Jio and inexpensive data.There is a video clip of P. Chidambaram, the former Finance Minister of India, mocking digital transactions. In the video, Chidambaram is speaking at an event and he says, "How can you expect a poor lady in a village to use digital transactions when there is no electricity and no POS devices?"Pretty bad look from the supercilious Chidambaram. It is the same attitude displayed by nay-sayers from Lutyens and Khan Market: they do not believe the average Indian can or will progress. Only the mai-baap sarkar of the Nehru Dynasty can save them, they claim. On the contrary, the Nehruvian Penalty has kept 500 million Indians poor, as I wrote on Rediff.com in 2004. The reality is that under the Nehruvian Stalinists, India kept falling behind the rest of the world. After 1991, India is slowly and painfully clawing its way back up the ranks of global wealth. The GST, despite many flaws, has also been a success in creating a single national marketplace, and in reducing logistics bottlenecks (remember those mile-long queues of trucks idling at state boundary checkpoints, and surely the enormous amounts changing hands?). As India ramps up manufacturing, the improvement in transportation efficiency will pay for itself.None of this happened just like that, it was willed into existence, says TheEmissary in a positive post https://theemissary.co/modinomics-why-india-is-rising/ and this is true, somebody imagined it, and somebody else, yes, the very same babus, put things into motion. Compared to all these pluses, surely the mandarins are entitled to screw up a little bit now and then. But the point is the mindset behind the TCS, and the poor communication strategy behind the Rs 2000 note withdrawal.At a time when India is attempting to offer the rupee as a global currency, and trying to make India a more attractive investment location, the TCS (Tax Collected at Source) surely feels like a retrograde step dating back to the days of worrying about foreign exchange reserves (unnecessarily, as India's current kitty is around $572 billion, which is close to an all-time high).The signal it sends out is that officious babus will make life difficult for average users in the pursuit of either minor increases in tax collections or an illusory improvement in forex reserves. Far more useful would be a deep analysis of what is causing the trade deficit with China to balloon (it is now bigger than India's entire defense budget), which sectors or products will have the greatest bang for the buck (eg. pharma APKs), and solid Production Linked Incentives to increase Indian production of the same. The withdrawal of the Rs. 2000 notes is probably a good idea, because by now the criminal ecosystem has figured out how to counterfeit them efficiently. As in years past, the ‘second-best' notes are likely being produced in Pakistan and shipped through the Middle East to India. So there's nothing wrong in removing them from circulation.Two caveats, though. It would have been a lot better to withdraw them before the BJP's debacle in Karnataka. It's sort of locking the barn door after the horse has bolted. As in years past, the vast bulk of corruption money intended for elections is quite likely stored in these larger notes, and removing them from circulation is a good idea. Well, fine, this will have an impact on the 2024 elections, I imagine. The second is the total cockup in the communication of the withdrawal. The first announcement said the notes could be deposited before a certain date, but that they would continue to be legal tender (which seems counter-intuitive). If you deposited more than Rs. 20,000 a day, though, the idea seemed to be that you would have to show some id, PAN/Aadhar. That would help identify anybody who had been hoarding large quantities of cash (usually for dubious purposes). But then the second announcement, from SBI, said that there would be no need for any paperwork. Meanwhile people were using 2000-rupee notes to buy luxury items, especially gold. So exactly what is going on? What is the point in this not-demonetization? Did the babus get cold feet and do U-turns?The angel tax on startups is itself a dubious idea, especially when India is attempting to increase the viability of its homegrown early-stage companies. The regulatory atmosphere and the relative paucity of local venture funding is anyway encouraging startups to register themselves abroad, say in Singapore or Dubai or Silicon Valley. By adding a tax you're making Indian startups less appealing to investors. Furthermore, by picking and choosing investment from certain countries to be exempt from the tax seems either capricious or over-reach/meddling. It simply isn't true that these Anglo and Nordic countries are all pure as the driven snow, as we have seen on numerous occasions.The bottom line, though, is that despite periodic missteps, India's finance folks and the central bank have done a stellar job, and it shows: India's banks are currently among the most profitable in the world, with no worrying bank failures (unlike, say, in the US and Europe); interest rates and inflation are modest (again, unlike the US and EU). So two cheers for the babus! 1538 words, May 27, 2023, updated 1626 words, June 1, 2023 This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit rajeevsrinivasan.substack.com

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

Storage-saving archivable App Bundles replacing APKs for Google/Android TV in 2023. App Bundles for Google TV and Android TV. Android TV 13 comes to the Raspberry Pi 4 courtesy of unofficial LineageOS 20 ROM. Android will prompt you to update apps if they're crashing. Google Fi discounts Pixel 7 to $399 and offers $300 off 7 Pro for Black Friday. Forget the Apple Watch! The Google Pixel Watch is $299 in early Black Friday deal. Score near all-time low pricing on Samsung's Galaxy S22/+/Ultra from $697, foldables, more. OnePlus 10 Pro falls to new all-time low at $550 in early Black Friday sale (Save $250), more. Nord N300 Hands-on. You can now (unofficially) add 32-bit support to your Pixel 7 phone. [Tutorial] [Magisk] Enabling 32-bit Support For Apps. Nearby Share button in the clipboard editor overlay on Android 13. Nearby Share being added to the first row of the share sheet. Nearby Share redesign with Material You. An update on Nearby Share for Windows. You can now ask Google Assistant to search and play podcasts by guest, episode. Amazon Alexa is a "colossal failure," on pace to lose $10 billion this year. JR's tip of the week: Threaded replies in Google Messages. Why Amazon Photos is a good photo backup service. Foldable prices make sense when adjusted for inflation. Repurposing old devices as IP webcams. Read our show notes here: http://bit.ly/3grWGiq Hosts: Jason Howell, Ron Richards, and Huyen Tue Dao Co-Hosts: Mishaal Rahman and JR Raphael Subscribe to All About Android at https://twit.tv/shows/all-about-android. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Secureworks.com/twit bitwarden.com/twit tanium.com/twit

China derrota la adicción a los videojuegos, Tumblr incrementa compatibilidades y Spotify ofrece audiolibros en más países.Puedes apoyar la realización de este programa con una suscripción. Más información por acáNoticias:-En China, un nuevo informe del Comité del Grupo de la Industria de Videojuegos encontró que la adicción a los juegos por parte de menores de edad “básicamente se ha resuelto”-La nave espacial Orion de la NASA completó su primer recorrido sobre la luna, volando a 130 kilómetros de distancia de la superficie del satélite. -Google anunció que requerirá que los desarrolladores usen Android App Bundle en Google TV y Android TV a partir de mayo de 2023, en lugar de los APKs tradicionales-Spotify extiende su oferta de audiolibros fuera de Estados Unidos. Estos estarán disponibles en otros mercados angloparlantes como Reino Unido, Irlanda, Australia y Nueva Zelanda. -El CEO de Automattic, Matt Mullenweg, dijo que su red social Tumblr pronto admitirá el protocolo descentralizado ActivityPub, el cual es usado por aplicaciones como Mastodon. Análisis: El verdadero “metaverso”¿Prefieres leer las noticias? ¡Suscríbete a mi newsletter y te llegarán todos los días!   Become a member at https://plus.acast.com/s/noticias-de-tecnologia-express. Hosted on Acast. See acast.com/privacy for more information.

There were a lot of features over the last month we discuss and we tried to be nice about them... But Niantic isn't making it easy. It's been the third bad month in a row for the game but this month was extra bad. Between Elite Raids and Zorua, we get into all the issues these features experienced, what we saw from our end, and of course dive into the recent APKs, and all the standard datamining goodies like Gimmighoul, the Halloween map and more! Hosted on Acast. See acast.com/privacy for more information.

GM2K and Marty get together to talk about GO Fest while Lew is actually at GO Fest. Wait, does that make sense? We talk about our GO Fest experience, the last two APKs (239 and 241), Mega Scizor, Stickers v2, Niantic's own leak for the Ultra Unlock, the Hisui leaked event, and so much more! Thanks for listening! See acast.com/privacy for privacy and opt-out information.

As principais notícias de tecnologia de hoje são as seguintes: buscas por morte de Bitcoin aumentam no Google, novo sistema multiplanetário é descoberto, Xiaomi Mi Band 7 lançada globalmente e muito mais. Confira!

...well, sometimes it'll get. We have a medley of topics on this show from a Play Store app falling victim to the roboreview to YouTube Music's latest attempt to find relevance with YouTube users. Dose in a dash of LG remembrance and we've got another Android Police podcast — this week featuring editor Jules in for Daniel, who's on paternity leave. 3:09 | Ara is all about the Google apps this week. https://www.androidpolice.com/youtube-music-on-wear-os-streaming/ (YouTube Music on Wear OS now lets you stream music from your smartwatch) https://www.androidpolice.com/youtube-music-shortcut-youtube-app/ (The YouTube app gains more shortcuts to jump from a music video to YouTube Music) https://www.androidpolice.com/android-auto-77-connection-issues/ (Latest Android Auto update fixes S22 woes for some, while Pixel owners are left hanging) 17:45 | Newsflash: Amazon finally kills Micro-USB on its Fire tablets https://www.androidpolice.com/amazon-fire-7-tablet-usb-c/ (Amazon finally gets with the times, brings USB-C to the Fire 7 tablet) 21:36 | Will brings us back to the Google arc, this time on the services side https://www.androidpolice.com/google-personal-legacy-g-suite-account-plan/ (Google unveils its free personal tier for legacy G Suite users ahead of a new June deadline) https://www.androidpolice.com/total-commander-apk-installation-block/ (Total Commander forced to stop letting you install APKs) 31:18 | Jules previews an upcoming feature he's writing on our favorite LG phones https://www.androidpolice.com/2015/11/13/lg-v10-review-lg-got-me-falling-in-love/ (LG V10 Review: LG Got Me Falling In Love (Android Police)) https://pocketnow.com/lg-v10-review (LG V10 review: upping the ante (Pocketnow)) Find the team on Twitter - https://twitter.com/journeydan (@journeydan) https://twitter.com/arawagco (@AraWagco) https://twitter.com/will_sattelberg (@Will_Sattelberg) https://twitter.com/pointjules (@PointJules) Reach out to us - podcast@androidpolice.com Music - "https://home96.bandcamp.com/track/18 (18)" and "https://home96.bandcamp.com/track/34 (34)" by https://home96.bandcamp.com/ (HOME) licensed under https://creativecommons.org/licenses/by/3.0/ (CC BY 3.0)

DevCafé est votre podcast hebdomadaire autour de l'actualité tech'… mais vu par un développeur. Au programme de ce troisième numéro : 00:00:00 Introduction 00:01:16 Sommaire 00:01:46 Android 12L est disponible en version stable 00:03:38 Bientôt des applications "archivables" sur Android 00:05:10 WhatsApp / Meta présente une extension pour garantir l'intégrité du code exécuté dans une application web 00:08:26 Le project POCKIT 00:10:13 Les lootbox finalement légales aux Pays-Bas 00:13:09 Le chiffre de la semaine 00:14:11 Coup de coeur : Language Tools 00:16:24 Conclusion Ressources : - Vidéo de présentation de POCKIT : https://www.youtube.com/watch?v=b3F9OtH2Xx4 - Etude Honeypot : https://cult.honeypot.io/Developer_Ambitions_Report_2022_Europe.pdf N'hésitez pas à partager le podcast autour de vous et à laisser des avis sur vos plateformes d'écoute ! Je suis Edouard Marquez, développeur Flutter et Android. Retrouvez le podcast chaque semaine sur dev-cafe.fr ou sur @DevCafePodcast sur Twitter !

Matthew Miller joins us this hour to discuss Fedora 35, Steve and Noah discuss their experience, we answer your questions plus our picks! -- During The Show -- 01:00 SSH Over Restricted Networks - DJ Respect WiFi terms of service OpenVPN Wireguard Gravitational Teleport (https://github.com/gravitational/teleport) 07:18 Server OS for Home Lab - Brett Nothing wrong with Ubuntu Alma Linux + DKMS for ZFS 09:45 VOIP For Business? - Terry Asterisk (https://www.asterisk.org/) AsteriskNOW/FreePBX (https://www.asterisk.org/downloads/asterisknow/) 3CX (https://www.3cx.com/) 13:45 Matthew Miller Interview Matthew Miller - Fedora Project Lead Fedora 35 Delay Gnome 41 New Remote Desktop Client Mobile Settings Panel Fedora Kinoite Kiosk mode WirePlumber/PipeWire Community Response to F35 Most Exciting things in F35 First Foundation F36 Plans F37 ARMv7 Support Removal Gnome Keyring? Making Hotkeys? - Jeremy G Dedoimedo Blog Post (https://www.dedoimedo.com/computers/linux-keyboard-custom-remap.html) XEV + Xmode map Set no password - Keyring will be unencrypted PyAutoGUI (https://pypi.org/project/PyAutoGUI/) 40:09 APKs on Ubuntu Phone? - Jeremy W Waydroid (https://waydro.id/) Fdroid (https://f-droid.org/) Aurora Store (https://f-droid.org/en/packages/com.aurora.store/) Anbox (https://anbox.io/) 42:40 Steve and Noah's F35 Impressions Steve - Several Papercuts 48:28 Pick of the Week YouTube Spammer Purge Github (https://github.com/ThioJoe/YouTube-Spammer-Purge) 49:40 Stream Labs using OBS Name The Verge (https://www.theverge.com/2021/11/17/22788051/streamlabs-quickly-drops-obs-name-called-out) Streamlabs asked to use OBS in their product name OBS Studio said no Streamlabs did it anyway Popular Streamers and the community rebelled Streamlabs Agreed to change their name 52:00 Synapse Security Update Update your Synapse servers Security Advisory (https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) Lots of new features landing in Element/Synapse/Matrix 54:00 Open Source Jobs Trueup.io (https://www.trueup.io/open-source) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/260) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Steve Ovens.

In this week episode PUBG has a major up date to make it more like Warzone. Classic Final Fantasy games are being pulled from steam for pixel prefect versions. The big news that they want to start adding TV Styles commercials to console games. On the second half APKs are going away for android as a standard. Window 11 seem as if its headed for failure with its hardware requirements. The first step has been made on how 6G communication will come to be made in the future. That and more on this episode of the Talking Gaming & Tech Podcast.

After a privacy policy update to Audacity, a FOSS audio editing software has been forked. Google is forcing new apps to use app bundles instead of APKs starting in August, and Jim Whitehurst steps down from his role just 14 months in. -- During The Show -- 01:00 User Responds to User RE: MBOX - Jay Mbox Viewer (https://github.com/eneam/mboxviewer) Supports files larger than 4G Export all attachments Export in EML Export all to separate EML 03:50 File permissions TrueNAS/NFS - Gray Check your permissions dataset - including child datasets NFS share FreeNAS/TrueNAS configuration is separate from the ZFS dataset 06:30 Matrix server question - Vladimir EMS (Element Matrix Services) Matrix is a server/client relationship Server - Synapse Client - Element Account portability/P2P is coming Dendrite Matrix Migration Tool (https://ems.element.io/tools/matrix-migration) 17:30 Feedback/thanks - Lukasz Thank You Noah 21:22 Email - Charlie Reacts to Audacity - Charliebrownau Why are governments/companies allowed to hijack opensource projects Bad things on the horizon for audacity 22:50 Pick of the Week InkBox (https://github.com/Kobo-InkBox) OS replacement for Kobo eReader Kobox/x11 support OS built around security root file system checked on boot signed packages Kobo eReader Affiliate Link (http://www.amazon.com/dp/B07Y34KS9F/?tag=minddripmedia-20) Kobo Packages (http://pkgs.kobox.fermino.me/bundles/) 24:50 Gadget of the Week Rain Design 10037 mTower Vertical Laptop Stand High Quality Aesthetically Pleasing Fits a variety of Laptops One piece / nothing to strip Heavy / doesn't slide around Rubber padding protect laptop Amazon Affiliate Link (http://www.amazon.com/dp/B00A42Y0PA/?tag=minddripmedia-20) Lenovo Thunderbolt Dock Affiliate Link (http://www.amazon.com/dp/‎B07M6S81CM/?tag=minddripmedia-20) Dell Monitor Affiliate Link (http://www.amazon.com/dp/B07NSBG1ND/?tag=minddripmedia-20) 30:20 Jim Whitehurst Leaves IBM Newsroom Article (https://newsroom.ibm.com/IBM-Leadership-Changes) Jim stayed on after the IBM acuasition Jim is leaving after 14 Months IBM had nothing to do with CentOS Google Forcing App Bundles Slash Gear (https://www.slashgear.com/android-app-bundles-are-replacing-apks-why-it-matters-29680485/) Google Developers Blog (https://android-developers.googleblog.com/2021/06/the-future-of-android-app-bundles-is.html) Google is forcing new apps to use android app bundles (.aab) instead of APKs in August Play Asset Delivery replaces OBB better compression dynamic delivery (deltas) smaller apps Play Feature Delivery allows minimum app download the rest of the app downloads in the background Utilizes Google Play only features Requires developers to do the heavy lifting Requires developers to maintain 2 versions of their app if they want to distribute their software outside the play store 49:10 Audacity Github Disccusion (https://github.com/audacity/audacity/discussions/1225) Reddit Discussion (https://www.reddit.com/r/linux/comments/oeat5v/clarification_of_privacy_policy_discussion_1225/) Slashgear (https://www.slashgear.com/audacity-open-source-audio-editor-has-become-spyware-05681012/) 3.0.3 RC1 Released Adds Binary for Linux via AppImage Ubuntu Handbook (https://ubuntuhandbook.org/index.php/2021/06/audacity-official-binary-linux/) Switch to 64-bit Windows binary Dropped Windows XP support Improved default spectrogram colors Fix user interface display issue on HiDPI display in Linux. Fix that font size scales incorrectly. Updated Privacy Policy 3 Compile Flags Network Flag = Off Default, no networking features are built regardless of what other flags are set to Sentry Reporting - Default ON -- Enables error reporting to sentry.io Crash Reports - Default ON -- Sends crash reports data to breakpad Updates Check - Default ON -- Requests data from audacityteam.org about latest release Slashgear (https://www.slashgear.com/audacity-spyware-denial-app-owners-defend-privacy-policy-change-06681203/) Community Audacity Fork (https://github.com/temporary-audacity/audacity) Nothing bad in the current version FOSS (GPL) prevents projects from dieing / being taken over License makes it too easy to cut and run -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/240) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

On All About Android, Jason Howell, Florence Ion, and Matteo Doni from Tech Travel Geeks talk about Google's announcement that it will require developers to use App Bundles for app distribution via the Play Store in August and what that means for the once open platform. Subscribe and watch the full 'All About Android' podcast: https://twit.tv/aaa/532 Hosts: Jason Howell and Florence Ion Guest: Matteo Doni You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

On All About Android, Jason Howell, Florence Ion, and Matteo Doni from Tech Travel Geeks talk about Google's announcement that it will require developers to use App Bundles for app distribution via the Play Store in August and what that means for the once open platform. Subscribe and watch the full 'All About Android' podcast: https://twit.tv/aaa/532 Hosts: Jason Howell and Florence Ion Guest: Matteo Doni You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

This week on the Sociall.in social media and digital marketing podcast, we're talking about Google killing off the APK, Facebook copying Substack, and Whatsapp allowing longer videos.

After a privacy policy update to Audacity, a FOSS audio editing software has been forked. Google is forcing new apps to use app bundles instead of APKs starting in August, and Jim Whitehurst steps down from his role just 14 months in.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 26/06 a 02/07! Nova Imersão Alura vai Recriar o Orkut: Será entre os dias 12 a 16 julho. Totalmente prática, gratuita e online.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 26/06 a 02/07! Nova Imersão Alura vai Recriar o Orkut: Será entre os dias 12 a 16 julho. Totalmente prática, gratuita e online.

In this episode, we will talk about updates on the HTML-first framework Qwik, about a new frontend library called Solid and we'll go through a couple of quick reminders.If you like what I do, make sure to follow me on TwitterLinks to resources:Qwik updatesSolid.JSGoogle is moving away from APKs on the Play Store

Here is our weekly dose of "Weekly News Updates" where we discus some of the biggest tech topics in the news this month. Sit back and get ready to surprised, shocked and entertained!  Topics discussed: Google is moving away from APKs on the Play Store  linus pirate windows social media  robin hood samsung fold 3 The Simpsons is getting a Loki short because Disney owns everything New episodes are released every Monday, Wednesday and Friday. The beginning of the month we discuss our staple “What the Hell” tech moments that happened the month prior. We continue through each month discussing tech events and interviewing other content creators or people that are influential in many different tech related fields.   Beyond the Streams originated from 2 YouTube content creators NxTLvLTech and Rohas Reviews. After working on a countless number of live streams on the YouTube platform  they began to realize that there were many great conversations that would take place “Beyond the Streams".   Check out our sponsor here!: https://buzztvglobal.com/ IPVanish VPN Strong VPN Ohmnilabs     Contact us: rohasentertainment@gmail.com New Beyond the Streams YouTube channel: Check out the YouTube channel here! Follow NxTLvL here: YouTube - Live Streams Every Friday 3PM EST Twitter Instagram Donate VPN   Follow Rohas here: YouTube #1 - Live Streams Every Thursday 7PM EST YouTube #2 YouTube #3 Facebook Instagram Donate VPN  

@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0. Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math. Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again. Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer. Co-workers did not want me to test their code because I would always find bugs. Moved into penetration testing space. Always had an interest in mobile, but never did mobile development and decided it wasn’t for me Became interested in bug bounties and noticed that mobile payouts were higher. At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking. Realized the barrier to entry was VERY (almost non-existent) low in Android as it’s open source. Started to learn/expand mobile hacking on my own time The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works. Link to YouTube Channel → thefluffy007 - YouTube thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud The Mobile App Security Company | NowSecure owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub Rana Android Malware (reversinglabs.com) These 21 Android Apps Contain Malware | PCMag Android Tamer  -Android Tamer The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd Android Debug Bridge (adb)  |  Android Developers Goal: discussing best practices and methods to reverse engineer Android applications Introduction to Java (w3schools.com) JavaScript Introduction (w3schools.com) Introduction to Python (w3schools.com) Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages) GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida) Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub Reverse-Engineering - YobiWiki Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io) GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator Background: **consider this a primer for any class you might teach, a teaser, if you will**   Why do we want to be able to reverse engineer APKs and IPKs?  Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they’re proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code. What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries? Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application. Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application. When testing apps for security, how easy is it to emulate security and physical controls if you’re not on a handset?  Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively. Are there ever any times you HAVE to use a handset? An app that tests something like Android’s Safetynet and won’t run without it? Do they ever want perf testing on their apps? Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions?  When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope? How do progressive web apps differ than a more traditional app?   Lab setup IntroToAndroidSecurity VM Android Emulator Tools to use Why use them? (free, full-featured) Setup and installation OS-specific tools? Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free. No setup required if using my virtual machine :-) These apps are OS specific if you choose Linux or Windows. Callbacks Methodology Decompile the application - can use a tool titled - Apktool (free) Look “under the hood” of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line) Connect your emulator/device using Android Debug Bridge (adb) Get version of Frida on device Look online to find correct version of Frida **this is important** Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it’s located. Best practices Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does. Cert pinning -  Typical issues seen Hard-coded passwords, data that is not being encrypted in rest or transit.  Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0. Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math. Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again. Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer. Co-workers did not want me to test their code because I would always find bugs. Moved into penetration testing space. Always had an interest in mobile, but never did mobile development and decided it wasn’t for me Became interested in bug bounties and noticed that mobile payouts were higher. At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking. Realized the barrier to entry was VERY (almost non-existent) low in Android as it’s open source. Started to learn/expand mobile hacking on my own time The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works.   Link to YouTube Channel → thefluffy007 - YouTube   thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud   The Mobile App Security Company | NowSecure   owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub   Rana Android Malware (reversinglabs.com)   These 21 Android Apps Contain Malware | PCMag   Android Tamer  -Android Tamer   The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd   Android Debug Bridge (adb)  |  Android Developers   Goal: discussing best practices and methods to reverse engineer Android applications   Introduction to Java (w3schools.com)   JavaScript Introduction (w3schools.com)   Introduction to Python (w3schools.com)   Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages)   GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)   Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub   Reverse-Engineering - YobiWiki   Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io)   GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.   IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator   Background: **consider this a primer for any class you might teach, a teaser, if you will**   Why do we want to be able to reverse engineer APKs and IPKs?  Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they’re proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code.   What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries? Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application. Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application.   When testing apps for security, how easy is it to emulate security and physical controls if you’re not on a handset?  Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively.   Are there ever any times you HAVE to use a handset? An app that tests something like Android’s Safetynet and won’t run without it? Do they ever want perf testing on their apps? Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions?    When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope? How do progressive web apps differ than a more traditional app?   Lab setup IntroToAndroidSecurity VM Android Emulator   Tools to use Why use them? (free, full-featured) Setup and installation OS-specific tools? Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free. No setup required if using my virtual machine :-) These apps are OS specific if you choose Linux or Windows. Callbacks Methodology Decompile the application - can use a tool titled - Apktool (free) Look “under the hood” of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line) Connect your emulator/device using Android Debug Bridge (adb) Get version of Frida on device Look online to find correct version of Frida **this is important** Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it’s located.   Best practices Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does. Cert pinning -  Typical issues seen Hard-coded passwords, data that is not being encrypted in rest or transit.      Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Stadia, Google's game console in the cloud, is currently running on devices of all kinds but as of yet is not officially supported on Android TV devices. While we wait for Google to make those devices compatible, Jason Howell has a way to get it running right now. It's a little hacky but it totally works. What is Stadia? When might it come to Android TV? What do you need? How to connect a mouse to Android TV. How to connect a bluetooth gamepad to Android TV. Using FX File Explorer. Searching APKmirror.com for APKs. How to install an APK on Android TV. Running the Stadia app on Android TV. Host: Jason Howell Download or subscribe to this show at https://twit.tv/shows/hands-on-android Sponsor: itpro.tv/twit promo code TWIT30

De como he empezado a utilizar aplicaciones Android en vez de aplicaciones web en mi Chromebook. Podcast asociado a la red de SOSPECHOSOS HABITUALES. Suscríbete con este feed: https://feedpress.me/sospechososhabituales

De como he empezado a utilizar aplicaciones Android en vez de aplicaciones web en mi Chromebook.Podcast asociado a la red de SOSPECHOSOS HABITUALES. Suscríbete con este feed: https://feedpress.me/sospechososhabituales

De como he empezado a utilizar aplicaciones Android en vez de aplicaciones web en mi Chromebook.Podcast asociado a la red de SOSPECHOSOS HABITUALES. Suscríbete con este feed: https://feedpress.me/sospechososhabituales

De como he empezado a utilizar aplicaciones Android en vez de aplicaciones web en mi Chromebook.Podcast asociado a la red de SOSPECHOSOS HABITUALES. Suscríbete con este feed: https://feedpress.me/sospechososhabituales

On this episode we talk about Fortnite's rumoured release as a Samsung Galaxy Note 9 exclusive, with a timed exclusivity period and the implications of abandoning Google Play. Games editor Rishi Alwani and friend of the podcast Mikhail Madnani join host Pranay Parab. Fortnite on Android (1:31) What we got wrong last week Fortnite vs PUBG Launch date Fortnite Installer (5:48) Samsung exclusivity How long it could be exclusive to Samsung devices Why Epic ignored Google Play What other games can learn from this Third-party Android app stores (15:03) What Google Play is getting wrong Can third-party Android stores fill the gap? How will Google respond to this? The revenue-split on other app stores Will Fortnite cracked APKs flourish? (18:31) Online DRM for Android apps The market for clones and pirated apps What about those who don’t want to install from third-party app stores? Minimum specs and where you can play Fortnite at launch (28:09) All the details we know so far Games we’ve been playing this week (30:24) Persona 5 Pocket City Overcooked 2 Okami HD Octopath Traveller Salt and Sanctuary Call of Duty Black Ops 4 South Park The Fractured But Whole: Bring the Crunch DLC Music: Popular Potpourri and Path Complete from PPPPPP by Magnus “Souleye” Pålsson.

Fortnite para Android está haciéndose esperar más de lo deseado por los usuarios, y la expectación ante este título es enorme. Como es habitual ante este tipo de situaciones, los hackers y estafadores están aprovechando la ocasión para, antes de que llegue la app oficial, distribuir sus virus y estafas. Y lo peor de todo es que incluso Google, a través de su plataforma de vídeo en streaming YouTube, está permitiendo promociones falsas en las que nos prometen el APK de Fortnite. En estos días hay que tener mucho cuidado con los anuncios de Fortnite para Android. Hasta ahora habíamos visto en YouTube decenas de vídeos que nos prometían descargar Fortnite para Android de forma paralela a la Google Play Store. Pero es que ahora la compañía de Mountain View ha caído en el error de permitir que estos vídeos se promocionen en la plataforma para tener un mayor alcance. No te fíes de esto, porque tal y como comentábamos Fortnite para Android no está disponible aún, ni como versión beta ni como APK ‘final’. Hace apenas unos días, desde Epic Games alertaron de este tipo de estafas que, en muchos casos, son tan solo apps inútiles que están pensadas para generar ingresos con publicidad, más cuanto más tiempo pasemos con la app abierta. En ese caso tampoco es mucho el perjuicio que nos pueden causar, pero es que también hay apps con servicios de suscripción premium, que nos piden el número de teléfono para cobrarnos un importante dinero. En definitiva, por ahora hay que estar pendientes de las redes sociales de Epic Games, porque ellos serán los que anuncien la disponibilidad de Fortnite para Android cuando esté disponible de forma oficial. El resto, son APKs falsos e intentos de estafa.

Dennis Schirrmacher hat eine Super Nt in die Sendung mitgebracht und wir spielen darauf alte SNES-Titel. Er erklärt, warum sich das auf dieser speziellen Retro-Konsole so viel mehr "wie früher" als auf den üblichen Emulatoren anfühlt – man kann sogar Spielstände von damals auf den Cartridges wiederbeleben. Ronald Eikenberg analysiert für uns einen Android-Trojaner, der sich in einer Taschenlampen-App versteckt. Die Tipps für die Schadcode-Analyse sollte sich jeder zu Herzen nehmen, der gelegentlich APKs am Google Play Store vorbei auf sein Android-Smartphone lädt. Zum Schluss geht's auf die Couch. Julius Beineke hat für c't Gaming-Tastaturen getestet, die für Couch-Gamer optimiert sind. Die Tastaturen sind mit bis zu knapp 3 Kilo zwar ziemlich schwer und klobig, dafür muss man die Maus aber nicht mehr über den Couch-Überzug schrubben. Mit dabei: Achim Barczok, Dennis Schirrmacher, Julius Beineke, Ronald Eikenberg Die komplette Episode 22.1 zum Nachhören und Herunterladen: Die c't 10/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Hier geht's zum c't-Test-Angebot für c't-uplink-Gucker: 4 Wochen c't digital testen. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.

Dennis Schirrmacher hat eine Super Nt in die Sendung mitgebracht und wir spielen darauf alte SNES-Titel. Er erklärt, warum sich das auf dieser speziellen Retro-Konsole so viel mehr "wie früher" als auf den üblichen Emulatoren anfühlt – man kann sogar Spielstände von damals auf den Cartridges wiederbeleben. Ronald Eikenberg analysiert für uns einen Android-Trojaner, der sich in einer Taschenlampen-App versteckt. Die Tipps für die Schadcode-Analyse sollte sich jeder zu Herzen nehmen, der gelegentlich APKs am Google Play Store vorbei auf sein Android-Smartphone lädt. Zum Schluss geht's auf die Couch. Julius Beineke hat für c't Gaming-Tastaturen getestet, die für Couch-Gamer optimiert sind. Die Tastaturen sind mit bis zu knapp 3 Kilo zwar ziemlich schwer und klobig, dafür muss man die Maus aber nicht mehr über den Couch-Überzug schrubben. Mit dabei: Achim Barczok, Dennis Schirrmacher, Julius Beineke, Ronald Eikenberg Die komplette Episode 22.1 zum Nachhören und Herunterladen: Die c't 10/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Hier geht's zum c't-Test-Angebot für c't-uplink-Gucker: 4 Wochen c't digital testen. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.

Dennis Schirrmacher hat eine Super Nt in die Sendung mitgebracht und wir spielen darauf alte SNES-Titel. Er erklärt, warum sich das auf dieser speziellen Retro-Konsole so viel mehr "wie früher" als auf den üblichen Emulatoren anfühlt – man kann sogar Spielstände von damals auf den Cartridges wiederbeleben. Ronald Eikenberg analysiert für uns einen Android-Trojaner, der sich in einer Taschenlampen-App versteckt. Die Tipps für die Schadcode-Analyse sollte sich jeder zu Herzen nehmen, der gelegentlich APKs am Google Play Store vorbei auf sein Android-Smartphone lädt. Zum Schluss geht's auf die Couch. Julius Beineke hat für c't Gaming-Tastaturen getestet, die für Couch-Gamer optimiert sind. Die Tastaturen sind mit bis zu knapp 3 Kilo zwar ziemlich schwer und klobig, dafür muss man die Maus aber nicht mehr über den Couch-Überzug schrubben. Mit dabei: Achim Barczok, Dennis Schirrmacher, Julius Beineke, Ronald Eikenberg Die komplette Episode 22.1 zum Nachhören und Herunterladen: Die c't 10/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Hier geht's zum c't-Test-Angebot für c't-uplink-Gucker: 4 Wochen c't digital testen. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.

Im zweiten c't uplink des Jahres dreht sich erst einmal alles um die CES. Nico Jurran war in Las Vegas und berichtet uns von sprechenden Waschmaschinen, herumlaufenden Robotern und extrem schmalen Fernsehern. Nicht alles davon wird es wohl in die Elektronikmärkte Deutschlands schaffen. Trotz mehr als 150 c't uplinks haben wir noch nie über Drucker gesprochen. Dass die aber durchaus spannend sein können, zeigt unser Kollege Rudi Opitz. Er räumt mit den Vorurteilen auf, die dieser Gerätekategorie anhaften: Seiner Erfahrung nach ist Tinte häufig billliger als Laser, für einen guten Fotodrucker muss man nicht irre viel Geld ausgeben, und Laserdrucker eignen sich oft besser für den Heimgebrauch als Tintenstrahldrucker. Zum Schluss zeigt uns Ronald Eikenberg, wie man mit der Android-App Tasker nicht bloß einfache Skripte, sondern komplette Apps bastelt. Der Clou: Damit zusammengestellte Anwendungen können in APKs umgewandelt werden, sodass man die Ergebnisse sogar im Google Play Store veröffentlichen kann.

Im zweiten c't uplink des Jahres dreht sich erst einmal alles um die CES. Nico Jurran war in Las Vegas und berichtet uns von sprechenden Waschmaschinen, herumlaufenden Robotern und extrem schmalen Fernsehern. Nicht alles davon wird es wohl in die Elektronikmärkte Deutschlands schaffen. Trotz mehr als 150 c't uplinks haben wir noch nie über Drucker gesprochen. Dass die aber durchaus spannend sein können, zeigt unser Kollege Rudi Opitz. Er räumt mit den Vorurteilen auf, die dieser Gerätekategorie anhaften: Seiner Erfahrung nach ist Tinte häufig billliger als Laser, für einen guten Fotodrucker muss man nicht irre viel Geld ausgeben, und Laserdrucker eignen sich oft besser für den Heimgebrauch als Tintenstrahldrucker. Zum Schluss zeigt uns Ronald Eikenberg, wie man mit der Android-App Tasker nicht bloß einfache Skripte, sondern komplette Apps bastelt. Der Clou: Damit zusammengestellte Anwendungen können in APKs umgewandelt werden, sodass man die Ergebnisse sogar im Google Play Store veröffentlichen kann.

Im zweiten c't uplink des Jahres dreht sich erst einmal alles um die CES. Nico Jurran war in Las Vegas und berichtet uns von sprechenden Waschmaschinen, herumlaufenden Robotern und extrem schmalen Fernsehern. Nicht alles davon wird es wohl in die Elektronikmärkte Deutschlands schaffen. Trotz mehr als 150 c't uplinks haben wir noch nie über Drucker gesprochen. Dass die aber durchaus spannend sein können, zeigt unser Kollege Rudi Opitz. Er räumt mit den Vorurteilen auf, die dieser Gerätekategorie anhaften: Seiner Erfahrung nach ist Tinte häufig billliger als Laser, für einen guten Fotodrucker muss man nicht irre viel Geld ausgeben, und Laserdrucker eignen sich oft besser für den Heimgebrauch als Tintenstrahldrucker. Zum Schluss zeigt uns Ronald Eikenberg, wie man mit der Android-App Tasker nicht bloß einfache Skripte, sondern komplette Apps bastelt. Der Clou: Damit zusammengestellte Anwendungen können in APKs umgewandelt werden, sodass man die Ergebnisse sogar im Google Play Store veröffentlichen kann.

Today on the show, we've got a look at running OpenBSD on a APU, some BSD in your Android, managing your own FreeBSD cloud service with ansible and much more. Keep it turned on your place to B...SD! This episode was brought to you by Headlines OpenBSD on PC Engines APU2 (https://github.com/elad/openbsd-apu2) A detailed walkthrough of building an OpenBSD firewall on a PC Engines APU2 It starts with a breakdown of the parts that were purchases, totally around $200 Then the reader is walked through configuring the serial console, flashing the ROM, and updating the BIOS The next step is actually creating a custom OpenBSD install image, and pre-configuring its serial console. Starting with OpenBSD 6.0, this step is done automatically by the installer Installation: Power off the APU2 Insert the bootable OpenBSD installer USB flash drive to one of the USB slots on the APU2 Power on the APU2, press F10 to get to the boot menu, and choose to boot from USB (usually option number 1) At the boot> prompt, remember the serial console settings (see above) Also at the boot> prompt, press Enter to start the installer Follow the installation instructions The driver used for wireless networking is athn(4). It might not work properly out of the box. Once OpenBSD is installed, run fw_update with no arguments. It will figure out which firmware updates are required and will download and install them. When it finishes, reboot. Where the rubber meets the road… (part one) (https://functionallyparanoid.com/2016/11/29/where-the-rubber-meets-the-road-part-one/) A user describes their adventures installing OpenBSD and Arch Linux on a new Lenovo X1 Carbon (4th gen, skylake) They also detail why they moved away from their beloved Macbook, which while long, does describe a journey away from Apple that we've heard elsewhere. The journey begins with getting a new Windows laptop, shrinking the partition and creating space for a triple-boot install, of Windows / Arch / OpenBSD Brian then details how he setup the partitioning and performed the initial Arch installation, getting it tuned to his specifications. Next up was OpenBSD though, and that went sideways initially due to a new NVMe drive that wasn't fully supported (yet) The article is split into two parts (we will bring you the next installment at a future date), but he leaves us with the plan of attack to build a custom OpenBSD kernel with corrected PCI device identifiers. We wish Brian luck, and look forward to the “rest of the story” soon. *** Howto setup a FreeBSD jail server using iocage and ansible. (https://github.com/JoergFiedler/freebsd-ansible-demo) Setting up a FreeBSD jail server can be a daunting task. However when a guide comes along which shows you how to do that, including not exposing a single (non-jailed) port to the outside world, you know we had a take a closer look. This guide comes to us from GitHub, courtesy of Joerg Fielder. The project goals seem notable: Ansible playbook that creates a FreeBSD server which hosts multiple jails. Travis is used to run/test the playbook. No service on the host is exposed externally. All external connections terminate within a jail. Roles can be reused using Ansible Galaxy. Combine any of those roles to create FreeBSD server, which perfectly suits you. To get started, you'll need a machine with Ansible, Vagrant and VirtualBox, and your credentials to AWS if you want it to automatically create / destroy EC2 instances. There's already an impressive list of Anisible roles created for you to start with: freebsd-build-server - Creates a FreeBSD poudriere build server freebsd-jail-host - FreeBSD Jail host freebsd-jailed - Provides a jail freebsd-jailed-nginx - Provides a jailed nginx server freebsd-jailed-php-fpm - Creates a php-fpm pool and a ZFS dataset which is used as web root by php-fpm freebsd-jailed-sftp - Installs a SFTP server freebsd-jailed-sshd - Provides a jailed sshd server. freebsd-jailed-syslogd - Provides a jailed syslogd freebsd-jailed-btsync - Provides a jailed btsync instance server freebsd-jailed-joomla - Installs Joomla freebsd-jailed-mariadb - Provides a jailed MariaDB server freebsd-jailed-wordpress - Provides a jailed Wordpress server. Since the machines have to be customized before starting, he mentions that cloud-init is used to do the following: activate pf firewall add a pass all keep state rule to pf to keep track of connection states, which in turn allows you to reload the pf service without losing the connection install the following packages: sudo bash python27 allow passwordless sudo for user ec2-user “ From there it is pretty straight-forward, just a couple commands to spin up the VM's either locally on your VirtualBox host, or in the cloud with AWS. Internally the VM's are auto-configured with iocage to create jails, where all your actual services run. A neat project, check it out today if you want a shake-n-bake type cloud + jail solution. Colin Percival's bsdiff helps reduce Android apk bandwidth usage by 6 petabytes per day (http://android-developers.blogspot.ca/2016/12/saving-data-reducing-the-size-of-app-updates-by-65-percent.html) A post on the official Android-Developers blog, talks about how they used bsdiff (and bspatch) to reduce the size of Android application updates by 65% bsdiff was developed by FreeBSD's Colin Percival Earlier this year, we announced that we started using the bsdiff algorithm (by Colin Percival). Using bsdiff, we were able to reduce the size of app updates on average by 47% compared to the full APK size. This post is actually about the second generation of the code. Today, we're excited to share a new approach that goes further — File-by-File patching. App Updates using File-by-File patching are, on average, 65% smaller than the full app, and in some cases more than 90% smaller. Android apps are packaged as APKs, which are ZIP files with special conventions. Most of the content within the ZIP files (and APKs) is compressed using a technology called Deflate. Deflate is really good at compressing data but it has a drawback: it makes identifying changes in the original (uncompressed) content really hard. Even a tiny change to the original content (like changing one word in a book) can make the compressed output of deflate look completely different. Describing the differences between the original content is easy, but describing the differences between the compressed content is so hard that it leads to inefficient patches. So in the second generation of the code, they use bsdiff on each individual file, then package that, rather than diffing the original and new archives bsdiff is used in a great many other places, including shrinking the updates for the Firefox and Chrome browsers You can find out more about bsdiff here: http://www.daemonology.net/bsdiff/ A far more sophisticated algorithm, which typically provides roughly 20% smaller patches, is described in my doctoral thesis (http://www.daemonology.net/papers/thesis.pdf). Considering the gains, it is interesting that no one has implemented Colin's more sophisticated algorithm Colin had an interesting observation (https://twitter.com/cperciva/status/806426180379230208) last night: “I just realized that bandwidth savings due to bsdiff are now roughly equal to what the total internet traffic was when I wrote it in 2003.” *** News Roundup Distrowatch does an in-depth review of NAS4Free (https://distrowatch.com/weekly.php?issue=20161114#nas4free) Jesse Smith over at DistroWatch has done a pretty in-depth review of Nas4Free. The review starts with mentioning that NAS4Free works on 3 platforms, ARM/i386/AMD64 and for the purposes of this review he would be using AMD64 builds. After going through the initial install (doing typical disk management operations, such as GPT/MBR, etc) he was ready to begin using the product. One concern originally observed was that the initial boot seemed rather slow. Investigation revealed this was due to it loading the entire OS image into memory, and the first (long) disk read did take some time, but once loaded was super responsive. The next steps involved doing the initial configuration, which meant creating a new ZFS storage pool. After this process was done, he did find one puzzling UI option called “VM” which indicated it can be linked to VirtualBox in some way, but the Docs didn't reveal its secrets of usage. Additionally covered were some of the various “Access” methods, including traditional UNIX permissions, AD and LDAP, and then various Sharing services which are typical to a NAS, Such as NFS / Samba and others. One neat feature was the built-in file-browser via the web-interface, which allows you another method of getting at your data when sometimes NFS / Samba or WebDav aren't enough. Jesse gives us a nice round-up conclusion as well Most of the NAS operating systems I have used in the past were built around useful features. Some focused on making storage easy to set up and manage, others focused on services, such as making files available over multiple protocols or managing torrents. Some strive to be very easy to set up. NAS4Free does pretty well in each of the above categories. It may not be the easiest platform to set up, but it's probably a close second. It may not have the prettiest interface for managing settings, but it is quite easy to navigate. NAS4Free may not have the most add-on services and access protocols, but I suspect there are more than enough of both for most people. Where NAS4Free does better than most other solutions I have looked at is security. I don't think the project's website or documentation particularly focuses on security as a feature, but there are plenty of little security features that I liked. NAS4Free makes it very easy to lock the text console, which is good because we do not all keep our NAS boxes behind locked doors. The system is fairly easy to upgrade and appears to publish regular security updates in the form of new firmware. NAS4Free makes it fairly easy to set up user accounts, handle permissions and manage home directories. It's also pretty straight forward to switch from HTTP to HTTPS and to block people not on the local network from accessing the NAS's web interface. All in all, I like NAS4Free. It's a good, general purpose NAS operating system. While I did not feel the project did anything really amazing in any one category, nor did I run into any serious issues. The NAS ran as expected, was fairly straight forward to set up and easy to manage. This strikes me as an especially good platform for home or small business users who want an easy set up, some basic security and a solid collection of features. Browsix: Unix in the browser tab (https://browsix.org/) Browsix is a research project from the PLASMA lab at the University of Massachusetts, Amherst. The goal: Run C, C++, Go and Node.js programs as processes in browsers, including LaTeX, GNU Make, Go HTTP servers, and POSIX shell scripts. “Processes are built on top of Web Workers, letting applications run in parallel and spawn subprocesses. System calls include fork, spawn, exec, and wait.” Pipes are supported with pipe(2) enabling developers to compose processes into pipelines. Sockets include support for TCP socket servers and clients, making it possible to run applications like databases and HTTP servers together with their clients in the browser. Browsix comprises two core parts: A kernel written in TypeScript that makes core Unix features (including pipes, concurrent processes, signals, sockets, and a shared file system) available to web applications. Extended JavaScript runtimes for C, C++, Go, and Node.js that support running programs written in these languages as processes in the browser. This seems like an interesting project, although I am not sure how it would be used as more than a toy *** Book Review: PAM Mastery (https://www.cyberciti.biz/reviews/book-review-pam-mastery/) nixCraft does a book review of Michael W. Lucas' “Pam Mastery” Linux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme. Before PAM, if you wanted to use an SQL database to authenticate users, you had to write specific support for that into each of your applications. Same for LDAP, etc. So Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM. Of course, each OS chose to implement PAM a little bit differently The book starts with the basic concepts about PAM and authentication. You learn about Multi-Factor Authentication and why use PAM instead of changing each program to authenticate the user. The author went into great details about why PAM is useful for developers and sysadmin for several reasons. The examples cover CentOS Linux (RHEL and clones), Debian Linux, and FreeBSD Unix system. I like the way the author described PAM Configuration Files and Common Modules that covers everyday scenarios for the sysadmin. PAM configuration file format and PAM Module Interfaces are discussed in easy to understand language. Control flags in PAM can be very confusing for new sysadmins. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module. There is also a chapter about using one-time passwords (Google Authenticator) for your application. The final chapter is all about enforcing good password policies for users and apps using PAM. The sysadmin would find this book useful as it covers a common authentication scheme that can be used with a wide variety of applications on Unix. You will master PAM topics and take control over authentication for your organization IT infrastructure. If you are Linux or Unix sysadmin, I would highly recommend this book. Once again Michael W Lucas nailed it. The only book you may need for PAM deployment. get “PAM Mastery” (https://www.michaelwlucas.com/tools/pam) *** Reflections on Trusting Trust - Ken Thompson, co-author of UNIX (http://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html) Ken Thompson's "cc hack" - Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled "Reflections on Trusting Trust", Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the "login" program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of "cc" the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the "login" backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed. The article starts off by talking about a content to write a program that produces its own source code as output. Or rather, a C program, that writes a C program, that produces its own source code as output. The C compiler is written in C. What I am about to describe is one of many "chicken and egg" problems that arise when compilers are written in their own language. In this case, I will use a specific example from the C compiler. Suppose we wish to alter the C compiler to include the sequence "v" to represent the vertical tab character. The extension to Figure 2 is obvious and is presented in Figure 3. We then recompile the C compiler, but we get a diagnostic. Obviously, since the binary version of the compiler does not know about "v," the source is not legal C. We must "train" the compiler. After it "knows" what "v" means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 4. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 3. The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user. Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions. Next “simply add a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere. So now there is a trojan'd version of cc. If you compile a clean version of cc, using the bad cc, you will get a bad cc. If you use the bad cc to compile the login program, it will have a backdoor. The source code for both backdoors no longer exists on the system. You can audit the source code of cc and login all you want, they are trustworthy. The compiler you use to compile your new compiler, is the untrustworthy bit, but you have no way to know it is untrustworthy, and no way to make a new compiler, without using the bad compiler. The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. Acknowledgment: I first read of the possibility of such a Trojan horse in an Air Force critique of the security of an early implementation of Multics. I can- not find a more specific reference to this document. I would appreciate it if anyone who can supply this reference would let me know. Beastie Bits Custom made Beastie Stockings (https://www.etsy.com/listing/496638945/freebsd-beastie-christmas-stocking) Migrating ZFS from mirrored pool to raidz1 pool (http://ximalas.info/2016/12/06/migrating-zfs-from-mirrored-pool-to-raidz1-pool/) OpenBSD and you (https://home.nuug.no/~peter/blug2016/) Watson.org FreeBSD and Linux cross reference (http://fxr.watson.org/) OpenGrok (http://bxr.su/) FreeBSD SA-16:37: libc (https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc) -- A 26+ year old bug found in BSD's libc, all BSDs likely affected -- A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. HardenedBSD issues correction for libc patch (https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb) -- original patch improperly calculates how many bytes are remaining in the buffer. From December the 27th until the 30th there the 33rd Chaos Communication Congress[0] is going to take place in Hamburg, Germany. Think of it as the yearly gathering of the european hackerscene and their overseas friends. I am one of the persons organizing the "BSD assembly (https://events.ccc.de/congress/2016/wiki/Assembly:BSD)" as a gathering place for BSD enthusiasts and waving the flag amidst the all the other projects / communities. Feedback/Questions Chris - IPFW + Wifi (http://pastebin.com/WRiuW6nn) Jason - bhyve pci (http://pastebin.com/JgerqZZP) Al - pf errors (http://pastebin.com/3XY5MVca) Zach - Xorg settings (http://pastebin.com/Kty0qYXM) Bart - Wireless Support (http://pastebin.com/m3D81GBW) ***

This week on Supercharged we’re talking about Facebook at work, Google’s wireless carrier plans, and Windows 10. We’re also answering your questions about listening to Lifehacker, downloading APKs, and repurposing an old router.

This episode we talk OS 10.2.1, APKs, the BlackBerry P'9982 and more. Kevin told a few tales of his worldly adventures as well so this is one you don't want to miss.