news (8)

A few days ago, there was a flash-in-the-pan controversy over Google "forking" Apple's open-source programming language Swift. After a few minutes of speculation over whether Google was going to make its own special flavor of the language for its own purposes, Swift's creator Chris Lattner (who now works at Google) helpfully clarified the situation:


Google just wanted its own working copy of the code so it could make changes and then contribute them "upstream" to the official Swift repository. No funny business.

What's more interesting is that one of those changes has already landed as a pull request to the main Swift repo: Fuchsia support (via Android Police). Google developer Zac Bowling, who helped port Objective-C to Android a few years ago, even shared the news as a reply to Lattner’s tweet:

You can also stalk Google’s code review system to check out an example Swift app for Fuchsia, which prints out some emoji and the Chinese characters for “hello world.” Once Google’s suggested changes to Swift are merged, that code should run.


Fuchsia is Google's not-at-all-but-kind-of-secret operating system that's being developed in the open, but with almost zero official messaging about what it's for, or what it's built to replace. (Android? Chrome OS? Both? Neither?) The operating system's core is written in mostly C and C++, with Dart for the default "Flutter" UI, but other languages like Go, Rust, Python, and now Swift have also found a home in the project.

Of course, just because you'll be able to compile Swift to run on Fuchsia doesn't mean you'll be able to instantly port any iOS app to Google's new OS when or if it ships. While Apple has open sourced the Swift language itself, much of the iOS platform (like the UI stuff, for instance) is closed source, so code that relies on those closed Apple libraries won't be portable.

One possible future in a world where Fuchsia is an important and relevant platform for apps is that you write the "core logic" of your app in your language of choice — Swift, Go, Rust, JavaScript, etc. — and then you build a custom UI for each platform — Android, iOS, Fuchsia, Linux, Windows, the web — using the appropriate tools for each.

The alternative path could be the continued adoption of tools like Google's Flutter, or Facebook's React Native, which allow you to target multiple platforms with a single language like Dart (Google), or JavaScript (Facebook). There's even a cross-platform framework called SCADE that allows you to build iOS and Android apps in Swift.

It's a fun time to be a language nerd, and maybe someday it will even be a fun time to be an app developer.

Read More

SECURITY RESEARCHERS HAVE raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.

On Monday, the chipmaker released a security advisory that lists new vulnerabilities in ME, as well as bugs in the remote server management tool Server Platform Services, and Intel’s hardware authentication tool Trusted Execution Engine. Intel found the vulnerabilities after conducting a security audit spurred by recent research. It has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they're exposed.

Upper Management

The Management Engine is an independent subsystem that lives in a separate microprocessor on Intel chipsets; it exists to allow administrators to control devices remotely for all types of functions, from applying updates to troubleshooting. And since it has extensive access to and control over the main system processors, flaws in the ME give attackers a powerful jumping-off point. Some have even called the ME an unnecessary security hazard.

Intel specifically undertook what spokesperson Agnes Kwan called a “proactive, extensive, rigorous evaluation of the product,” in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov will present at Black Hat Europe next month. Their work shows an exploit that can run unsigned, unverified code on newer Intel chipsets, gaining more and more control using the ME as an unchecked launch point. The researchers also play with a sinister property of the ME: It can run even when a computer is “off” (just so long as the device is plugged in), because it is on a separate microprocessor, and essentially acts as a totally separate computer.

As with previous ME bugs, nearly every recent Intel chip is impacted, affecting servers, PCs, and IoT devices. Compounding the issue: Intel can provide updates to manufacturers, but customers need to wait for hardware companies to actually push the fixes out. Intel's maintaining a running list of available firmware updates, but so far only Lenovo has offered one up.

Intel has confirmed that those worst-case fears may be possible.

"These updates are available now," Intel said in a statement to WIRED. "Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible." In many cases, it could be a while before that fix becomes available.

The newly disclosed vulnerabilities can cause instability or system crashes. They can be used to impersonate the ME, Server Platform Services, and Trusted Execution Engine to erode security verifications. And Intel says they can even be used to “load and execute arbitrary code outside the visibility of the user and operating system.” This is the crucial danger of the ME. If exploited, it can operate totally separate from the main computer, meaning that many ME attacks wouldn’t raise red flags.

Unclear Fallout

Still, the true impact of current ME vulnerability isn't clear, given the relatively limited amount of information Intel has released.

“This looks bad, but we don’t yet know how easy it will be to exploit these vulnerabilities,” says Filippo Valsorda, a cryptography engineer and researcher. “It’s a really wide range of machines that are impacted, not just servers. Intel seems worried enough to publish detection tools and do a well-orchestrated release.”

The good news is that most of the vulnerabilities require local access to exploit; someone has to have hands on a device or deep in a network. Intel does note, though, that some of the new wave of vulnerabilities can be exploited remotely if an attacker has administrative privileges. And some of the bugs also potentially allow for privilege escalation, which could make it possible to start with a standard user status and work up to higher network access.

“Based on public information, we have no real idea how serious this is yet. It could be fairly harmless, it could be a giant deal,” Matthew Garrett, a Google security researcher, wrote on Twitter when the vulnerabilities were first announced. But he quickly added that, “on reflection I don't see many outcomes where this is fairly harmless.”

It will take time for the full impact of these ME bugs to come into view, but for researchers who have warned about the dangers of ME for years, Intel's fixes now are cold comfort.

Read More

Popups suck right? So why do so many of your favorite sites use them? If you don't know, popups are those little annoying boxes that pop up or out at you while you're comfortably reading a site. They are those things that interrupt your shopping or surfing experience and force you to find that little tiny X button to close them. They are annoying and rude and... they work. Really, really well. 

In this post, we're going to tell you why you must implement a popup for your store, the pros and cons of having a popup and the best practices to get the most from it.

Let's pop right into it. 

Popups Work

The purpose of a popup is to provide a very strong call-to-action. This action might be an announcement or sale you want to the visitor to know about, but more often than not, it's to collect email addresses. Test after test has proven that popups work extremely well. In one test, popups drove 1,375% more email captures vs. a sidebar opt-in form. 

In another test, a website was receiving only 10 to 15 subscribers per day despite getting over 44,000 unique visitors each day. After implementing a popup with a 60 second delay, they began receiving 100-150 emails per day.

Why would you want to collect email addresses? 

In a previous post, we talked about how your store is like a bucket of water with a lot of holes in it. You spend time and money to keep filling the bucket with water (visitors) but the majority (99% if you have an average 1% conversion rate) falls out of the holes and are gone, usually forever. This is obviously counter-intuitive to a successful business. Keeping people in the bucket and being able to bring back those that fall out is really important to running a long term successful business. 

By collecting email address of visitors, you get a second and maybe third chance to bring them back and convert them to a customer with effective email marketing campaigns. 

So why email? Why not try to get them to follow on Facebook or Twitter instead? 

If you've followed the Shopfy blog for a while you'll already know the answer to this question. Email converts better than any other channel. In fact, email has an ROI of around 4,300%, according to the Direct Marketing Association.

That's because your customer's email inbox is their most personal online environment and getting permission to message them there provides you with a level of distraction-free attention for your message that you just can't get on other channels.

The Darkside Of Popups

So with so much compelling evidence that popups work, why isn't everyone using them? Well, it's not all unicorns and rainbows. There are disadvantages to using popups on your site that you should be aware of before making a final decision to use them.

Let's take a look at some of the disadvantages below: 

Disadvantages Of Using Popups

  1. Many visitors, especially those who are familiar with internet technologies, don't like popups. Some people dislike them so much, the will immediately exit a site with a popup.
  2. Some popups, especially those which contain scripts, might slow your page load time down which is a factor in conversions as well as SEO. 
  3. Anything less than the right message at the right time can be annoying and distract visitors from their experience.

Types of Popups

There are several ways to display your popup based on visitor actions. Let's take a look at some of the most popular below: 

  • Timed-Based - This method will show your popup after a predetermined amount of time. A time-based popup can work well if you set it to 60 seconds or greater, as you know at that point you are showing it to someone thats been engaged with your site for a while and more committed. 
  • Content-Based - Content-based popup will only show your popup on specified pages.
  • Scroll-Based - A scroll-based popup will show your popup when a user has scrolled a specific percentage of the way down your page. This is commonly used on blog posts and is similar to the timed method as you are only showing your popup to someone who has engaged with your page a specific amount. 
  • Exit-Intent - An exit-intent popup only shows when a visitor is about to leave your site. Using cursor tracking, the popup app will determine when someone is about to click the back or close button on their browser and show your popup in a last ditch attempt to get an email address or offer a discount before the visitor leaves your site. 
  • Pop-Out - A pop-out is a slightly different version of a popup. Instead of popping up and blocking the visitors surfing experience, it pops out of the side of the browser but still allows the visitor to continue browsing. 
Read More

Mozilla's latest browser — Firefox Quantum — is lightning fast, sleek, and ready to handle all six zillion of your tabs after almost two months in beta. 


Nick Nguyen, Firefox's vice president of product, told Mashable his biggest fear: Will the Internet full of Google Chrome-enthusiasts give it a chance?

"My biggest fear is that people won't try it," he said. "It's like any release — you do this to make people's lives better. If people aren't using your product, you don't have an opportunity to do that." 

And the folks at Firefox have big plans. Nguyen won't rest until Quantum overtakes Google Chrome to become the average internet user's primary browser. "Today, people use Firefox as their secondary browser," he told Mashable. "We think it's good enough to be your first browser."

There's only one way to find out. So come on, close Chrome for two seconds and give it a try. 

This browser is really, really fast. In a test conducted with the open-source project WebPageTest, Firefox Quantum loaded a number of top websites before Chrome did, including Yelp, Shutterstock, Ask.com and even Google Search itself. (Chrome was still, of course, faster to load most Google and Youtube pages). 


The browser also uses around 30% less memory than its competitors Chrome, Edge, and Safari on Windows operating systems, and only uses a tiny bit more than Chrome on macOS. This means you can run 30% more tabs without your browser crashing or slowing to a crawl. 

But where the company hopes its browser will stand out the most is in the interface. The company extensively researched the way users navigate browsers, and Firefox Quantum has a number of small, but significant features to accommodate those patterns. 

For example, according to Nguyen, users are a lot more impatient when waiting for the content of a page to load than they are for for graphics or sidebars. Consequently, Firefox Quantum loads the content of a website before loading any logos or graphics. It also loads your active tab before any other tabs — people overwhelmingly focus on one tab at a time. 

Above all else, according to Nguyen, users want a browser that is fast and easy. "They want a browser that stays out of the way," he said. "They don't want to housekeep."

Speed and ease have long been the categories where Google Chrome has taken the lead. But Firefox Quantum may soon be hot on its tail. Seriously, just try it. 

Read More
Tagged under


Looking at cybercriminal black markets and public forums, the company found millions of usernames and passwords stolen directly through hacking. It also uncovered billions usernames and passwords indirectly exposed in third-party data breaches.

For one year, Google researchers investigated the different ways hackers steal personal information and take over Google (GOOG) accounts. Google published its research, conducted between March 2016 and March 2017, on Thursday.

Focusing exclusively on Google accounts and in partnership with the University of California, Berkeley, researchers created an automated system to scan public websites and criminal forums for stolen credentials. The group also investigated over 25,000 criminal hacking tools, which it received from undisclosed sources.

Google said it is thefirst study taking a long term and comprehensive look at how criminals steal your data, and what tools are most popular.

"One of the interesting things [we found]was the sheer scale of information on individuals that's out there and accessible to hijackers," Kurt Thomas, security researcher at Google told CNN Tech.

Even if someone has no malicious hacking experience, he or she could find all the tools they need on criminal hacker forums.

Data breaches, such as the recent Equifax hack, are the most common ways hackers can get your data. In one year, researchers found 1.9 billion usernames and passwords exposed by breaches. The company continued to study this through September 2017 and found a total of 3.3 billioncredentials.

But digital criminals can be much more proactive in stealing your information. Two popular methods are phishing, which is posing as a trustworthy person or entity to trick you into giving up your information; and keylogging, or recording what you type on your computer.

Google researchers identified 788,000 potential victims of keylogging and 12.4 million potential victims of phishing. These types ofattacks happen all the time. For example on average, the phishing tools Google studied collect 234,887 potentially valid login credentials, and the keylogging tools collected 14,879 credentials, each week.

Because passwords are not often enough to access online accounts, cyber criminals are trying to collect other data, too. Researchers found that some phishers try and siphon location, phone numbers, or other sensitive data while stealing login credentials. Mark Risher, director of product management at Google, said this was one of the study's key findings.

Google can automatically recognize when you're logging in from somewhere unusual -- if the company sees you attempting to login from Russia when you usually login from California, Google will ask to verify it's you. As a result, Google has tightened the location radius around what it considers to be usual login areas.

Google has also implemented additional layers of email security on its official Gmail app. The company said that applying the research insights to its security protections prevented 67 million Google accounts from being abused.

Last month, the company launched a handful of tools for people to further protect themselves, including a personalized account security checkup, new phishing warnings, and the Advanced Protection Program for Google's most at-risk users.

Although experts have suggested using multi-factor authentication (a layer of security in addition to your password) for a long time, public adoption lags behind. According to recent data from Duo Security, most Americans don't implement the extra layer of protection.

But that might be changing. Risher said Google is seeing more people adopt less convenient options in order to keep themselves safe. For example, Google said Amazon sold out of the Advanced Protection Program kits soon after they launched.The kit contains two physical security keys a person would be required to have in order to access to their account.

Google said it issharing its latest findings so other companies can also implement better protections to guard against account hijacking.

"We talk a lot about how airlines don't compete over which one crashes more frequently," Risher said. "Likewise, we don't think security is something to keep to ourselves."

Read and learn how to solve a Rubiks Cube with the layer-by-layer method. It can be learned in an hour.

Read More
Tagged under

Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week.

Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year's presidential election. The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available.

In a blog post published Tuesday, Trend Micro researchers said Fancy Bear was sending a document titled IsisAttackInNewYork.docx that abused the DDE feature. Once opened, the file connects to a control server to download a first-stage of piece of malware called Seduploader and installs it on a target's computer. DDE's potential as an infection technique has been known for years, but a post published last month by security firm SensePost has revived interest in it. The post showed how DDE could be abused to install malware using Word files that went undetected by anti-virus programs.

A day after Trend Micro published its report about Fancy Bear, Microsoft posted an advisoryexplaining how Office users can protect themselves from such attacks. The easiest way to stay safe is to remain wary of unfamiliar messages that get displayed when opening a document. As SensePost first disclosed, before the DDE feature can be used, users will see a dialog box that looks something like the following:

If targets click yes, they will see a prompt that looks something like this:

The malicious payload will only execute after a user has clicked yes to both warnings.

The Microsoft advisory also explains how more technically advanced users can change settings in the Windows registry to disable automatic updating of data from one file to another.

Fancy Bear isn't the first group to actively exploit DDE in the wild. A few weeks after the SensePost post went live, researchers reported attackers were abusing the feature to install the Locky ransomware.

Many researchers have remarked on the ability of the DDE-enabled attacks to spread malware through Office documents without the macros. The novelty is likely to make DDE effective in some settings, given the growing awareness of the dangers macros pose. But ultimately, the DDE mechanism comes with its own telltale signs. People should learn to recognize them now that DDE attacks are growing more common.

Read More

This press release was orginally distributed by SBWire

Eindhoven, Netherlands -- (SBWIRE) -- 11/06/2017 -- Mobirise, a highly reputed company in the web design software development field, releases an update that will widen up the customisation functionalities for their mobile website builder.

Mobirise is recognized as one of the most reliable commonly used offline website builders in the web market. Recently Mobirise produced new versions of their application with more options that are going to enhance the web design flexibility and increase the usability of the application.

Now Mobirise customers can enjoy using more website blocks available in various website themes. In older versions, there was an average of 400 website blocks available. Now their total amounts to more than 650 modules. There are new site blocks such as menus with top line and working hours sections, shop blocks with filters and popup windows, Bootstrap image gallery, team blocks with rounded image frames and much more.

Mobirise developers also added on-trend features to all the new website blocks: menu semitransparency, radial gradient overlays for intros, gradient icons, hover animations for icons and pictures, typed-effect animation for the titles, moving backgrounds and others. These functions allow developing websites that look modern and showcase the latest web design features in the action.

"The latest versions of our application are meant to give a vast power in our customers' hands to be capable of creating the most modern websites with minimum effort," maintained Jorgen Baar, one of the representatives of Mobirise. "We still will be trying to improve Mobirise in order for our clients to keep up with the newest web design trends."

Mobirise also made attempts to improve the application interface. Now users have a constant control over their website appearance due to advanced tablet and mobile view modes. Beside that, now it's easier to go back to previous results using "Undo/Redo" buttons. Since recently Mobirise offers more customisation options such as "Crop Image" feature, enhanced "Link to" options and more others.

About Mobirise
Mobirise is proved as one of the most convenient Windows and Mac website builder applications. Mobirise provides responsive website templates based on Bootstrap 4. Mobirise is often considered as the easiest one-page website builder on the internet as it features drag-and-drop basis and many options for quick website design creation


Read More

Webflow at first glance is just another internet tool for designing web pages. After you blink and start scrolling, you'll quickly release the comprehensive tool in front of you. Webflow is an all-in-one web design platform for designing and launching web sites and applications. The hook with Webflow is that it takes complex design elements that would be found within Photoshop or similar tools and weaves them into drag and drop tools to make website design more a visualization process, less a coding process. Webflow today has taken this a step further with the release of its Interactions version 2 (IX2.0) tool-set.

IX2.0 expands on Webflow's web design platform, which allows designers to build professional websites without writing a single line of code. With IX2.0 a designer in Webflow could now visually develop a website interaction in minutes, compared to the hours or days it would generally take a seasoned developer.

Also see: WyzeCam Is The Affordable Smart Home Camera You’ve Been Saving Your Pennies For


For web professionals crafting innovative web experiences, Webflow IX2.0 is a brand new website animation tool that allows them to build complex timeline based animations, mouse based effects, and scrolling (parallax) effects without writing a single line of code. Unlike Adobe products, Webflow’s new IX2.0 feature offers designers powerful new ways of designing web experiences that was only possible with code before. Some of you might be shrugging, but some of you are coders. Some of you aren't.

Usually the process of designing and developing webpages at a professional level are two-fold. Most projects are created in phases: designers creating lifeless mock-ups in a design tool (photoshop, sketch, etc), then developers implementing and bringing them to life. This leaves the designer being completely disenfranchised from the process, and completely separated from the medium they are designing for — product designers are not connected to the end result as they have to rely on developers to make modifications. Webflow allows the designer to take full control of their creative vision. This doesn't mean they don't appreciate the value of code.


Web design is a form of art, and sometimes we forget that. We tend to take it for granted and forget the intense creative process behind web pages and animations. When there are tools to build your own webpages, we forget that many webpages are built by teams of creatives. This has created a stagnation in what we see on the internet.

"Since Adobe Flash was killed by the iPhone, websites on the internet have been stagnant — dead," says Bryant Chou, CTO of Webflow. "We don’t see many immersive web experiences built with HTML, CSS and Javascript simply because the industry has lacked a visual authoring tool that allows web designers to experiment and craft them. With Webflow’s Interactions 2.0, we’re now giving designers the ability to bring the web back to life again."

Webflow IX2.0 is a visual development product that lets the next generation of digital professionals create visually. These are visual developers, professionals that understand the power of code, but may not necessarily know how to write it. They use tools that allow them to move 10x faster, while producing software that even seasoned developers have trouble writing. Webflow IX2.0 allows that creativity to flow from the creators brain straight into the design product and that just may help to usher in a new era of interactive web design.

Read More
Top Flag Counter
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…