Apple's iOS 11.2.2 Update: Spectre Security Patch

Apple’s iOS 11.2.2 Update: Spectre Security Patch

On 01/08/2017, Apple released version 11.2.2 of their mobile operating system iOS. This update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.

Installation and Compatible Devices

iOS 11.2.2 is available for download as an Over The Air (OTA) update for all:

  • iPhone 5s and later
  • iPad Air and later
  • iPod Touch 6th Generation and later

An over-the-air update is a software update that is distributed over Wi-Fi or mobile broadband instead of requiring the user to connect the device to a computer via USB to perform the update.

The file size for this update, according to my device, is around 65.7 MB. So it’s not too big of a download.

It is also available via iTunes.


Before using either method, I highly recommend doing an iCloud backup of all your data (just in case). You can find the steps on how to do so here.

What is Spectre

Spectre is a hardware security vulnerability that forces programs on a user’s operating system (OS) to access an arbitrary location in the program’s memory space, allowing attackers to potentially steal data which is currently processed on the computer such as:

  • passwords
  • photos
  • email
  • instant messages
  • documents

It was uncovered independently by two teams / parties alongside another vulnerability, Meltdown, on January 3, 2018:
1. Jann Horn from Google‘s Project Zero
2. Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom.

It’s existence, however, dates to June 1, 2017 when the affected hardware vendors became aware of the issue.

There are currently two Common Vulnerabilities and Exposures IDs related to Spectre, one for each variant of the issue. These are:
1. Branch target injection: CVE-2017-5715
2. Bounds check bypass: CVE-2017-5753

Information regarding the issue is logged as:

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

How Does It Work

According to the Webkit team’s post:

To initiate a Spectre- or Meltdown-based attack, the attacker must be able to run code on the victim’s processor. WebKit is affected because in order to render modern web sites, any web JavaScript engine must allow untrusted JavaScript code to run on the user’s processor. Spectre impacts WebKit directly. Meltdown impacts WebKit because WebKit’s security properties must first be bypassed (via Spectre) before WebKit can be used to mount a Meltdown attack.

  • WebKit relies on branch instructions to enforce what untrusted JavaScript and WebAssembly code can do. Spectre means that an attacker can control branches, so branches alone are no longer adequate for enforcing security properties.
  • Meltdown means that userland code, such as JavaScript running in a web browser, can read kernel memory. Not all CPUs are affected by Meltdown and Meltdown is being mitigated by operating system changes. Mounting a Meltdown attack via JavaScript running in WebKit requires first bypassing branch-based security checks, like in the case of a Spectre attack. Therefore, Spectre mitigations that fix the branch problem also prevent an attacker from using WebKit as the starting point for Meltdown.

Mitigating Spectre

WebKit’s response to Spectre is a two-tiered defense:

  1. WebKit, as well as other browsers such as Firefox and Google Chrome, have disabled SharedArrayBuffer, since it can be used to create a high-resolution timer, and reduced timer precision from and other sources to 1ms.
  2. WebKit is transitioning to using branchless security checking in addition to branch-based security checking. One of the ways they’re implementing this is by using Index Masking.

Some of these changes shipped in the Jan 8 updates and more such changes will continue to land in WebKit soon enough.

To summary, in order to keep your data safe you must update all compatible iOS devices.

The CVE IDs for all the issues mentioned in this blog post can be found in Apple’s article: About the security content of iOS 11.2.2.


If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Apple's iOS 10.3.2 update is available for download

Apple’s iOS 10.3.2 Security Update: You Probably Shouldn’t Skip It

On 05/15/2017, Apple released version 10.3.2 of their mobile operating system iOS. This is a minor release in terms of user features, yet big in terms of security.

Installation and Compatible Devices

iOS 10.3.2 is available for download as an Over The Air (OTA) update for all:

  • iPhone 5 or later (There are rumors that this update may not be compatible with the existing 32-bit iOS devices. If this is so, the supported devices list may start from the iPhone 5s onwards. I will update this section of the blog post once it has been confirmed.)
  • iPad 4th Generation or later
  • iPod Touch 6th Generation or later

An over-the-air update is a software update that is distributed over Wi-Fi or mobile broadband instead of requiring the user to connect the device to a computer via USB to perform the update.

The file size for this update, according to my device, is around 195 MB. So it’s not too big of a download.

It is also available via iTunes.


Before using either method, I highly recommend doing an iCloud backup of all your data (just in case). You can find the steps on how to do so here.

More than just Bug Fixes and Improvements

This update targets several vulnerabilities across different parts of the OS, such as:

  • AVEVideoEncoder, IOSurface, TextInput
    Addresses a memory corruption issue with improved memory handling, in order to prevent third party applications to gain kernel privileges.

  • CoreAudio and Kernel
    Addresses a validation issue with improved sanitization, preventing third party applications from reading restricted memory.

  • iBooks
    Fixes a URL handling issue through improved state management. Provides guarding against maliciously crafted books opening arbitrary websites without user permission. It also solves existing issue within the path validation logic for symbolic links (symlinks) via improved path sanitization. Protects from third party applications being able to execute arbitrary code with root privileges.

  • Kernel
    Addresses a race condition through improved locking. Prevents third party applications from executing arbitrary code with kernel privileges.

  • Notifications
    Addresses a denial of service (DoS) issue through improved memory handling. Reduces the likeliness of malicious applications succeeding in a DoS attack.

  • Safari
    Solves an issue in the browser’s history menu through improved memory handling, in favor of DoS protection.

  • Security
    Updates the certificate trust policy.

  • SQLite
    Fixes a “use after free” and a buffer overflow issue, via improved memory management.
    Enhances input validation.

  • WebKit
    Adresses multiple memory corruption issues, via improved memory handling. As well as a logic issue which existed in the handling of:

– WebKit Editor commands
– container nodes
– pageshow events
– cached frames
– frame loading

It does this via improved state management.

The CVE IDs for all the issues mentioned in this blog post can be found in Apple’s article: About the security content of iOS 10.3.2.


If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Facebook F8 (2017) - Developer Conference

Facebook F8 (2017): Keynote

What is Facebook F8

F8 is Facebook’s annual developer conference, in which the company presents their plans to improve the existing areas of their platform, as well as how they are taking advantage of the newest technologies and algorithms (e.g. Artificial Intelligence, Virtual / Augmented Reality, Computer Vision, Machine Learning).

The 2017 Keynote

This year’s keynote will take place in the San Jose McEnery Convention Center, 365 S Market St. San Jose, CA.

Get Directions

Watch Online

If you are interested in attending remotely, you can catch the livestream at the Facebook F8 Website, starting at 1:00PM AST.

What to Expect

I am looking forward to hearing about the new advancements in their:

  1. Mobile App Ecosystem

2. Web Development libraries and frameworks
React Native
3. Platform Products and APIs
Facebook Login
Sharing on Facebook
Facebook Analytics for Apps
App Monetization
Messenger Platform
Facebook Live


The keynote has officially come to an end. Some of the most relevant topics covered in it were:

Augmented Reality

Facebook is bringing Augmented Reality to the built in Camera, on your smartphone app. It relies on three (3) key features to provide a more appealing experience:

  1. Information: Allowing you to gather data on the contents of the image
  2. Digital Objects: As seen on Pokémon Go
  3. Enhancements: Improve the quality and usability of the captured media

Augmented Reality Building Blocks

  1. Precise Location: via Simultaneous localization and mapping (SLAM)
  2. 3D Effects: Allowing you to Capture & interact with scenes in 3D with high precision
  3. Object Recognition: Bringin Real-time visual understanding

Computer Vision

Mike Schroepfer, the CTO for Facebook, announced the new Computer Vision enhancement coming to the camera app known as Style Transfer. This feature gathers the texture and characteristics of an image or object and applies it to the target in the viewfinder.

Tooling for Augmented Reality

Deb Liu, VP of Platform and Marketplace, presented the Camera Effects Platform, which connects art and technology to build new experiences for the Facebook camera, and brings Augmented Reality features such as:

  1. Face Tracking
  2. Hashtag Voting
  3. Touch Gestures
  4. Data Integration
  5. 3D Rendering

In addition, she also announced two new useful tools to help you get started building and designing for Augmented Reality, allowing developers to create immersive experiences for all users. These are:

  1. Frame Studio: which uses the Camera’s Effects Platform to bring frames and decorations to images and video to make posts memorable and even more meaningful
  2. AR Studio: allows for the creation of animated masks and interactive effects that respond to motion and data


Facebook Messenger is currently the most popular messaging platform, immediately followed by WhatsApp. It currently has 1.2 Billion active users, with over 100,000 chat bots built to take advantage of the many features the Messenger platform has to offer, such as, but not limited to:

  1. One-on-one messaging (IM, SMS, MMS)
  2. Group messaging
  3. File sharing (audio-clips, documents, images, video)
  4. Audio calling
  5. Video calling
  6. Making payments / transaction processing
  7. Chat bots
  8. Gaming
  9. Account linking
  10. Analytics
  11. Conversation Ads

Companies using Messenger

Many companies have adopted the Messenger platform APIs in their mobile and web applications and have seen a significant increase in conversions and revenue after doing so. To name a few:

  • Sephora, the french chain of cosmetic stores has developed two chat bots. The first of which being a Reservation Assistant that allows customer to book appointments for makeovers at stores worldwide; The second bot, consisting on a Virtual Artist that scans any photo and instantly provides the closest lipstick color match from Sephora’s entire assortment.
  • SnapTravel, a company set to redefine booking, have designed a bot that allows you to find and book the best hotel deals over Facebook Messenger and SMS.
  • Activision, one of the largest American video game companies, has published titles such as Call of Duty: Infinite Warfare for Facebook Messenger.


Tom Occhino, the engineering manager at Facebook, discussed the advances made on React over the course of the 2016-2017.

For reference: React is a declarative, efficient, and flexible JavaScript library for building user interfaces. It was open sourced in 2013, and has greatly grown in terms of popularity and usage across platforms.

React currently has:
– 100+ engineers working on it
– 30,000+ components published
– 400+ screens being used across mobile apps

Companies are not only using React in their production apps, but they are also contributing to the project’s growth and helping the team fix issues so that it leads to better user experience. Some of these contributing companies are:

  • Microsoft: which has built a framework for building native UWP and WPF apps with React.
  • airbnb: which uses React in their Listing, ReservationCard, and ReservationItem components.
  • Pinterest: changed their templating engine in from Nunjucks to React, in 2016.
  • Twitter: which published their Twitter Lite PWA, built using Node, Express, and React.
  • Stripe: has a collection of pre-built elements for use with their API.
  • Khan Academy: built their website using React

React Fiber

Facebook took the task of rewriting React from scratch. The result of this effort is what they’re calling React Fiber. The benefits of doing this include:

  • A smaller file size
  • Is entirely Flow-typed
  • Has better error boundaries
  • Produces more descriptive errors / warnings
  • Allows the return of arrays and strings from render

To stay up to date on React Fiber’s status you can visit: The team made this website to keep track of their progress during development. As more unit tests are passing, the Heat Map nodes beneath the chart change color to green. At this point in time, they are at 92.2% of completion.

F8 Video Source: The Evolution of React and GraphQL at Facebook and Beyond

My Promise to You

I will continue to update this blog post as the time progresses.
So stay tuned, and thank you as always.


If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


omdb-search Polymer Element - Demo page

omdb-search Polymer Element: Find Movie, Series, and Episode data

What is omdb-search

omdb-search is a custom element, built by Giovanni Orlando using the Polymer JavaScript library, that allows you to easily query for relevant movie, series, and episode data. This element is powered by the Open Movie Database API, and is published under the MIT License.

What is Polymer

Polymer is a JavaScript library that helps you create custom reusable HTML elements, and use them to build performant, maintainable apps. It’s intention is to encourage developers to Use The Platform, instead of relying entirely on third party libraries and tooling.

Tasks it accomplishes

When added to your project, it makes a request to the OMDb API and generates a collection of the Movie, Series, or Episode information found based on the parameters specified by the user.

The element takes as input two main parameters:

  1. Title: Specifies the movie, series, or episode title to query for.

  2. Result Type: Can be either movie, series, or episode.

It also supports three optional parameters:

  • Year: Number representing the year in which the movie, series, or episode was released.

  • Page: Specifies the results-list page number, since OMDb pages search results (10 results per page).

  • API Version: Specifies the OMDb API version number, for future reference when said API updated. Is optional.

omdb-search is completely declarative, meaning that you can easily use this in your element, and have a full understanding of how it behaves.

Getting Started

Make a project directory for your demo and change directories into it:

mkdir omdb-search-demo && cd omdb-search-demo

Create an index.html

touch index.html

Install or Download

Install the component using bower.

bower install omdb-search --save

Or download the .zip file


In that index.html add the following code:

<br /><br /><br />OMDb Search demo
<!-- Load the WebComponents polyfill: -->
<a href=""></a>

<!-- Import the omdb-search web component: -->

<!-- Optionally, import the included omdb-search-theme stylesheet: -->

<!-- Use the element in your app: -->
<h1>Tarzan movies:</h1>

Demo It

Beneath the metal

This element depends on iron-ajax Polymer element, which exposes network request functionality to the user, and makes dealing with REST APIs a smooth experience. iron-ajax is licensed under BSD-3-Clause.

Available on

Future goals

My intentions are to do a full re-write of the element once Polymer (2.x) is officially released. Polymer (2.x) brings features such as:

  • ES 2016 class syntax for defining components

  • Support for native v1 Shadow DOM and v1 Custom Elements APIs

  • Backwards compatibility with apps that rely on Polymer (1.x), meaning that developers can still use these new elements with little to no changes

I am currently developing a node web application that is built on top of this element, and plan on releasing soon to showcase what you can achieve by using it. Once it is released, I will link to it on this blog post so you can check it out.


If you are interested in learning more about this element, make sure you checkout the GitHub repository.


If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Apples's iOS 10.3.1 update - Installed

Apple’s iOS 10.3.1 update: Important Security Patch

Apple released the iOS 10.3 update about a week ago (03/27/2017). If you missed out on what’s new, check out this blog post for more details.

This update (or security patch) consists mainly of bug fixes and improvements.

Installation and Compatible Devices

iOS 10.3.1 is available for download as an Over The Air (OTA) update for all:

  • iPhone 5 or later
  • iPad 4th Generation or later
  • iPod Touch 6th Generation or later

An over-the-air update is a software update that is distributed over Wi-Fi or mobile broadband instead of requiring the user to connect the device to a computer via USB to perform the update.

The file size for this update, according to my device, is around 35 MB. So it’s not too big of a download.

It is also available via iTunes.


Before using either method, I highly recommend doing an iCloud backup of all your data (just in case). You can find the steps on how to do so here.

Issues addressed

  • Stack buffer overflow which allowed a potential attacker to executing code on the Wifi chip. According to Security Focus: Failed exploit attempts will likely result in denial-of-service (DOS) conditions. The issue was discovered by Gal Beniamini — ‎Security Researcher in Google Project Zero

  • Compatible 32-bit devices (such as the iPhone 5 and 5c, as well as the iPad 4th Generation) can now receive the iOS 10.3.1+ update as an OTA, not just via iTunes.

Project Zero is the name of a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. When bugs are found, these are reported to the manufacturer and are only made publicly visible once a patch has been released or if 90 days have passed without a patch being released.


About the security content of iOS 10.3.1

Over The Air: Exploiting Broadcom’s Wi-Fi Stack


If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Safari 10.1 Web Features - Async and Await

New Web Features in Safari 10.1 and iOS 10.3

Welcome Aboard. A new update to WebKit, the Open Source Browser Engine powering Safari, came out on 03/29/2017 for Mac OS 10.12.4 and iOS 10.3. And with it, a lot of powerful web features were enabled to developers for use in their applications. Here are my Top 10 favorites!

ECMAScript 2016 / 2017

ECMAScript 2016 brings two new features to the table:

['apple', 'berry', 'cherry'].includes('berry'); // true
['apple', 'berry', 'cherry'].includes('grape'); // false
['apple', 'berry', 'cherry'].includes('apple', 0); // true
['apple', 'berry', 'cherry'].includes('apple', 1); // false

Parameters: searchElement, fromIndex

2 ** 3; // 8
5 ** 2; // 25

Any number, including NaN, powered to 0 exponent evaluates to 1:

10 ** 0; // 1
NaN ** 0; // 1
Infinity ** 0 // 1

Any base, including NaN, powered to an exponent of value NaN evaluates to NaN:

10 ** NaN; // NaN
NaN ** NaN; // NaN
Infinity ** NaN // NaN

If you have used Python or Ruby lang before, you’ll likely be familiar to the syntax.

ECMAScript 2017 brings features such as:

  • async
  • await

Sample usage:

(async (url = '') => {
try {
const response = await fetch(url);
const data = await response.json();
console.log('repos', =>;
catch (error) {
console.warn('error', error);


A promised based API that allows you to make network requests similar to XMLHttpRequest (XHR).

Goals: To unify fetching across the web platform.

Unifying fetching provides consistent handling of:

  • URL schemes
  • Redirects
  • Cross-Origin Resource Sharing semantics CORS
  • Content Securty Policy CSP
  • Service workers SW
  • Mixed Content MIX
  • Referer Policy REFERRER

Sample Usage: Querying an API endpoint and logging the JSON response to the console.

.then((response) => response.json().then((data) => {
console.log('repos', =>;
.catch((error) => console.warn(error));

CSS Grid

If you are familiar to Flexbox, you are in for a treat. CSS Grid allows you to design complex layouts using declarative properties. This new layout system is based on grid of rows and columns within a container, which enables media to respond better to viewport changes.

For reference: CSS Grid Layout:
A New Layout Module for the Web
by Manuel Rego

Custom Elements

A part of the web components spec, that allows the user the capability for creating custom HTML elements, with their own unique scripted behavior and CSS styling.

Check out the component catalog at:

Interactive Form Validation

If you’ve build forms on Safari, you’ll likely have noticed that attributes like “required” do not work correctly on it, and are completely ignored at the moment of validation.

Well as of Safari Technology Preview 19, WebKit officially supports HTML Interactive Form Validation. This allows the engine to check the validity of the form controls within a form, and notify when any of these violates one or more of the established constraints. WebKit will focus said element, scroll it into view, and display a bubble near it with a message explaining what the problem is.

For more details, check out: HTML Interactive Form Validation by Chris Dumez

Input Events

According to the Input Events Level 2 W3C spec: Input events are sent before (beforeinput event) and after (input event) a user attempts to edit the markup. This includes characters, deletions, and other related edits.

Problems that it solves:

  1. Browsers do not handle all editing operations the same way.
  2. Browsers are often buggy in the way they handle certain editing operations.
  3. Individual sites may have custom preferences for how they want to handle certain editing operations.
  4. The development of high-level text editing features in browsers has not followed the principles laid out in the Extensible Web Manifesto in that development of these features has not always been in coordination with the needs of the web developer community.

This spec seeks to alleviate the problem by providing a simple way for web developers to both override browser handling of all user input related to text editing through the beforeinput event, and to monitor what browsers have changed in the DOM due to user input trough the input event.

Typical use cases:

  1. Creating a JavaScript text editor in which the strong-tag is used instead of the b-tag to mark text that the user marks as bold, using any browser-builtin way to mark a text as bold, without having access to all existing browsers.
  2. Working with a data model in the background where JavaScript takes care of rendering changes to the edited text to the DOM.
  3. Allowing only a subset of richtext editing (for example: bold is allowed, but italic not).
  4. Creating a collaborative editor in which JavaScript is used to render changes to the DOM, based on user intentions with users using different browsers with different ways of expressing specific intentions.
  5. Creating a JavaScript editor with different user access options, where some users only can add or delete text and other users only can add or remove certain types of formatting.

Indexed DB 2.0

A W3C recommended web browser standard interface for a transactional local database of JSON objects collections with indices.

IndexedDB 2.0 adds support for:

  • Binary data types as index keys (meaning it is no longer required to serialize them into strings or array objects)
  • Object store and index renaming, getKey() on IDBObjectStore, and getPrimaryKey() on IDBIndex.

Improved Sticky Element Positioning

Sticky positioning is a hybrid of relative and fixed positioning. The browser treats the element as relative positioned until it crosses a specified threshold, at which point it is treated as fixed positioned.

Is commonly used for:

  • headers
  • navbars
  • headings in an alphabetized listing

HTML 5 Download Attribute

The download attribute for anchor elements is now available in Safari 10.1 on macOS. It indicates the link target is a download link that should download a file instead of navigating to the linked resource. The optional value of the download attribute can be used to provide a suggested name for the file.

Sample usage:

Download Facebook Favicon

<a href=""  download="facebook-favicon.ico">Download Facebook Favicon</a>

HTML Media Capture

The HTML Media Capture spec defines an HTML form extension that enables user access to a device’s media capture mechanisms, such as a camera, or microphone, from within a file upload control.

The capture attribute is a boolean attribute that, if specified, indicates that the capture of media directly from the device’s environment using a media capture mechanism is preferred. The user agent then invokes a file picker for the specific capture control type.

Has support for:

  • image
  • video
  • audio
<input name="imageCapture" type="file" accept="image/*" capture>
<input name="videoCapture" type="file" accept="video/*" capture>
<input name="audioCapture" type="file" accept="audio/*" capture>

For the complete feature list, checkout @jonathandavis‘s blog post on the WebKit site, linked here.

If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Apple iOS 10.3 - Download and Install

Apple’s iOS 10.3 update: What’s New

Welcome Aboard. On 03/27/2017, Apple released version 10.3 to their mobile operating system, iOS. Here’s everything that’s new!


Find My AirPods

When Apple released the AirPods, one of people’s biggest concern with was how easily they could get lost if one is not careful enough, since they have no wires or cord keeping them in place.

In iOS 10.3, now you can:

  • View the current or last known location of your AirPods
  • Play a sound on one or both AirPods to help you find them

Both of which are quite handy, if you tend to misplace them.


Apple’s AI Assistant learned a trick or two in this latest iteration of iOS.

Apple iOS 10.3 - Siri

Apple iOS 10.3 – Siri

It now offers support for:

  • Paying and checking status of bills with payment apps
  • Scheduling with ride booking apps, such as Uber and Lyft
  • Checking car fuel level, lock status, turning on lights and activating horn with automaker apps

Apple File System (APFS)


If you own a vehicle that is compatible with CarPlay (which is an Apple standard that enables the car radio or head unit to serve as a display and controller for an iPhone with iOS 7.1.0 or greater), you’ll be happy to hear that:

  • There are now Shortcuts in the status bar for easy access to last used apps
  • Apple Music “Now Playing” screen gives access to “Up Next” and “Currently Playing” song’s album
  • There are Daily curated playlists and new categories in Apple Music


  • Ability to delete an unwanted invite and report it as junk


Although most people are using Google Maps over the Apple variant, you’ll be glad to know that there is now:

  • An Hourly Weather view by using 3D Touch on the displayed current temperature
  • Support for locating your parked car

iTunes Store

  • Rent once and watch your your iTunes movies across your devices

App Store

iOS 10.3 introduces a new way to ask customers to provide App Store ratings and reviews for your app.

  • Using the SKStoreReviewController, you can ask users to rate or review your app while they’re using it, without sending them to the App Store.


A few sections got updated in this area, in favor of a more stable and streamlined experience.

  • Apple ID
  1. New Settings unified view for User, iCloud, and iTunes accounts
  2. A more detailed (and visually appealing) breakdown of Used and Available Storage
  • Accessibility

VoiceOver received stability improvements for Phone, Safari and Mail

  • Touch ID and Passcode

As of this update, your Passcode will replace your iCloud Security Code, and it’s what shall be used to protect your account.

  • Privacy

Apple fixed an issue that could prevent Maps from displaying the user’s current location after resetting Location Services

  • Analytics

What used to be Diagnostics and Usage is now the Analytics section. After opting in, Apple gathers information regarding usage and data from the iPhone and iCloud account to improve its products and services.

Apple iOS 10.3 - Analytics

Apple iOS 10.3 – Analytics

This can be found in Settings > Analytics

Here you can control whether to:

– Share iPhone and iCloud Analytics
– Share App usage statistics with Developers
– Help Improve Activity and Wheelchair Mode

There’s likely more features under the hood, I will keep you updated as soon as I discover anything else noteworthy.


About Apple security updates

About the security content of iOS 10.3
If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918



Check LAMP stack Install - Ubuntu 16.04 LTS

Installing Linux, Apache, MySQL, and PHP (LAMP) stack on Ubuntu 16.04 LTS

Welcome Aboard. In this blog post I will be covering how to install Linux, Apache 2, MySQL, and PHP 7 (LAMP) stack on Ubuntu 16.04 LTS.

Benefits of using a LAMP stack

  • The use of PHP and MySQL allows newcomer developers to get started building web applications at scale.
  • LAMP stack technologies are frequently updated, making them more secure.
  • They have a lot of support from open source software (O.S.S) community.

Prerequisites (at least 1 of the following)

A. Virtual Machine running Ubuntu 16.04 LTS

B. Have signed up for web hosting or already own Ubuntu 16.04 LTS instance

If you haven’t done so already, download a fresh copy of Ubuntu 16.04 LTS to get started.

Check Ubuntu version

lsb_release -a

The output should be equal or similar to

Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

Update the list of available packages and their versions

sudo apt-get update

Update available packages

sudo apt-get upgrade

Install apache

sudo apt-get install apache2
Checking Apache 2 Install - LAMP stack - Ubuntu

Checking Apache 2 Install – LAMP stack – Ubuntu

Install MySQL

sudo apt-get install mysql-server mysql-client

You will be prompted to setup the root user password to be used with MySQL. It is important that you remember it.

You can login into MySQL as root using the following command:

mysql -u root --password=YOUR_DB_PASSWORD
Checking MySQL Install - LAMP stack - Ubuntu 16.04

Checking MySQL Install – LAMP stack – Ubuntu 16.04

Install php 7

sudo apt-get install php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-curl php7.0-json php7.0-cgi php7.0-xml php7.0-gd

Check php info

sudo apt-get install vim
sudo vim /var/www/html/testphp.php

Add the following line to the file: &lt;?php phpinfo(); ?&gt;

Restart apache2 service

  • On Ubuntu 15.10/15.04 and greater versions:
sudo systemctl restart apache2
  • On Ubuntu 14.10 and lower versions:
sudo service apache2 restart

Validate php install

On your browser of choice, navigate to http://localhost/testphp.php (swap the word localhost with your ip-address).

It will display all the details about php such as version, build date and commands etc.

Check PHP 7 Install using phpinfo - LAMP stack - Ubuntu

Check PHP 7 Install using phpinfo – LAMP stack – Ubuntu

And there you go, you have succesfully installed LAMP stack on your Ubuntu 16.04 Server.
If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

Twitter: @giovanni0918

Github: giovanni0918


Android O Developer Preview 1 Released

As of 03-21-2017, Google released Android O Developer Preview 1. This new Alpha version of Android will be available for download to Developers in the Preview channel of

What’s New In Android

  • Notification Channels
  • Picture-In-Picture: Android O allows activities to launch in picture-in-picture (PIP) mode. PIP is a special type of multi-window mode mostly used for video playback. PIP mode is already available for Android TV; Android O makes the feature available on other Android devices
  • Auto-fill: Android O makes filling forms, such as account and credit card forms, easier with the introduction of the Autofill Framework, which will take care of managing the communication between the app and an auto-fill service.
  • Adaptive Icons: Launcher icons will be able to display a variety of shapes across different device models to better match OEM theme.


Compatible Devices

  • LG Nexus 5x
  • Huawei Nexus 6P
  • Nexus Player
  • Pixel C
  • Google Pixel
  • Google Pixel XL

Timeline and Updates

  1. Preview 1 (initial release, alpha): 03/21/2017
  2. Preview 2 (incremental update, beta): May – June 2017
  3. Preview 3 (final APIs and official SDK, Play publishing): June – July 2017
  4. Preview 4 (near-final system images for final testing): July – August 2017
  5. Final Release (A.O.S.P): Third Quarter (Q.3) 2017



This initial release of O Developer Preview is available by manual download only.



As future versions of the Preview are released, you will be able to opt in via:


More coverage to come as soon as I get to test out this new release.

If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.

iPhone 7: Now in (PRODUCT) RED

As of 03-21-2017, Apple now offers the iPhone 7 and 7 Plus in the trademark (PRODUCT) RED, with white bezels.

Order Times

It will be available for order starting at 8:01 AM Pacific Time (PDT) / 11:01 AM Atlantic Standard Time (AST) on 03-24-2017.


  • iPhone 7 (4.7-inch display): From $36.58/month with the iPhone Upgrade Program. Or pay up front from $749.
  • iPhone 7 Plus (5.5-inch display): From $41.58/month with the iPhone Upgrade Program. Or pay up front from $869.
iphone 7 (Product) Red - Choose a Model

iPhone 7 (Product) Red – Choose a Model

This special edition iPhone will be available for purchase alonside the other available color options:
  • Silver
  • Gold
  • Rose Gold
  • Matte Black
  • Jet Black
iPhone 7 (PRODUCT) Red - Available Variants

iPhone 7 (PRODUCT) Red – Available Variants

However, like the Jet Black variant, this color option will only be available in 128 and 256 GB.

What’s In The Box

Included are:

  • EarPods with Lightning Connector
  • iPhone 7 or 7 Plus (PRODUCT) RED edition
  • Standard Lightning to USB Cable
  • 5 Watt USB Power Adapter
  • Lightning to 3.5 mm Headphone Jack Adapter
iPhone 7 (Product) Red - What's in the Box

iPhone 7 (Product) Red – What’s in the Box


The current iOS version as of the moment of writing this article is 10.2.1 (14D27). It is expected that this new edition of the iPhone will potentially include iOS 10.3.0, since it has been in Beta for a while now…

Announcement link:

If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.
Twitter: @giovanni0918
Github: giovanni0918