Canonical’s Dustin Kirkland’s Beard tell us about their new Livepatch service, we discuss Dirty COW the “Most serious” Linux privilege-escalation bug ever, explain what a CRM is & what great open source solutions are available.

Plus some much discussed feedback, our picks & more!

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

— Show Notes: —


LinuxAcad

Brought to you by: Linux Academy

Zurmo CRM

Zurmo

Zurmo is an Open Source Customer Relationship Management (CRM) application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. This means you can create and maintain a custom-built CRM system or platform with the assurance that future updates are not going to break your installation. Head over to the forums to learn more.

Contact Management

  • Full view of Contact details
  • 360 view of Accounts
  • Lead Management
  • Quickly find info with Global Search

Activity Overview

  • Meetings, Tasks, Notes, and Attachments all in one place
  • Roll Up to see activities from related records
  • Latest activities widget, easy view of historical information

Deal Tracking

  • Sales Force Automation
  • Create and Manage Opportunities
  • Track Sales Pipeline
  • Probability of Closure

Manual Install Guide

Bitnami Script

Open Source is No Joke

The short version: Most Open Source Customer Relationship Management (CRM) applications are not fully functioning CRMs because they usually lack Reporting and Workflow. CRMs without these two features are useless. We want people to get value out of Zurmo. So we’re adding functionality that is usually available only in paid, Enterprise editions. Why? The current model teases people and insults our intelligence. We want people to take Zurmo and make it better. We want there to be a tool out there that’s easy to work with and to develop. By building software so a lot of people will use it, we’ll benefit by supporting it. That’s why we’re including all these features like Reporting and Workflow for free.

The long version: If you’re looking for a joke, watch a Jim Carry movie. Dumb and Dumber fits the bill. If you are looking for Open Source Customer Relationship Management (CRM) that’s along the same lines of ineptitude, just do a Google search. You have a bunch to pick from. Call them “teasers”. Call them bait and switch. Call them whatever you’d like. Just surely don’t call them full functioning CRM systems. I am serious. And please don’t call me Shirley.

— PICKS —

Runs Linux

CVS RUNS LINUX!!

Sent in by Anon Ymous (very clever)

Desktop App Pick

Flux

Ever notice how people texting at night have that eerie blue glow? Or wake up ready to write down the Next Great Idea, and get blinded by your computer screen? During the day, computer screens look good—they’re designed to look like the sun. But, at 9PM, 10PM, or 3AM, you probably shouldn’t be looking at the sun.

f.lux fixes this: it makes the color of your computer’s display adapt to the time of day, warm at night and like sunlight during the day. It’s even possible that you’re staying up too late because of your computer. You could use f.lux because it makes you sleep better, or you could just use it just because it makes your computer look better.

Flux Shot

Redshift adjusts the color temperature of your screen according to your surroundings. This may help your eyes hurt less if you are working in front of the screen at night.

Spotlight

ShowTerm

It’s showtime in a terminal near you! Put on your best colours, resize to 80 columns, and let your fingers fly!

Termshows are purely text based. This makes them ideal for demoing instructions (as the user can copy-paste), making fail-safe “live-coding” sessions (plain text is very scalable), and sharing all your l33t terminal hacks.

  • Each termshow gets its own link. You can add hash-fragments to customize playback,
  • All shows are in plain text
  • Easy to install
  • Easy to use
Donate to OpenStreetMap | OpenStreetMap

OpenStreetMap is the largest open geographic database in the world, the data infrastructure for multitudes of mapping projects around the globe. Your donation to the OpenStreetMap Foundation will cover our core operational expenses in supporting the OpenStreetMap project: hardware costs, legal fees, administrative assistant and other expenses of our working groups and administration.

— NEWS —

Hotfix Your Ubuntu Kernels with the Canonical Livepatch Service!

Today, Canonical has publicly launched the Canonical Livepatch Service — an authenticated, encrypted, signed stream of Linux livepatches that apply to the 64-bit Intel/AMD architecture of the Ubuntu 16.04 LTS (Xenial) Linux 4.4 kernel, addressing the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect. This is particularly amazing for Container hosts — Docker, LXD, etc. — as all of the containers share the same kernel, and thus all instances benefit.

“Most serious” Linux privilege-escalation bug ever is under active exploit

The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only_

Why is the Flaw called Dirty COW?

The bug, marked as “High” priority, gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malicious program can tamper with read-only root-owned executable files and setuid executables.

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings,” reads the website dedicated to Dirty COW.

“An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

The Dirty COW vulnerability has been present in the Linux kernel since version 2.6.22 in 2007, and is also believed to be present in Android, which is powered by the Linux kernel.

There are proof of concept available here.

Impact
  • An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
  • This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.
How
  • The In The Wild exploit relied on writing to /proc/self/mem on one side of the race.
  • The In The Wild exploit relied on using ptrace.
  • The attack relies on racing the madvise(MADV_DONTNEED) system call while having the page of the executable mmapped in memory.

IOT Targeted in Recent DDOS attacks of DNS

DNS, the internet traffic management company hit by DDoS attacks Friday which affected more than 80 popular websites, says it believes that smart devices such as webcams and thermostats were infiltrated to carry out the attacks.

Scores of websites including PayPal, Reddit, Amazon, Spotify and Twitter were unavailable Friday as three separate distributed denial of service (DDoS) attacks disrupted the New Hampshire based server’s operations.

Feedback:

Mail Bag

Name: Corey L

Subject: System 76 Same As Clevo?

Message: Hello Chris and Noah,

Would i be able to use the system 76 PPA on a generic Clevo laptop of the same model that the Oryx Pro is built upon. I have an opportunity to purchase one second hand from a Windows user, and I’m sure i could get everything working under Ubuntu 16.10 (except for crappy wireless) .

The model is NP8152-S

Thank you both,
Best regards,
Corey L

Name: LJ

Subject: Ubuntu 16.04 / 16.10 Followup

Message: Message: Hi Noah,

Regarding the wifi problems you have been facing with ubuntu 16.04 (and probably 16.10), please check the instructions/script in the file attached.

It may be a dirty solution but in the end it works and it it completely transparent to the user.

Keep the good work

Regards
LJ from Portugal

  • Script To Fix Wifi

  • Open a terminal and type the following:

  • sudo nano /etc/systemd/system/wifi-resume.service
  • Copy/Paste the script in there with a right click.
  • Exit with ctrl + o and ctrl + x
  • Now to activate it:

sudo systemctl enable wifi-resume.service

Script:

#/etc/systemd/system/wifi-resume.service
#sudo systemctl enable wifi-resume.service
[Unit]
Description=Restart networkmanager at resume
After=suspend.target
After=hibernate.target
After=hybrid-sleep.target

[Service]
Type=oneshot
ExecStart=/bin/systemctl restart network-manager.service

[Install]
WantedBy=suspend.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target

Salty Noah?

Call in: 1-877-347-0011

New Show: User Error

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Question? Comments? Contact us here!