Show Notes: linuxactionnews.com/149

The post Linux Action News 149 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/342

The post Webs Assemble! | Coder Radio 342 first appeared on Jupiter Broadcasting.

New versions of openSUSE leap and Fedora have hit the web. The chairmen of openSUSE joins us to answer our hard questions & we follow up on Fedora 23.

Plus the big upset with Debian this week, ransomware that targets Linux systems & way more than we can fit into this description!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• DDoS, botnet, and fiber cut fail to stop Twitchers crowd-installing Linux

Feedback:

• Leap 42.1 is OUT!
  Tumbleweed

• Chris and Wes use MATE 15.10 in the Real world

• Backup ideas

• HELP Server’s down, what do I do?

• Happy birthday Firefox!

• Thunderclap: Glucosio for #DiabetesMonth

Glucosio is trying to drum up support for it’s free and open source app for Android that helps people with diabetes manage their diabetes and support diabetes research.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Fedora 23 Wrap Up

• Fedora Cinnamon Desktop

Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2.

• What’s New in Fedora 23 KDE Plasma Desktop Spin – Fedora Magazine

Fedora 23 KDE Plasma Desktop features Plasma 5.4.0, KDE Frameworks 5.15, and KDE Applications 15.08. Plasma 5.4 includes a new audio applet, Application Dashboard, updated breeze icon theme, KRunner autocompletion, and Networks applet with graphs. Notable changes in KDE Applications 15.08 are Frameworks 5 based Kontact suite app and file manager Dolphin. Additionally, Firefox is now the default web browser.

• Introducing the Fedora Community Blog – Fedora Magazine

Today, the Fedora Project is proud to announce the launch of a new publication platform for Fedora contributors: the Fedora Community Blog. The Fedora Community Blog intends to better connect the different projects, groups, and efforts going on in the community every day. Teams are encouraged to share their goals, achievements, and calls for assistance on this blog to help improve the overall interconnectedness of the community.

• Fedora 24 release dates and schedule –

Fedora 24 schedule with a current release date of May 17, 2016. Fedora 24 Alpha is slated for release on March 1st, 2016, and the Beta has a release date of April 12th, 2016.

These dates may change as development on Fedora 24 progresses, so always check the schedule for the most accurate version of the Fedora 24 schedule.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

New encryption ransomware targets Linux systems

Many of the systems that have been affected by the malware were infected when attackers exploited a vulnerability in the Magento CMS. A critical vulnerability patch for Magneto, which is used to power a number of e-commerce sites, was published on October 31. Doctor Web researchers currently place the number of victims in the “at least tens” range, but attacks on other vulnerable content management systems could increase the number of victims dramatically.

In order to run, the malware has to be executed with administrator-level privileges. Using 128-bit AES crypto, the malware encrypts the contents of all users’ home directories and any files associated with websites running on the systems. It then goes through the whole directory structure of mounted volumes, encrypting a variety of file types. In each directory it encrypts, it drops a text file called README_FOR_DECRYPT.txt. This demands payment and provides a link to a Tor “hidden service” site via a Tor gateway.

• First Linux ransomware program cracked, for now | ITworld

Bitdefender researchers discovered that when it generates the AES keys, the malicious program uses a weak source of random data — the time and date at the moment of encryption.

This time stamp is easy to determine by looking at when the AES key files were created on disk. Therefore, researchers are able to reverse the process and recover the AES keys without needing to decrypt them, making the RSA public and private keys pointless.

The tool created and released by Bitdefender is a script written in Python that determines the initialization vectors and AES encryption keys by analyzing the files encrypted by the ransomware program. It then decrypts the files and fixes their permissions on the system.

“If you can boot your compromised operating system, download the script and run it under the root user,” the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the tool.

TING

• Ting – mobile that makes sense

An abrupt End to Debian Live

Therefore, after having founded Debian Live back in 2006 and having by now almost 10 years continuously worked on it, without further ado:

Debian Live is dead, hijacked by the debian-cd and the debian-installer Teams

The live.debian.net server will be shut down end of month, the Git repositories are read-only as of now and mirrored to GitHub for archival

• lykwydchykyn comments on An abrupt End to Debian Live

No, the story is more like this:

• Debian live is created, widely used including by debian, but perhaps in some way not “officially” Debian (though this is unclear).
• Debian CD team has some outstanding bugs with debian-live, which some members (but apparently not the lead dev) are aware of (or at least, not aware that they are major problems for debian-cd).
• Someone creates a “successor” project called debian-live-ng that fixes these bugs, rather than fixing them in debian-live.
• Debian CD is going to use this new project.
• Lead developer of debian-live finds out about this scenario only when someone tries to push a package with the name live-build-ng (which conflicts with the live-* namespace used by debian-live), only to encounter a Debian CD team already dead-set on replacing and deprecating his project and overloading the package namespace with their new project without further discussion.

Or, in short, diplomacy, courtesy, and basic communication were neglected, and the inevitable happened.

Support Jupiter Broadcasting on Patreon

The post Leaping Over Tumbleweed | LINUX Unplugged 118 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we’ll show you how to roll your own OpenBSD ISOs with all the patches already applied… ISO can’t wait!

This week’s news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pfSense 2.1.4 released

• The pfSense team has released 2.1.4, shortly after 2.1.3 – it’s mainly a security release
• Included within are eight security fixes, most of which are pfSense-specific
• OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
• It also includes a large number of various other bug fixes
• Update all your routers!

DragonflyBSD’s pf gets SMP

• While we’re on the topic of pf…
• Dragonfly patches their old[er than even FreeBSD’s] pf to support multithreading in many areas
• Stemming from a user’s complaint, Matthew Dillon did his own work on pf to make it SMP-aware
• Altering your configuration‘s ruleset can also help speed things up, he found
• When will OpenBSD, the source of pf, finally do the same?

ChaCha usage and deployment

• A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
• This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
• OpenSSH offers it as a stream cipher now, OpenBSD uses it for it’s random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
• Both Google’s fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
• Unfortunately, this article has one mistake: FreeBSD does not use it – they still use the broken RC4 algorithm

BSDMag June 2014 issue

• The monthly online BSD magazine releases their newest issue
• This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, “saving time and headaches using the robot framework for testing,” an interview and an article about the increasing number of security vulnerabilities
• The free pdf file is available for download as always

Interview – Craig Rodrigues – rodrigc@freebsd.org

FreeBSD’s continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

• Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
• In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end – this had the advantage of not requiring any extra disk space, but raised some security concerns
• With signify, now everything is fully downloaded and verified before tar is even invoked
• The pkg_add utility works a little bit differently, but it’s also been improved in this area – details in the post
• Be sure to also read the original post from Adam, lots of good information

FreeBSD 9.3-RC2 is out

• As the -RELEASE inches closer, release candidate 2 is out and ready for testing
• Since the last one, it’s got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
• The updated bsdconfig will use pkgng style packages now too
• A lesser known fact: there are also premade virtual machine images you can use too

pkgsrcCon 2014 wrap-up

• In what may be the first real pkgsrcCon article we’ve ever had!
• Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
• Unfortunately no recordings to be found…

PostgreSQL FreeBSD performance and scalability

• FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
• On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
• Lots of technical details if you’re interested in getting the best performance out of your hardware
• It also includes specific kernel options he used and the rest of the configuration
• If you don’t want to open the pdf file, you can use this link too

Feedback/Questions

• James writes in
• Klemen writes in
• John writes in
• Brad writes in
• Adam writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• There, you’ll also find a link to Bob Beck’s LibReSSL talk from the end of May – we finally found a recording!
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Next week Allan will be at BSDCam, so we’ll have a prerecorded episode then

The post Base ISO 100 | BSD Now 44 first appeared on Jupiter Broadcasting.