Fear and Linux in Las Vegas | LAS 429

Noah’s back from Defcon! He shares his experience at this infamous conference, his Linux in the wild sightings & his surprising takeaway.

Plus Btrfs’ RAID 5/6 code has been found “unsafe”, the FossHub compromise, an Internet of Things failure that struck close to home & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Noah Visits Defcon

• Badges are more than the sum of their parts – Imgur

• Ham Radio Exams at DEF CON 24 brought to you by dc408

Hackers Fool Tesla S’s Autopilot to Hide and Spoof Obstacles

In a series of tests they plan to detail in a talk later this week at the Defcon hacker conference, they found that they could use off-the-shelf radio-, sound- and light-emitting tools to deceive Tesla’s autopilot sensors, in some cases causing the car’s computers to perceive an object where none existed, and in others to miss a real object in the Tesla’s path.

Hacking Hotel Keys and Point of Sale Systems at DEFCON

Hecker is scheduled to talk about his research at the DEFCON security conference in a talk where he will also reveal flaws in the magnetic stripe approach used in point-of-sale (POS) systems. In an interview ahead of the talk, Hecker detailed some of his key findings and the widespread risks.

— PICKS —

Runs Linux

This Sewer Camera that my plumber used, Runs Linux

Desktop App Pick

Lifeograph

Private offline journal, encrypted note taking.

Features

• Search and play audio/video from YouTube
• Search tracks of albums by album title
• Search and import YouTube playlists
• Create and save local playlists
• Download audio/video
• Convert to mp3 & other formats (requires ffmpeg or avconv)
• View video comments
• Works with Python 3.x
• Works with Windows, Linux and Mac OS X
• Requires mplayer or mpv
• This project is based on mps, a terminal based program to search, stream and download music. This implementation uses YouTube as a source of content and can play and download video as well as audio. The pafy library handles interfacing with YouTube.

Spotlight

Stellarium 0.15.0 has been released

New big features

• We introduce a major internal change with the StelProperty system.

• This allows simpler access to internal variables and therefore more ways of operation.

• Most notably this version introduces an alternative control option via RemoteControl, a new webserver interface plugin.

• We also introduce another milestone towards providing better astronomical accuracy for historical applications:

• experimental support of getting planetary positions from JPL DE430 and DE431 ephemerides. This feature is however not fully tested yet.

The major changes:

• Added StelProperty system
• Added new plugin for exhibitions and planetariums – Remote Control
• Added new skycultures: Macedonian, Ojibwe, Dakota/Lakota/Nakota,
  Kamilaroi/Euahlayi
• Updated code of plugins
• Added Bookmarks tool and updated AstroCalc tool
• Added new functions for Scripting Engine and new scripts
• Added Miller Cylindrical Projection
• Added updates and improvements in DSO and star catalogues (include initial
  support of The Washington Double Star Catalog)
• azimuth lines (also targeting geographic locations) in ArchaeoLines plugin
• Many fixes and improvements…

---

— NEWS —

• Ting data price drop
• Ting drops data prices to $10 GB beyond the first gig

PSA – Do not download Classic SHELL! read comments (MBR overwrite!!) mbr.rootkit

Classic Shell itself wasn’t compromised. FossHub was and some download links were replaced by another program, not signed, that do only one thing: overwrite the MBR. It’s not an infected version of Classic Shell, Audacity or whatever, it’s only a small program that targets your MBR. If at the end of the installation process nothing happens beside a short cmd window then you have downloaded the malware.

• Hacker Compromises Fosshub to Distribute MBR-Hijacking Malware

“In short, a network service with no authentication was exposed to the internet,” the hacker told Softpedia in an email. “We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email.”

• FossHub serves up MBR-compromising versions of Audacity and Classic Shell

Corrupt .exe’s downloads of both Audacity and Classic Shell have been removed from FossHub.com after being found laden with a Master Boot Record-overwriting Trojan.

Never Trust a Found USB Drive, Black Hat Demo Shows Why

“Despite the dangers of hackers, viruses and other bad things, almost half of those who found one of our flash drives plugged it into a computer,” Bursztein said.

• What are malicious USB keys and how to create a realistic one?

Btrfs RAID 5/6 Code Found To Be Very Unsafe & Will Likely Require A Rewrite

“more or less fatally flawed, and a full scrap and rewrite to an entirely different raid56 mode on-disk format may be necessary to fix it. And what’s even clearer is that people /really/ shouldn’t be using raid56 mode for anything but testing with throw-away data, at this point. Anything else is simply irresponsible.”

@ahl I assume you actually tested it before shipping it though 😉

— Allan Jude (@allanjude) August 6, 2016

• Re: [BUG] Btrfs scrub sometime recalculate wrong parity in raid5

Couldn't turn on my bedroom lights last night because there is no way to dismiss this dialog. Thank you @tweethue! pic.twitter.com/2EJUgujzLF

— Thomas Roth (@StackSmashing) July 30, 2016

• JB1 Studio Hit too

• Huemote App

• Amazon.com: CHAUVET SlimPAR 56: Musical Instruments

• Amazon.com: ADJ Products AC3PDMX25 25 ft 3 pin DMX Cable for lighting products: Musical Instruments
• Amazon.com: DMXking ultraDMX Micro USB DMX adapter/dongle: Musical Instruments

MeetBSD California 2016

• Any tips where I can park Lady Jupiter near the Clark Kerr Campus
• Meet up?

Mail Bag

• https://slexy.org/view/s2NuBRmc2H

• https://slexy.org/view/s2usaSqiSk

• https://slexy.org/view/s2vRzbEICz

• Audio Only for Live Show?

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux