Posts by Raji

Windows Terminal v0.3 Releases With New Features

August 9, 2019 Posted by News 0 thoughts on “Windows Terminal v0.3 Releases With New Features”

The Microsoft team was so excited to unveil the new Windows Terminal that they allowed developers access to the beta as early as May 6. The first preview didn’t show up in Microsoft’s store till June. In the following months, Microsoft has been beefing up Windows Terminal. Windows Terminal Preview v0.3 marks the latest iteration of Microsoft’s pet project.

Kayla Cinnamon, Microsoft’s Program Manager, released news of v0.3’s new features with all the verve we’ve grown accustomed to seeing from Microsoft’s product releases. “Windows Terminal Preview v0.3 has been published to the Microsoft Store! If you have previously installed the Terminal from the Store, you will receive this update automatically.” She goes on to say that, “[i]f you’ve not yet installed Terminal from the Microsoft Store, now would be a great time because it contains some MAJOR improvements and updates!”

Here are the updates in a nutshell:

  1. Improved UI. The terminal can now be dragged from anywhere on the title bar, a UI feature, as some cynics might say, that has been in existence for decades(to be fair, Windows Terminal is still in development). The title bar also benefits from a more concise button layout and a uniform color scheme.
  2. Improved Accessibility. All the accessibility features that have existed in the old Windows Console have now been ported over to Windows Terminal.
  3. More settings and options. You can define the tab title of each profile by setting the tabTitle property to whatever you want. Additionally, you can position background images and have these images rest on an acrylic background with a color tint.
  4. Updated selection. Moving your cursor outside of the terminal window will no longer interrupt your text selection. You can also double click sections of test for selection.
  5. New keybindings. This is perhaps the best update. OEM keys can now be mapped. You can also have keybindings for copying, pasting, and duplicating a tab.
  6. Azure Cloud Connector. If you’ve always wanted to access files stored in the cloud through Windows Terminal, your prayer has been answered. More details about the Cloud Connector can be found here.

The updates aren’t ground-breaking, though that’s to be expected from a minor version release. There hasn’t been an expected final release date announced yet. Microsoft is still open to receiving more contributions from developers. On that front, it’s nice to see that developers who’ve made the most contributions to date receiving a shout out from Microsoft.

Please follow and like us:

Twitter Leaks Private Data to Ad Partners

August 8, 2019 Posted by News 0 thoughts on “Twitter Leaks Private Data to Ad Partners”

Twitter recently revealed to its users that their privacy settings may not have been protecting their data from Twitter’s ad partners, which constitutes a breach in privacy. “[W]e recently found issues where your settings choices may not have worked as intended,” Twitter wrote in a report. These issues were fixed on August 5, 2019. According to Twitter, the privacy breach was the result of two bugs.

The first bug pertains to ad conversions. If you clicked on any mobile app advertisement on the Twitter platform and then interacted with the mobile app between May 2018 and August 2019, Twitter may have shared “certain data” with their ad partners regardless of your privacy settings. The term “interaction” is a broad term technically-speaking.  An “interaction” can include installs, signups, logins, searches, etc. These conversion events get assigned to the conversion_type in Twitter’s mobile measurement API. This data is then shared with ad partners who can track the conversion rates of their advertisements. Although Twitter’s API doesn’t give an ad partner access to usernames or emails, it still allows the partner to receive a unique identifier that they can then use to track activity in order to perform targeted advertising. As you’ll soon find out, Twitter also receives data from their ad partners to aid their own targeted advertising.

Targeted advertising leads us to Twitter’s second bug; Twitter used their inference system to serve “relevant” ads to all of their users, ignoring their privacy settings.  This is how Twitter explains its inference-based advertising:

When you log in to Twitter on a browser or device, we associate that browser or device with your Twitter account. Whether or not you are logged in to Twitter, we may also receive information about your browsers or devices when, for example, that information is shared by a partner; you visit; you visit third-party websites that integrate Twitter content; or you visit a Twitter advertiser’s website or mobile application. We may use this information, most commonly IP addresses and the time at which the information was received, to infer that certain browsers or devices are associated with one another or with your account.

Within the same post, Twitter mentioned their “commitment to providing meaningful privacy choices.”  Yet it never tested if its inferred identity advertising strategy restricted these choices for at least a year. Although the privacy breaches seem unintentional, they still violate GDPR’s privacy rules, which can result in fines. Currently, Twitter hasn’t released when they first discovered the privacy breaches. The social media giant also has no information about the amount of users who were affected. We can probably expect more information to come out in the following days.

Please follow and like us:

Monzo Discovers 480,000 PINs in Log Files

August 7, 2019 Posted by News 0 thoughts on “Monzo Discovers 480,000 PINs in Log Files”

Monzo, a digital bank based in the UK, has recently emailed 480,000 UK customers, advising them to both update their Monzo app and change their PIN. The reason for the mass email alert? The digital bank left half a million PINs exposed in log files that were accessible to Monzo’s engineers. Although these PINs were encrypted, it is poor security practice to allow employees who aren’t cleared to have access to sensitive data.


The issue was discovered on Friday August 2nd, ending a six-month long exposure of sensitive data. Monzo claims that shortly after the bug was discovered, they made the necessary changes.

“By 5:25am on Saturday morning, we had released updates to the Monzo apps. Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning.”

There seems to have been no damage caused by the leak. “We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” Monzo said.

Priyesh Patel, a Monzo community leader, told Monzo users that the bug affected users who either received a reminder of their card number or cancelled a standing order. Still, as many users claimed, you didn’t have to fall under these categories to have received an email. The caution that Monzo displayed was appreciated by its community. Still, as companies become more proactive in reporting these situations to users, it gives customers a peak into the fragility of data privacy. We’re only a bug away before sensitive information shows up in log files.



Please follow and like us:

Employees Don’t React Well To Bottom Lines

August 6, 2019 Posted by Startups 0 thoughts on “Employees Don’t React Well To Bottom Lines”

In the field of software development, bottom lines are the name of the game, especially when a product launch is due in a few weeks. The crunch sets in and employees must react—often by pouring long hours in front of their laptops. This phenomenon may lead to the misconception that supervisors who are obsessed with bottom lines inspire employees to work harder and faster. A recent study conducted by Baylor reveals that this is not the case. Instead, according to Baylor’s study, “supervisors driven by profits could actually be hurting their coveted bottom lines by losing the respect of their employees, who counter by withholding performance.”

The above observation is echoed in a Hacker New’s comment about time-tracking employees. jlokier, a Hacker News user, quoted another user who said, “My boss knew how long [a] particular task took and asked if I need some help afterwards. It was great support and mentoring. But I now experience exact the opposite. My managers come to me if it took me longer [the] second time than [the] first time to complain about me being to slow.” jlokier followed up the quote by writing that the example presented in the quote “produces a misalignment of incentives: If you do a great job one week getting visible things out the door, then you’re punished for the rest of your time in that job, rather than rewarded for doing great. So you know in advance, it’s better to deliver slower all the time.”

Time-tracking is just one method that a bottom line driven supervisor can employ to goad employees to work faster. A Harvard Business Review article refers to the use of tactics such as time-tracking to force results as the weaponization of data. Using data to churn out performance can create the wrong type of incentives. According to the Baylor study, this approach  creates low quality relationships between supervisors and employees, which causes employees to withhold performance.

The problem is that this may not be made obvious to supervisors. Withholding performance may mean that employees become better at creating the illusion of performance. Workstations may be awash with multiple windows featuring terminals when the supervisor is around only to be replaced by social media. Rather than taking breaks, employees may spend more time in their chairs, banging their head against a problem that may have been solved if they didn’t feel they had to prove that they were working steadfastly towards the bottom line.

An interesting piece of information that the Baylor study uncovered is that even if supervisors and employees have high bottom line mentalities, performance still decreases. The researchers concluded that “even if employees maintain a BLM, they would prefer for their managers to focus on interpersonal aspects of the job that foster healthier social exchange relationships with their employees in addition to the bottom line.”

The lesson to take away from this is that focusing on the amoral underpinning of a company(ie. profits) may not be the greatest motivation for a worker. Rather, focusing on the social benefit of the product(s) along with fostering healthy work relationships may be the way to go.

Please follow and like us:

Hotel Crowdfunding Startup Launches in Atlanta

August 5, 2019 Posted by News 0 thoughts on “Hotel Crowdfunding Startup Launches in Atlanta”

Crowdfunding has become a term familiar with many internet surfers. The sites that often come to mind are GoFundMe and Kikstarter. However, not many know that crowdfunding started as early as 2003. In a paper titled “A Brief History of Crowdfunding”, David M. Freedman and Mathew R. Nutting described the birth of a crowdfunding site called ArtistShare:

“Crowdfunding gained traction in the United States when Brian Camelio, a Boston musician and computer programmer, launched ArtistShare in 2003. It started as a website where musicians could seek donations from their fans to produce digital recordings, and has evolved into a fundraising platform for film/video and photography projects as well as music. ArtistShare’s first crowdfunding project was Maria Schneider’s jazz album “Concert in a Garden.” Schneider offered a tiered system of rewards. For a $9.95 contribution, for example, a backer got to be among the first customers to download the album upon its release in 2004. Fans who contributed $250 or more (in addition to receiving an album download) were listed, in the booklet that accompanied the album, as participants who “helped to make this recording possible.” One fan who contributed $10,000 was listed as executive producer. Schneider’s ArtistShare campaign raised about $130,000, enabling her to compose the music, pay her musicians, rent a large recording studio, and produce and market the album (it was sold exclusively through the ArtistShare website), which won a 2005 Grammy Award for best large jazz ensemble album.”

To users of today, the above simply sounds like an above average Patreon account. Crowdfunding has come along way since the early 2000s, which is why when HotelierCo announces that they crowdfund the acquisition of hotels, the news is met with approbation. That’s because after 2010, equity crowdfunding exploded following the success of rewards-based and donations-based crowdfunding platforms. AngelList is one of the oldest and most notable of this most recent type of crowdfunding platform. Several others have followed suit.

What HotelierCo does to differentiate itself from the wide range of crowdfunding platforms available today is to target the niche market of the hotelier business. The Atlanta-based startup claims that it can “allow anyone suitable from the crowd to become a hotel owner — not just accredited investors.” This doesn’t mean that those with large pockets are exempted; Regulation A+ allows for larger investments due to the fact that raises are now limited to $50 million.

The hotels that HotelierCo offers up for investment are boutique luxury hotels that are built from the ground up. Founder and CEO Nathan Kivi calls this phenomenon “the future of hotel investment.”  Investors that own a stake in the hotel then get perks like discounted stays. To become a stakeholder, one must be at least 18 years old and invest at least $2,500.

“We want everyone in the U.S. to be Hotelier,” Kivi says.

Please follow and like us:

Microsoft Creates a Code Samples Directory for Developers

August 2, 2019 Posted by News 0 thoughts on “Microsoft Creates a Code Samples Directory for Developers”

Microsoft continues to position themselves as a bastion for developers with the latest release of The new samples subdirectory exists to make the lives of Microsoft developers much easier by providing modularized samples.

According to Den Delimarsky, Senior Program Manager of Cloud and AI, Microsoft aims to “make it easier for you to discover relevant code examples to get started, no matter what Microsoft product or service you’re using.”

Judging by the wealth of filters, the new subdirectory truly does make it easier to find exactly what you’re looking for. The filters are divided by Microsoft products like Azure and Xamarin. You can also further filter the results by language. The search is a reactive search, meaning results populate the page as you type in your query. All of these features are meant for you to find what you’re looking for in a single page. Once you click on a sample, you’re sent to a page that prompts you to access the demo from GitHub or to download a ZIP.


Regarding the modularized samples, Delimarsky wrote, “How many times were you in the situation where you wanted to look at just one sample from a repository that contains tens of them, but had to clone all content to be able to work on just that one project? With, you can now download the relevant code without having to clone the entire repository. ”

The same applies to the GitHub code: “You no longer need to spend time figuring out where in the repository the code sample is located if you want to take a closer look at its implementation…”

A quick scan through the samples subdirectory tells you that Xamarin developers are the big winners here. Instead of having to dig through GitHub, you can simply perform a search of a particular module you would like to implement and copy the sample provided. So it’s no surprise that of the 1058 samples currently available, 619 of them are Xamarin-based.

The sample list isn’t a static representation of everything available. Microsoft encourages experimentation and enhancement. Microsoft will also add more samples as time goes by. You can place any feedback on Microsoft Doc’s feedback page on GitHub.

Please follow and like us:

Libspng Puts Security at the Forefront

August 1, 2019 Posted by Technology 0 thoughts on “Libspng Puts Security at the Forefront”

Libspng, a C library for reading and writing Portable Network Graphics(PNG) files, has recently been released with the goal of providing a simpler, faster API than libpng or any other library. According to the author of libspng, the new library is 35% faster than libpng for RGB/RGBA images.

The author, who goes by randy408, explained how he achieved such a significant speed in a Reddit comment. “It’s using less intermediate variables in the decoding loop, most of the scaling/gamma correction/transparency testing are now done per-row instead of per-pixel, some codepaths (e.g. PNG RGBA8 -> SPNG_FMT_RGBA8) have no per-pixel logic, it copies the image rows as-is. For indexed color images even the per-row processing is eliminated by preprocessing the palette entries, in the decoding loop it’s only doing table lookups. All of these optimizations are verified against libpng for correctness so it’s not gonna output garbage in some corner case.”

Besides performance, the author ensures a highly secure library. In accordance with CERT C Coding Standard, libspng follows rules pertaining to arrays, integers, error handling, etc. Libspng is continuously fuzzed by OSS-Fuzz.  OSS-Fuzz is a high-quality fuzzing infrastructure that was developed by Google. Before a project can leverage the infrastructure of OSS-Fuzz, the project in question has to either have a large user base or be critical to IT. The fact that libspng was accepted speaks to its quality.

The library also appears to be well tested. According to several scans, libspng’s defect density 0.o. Randy also used PngSuite to test the library. As stated in the release notes, “[T]he test suite consists of over 700 test cases, 175 test images are decoded with all possible output format and flag combinations and compared against libpng’s output.”

Despite the fact that libspng was made, in part, to be a modern alternative to libpng, libspng is not drop-in compatible with libpng at the moment. Randy listed several implementations that would need to be made before that could occur. For now, new users would have to make do with breaking away from libpng.

Please follow and like us:

Capital One Could’ve Prevented Their Data Leak

July 31, 2019 Posted by News 0 thoughts on “Capital One Could’ve Prevented Their Data Leak”

The news about Capital One’s recent data breach is unlike most other data breaches in that the hacker has been identified. Many now know Paige Thompson, the 33 year old ex-Amazon worker who detailed her exploits on Twitter and Slack. While it’s interesting exploring the mental state of a hacker, finding out how a financial service company like Capital One can expose itself to attack is even more interesting.

In a press statement, Capital One called the vulnerability that Thompson exploited a configuration vulnerability. There are various configuration vulnerabilities and AWS may have a particular set of vulnerabilities that have yet to be publicly documented. Thompson, in particular was a former AWS employee and so would have had inside knowledge about how one could exploit credential vulnerabilities in AWS. Ray Watson, a security researcher for Masergy, explained how Thompson could have gained access to Capital One’s data. “She allegedly used web application firewall credentials to obtain privilege escalation. Also the use of Tor and an offshore VPN for obfuscation are commonly seen in similar data breaches.” He made the conclusion that this was the modus operandi for data data breaches.

There isn’t much detail about the exploit itself beyond the generic fact that Thompson escalated privileges by exploiting a configuration vulnerability. The question is, who is to blame? Hackers will always exist and web servers can’t always babysit every company. In this case, Capital One is culpable here in that a configuration vulnerability can be monitored and easily fixed if security is a top priority. Knowing that servers are just a configuration error away from being exposed to hackers, regular checks should’ve taken place to test for insecure configurations. It’s alarming that Capital One had to be tipped off before they discovered that the sensitive data of over 100 million users was publicly available online. Though, to credit Capital One, they immediately responded with a fix.

In this case, Capital One was fortunate that the hacker did not appear to use the data in any malicious way. According to Capital One,  “it is unlikely that the information was used for fraud or disseminated by this individual.” The information Thompson collected includes:

  • “Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information”
  • “40,000 Social Security numbers of [Capital One’s] credit card customers”
  • “80,000 linked bank account numbers of [Capital One’s] secured credit card customers”
  • 1 million Canadian Social Insurance Numbers

Though Capital One claims that “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised,” there are still plenty of affected users. 106 million, to be exact. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Capital One CEO Richard Fairbank. Making it right means providing free credit monitoring and identity protection.


Please follow and like us:

GitHub Restricts Accounts From Iran, Crimea, Syria, and North Korea

July 30, 2019 Posted by News 0 thoughts on “GitHub Restricts Accounts From Iran, Crimea, Syria, and North Korea”

Throughout last week, there has been a rise of complaints from developers in countries facing U.S. sanctions. The company most often mentioned is GitHub and its message to all sanctioned users, which reads:

Due to U.S. trade controls law restrictions, your GitHub account has been restricted. For individual accounts, you may have limited access to free GitHub public repository services for personal communications only. Please read about GitHub and Trade Controls for more information. If you believe your account has been flagged in error, please file an appeal.

In the beginning, much of the outcry came from devs in Iran posting on personal blogs and on Medium. A Reddit user joked about GitHub providing open source to everyone but Iran. However, Microsoft’s restriction of GitHub’s features applies to other countries facing US sanctions.  According to GitHub’s Trade and Controls page, the territories and/or countries that GitHub can’t be exported to are Crimea, Cuba, Iran, North Korea, and Syria.

GitHub’s CEO Nat Friedman confirmed that GitHub was in fact limiting certain users, stating that “GitHub is subject to US trade law, just like any company that does business in the US.” He also dispelled criticism that claimed that GitHub could have warned users about the restrictions by writing, “Our understanding of the law doesn’t give us the option to give anyone prior notice.”

As a result of the surprise bans, developers like Anatoliy Kashkin have had to find alternative means of version controlling their products. Kashkin himself is a Crimean developer who built an aggregator for PC games called GameHub. His website was also hosted on Github Pages.  In light of his ban, he’s had to find a new hosting provider, but, more importantly, he’s had to consider what to do with his GameHub platform. In his project status thread, some offered up the idea of using a VPN; proxies and VPNs, unfortunately, are the reality of many developers trying to access and provide open source products. As detailed in a blog post by Iranian developer Shahin Sorkh, developers in restricted countries use a cocktail of proxies, VPNs, and TOR to survive. Sorkh himself uses “bind/named to proxy few certain domain queries through shecan and privoxy to tunnel all supported domains by FOD through FOD, and others through TOR.” However, these methods should not be recommended since GitHub has prohibited anyone “from using IP proxies, VPNs, or other methods to disguise their location when accessing services.”

For Kashkin and others looking to keep their hands clean, there aren’t many, if not any, viable options available. The combination of censorship and looming sanctions eliminates Gitlab. Bitbucket, as a ZDNet reporter notes, has been listed on the US NASDAQ exchange which may subject it to the same trade restrictions GitHub is subjected to. Already, the biggest version control systems have been restricted from use. What’s left may not grant companies or individuals the exposure their product needs.

Friedman, aware of the damage done, wrote, “It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected.”

The affects that GitHub’s restriction has had on developers has rallied many GitHub users together to protest the restrictions. They’ve created a page called GitHub Do Not Ban Us. The first sentence of their message to GitHub reads, “GitHub used to be an open and free platform for everyone, but it has decided to restrict Iranian accounts from contributing and being part of the open-source ecosystem.”

Unfortunately, the advocates have failed to realize that GitHub was never free or open source. GitHub has always been a company that monetizes using a subscription model. They offer a limited free service while allowing users to upgrade to a premium account. There is not a case to be had for GitHub’s “openness” either. Open source, according to Richard Stallman, is “amoral.” It’s not an ethical movement. It’s simply a type of software that can be licensed in myriad ways, all subject to the laws of the land it resides in. GitHub doesn’t even fall in that category, though what they curate often does. Still, GitHub is home to many closed software that companies fund to stay closed. In the end, GitHub is a US business and, as Friedman stated, is subject to US laws.

Those who believe in decentralization have a great argument to make about the conflicts that can arise when entrusting open source to centralized companies. Perhaps the overwhelming motivation for companies like GitHub to lobby for looser sanctions could be the rise of decentralized version control. For now, those affected will have to be content with finding current alternatives or tweeting, #githubForEveryone.


Please follow and like us:

How To Boost Your Coding Skills

July 29, 2019 Posted by Programming 0 thoughts on “How To Boost Your Coding Skills”

In a bid to become a web developer, you’ve read a bunch of tutorials and gotten your feet wet with a couple of guided projects. You’re building solid front ends from the comfort of your terminal. Everything is going great, except that you feel like you’re hitting some kind of wall. You feel like someone pretending to program, that you’ve hardly scratched the surface. Impostor syndrome closes in around you.

Before you panic, know that the fear of not knowing what you don’t know is common. Hence the idiom, tip of the iceberg. What lays under the sea is unknown and can only be discovered by diving. We’ll walk through some of the tasks that can help you bolster your programming skills.


Don’t Build Safe Apps

Sometimes, as we begin our journey learning a new language, we fall prey to the familiar. We build the same TODO app three times because we’ve become comfortable with it. We continuously create variations of a basic CRUD app because we can recall the steps from memory and debug issues that arise. We don’t want to dive deeper and grapple with technologies we’d never used before. But diving deeper is the only way to improve. Although learning to code by building is the best way to learn, we still have to make sure that these projects continue to take us out of our comfort zone.

These projects should be somewhat ambitious. You can either start off with an idea, or you can make a list of the technologies you would like to improve on and make the app using them.

Some ideas can include:

  •  A talking JavaScript REPL for kids
  • A fake news identifier
  • A Netflix for books

Those are just a few ideas, but you can be as ambitious as you want. The idea is that you want to be able to learn through trial and error. Learning how to build a REPL may force you to go down the rabbit hole of compiler theory. Suddenly, you’ve gained a deeper understanding of programming languages, which helps to demystify compiler errors.


Go the extra mile and build for open source

Going into open source is the best way to experience the wild without the need to land a job. Once there, you will be exposed to how version control works in a team environment. This differs vastly from your personal version control where you wore all the hats. Now, you will be forced to learn how to write code that conforms to a certain guideline. You will also be acquainted with the file structure of packages and learn to skim through them to find the relevant folder.

For all of these reasons, getting into open source can appear daunting. Thankfully, you can ease into it by contributing to minor issues. These issues can be as small as a typo that needs fixing.


Dig into the meat of code

As you become accustomed to making small contributions to open source, there comes a time when you should decide to graduate and become a major contributor. To do that, you need to be able to read code. Reading code is one of the best ways to learn to code, especially if you have access to the author(s) of the code to ask them questions. By looking at their code, you can start to see how professional code is written and organized and then emulate that style. Eventually, you’ll be able to recall solutions that you’d seen in other code when you encounter a problem and be able to implement the solution. The reward of that feedback loop will only spur you on to read and understand other code bases. Ideas gleaned from them can be used to help build your own personal projects and will make you a more valuable contributor too open source. Once you’ve gotten to the point of consistent open source contribution, you will be a far cry away from the days of useless TODO apps.



Please follow and like us: