Show Notes: extras.show/62

The post Building an Open Source Community: Wirefall | Jupiter Extras 62 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/335

The post FreeBSD Down Under | BSD Now 335 first appeared on Jupiter Broadcasting.

Show Notes: error.show/83

The post No, But | User Error 83 first appeared on Jupiter Broadcasting.

Show Notes: chooselinux.show/22

The post Finding Your Community | Choose Linux 22 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/311

The post Conference Gear Breakdown | BSD Now 311 first appeared on Jupiter Broadcasting.

##Headlines

###[FreeBSD DevSummit & EuroBSDcon 2018 in Romania]

• Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.
• Although Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.
• On the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.
• Olivier Robert took [https://www.talegraph.com/tales/l2o9ltrvsE](pictures from the devsummit) and created a nice gallery out of it.
• Devsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.
• The conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.
• Benedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:

Selfhosting as an alternative to the public cloud (by Albert Dengg)
Using Boot Environments at Scale (by Allan Jude)
Livepatching FreeBSD kernel (by Maciej Grochowski)
FreeBSD: What to (Not) Monitor (by Andrew Fengler)
FreeBSD Graphics (by Niclas Zeising)

• Allan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:
  

  Hacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)
  Introduction of FreeBSD in new environments (by Baptiste Daroussin)
  Keynote: Some computing and networking historical perspectives (by Ron Broersma)
  Livepatching FreeBSD kernel (by Maciej Grochowski)
  FreeBSD: What to (Not) Monitor (by Andrew Fengler)
  Being a BSD user (by Roller Angel)
  From “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)

• We also met the winner of our Power Bagel raffle from Episode 2^8. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.
• During the closing session, GroffTheBSDGoat was handed over to Deb Goodkin, who will bring the little guy to the Grace Hopper Celebration of Women in Computing conference and then to MeetBSD later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.
• Thanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the EuroBSDcon website in a couple of weeks. The OpenBSD talks are already available, so check them out.

###Software disenchantment

I’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.
Modern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.
Only in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:
@tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days 🙂
You’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.

• Everything is unbearably slow

Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?
Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:
It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.
Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.
Pavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.
Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?
As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.

• Everything is HUUUUGE

And then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?
Android system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?
Windows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?
Google keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.
All that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?
Your desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.
A simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.
At least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.

• Better world manifesto

I want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.
What we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.
So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!
I hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.

##News Roundup
###[llvm-announce] LLVM 7.0.0 Release

I am pleased to announce that LLVM 7 is now available.

Get it here: https://llvm.org/releases/download.html#7.0.0

The release contains the work on trunk up to SVN revision 338536 plus
work on the release branch. It is the result of the community's work
over the past six months, including: function multiversioning in Clang
with the 'target' attribute for ELF-based x86/x86_64 targets, improved
PCH support in clang-cl, preliminary DWARF v5 support, basic support
for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
support for OpenBSD, UBSan checks for implicit conversions, many
long-tail compatibility issues fixed in lld which is now production
ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
diagtool. And as usual, many optimizations, improved diagnostics, and
bug fixes.

For more details, see the release notes:
https://llvm.org/releases/7.0.0/docs/ReleaseNotes.html
https://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html
https://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
https://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html

Thanks to everyone who helped with filing, fixing, and code reviewing
for the release-blocking bugs!

Special thanks to the release testers and packagers: Bero
Rosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang
Michał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.

For questions or comments about the release, please contact the
community on the mailing lists. Onwards to LLVM 8!

Cheers,
Hans

###Update your Thinkpad’s bios with Linux or OpenBSD

• Get your new bios

At first, go to the Lenovo website and download your new bios:

• Go to lenovo support
• Use the search bar to find your product (example for me, x270)
• Choose the right product (if necessary) and click search
• On the right side, click on Update Your System
• Click on BIOS/UEFI
• Choose *BIOS Update (Bootable CD) for Windows *
• Download

For me the file is called like this : r0iuj25wd.iso

• Extract bios update

Now you will need to install geteltorito.

• With OpenBSD:

$ doas pkg_add geteltorito
quirks-3.7 signed on 2018-09-09T13:15:19Z
geteltorito-0.6: ok

• With Debian:

$ sudo apt-get install genisoimage

• Now we will extract the bios update :

$ geteltorito -o bios_update.img r0iuj25wd.iso
Booting catalog starts at sector: 20
Manufacturer of CD: NERO BURNING ROM VER 12
Image architecture: x86
Boot media type is: harddisk
El Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes

Image has been written to file "bios_update.img".
This will create a file called bios_update.img.

• Put the image on an USB key
• CAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.

Please check twice on your computer the name of your USB key.

• With OpenBSD :

$ doas dd if=bios_update.img of=/dev/rsd1c

• With Linux :

$ sudo dd if=bios_update.img of=/dev/sda

Now all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy

###Announcing The HardenedBSD Foundation

In June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.
We are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.

###How you migrate ZFS filesystems matters

If you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.
We have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.
This illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).
I knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.
(I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)
With all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).
PS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.
PPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.

##Beastie Bits

• BSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00
• BSD Poland User Group: Next Meeting: October 11, 2018, 18:15 – 21:15 at Warsaw University of Technology
• n2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress
• Running MirageOS Unikernels on OpenBSD in vmm (Now Works)
• vmm(4) gets support for qcow2
• MeetBSD and SecurityBsides
• Colin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)
• FreeBSD 11.1 end-of-life
• KnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS

##Feedback/Questions

• Todd – 2 Nics, 1 bhyve and a jail cell
• Thomas – Deep Dive
• Morgan – Send/Receive to Manage Fragmentation?
• Dominik – hierarchical jails -> networking

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Software Disenchantment | BSD Now 265 first appeared on Jupiter Broadcasting.

UbuCon is just around the corner, we’re joined by Ubuntu’s community manager & the team on the ground to share the inside scoop on how this Ubuntu conference came to be & how you can get in free.

Ryan from Mycroft stops by to give us an update on their open source artificial intelligence project, their new official partnership with Ubuntu & more.

Then we discuss the major partnership between LibreOffice & OwnCloud, the cool OwnCloud hardware that could develop into a consumer device.

Plus some major project updates, community feedback & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

• LINUX Unplugged SWAG for the Holidays

Show Notes:

Pre-Show:

• World Without Linux Episode #5: Space Exploration

Follow Up / Catch Up

Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop | Ars Technica

Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed.

AMD Announces GPUOpen Initiative, New Compiler And Drivers For Lunix And HPC

View post on imgur.com

In a nutshell, AMD is releasing a slew of open-source software and tools to give developers of games, heterogeneous applications, and HPC applications deeper access to the GPU and GPU resources.

View post on imgur.com

AMD GPUOpen also introduces a new Linux driver model and runtime targeted at HPC Cluster-Class Computing. The new headless Linux driver addresses core high-performance computing needs, including low latency compute dispatch and PCI Express data transfers, peer-to-peer GPU support, Remote Direct Memory Access (RDMA) from InfiniBand that interconnects directly to GPU memory and Large Single Memory Allocation support.

View post on imgur.com

• Introducing NVIDIA GameWorks | NVIDIA Developer

Streamy

Streamy connects all your media devices like never before.

KDE – Plasma 5.5.1 complete changelog

Today KDE releases a bugfix update to Plasma 5, versioned 5.5.1. Plasma 5.5 was released in last week with many feature refinements and new modules to complete the desktop experience.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

UbuCon Summit US

Join us at the UbuCon Summit for two days of Ubuntu talks by the best experts in the community and to discuss and shape the future of Ubuntu.

The Summit is the evolution of UbuCon as a bigger a multi-track, multi-day event to learn, share and collaborate around Ubuntu as a project.

In Pasadena, CA, on 21-22 January 2016

• UbuCon portal

Taking UbuCons to the next level: multi-day and multi-track. Join us in Pasadena, CA, on the 21-22 January 2016

Linux Academy

• Linux Academy | Linux and AWS Online Training

Mycroft Update: Design Breakdown and Ubuntu Partnership

View post on imgur.com

Mycroft has continued to deeper its ties with Canonical by becoming an official Ubuntu partner for IoT. We are continually grateful for Canonical and team’s commitment to this technology, and their support and guidance as we continue to grow as a project. We look forward to what this partnership will bring in terms of innovation and community engagement, and have the highest hopes for a bright future in this respect.

The team finished another feature video this week. These feature videos will appear periodically through mid 2016. Each video highlights one or more Mycroft feature and shows it in every day use. Our first feature? Netflix, and the ability to “set a scene” using IoT integration.

TING

• Ting – mobile that makes sense

ownCloud and Collabora Announce LibreOffice Online for ownCloud Server

Today, December 15, ownCloud, Inc. and Collabora have just announced a partnership to bring a new tool for LibreOffice and ownCloud users, based on the LibreOffice Online project and the robust, open-source ownCloud Server self-hosting cloud storage solution.

• Western Digital And ownCloud Team Up To Bring ownCloud to Home Users | ownCloud.org

The Western Digital Labs team contacted us looking to work together with the ownCloud community on offering a self hosted device running ownCloud pre-installed out of the box. Our end goal is to provide a solution for non-technical end users, something which requires few skills to set up.

They provided us with 10 early prototypes to get started with. We’d like to give them out to community members who are serious about helping home users run their ownCloud server.

Support Jupiter Broadcasting on Patreon

Post Show Notes:

• Intel NUC5i7RYH with Ubuntu | Flexion.Org

I’ve just bought my first brand new computer since 2008. Thanks to
the Black Friday
and Cyber Monday sales on
Amazon.co.uk and Scan.co.uk
this year I was able to put together a pretty sweet Intel NUC which is
now running Ubuntu MATE 15.10.

I spoke about this new system on LINUX Unplugged Episode 122
and have been contacted by people wanting more details ever since.
Hopefully this blog post will answer any outstanding questions. Press
play below to hear to what I said on the podcast.

The post Mycroft and Chilli | LINUX Unplugged 123 first appeared on Jupiter Broadcasting.

It’s already our two-year anniversary! This time on the show, we’ll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year’s vBSDCon. What’s it have to offer in that’s different in the BSD conference space? We’ll find out!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenBSD hypervisor coming soon

• Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
• From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled “vmm”
• Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
• Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
• One thing to note: this isn’t just a port of something like Xen or Bhyve; it’s all-new code, and Mike explains why he chose to go that route
• He also answered some basic questions about the requirements, when it’ll be available, what OSes it can run, what’s left to do, how to get involved and so on

Why FreeBSD should not adopt launchd

• Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
• One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we’ve learned)
• In this article, the author talks about why he thinks this is a bad idea
• He doesn’t oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself – this is also explained in more detail
• The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
• Reddit had quite a bit to say about this one, some in agreement and some not

DragonFly graphics improvements

• The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
• This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
• You should also see some power management improvements, longer battery life and various other bug fixes
• If you’re running DragonFly, especially on a laptop, you’ll want to get this stuff on your machine quick – big improvements all around

OpenBSD tames the userland

• Last week we mentioned OpenBSD’s tame framework getting support for file whitelists, and said that the userland integration was next – well, now here we are
• Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
• It’s still a work-in-progress version; there’s still more to be added (including the file path whitelist stuff)
• Some classic utilities are even being reworked to make taming them easier – the “w” command, for example
• The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
• More discussion can be found on HN, as one might expect
• If you’re a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release

Interview – Scott Courtney – vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

• We first heard about OPNsense back in January, and they’ve since released nearly 40 versions, spanning over 5,000 commits
• This is their first big status update, covering some of the things that’ve happened since the project was born
• There’s been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more – the report touches on a little of everything

LibreSSL nukes SSLv3

• With their latest release, LibreSSL began to turn off SSLv3 support, starting with the “openssl” command
• At the time, SSLv3 wasn’t disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
• They’ve now flipped the switch, and the process of complete removal has started
• From the Undeadly summary, “This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!”
• With this change and a few more to follow shortly, LibreSSL won’t actually support SSL anymore – time to rename it “LibreTLS”

FreeBSD MPTCP updated

• For anyone unaware, Multipath TCP is “an ongoing effort of the Internet Engineering Task Force’s (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.”
• There’s been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
• Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
• Some big performance gains can be had with MPTCP, but only if both the client and server systems support it – getting it into the FreeBSD kernel would be a good start

UEFI and GPT in OpenBSD

• There hasn’t been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
• Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
• This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
• Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should “just work” with GPT (once everything’s in)
• The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made

Feedback/Questions

• John writes in
• Mason writes in
• Earl writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• BSD Now anniversary shirts are no longer available, and should be shipping out very soon (if they haven’t already) – big thanks to everyone who bought one (183 sold!)
• This week is the last episode written/organized by TJ

The post Virginia BSD Assembly | BSD Now 105 first appeared on Jupiter Broadcasting.

It’s our last episode of 2014, and we’ll be chatting with Dan Langille about the upcoming BSDCan conference. We’ll find out what’s planned and what sorts of presentations they’re looking for. As usual, answers to viewer-submitted questions and all the week’s news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More conference presentation videos

• Some more of the presentation videos from AsiaBSDCon are appearing online
• Masanobu Saitoh, Developing CPE Routers Based on NetBSD
• Reyk Floeter, VXLAN and Cloud-based Networking with OpenBSD
• Jos Jansen, Adapting OS X to the enterprise
• Pierre Pronchery & Guillaume Lasmayous, Carve your NetBSD
• Colin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)
• The “bsdconferences” YouTube channel has quite a lot of interesting older BSD talks too – you may want to go back and watch them if you haven’t already

OpenBSD PIE enhancements

• ASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem
• They only work with dynamic libraries and binaries, so if you have any static binaries, they don’t get the same treatment
• For example, the default shells (and many other things in /bin and /sbin) are statically linked
• In the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose
• With this and a few related commits, OpenBSD fixes this by introducing static self-relocation
• More and more CPU architectures are being tested and getting support too; this isn’t just for amd64 and i386 – VAX users can rest easy
• It’ll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities
• As always, it starts with a letter from the president of the foundation – this time it’s about encouraging students and new developers to get involved
• The article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)
• You can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too
• There are also sections about the FreeBSD Journal‘s progress, a new staff member and a testimonial from NetApp
• It’s a very long report, so dedicate some time to read all the way through it
• This year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too
• As we go into 2015, consider donating to whichever BSD you use, it really can make a difference

Modernizing OpenSSH fingerprints

• When you connect to a server for the first time, you’ll get what’s called a fingerprint of the host’s public key – this is used to verify that you’re actually talking to the same server you intended to
• Up until now, the key fingerprints have been an MD5 hash, displayed as hex
• This can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to
• This new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint
• You can add a “FingerprintHash” line in your ssh_config to force using only the new type
• There’s also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers – also useful if you’re not 100% confident in any single key type
• The new options should be in the upcoming 6.8 release

Interview – Dan Langille – info@bsdcan.org / @bsdcan

Plans for the BSDCan 2015 conference

News Roundup

Introducing ntimed, a new NTP daemon

• As we’ve mentioned before in our tutorials, there are two main daemons for the Network Time Protocol – ISC’s NTPd and OpenBSD’s OpenNTPD
• With all the recent security problems with ISC’s NTPd, Poul-Henning Kamp has been working on a third NTP daemon
• It’s called “ntimed” and you can try out a preview version of it right now – it’s in FreeBSD ports or on Github
• PHK also has a few blog entries about the project, including status updates

OpenBSD-maintained projects list

• There was recently a read on the misc mailing list asking about different projects started by OpenBSD developers
• The initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)
• A developer compiled a new list from all of the replies to that thread into a nice organized webpage
• Most people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more
• This page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout)

Monitoring network traffic with FreeBSD

• If you’ve ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you
• It’ll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)
• This is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike

Trapping spammers with spamd

• This is a blog post about OpenBSD’s spamd – a spam email deferral daemon – and how to use it for your mail
• It gives some background on the greylisting approach to spam, rather than just a typical host blacklist
• “Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will “temporarily reject” any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation.”
• The post also shows how to combine it with PF and other tools for a pretty fancy mail setup
• You can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc
• You might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd

Feedback/Questions

• Sean writes in
• Brandon writes in
• Anders writes in
• David writes in
• Kyle writes in

Mailing List Gold

• NTP code comparison – 192870 vs. 2898
• NICs have feelings too
• Just think about it

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if you do anything cool with BSD, tell us about it
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Have a happy new year – make 2015 the year you finally switch over to BSD

The post Daemons in the North | BSD Now 70 first appeared on Jupiter Broadcasting.

This week on the show, we’ll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We’ve also got answers to all your emails and the latest news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More BSD presentation videos

• The MeetBSD video uploading spree continues with a few more talks, maybe this’ll be the last batch
• Corey Vixie, Web Apps in Embedded BSD
• Allan Jude, UCL config
• Kip Macy, iflib
• While we’re on the topic of conferences, AsiaBSDCon’s CFP was extended by one week
• This year’s ruBSD will be on December 13th in Moscow
• Also, the BSDCan call for papers is out, and the event will be in June next year
• Lastly, according to Rick Miller, “A potential vBSDcon 2015 event is being explored although a decision has yet to be made.”

BSD-powered digital library in Africa

• You probably haven’t heard much about Nzega, Tanzania, but it’s an East African country without much internet access
• With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
• They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
• The school’s workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it

pfSense 2.2 status update

• With lots of people asking when the 2.2 release will be done, some pfSense developers have provided a status update
• 2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
• All these things have taken more time than previously expected
• The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release

Recommended hardware threads

• A few threads on caught our attention this week, all about hardware recommendations for BSD setups
• In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
• Everyone gave some good recommendations for low power, Atom-based systems
• The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
• For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
• If you’re thinking about building your first BSD box – server, router, NAS, whatever – these might be some good links to read

Interview – Paul Schenkeveld – freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD – for reals

• Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
• After being a Linux guy for 20(!) years, he’s ready to switch his systems over, and is looking for some helpful guides to transition
• In the comments, a lot of new switchers offer some advice and reading material
• If any of the listeners have some things that were helpful along your switching journey, maybe send ’em this guy’s way

Running FreeBSD as a Xen Dom0

• Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
• This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
• Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
• The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet

HardenedBSD updates and changes

• a.out is the old executable format for unix
• “The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968”
• FreeBSD, on which HardenedBSD is based, switched away from a.out in FreeBSD 3.0
• A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
• However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
• HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
• Package Building Update: more consistent repo, no more i386 packages

Feedback/Questions

• Boris writes in
• Alex writes in
• Chris writes in
• Robert writes in
• Jake writes in

Mailing List Gold

• Real world authpf use
• The great perl event of 2014

• All the tutorials are posted in their entirety at bsdnow.tv
• If you’re in New York’s Capital District, there’s a meeting for the BSD users group on December 9th
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s a tutorial you’d like to see, or maybe someone you want us to interview, let us know!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in.

The post Conference Connoisseur | BSD Now 66 first appeared on Jupiter Broadcasting.

This week on the show we’ll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSD talks at XDC 2014

• This year’s Xorg conference featured a few BSD-related talks
• Matthieu Herrb, Status of the OpenBSD graphics stack
• Matthieu’s talk details what’s been done recently in Xenocara the OpenBSD kernel for graphics (slides here)
• Jean-Sébastien Pédron, The status of the graphics stack on FreeBSD
• His presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here)
• Francois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD
• Francois’ talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here)

FreeBSD Quarterly Status Report

• The FreeBSD project has a report of their activities between July and September of this year
• Lots of ARM work has been done, and a goal for 11.0 is tier one support for the platform
• The release includes reports from the cluster admin team, release team, ports team, core team and much more, but we’ve already covered most of the items on the show
• If you’re interested in seeing what the FreeBSD community has been up to lately, check the full report – it’s huge

Monitoring pfSense logs using ELK

• If you’re one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you
• ELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs
• It works with lots of different things that output logs and can be sent to one central server for displaying
• This post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs

Some updates to IPFW

• Even though PF gets a lot of attention, a lot of FreeBSD people still love IPFW
• While mostly a dormant section of the source tree, some updates were recently committed to -CURRENT
• The commit lists the user-visible changes, performance changes, ABI changes and internal changes
• It should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE
• Also check this blog post for some more information and fancy graphs

Interview – Hiroki Sato (佐藤広生) – hrs@freebsd.org / @hiroki_sato

BSD in Japan, technology conferences, various topics

News Roundup

pfSense on Hyper-V

• In case you didn’t know, the latest pfSense snapshots support running on Hyper-V
• Unfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now
• The author of the post tells about his experience running pfSense and gives lots of links to read if you’re interested in doing the same
• He also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code

OpenBSD as a daily driver

• A curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS
• The overall consensus is that it works great for that, stays out of your way and is quite reliable
• Caveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating
• If you’re considering running OpenBSD as a “daily driver,” check all the comments for more information and tips

Getting PF log statistics

• The author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs
• He usually investigates any IPs of interest with whois, nslookup, etc. – but this gets repetitive quickly, so..
• He sets out to find the best way to gather firewall log statistics
• After coming across a perl script to do this, he edited it a bit and is now a happy, lazy admin once again
• You can try out his updated PF script here

FlashRD 1.7 released

• In case anyone’s not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment
• This new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building
• It also includes fixes for 4k drives and lots of various other improvements
• If you’re interested in learning more, take a look at some of the slides and audio from the main developer on the website

Feedback/Questions

• Antonio writes in
• Don writes in
• Andriy writes in
• Richard writes in
• Robert writes in

Mailing List Gold

• Subtle trolling
• Old bugs with old fixes
• A pig reinstall
• Strange DOS-like environment

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – don’t be shy, we love suggestions for things you’d like to see in future episodes
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post BSDって聞いたことある？ | BSD Now 59 first appeared on Jupiter Broadcasting.

We\’re back from BSDCan! This week on the show we\’ll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We\’ll get to hear their experiences of running one and maybe encourage some of you to start your own!

After that, we\’ve got a tutorial on the basics of NetBSD\’s package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year…
• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
• Slides from Dev Summit
• Some of MWL\’s notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
• There\’s also some notes from the devsummit virtualization session, mostly talking about bhyve
• Lastly, he also provides some notes about ports and packages and where they\’re going

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?
• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
• You can use this to get new 0day exploits or find weaknesses in your systems
• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report
• It\’s a very \”no nonsense\” page, pretty much only the hard numbers
• In 2013, they got $26,000 of income in donations
• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
• Be sure to donate to whichever BSDs you like and use!

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you\’re doing
• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require – this means the kernel itself is even protected
• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people\’s needs too
• There\’s also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware – fantastic write up!

Interview – Brian Callahan & Aaron Bieber – admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you\’ve ever been an admin for a lot of FreeBSD boxes, you\’ve probably noticed that you get a lot of email
• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
• From bad SSH logins to Zabbix alerts, it all adds up quickly
• It highlights the periodic.conf file and FreeBSD\’s periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!
• He manages some internally-routed IP ranges at his work, but didn\’t want to have equipment for each separate project
• This is where OpenBSD routing domains and pf come in to save the day
• The blog post goes through the process with all the network details you could ever dream of
• He even named his networking equipment… after us

LibreSSL, the good and the bad

• We\’re all probably familiar with OpenBSD\’s fork of OpenSSL at this point
• However, \”for those of you that don\’t know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\”
• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
• You need cryptographers, software engineers, software optimization specialists – there are a lot of roles that need to be filled
• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork – the main one being their aim for backwards compatibility

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned
• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
• In the more recent post, there\’s some further explanation of the PBI system and the reason for the transition
• It\’s got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
• Working on adding support for FDE with GELI using GRUB for 10.0.2
• Any devs who can grock the GRUB geli code are welcome to contact Kris

Feedback/Questions

• Antonio writes in
• Daniel writes in
• Sean writes in
• tsyn writes in
• Chris writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Michael Lucas will be giving a live presentation next Tuesday, \”Beyond Security: Getting to Know OpenBSD’s Real Purpose\” so be sure to catch that
• Preorders for the book of PF\’s third edition are up
• We got a picture of a bunch of old FreeBSD CDs
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post A BUG's Life | BSD Now 38 first appeared on Jupiter Broadcasting.

This week we\’re at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don\’t get arrested for harassment, we\’ll be back next week with your regularly scheduled programming.

For now, we\’ve got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS.

We\’ll be back to tell you all about the conference next week, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Presentation – Matthew Ahrens – matt@mahrens.org / @mahrens1

OpenZFS discussion

Feedback/Questions

• Remy writes in
• Darin writes in
• Steve writes in
• Pascal writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post BSDCanned Goods | BSD Now 37 first appeared on Jupiter Broadcasting.

We sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we\’ll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There\’s a boatload of news and we\’ve got answers to your questions, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSDCan schedule, speakers and talks

• This year\’s BSDCan will kick off on May 14th in Ottawa
• The list of speakers is also out
• And finally the talks everyone\’s looking forward to
• Lots of great tutorials and talks, spanning a wide range of topics of interest
• Be sure to come by so you can and meet Allan and Kris in person and get BSDCan shirts

NYCBSDCon talks uploaded

• The BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon
• Jeff Rizzo\’s talk, \”Releasing NetBSD: So Many Targets, So Little Time\”
• Dru Lavigne\’s talk, \”ZFS Management Tools in FreeNAS and PC-BSD\”
• Scott Long\’s talk, \”Serving one third of the Internet via FreeBSD\”
• Michael W. Lucas\’ talk, \”BSD Breaking Barriers\”

FreeBSD Journal, issue 2

• The bi-monthly FreeBSD journal\’s second issue is out
• Topics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates
• In less than two months, they\’ve already gotten over 1000 subscribers! It\’s available on Google Play, iTunes, Amazon, etc
• \”We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD\”
• Check our interview with GNN for more information about the journal

OpenSSL, more like OpenSS-Hell

• We mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy
• There\’s been a pretty vicious response from security experts all across the internet and in all of the BSD projects – and rightfully so
• We finally have a timeline of events
• Reactions from ISC, PCBSD, Tarsnap, the Tor project, FreeBSD, NetBSD, oss-sec, PHK, Varnish and Akamai
• pfSense released a new version to fix it
• OpenBSD disabled heartbeat entirely and is very unforgiving of the IETF
• Ted Unangst has two good write-ups about the issue and how horrible the OpenSSL codebase is
• A nice quote from one of the OpenBSD lists: \”Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL\’s bug tracker is only used to park bugs, not fix them\”
• Sounds like someone else was having fun with the bug for a while too
• There\’s also another OpenSSL bug that\’s possibly worse that OpenBSD patched – it allows an attacker to inject data from one connection into another
• OpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out – we\’re seeing a fork in real time (over 55000 lines of code removed as of yesterday evening)

Interview – Jim Brown – info@bsdcertification.org

The BSD Certification exams

Tutorial

Building OpenBSD binary packages in bulk

News Roundup

Portable signify

• Back in episode 23 we talked with Ted Unangst about the new \”signify\” tool in OpenBSD
• Now there\’s a (completely unofficial) portable version of it on github
• If you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it
• Maybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems

Foundation goals and updates

• The OpenBSD foundation has reached their 2014 goal of $150,000
• You can check their activities and goals to see where the money is going
• Remember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data
• The FreeBSD foundation has kicked off their spring fundraising campaign
• There\’s also a list of their activities and goals available to read through
• Be sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet

PCBSD weekly digest

• New PBI runtime that fixes stability issues and decreases load times
• \”Update Center\” is getting a lot of development and improvements
• Lots of misc. bug fixes and updates

Feedback/Questions

• There\’s a reddit thread we wanted to highlight – a user wants to show his friend BSD and why it\’s great
• Brad writes in
• Sha\’ul writes in
• iGibbs writes in
• Matt writes in

• All the tutorials are posted in their entirety at bsdnow.tv – there\’s a couple new ones on the site now that we\’ll be covering in future episodes
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
• If you\’re in or around Colorado in the US, there\’s a brand new BSD users group that was just formed and announced – they\’ll be having meetings and doing tutorials, so check out their site (also, if you have a local BUG, let us know!)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Certified Package Delivery | BSD Now 33 first appeared on Jupiter Broadcasting.

This week on BSD Now… a wrap-up from NYCBSDCon! We\’ll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it\’s BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 10 as a firewall

• Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead
• Now, with the release of 10.0, he\’s apparently changed his mind and switched back over
• It mentions the SMP version of pf, general performance advantages and more modern features
• The author is a regular listener of BSD Now, hi Joe!

Network Noise Reduction Using Free Tools

• Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD
• Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD\’s spamd and other security features to combat spam and malware
• He goes through his experiences with content filtering and disappointment with a certain proprietary vendor
• Not totally BSD-specific, lots of people can enjoy the article – lots of virus history as well

FreeBSD ASLR patches submitted

• So far, FreeBSD hasn\’t had Address Space Layout Randomization
• ASLR is a nice security feature, see wikipedia for more information
• With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)
• We might have Shawn on the show to talk about it, but he\’s also giving a presentation at BSDCan about his work with ASLR

Old-style pkg_ tools retired

• At last the old pkg_add tools are being retired in FreeBSD
• pkgng is a huge improvement, and now portmgr@ thinks it\’s time to cut the cord on the legacy toolset
• Ports aren\’t going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go
• All pkg_ tools will be considered unsupported on September 1, 2014 – even on older branches

This episode was brought to you by

Interview – Luke Marsden – luke@hybridcluster.com / @lmarsden

BSD at HybridCluster

Tutorial

Filesharing with chrooted SFTP

News Roundup

FreeBSD on OpenStack

• OpenStack is a cloud computing project
• It consists of \”a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API.\”
• Until now, there wasn\’t a good way to run a full BSD instance on OpenStack
• With a project in the vein of Colin Percival\’s AWS startup scripts, now that\’s no longer the case!

FOSDEM BSD videos

• This year\’s FOSDEM had seven BSD presentations
• The videos are slowly being uploaded for your viewing pleasure
• Not all of the BSD ones are up yet, but by the time you\’re watching this they might be!
• Check this directory for most of \’em
• The BSD dev room was full, lots of interest in what\’s going on from the other communities

The FreeBSD challenge finally returns!

• Due to prodding from a certain guy of a certain podcast, the \”FreeBSD Challenge\” series has finally resumed
• Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey
• This time he outlines the upgrade process of going from 9 to 10, using freebsd-update
• There\’s also some notes about different options for upgrading ports and some extra tips

PCBSD weekly digest

• After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while
• During their \”fine tuning phase\” users are encouraged to submit any and all bugs via the trac system
• Warden got some fixes and the package manager got some updates as well
• Huge size reduction in PBI format

Feedback/Questions

• After today\’s questions, our email backlog will be just about caught up. Now\’s a great time to send us something – questions, stories, ideas, requests, anything you want
• Derrick writes in: https://slexy.org/view/s21nbJKYmb
• Sean writes in: https://slexy.org/view/s2yhziVsBP
• Patrick writes in: https://slexy.org/view/s20PuccWbo
• Peter writes in: https://slexy.org/view/s22PL0SbUO
• Sean writes in: https://slexy.org/view/s20dkbjuOK

• All the tutorials are posted in their entirety at bsdnow.tv
• Last week\’s NTP tutorial got a small update if you\’re running a LAN-only server, as well as a couple links on how to turn it into a stratum 1 server with a GPS device
• The SSH tutorial also got some updates
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Lastly, the BSD Now t-shirt is close to being ready… stay tuned!

The post The Cluster & The Cloud | BSD Now 24 first appeared on Jupiter Broadcasting.

We talk with George Neville-Neil about the brand new FreeBSD Journal and what it\’s all about. After that, we\’ve got a tutorial on how to track the -stable and -current branches of OpenBSD. Answers to all your BSD questions and the latest headlines, only on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD quarterly status report

• Gabor Pali sent out the October-December 2013 status report to get everyone up to date on what\’s going on
• The report contains 37 entries and is very very long… various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes
• Lots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving
• Secure boot support hopefully coming by mid-year
• There\’s quite a bit going on in the FreeBSD world, many projects happening at the same time
• Jordan (jkh), one of the co-founders of the FreeBSD project, is once again a FreeBSD committer

n2k14 OpenBSD Hackathon Report

• Recently, OpenBSD held one of their hackathons in New Zealand
• 15 developers gathered there to sit in a room and write code for a few days
• Philip Guenther brings back a nice report of the event
• If you\’ve been watching the -current CVS logs, you\’ve seen the flood of commits just from this event alone
• Fixes with threading, Linux compat, ACPI, and various other things – some will make it into 5.5 and others need more testing
• Another report from Theo details his work
• Updates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff

Four new NetBSD releases

• NetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4
• These updates include lots of bug fixes and some security updates, not focused on new features
• You can upgrade depending on what branch you\’re currently on
• Confused about the different branches? See this graph.

The future of open source ZFS development

• On February 11, 2014, Matt Ahrens will be giving a presentation about ZFS
• The talk will be about the future of ZFS and the open source development since Oracle closed the code
• It\’s in San Jose, California – go if you can!

This episode was brought to you by

Interview – George Neville-Neil – gnn@freebsd.org / @gvnn3

The FreeBSD Journal

Tutorial

Tracking -STABLE and -CURRENT (OpenBSD)

News Roundup

pfSense news and 2.1.1 snapshots

• pfSense has some snapshots available for the upcoming 2.1.1 release
• They include FreeBSD security fixes as well as some other updates
• There are recordings posted of some of the previous hangouts
• Unfortunately they\’re only for subscribers, so you\’ll have to wait until next month when we have Chris on the show to talk about pfSense!

FreeBSD on Google Compute Engine

• Recently we mentioned some posts about getting OpenBSD to run on GCE, here\’s the FreeBSD version
• Nice big fat warning: \”The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty.\”
• Their instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!
• Other than that it\’s a pretty good set of instructions on how to get up and running

Dragonfly ACPI update

• Sascha Wildner committed some new ACPI code
• There\’s also a \”heads up\” to update your BIOS if you experience problems
• Check the mailing list post for all the details

PCBSD weekly digest

• 10.0-RC4 users need to upgrade all their packages for 10.0-RC5
• Help test GNOME 3 so we can get it in the official ports tree
• By the way, PCBSD 10.0 is out!
• Special thanks to developers, testers, translators and docs team!
• Upcoming: Working on a 11-CURRENT PC-BSD and 10-STABLE

Feedback/Questions

• Tony writes in: https://slexy.org/view/s21ZlfOdTt
• Jeff writes in: https://slexy.org/view/s2BFZ68Na5
• Remy writes in: https://slexy.org/view/s20epArsQI
• Nils writes in: https://slexy.org/view/s213CoNvLt
• Solomon writes in: https://slexy.org/view/s21XWnThNS

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• A BSD Now t-shirt design is in the works, we\’ll update you on the progress (but we have to get permission to use the mascots and get a rough sketch first)
• NYCBSDCon will be on February 8th in NYC
• We\’ll announce the winner of our tutorial contest on next week\’s episode! Get your last minute tutorial submissions in for our contest

The post Journaled News-Updates | BSD Now 22 first appeared on Jupiter Broadcasting.

A new Jitsi is out, does it finally offer video calling in the Freedom Dimension? We’ll put Jitsi to the test and see if we can break out nasty Skype habit.

Then we debate: is Google trying to avoid the Linux “stigma”?

Plus we’ve got a surprise unboxing, why Valve considers “Linux an island of stability in a sea of commercial chaos”…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux295 to score .COM for just $2.95! 35% off your ENTIRE order just use our code go35off3 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

— Show Notes: —

Jitsi 2 Review:

Brought to you by: System76

• jitsi.org | Jitsi

Pros:

• Set your video res (when it works)_
• Group video calling
• Combine multiple Google Accounts, and AIM, MSN, Yahoo, etc.
• Automatic and easy to use Encryption
• Built in MP3 Recording
• Nice sounds presets

Cons:

• Stability is a bit hit and miss

• Sharing Desktop seems to be unreliable (Google Hangouts hands down wins here).

• Does not take much freeze video, so don’t really touch much after a call is in place.

• Limited by constraints of 3rd party networks

• imgur: the simple image sharer

---

– Picks –

Runs Linux:

• Mantis – a two ton turbo diesel hexapod you can drive

Android Pick:

• ASC

• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• Vokoscreen: A new screencasting tool for Linux

• software.opensuse.org

• vokoscreen-daily PPA : “vokoscreen development” team

• Picks so far

• Madjo

Search our past picks:

• Linux Action Show Lookup
• Thanks to sakuramboo!

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• Valve Publishes Packages For Their Linux Distribution

• Valve’s Lessons Learned: Porting Source Engine to Linux

• Alienware’s latest gaming PC has Linux on it, plays “over 25 games”

• Alienware X51 with UBUNTU Linux

• Full Jedi Academy and Jedi Outcast Source code released!

• Debian gets served by Bytemark

• The Linux Inside Stigma

• Geary crowdfunding: GPG privacy, calendar integration, and more | Yorba Blog

— Untangle Unboxed —

Save 20% on a subscription package with checkout code: LAS20

• Untangle: Network Policy at Work

• Get Untangle

• UntangleWiki

Quick Feedback:

• My Two-Year Old Runs Linux

— Chris’ Stash —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Ubuntu Virtual Machine: Guest and Host
• Writing about Linux, sometimes, even asking tough questions
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post A Free Skype Alternative | LAS | s26e05 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/33641/gif-me-root-techsnap-101/ Thu, 14 Mar 2013 12:07:36 +0000 https://original.jupiterbroadcasting.net/?p=33641 We’ll explain the MiniDuke malware and the extremely clever way to slipped it’s way into victims systems, and the Google two-factor bypass flaw.

The post GIF me root | TechSNAP 101 first appeared on Jupiter Broadcasting.

]]>

We’ll explain the MiniDuke malware and the extremely clever way to slipped it’s way into victims systems.

Researchers discovered a way to bypass google two-factor authentication, we’ll explain the details, and we look back at 25 years of software vulnerabilities.

Plug a big batch of your questions, our answers, and so much more on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Direct Download: HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

 

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

   

Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

[asa]B0095ZMMCK[/asa]

Grab it at Audible.com

Miniduke malware used against European goverments

• A new attack against many european governments has been detected using a new malware called Miniduke
• The malware exploits a sandbox-bypass in Adobe Reader
• The malware targeted a very small (59) but specific number of people from 23 different countries mostly in Europe
• The spear phishing attacks were perpetrated using well crafted PDF files purporting to be NATO membership plans, Ukrainian foreign policy documents or a seminar on human rights
• The malware allowed the attackers to copy and move files from the infected machines to their own servers, as well as kill other processes (like security software) and install additional malware
• The attack was unique because of the unusual nature of the backdoor that was used and how specific and narrow the targets were
• The backdoor contained components written in assembly, a relative rarity in viruses and vulnerabilities
• The malware also used twitter as a command and control system, following specific users and looking for tweets containing encrypted commands prefixed with uri!
• The malware also used .gif files as an update and distribution method, the gif files had regular images (like the RSS icon) but also contained malware binaries embedded in the image using steganography
• The backdoor also gathered system specific information and used it to encrypt communications back and forth with the attacker’s servers (likely to avoid IDS and other forms to detection)
• This system specific information was also used as part of the attack, many parts of the malware that were subsequently loaded on the machines, contained code to make them only work on that specific machine, making the job of the security analysts much more difficult, as they could not run the malware on controlled virtual machines or their own machines in order to analyze it
• The researchers say the style and methods of the attack are reminiscent of attackers from the 90s
• The attack pattern and programming style are reminiscent of hacking group that was thought to have been long disbanded
• The group, called 29A (666 in hex) published their first malware magazine in December of 1996 and were active until February 2008, when the last standing member announced the group’s dismissal
• Digital Underground Podcast – Intricacies of Miniduke
• Full PDF with details

---

Researchers discovered a way to bypass google two-factor authentication

• For the last 7 months, researchers from DuoSecurity and any attackers with knowledge of the vulnerability have been able to bypass Google’s two-factor authentication system, even for Google services such as Gmail
• An attacker who managed to steal or guess a user’s application-specific password could then exploit the Android auto-login feature to take over full control of a user’s entire Google profile, without having to enter the result of the secondary authentication mechanism
• Once they have access to the profile, they could then reset the master password and disable two-factor authentication entirely, allowing them to completely steal the account
• Application specific passwords are a feature created by Google to allow you to use your Google account to authenticate to applications and services that do not support two-step login
• This allows you to use your existing authentication to google to access other apps that do not support web based login (like IMAP/SMTP, Chat and Calendar apps)
• “if a user has linked their Android device to their Google account, the Chrome browser will use local-device authentication to override Google’s two-factor authentication”
• This is a classic case of trading the stronger security that two-factor authentication and strong passwords provide, for the higher convenience factor
• The scary part is that this mechanism allowed an attacker to access the Google ‘Account Settings’ portal, where you can change your backup email address, the phone number linked to your google account, and other other settings that are extremely sensitive and important to the security of your account
• Researchers clarify that the only way for this vulnerability to affect users in a desktop environment, is when their mobile authentication is compromised and used to seize their entire account
• Google patched the vulnerability before it was announced last week
• Researchers Post

---

Google introduces new compression algorithm

• A key feature of Zopfli, is that the compression is deflate compatible, meaning the compressed data can be decompressed using the libraries already built into nearly all existing web browsers
• Zopfli has a compression gain of 3–8% over zlib, but takes 2–3 orders of magnitude longer to compress, making it only really useful for compression of static data, rather than compressing dynamic data for HTTP streams
• For example, to compress a 100mb sample of the english wikipedia, gzip takes 5.6 seconds, 7-zip takes 128 seconds, and zopfli takes 454 seconds
• All three compressed files can be decompressed in under 1 second
• Google’s goal is to save bandwidth and battery life by reducing the size of text and images transmitted to mobile devices
• The research started as an offshoot of the WebP project (advanced lossy and lossless image compression)
• Google has open sourced the code as a C library under the business friendly Apache 2.0 license
• PDF Paper on the compression savings
• Additional Coverage

---

VRT profiles 25 years of software vulnerabilities

• VRT, the Sourcefire Vulnerability Research Team, dug through the CVE (Common Vulnerabilities and Exposures) database and NIST NVD (National Vulnerability Database)
• 2012 was the first year since 2007 where the number of new vulnerability was greater than the previous year
• However the number of vulnerabilities with a score over 7 (out of a possible 10) was still down each year since 2007
• However 2012 had a record high number of vulnerabilities with scores of 10/10
• The top types of vulnerabilities over the last 25 years have been buffer errors (buffer overflow etc), Cross Site Scripting, Access control, SQL Injection, Code Injection and Input Validation
• Top Vendors with high severity vulnerabilities: Mozilla, Apple, Cisco, Sun, Adobe, IBM, Mozilla, HP, Google, and Oracle
• Mobile Vulnerability Share: iPhone: 81%, Android: 9%, Windows: 6%, Blackberry: 4%
• Full PDF

---

Feedback:

• The Risk of Exposing a Security System to the Web?

• What are your thoughts on DMZs? // Slexy 2.0

• Home Server Troubles

• My question mainly has to do with PHP and MySQL

• Sharing the root

+What is the value of a hacked PC?
+ Steal your username/passwords (banking, games, web servers, skype)
+ Steal your CD keys (windows, office, games, etc)
+ Use your computer as a web server (host spam, malware, etc)
+ Join a botnet (click fraud, send spam, launch ddos)
+ Reputation hijacking (using your facebook account to ‘like’ businesses etc that pay the malware author)

Conference Round Up:

• How to ask good questions at RSA
• RSA – Researchers find ‘beta’ of Stuxnet, making it 2 years older than previously thought – Also found more evidence linking the developers of Stuxnet to the developers of Flame – Paper
• Cyber Dialogue – Hacking Back, Signaling and State-Society Relations
• RSA – Analysis of SEC filings under new cyber attack disclosure rules
• RSA – [VIDEO] Key Source International makes Secure Logon Devices
• RSA: [VIDEO] Self encrypting USB hard drive for all operating systems
• RSA: [VIDEO] PwnPad – A steathly penetration testing platform
• RSA: [VIDEO] BehavioSec – Behaviorial Biometrics for Authentication

The post GIF me root | TechSNAP 101 first appeared on Jupiter Broadcasting.

]]>