Show Notes: extras.show/47

The post Infrastructure Engineer: Seth McCombs | Jupiter Extras 47 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/325

The post Cracking Rainbows | BSD Now 325 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Hoopla

• Mike’s Vacation / Lemur Update
• Visual Studio for Mac?

Meeting Hell Followup

• Big Fish Eats Small Fish

Customer Management For Devs?

• Business Innovations: Fast Pass
• Value based pricing?
• Has Software Development Been Commoditized?

Book Recommendation

• Weapons of Math Destruction

Coding Challenge

• Challenge

The post Minimal Functional Product | CR 232 first appeared on Jupiter Broadcasting.

Mike shares his recent Linux switch experience & why he thinks it might stick this time. We chew on Verizon buying Yahoo & the grief Marissa Mayer is getting.

Plus we congratulate the winner of last week’s challenge & announce the next one!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Hoopla:

Verizon to acquire Yahoo’s operating business

Dear Yahoos,

Moments ago, we announced an agreement with Verizon to acquire Yahoo’s operating business.

• Sad Yahoo Sale Confirms That Marissa Mayer Failed

Whatever her future role, the Verizon sale is a blunt admission that Mayer’s grand resuscitation plan for Yahoo failed. She tried valiantly to inject some life into the company—with acquisitions, layoffs, splashy hires, and a way-too-late emphasis on mobile, among other strategies—but ultimately, it wasn’t enough.

Bad press from just the last few months:

• Yahoo CEO Marissa Mayer Thoroughly Failed on Promise to Not Screw Up Tumblr – Breitbart
• Marissa Mayer: A Case Study In Poor Leadership – Forbes
• As Marissa Mayer fails, Yahoo goes on the block – Deduced Reckoning
• Faith in Yahoo shaken as CEO Marissa Mayer’s turnaround plan fails – Times of India
• Marissa Mayer Has Become A Symbol Of Silicon Valley’s Disastrous Tokenism – Breitbart
• Failed Yahoo CEO Marissa Mayer Could Get $55M Parachute
• Marissa Mayer Yahoo CEO Under Attack
• Is Yahoo’s Mayer still ‘amazing’ or simply ‘failed’? – MarketWatch

Coding Challenge

Going through #CoderRadio coding contest submissions @ChrisLAS @Xaccary pic.twitter.com/qTgO85SdgM

— Michael Dominick (@dominucco) July 23, 2016

• Kyle’s Python Solution

Episode 215 Katy Perry Coding Challenge

I have a Pery colorful coding challenge for #CoderRadio fans this week @ChrisLAS

— Michael Dominick (@dominucco) July 25, 2016

• Make Mike an app that creates a Youtube playlist of or otherwise allows him to play his favorite Katy Perry music videos: Dark Horse, Roar, This is How We Do, Teenage Dream, Last Friday Night, International + + Smile and Unconditionally.
• The app must take advantage of the browser having his Youtube Red account cached for commercial viewing or he must be able to auth with his Youtube Red account to achieve the same.
• All solutions must be tablet friendly

Rocking the Ratel

The post Real Life on the Ratel | CR 215 first appeared on Jupiter Broadcasting.

The Pixel C is the perfect example of a compromised device, caused in large part, by Google’s Strategy Tax. This week we debate if this is the underlying reason tablet apps are so far behind on Android, what Mike’s plans are as an Android developer & why the long-term picture might look rosy.

Plus the Jar Jar true Sith Master mega theory comes to light, some iPad Pro follow up, the missed Mameo opportunity, the hard reality of the “pro tablet” market & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla:

• Jar Jar: The True Sith Master

This subreddit is dedicated to the speculation – and ultimate revelation of – the true Sith Master, Supreme Leader Jar Jar Binks.

• Theory Support Mega-Thread : DarthJarJar

In your face strategy tax, should it be a warning to developers?

A strategy tax is anything that makes a product less likely to succeed, yet is included to further larger corporate goals.

Mike tweets:

Any other #android devs concerned that Google will use #chromeOS for tablets rather than droid — seems like an uncertain time to dev 4 tabs?

Any other #android devs concerned that Google will use #chromeOS for tablets rather than droid — seems like an uncertain time to dev 4 tabs

— Michael Dominick (@dominucco) December 13, 2015

The Pixel C was probably never supposed to run Android | Ars Technica

The Pixel C is ill-suited to Android, but it wasn’t supposed to be this way…

• What about the lang? Will Java stay or could we Dart in a different direction?

• Hi, I’m Andrew, here at Google and I’m with the team that built the Pixel C…Ask Us Anything!

Feedback:

• Ted Cruz to the rescue?

Super happy to see our Backpoints app at use at Rutgers! Go Knights! #apps pic.twitter.com/vYSbJ2VVaT

— Buccaneer Tech, INC (@BuccaneerTech) December 14, 2015

• Andrew’s iPad Pro Follow up

The post Android Instability | CR 183 first appeared on Jupiter Broadcasting.

Adobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.

Plus a great batch of questions, the roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

0day exploits against Flash will be harder thanks to new mitigations

• Three new exploit mitigations are being added to Adobe’s Flash player in an effort to prevent future exploits
• The mitigations were developed in a collaboration between Adobe and Google’s Project Zero
• The mitigations are:
  • “buffer heap partitioning” – Specific types of objects have been moved to an entirely separate heap (the OS Heap instead of the Flash Heap), preventing an overflow in the Flash Heap from ever being able to corrupt those objects. “It’s worth noting that this defense is much more powerful in a 64-bit build of Flash, because of address space limitations of 32-bit processes. This mitigation is now available in the Chrome version of Flash, and is expected to come to all other browsers sometime in August. Now is a good time to upgrade to a 64-bit browser and Flash.”
  • “stronger randomization for the Flash heap” – The flash heap is no longer stores in a predictable location, so it is harder to exploit. In addition, especially on 64-bit platforms, large allocations are further randomized. And older exploit developed by Project Zero used up to a 1GB allocation in order to hit a predictable location. With the large 64bit address space to play with, these allocations can be so far apart that it will be very difficult for an attacker to overflow the flash heap to run into the binary sections.
  • “Vector.<*> length validation secret” – Many of the recent and previous exploits have worked by overwriting the length of the Vector objects, to make them overflow into other areas of memory. The previous two mitigations make it harder to do this, but Adobe have developed a validation technique to detect when the length has been altered unexpectedly. The Adobe mitigation works by storing a “validation secret”, a hash of the correct length and a secret value, the attack doesn’t know the secret value, so cannot write the correct hash, and Flash will exit with a runtime error. This mitigation is available in all Flash builds as of 18.0.0.209.
• “Had they been widely available earlier, they likely would have blunted the effects of at least some of the three most recent zero-day vulnerabilities”
• Hopefully these will propagate quickly and reduce the frequency of flash 0 days
• Google Project Zero Blog Post

1.4M Vehicle Recall After Bug in Chrysler UConnect System

• Fiat Chrysler Automobiles NV is recalling about 1.4 million cars and trucks equipped with radios that are vulnerable to hacking, the first formal safety campaign in response to a cybersecurity threat.
• The recall covers about a million more cars and trucks than those initially identified as needing a software patch. The action includes 2015 versions of Ram pickups, Jeep Cherokee and Grand Cherokee SUVs, Dodge Challenger sports coupes and Viper supercars.
• This isn’t the first time automobiles have been shown to be vulnerable to hacking. What elevates this instance is that researchers were able to find and disable vehicles from miles away over the cellular network that connects to the vehicles’ entertainment and navigation systems.
• Fiat Chrysler’s UConnect infotainment system uses Sprint Corp.’s wireless network.
• It’s not a Sprint issue but they have been “working with Chrysler to help them further secure their vehicles”.
• Unauthorized remote access to certain vehicle systems was blocked with a network-level improvement on Thursday, the company said in a statement. In addition, affected customers will receive a USB device to upgrade vehicles’ software with internal safety features.
• Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut, both Democrats, introduced legislation on July 21 that would direct NHTSA and the Federal Trade Commission to establish rules to secure cars and protect consumer privacy.
• The senators’ bill would also establish a rating system to inform owners about how secure their vehicles are beyond any minimum federal requirements.
• Chrysler Recalls
• After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix
• Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability
• FCA Uconnect Vulnerability | ICS-CERT

Inside the “Business Club” crime gang

• Krebs profiles the “Business Club” crime gang, which apparently managed to steal more than $100 million from European banks and businesses
• The story centers on the “Gameover ZeuS” trojan and botnet. The commercial ZeuS malware had been popular for years for stealing banking credentials, but this was a closely held private version built for himself by the original author
• “Last year’s takedown of the Gameover ZeuS botnet came just months after the FBI placed a $3 million bounty on the botnet malware’s alleged author — a Russian programmer named Evgeniy Mikhailovich Bogachev who used the hacker nickname “Slavik.””
• “That changed today with the release of a detailed report from Fox-IT, a security firm based in the Netherlands that secretly gained access to a server used by one of the group’s members. That server, which was rented for use in launching cyberattacks, included chat logs between and among the crime gang’s core leaders, and helped to shed light on the inner workings of this elite group.”
• “The chat logs show that the crime gang referred to itself as the “Business Club,” and counted among its members a core group of a half-dozen people supported by a network of more than 50 individuals. In true Oceans 11 fashion, each Business Club member brought a cybercrime specialty to the table, including 24/7 tech support technicians, third-party suppliers of ancillary malicious software, as well as those engaged in recruiting “money mules” — unwitting or willing accomplices who could be trained or counted on to help launder stolen funds.”
• “Business Club members who had access to the GameOver ZeuS botnet’s panel for hijacking online banking transactions could use the panel to intercept security challenges thrown up by the victim’s bank — including one-time tokens and secret questions — as well as the victim’s response to those challenges. The gang dubbed its botnet interface “World Bank Center,” with a tagline beneath that read: “We are playing with your banks.””
• “The Business Club regularly divvied up the profits from its cyberheists, although Fox-IT said it lamentably doesn’t have insight into how exactly that process worked. However, Slavik — the architect of ZeuS and Gameover ZeuS — didn’t share his entire crime machine with the other Club members. According to Fox-IT, the malware writer converted part of the botnet that was previously used for cyberheists into a distributed espionage system that targeted specific information from computers in several neighboring nations, including Georgia, Turkey and Ukraine.”
• “Beginning in late fall 2013 — about the time that conflict between Ukraine and Russia was just beginning to heat up — Slavik retooled a cyberheist botnet to serve as purely a spying machine, and began scouring infected systems in Ukraine for specific keywords in emails and documents that would likely only be found in classified documents, Fox-IT found.”
• The botnet was also used against Turkey
• “The keywords are around arms shipments and Russian mercenaries in Syria,” Sandee said. “Obviously, this is something Turkey would be interested in, and in this case it’s obvious that the Russians wanted to know what the Turkish know about these things.”
• “The espionage side of things was purely managed by Slavik himself,” Sandee said. “His co-workers might not have been happy about that. They would probably have been happy to work together on fraud, but if they would see the system they were working on was also being used for espionage against their own country, they might feel compelled to use that against him.”
• The full Fox-IT report is available as a PDF here

Feedback:

• FreeNAS with Quad GbEthernet

• eSata enclosure

• pfSense Minix Router

• GlusterFS alternatives

• Enhanced commit privileges: Allan Jude (src)

Round Up:

• Kim Dotcom: ‘I don’t think your data is safe on Mega anymore’
• Get root on any OS X machine, with a shell command that fits in a tweet
• The Martian author says Comcast let hacker take over his e-mail
• Scaling Netflix – From 0 to a Terabit
• “Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware
• Why Netflix chose NGINX and FreeBSD to build its CDN
• An Update to Nexus Devices
• PHP mt_rand only returns odd numbers? Looks even worse in hex, low bits not being set?
• Breach at PNI Digital Media Inc., a company that makes photo kiosks, has affected customers a many large retailers including Walmart, CVS, Rite Aid, Sam’s Club and Costco
  
• How coordinated disclosure works in the real world
• HP Researchers find the Smart Watches are a security risk
• Belgian Government accidently includes 20,000 employees of transit operator in its phishing test

The post Solving the Flash Plague | TechSNAP 226 first appeared on Jupiter Broadcasting.

Jami is a technical writer for Agency Port Software, a web based software for P&C insurance.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Learn to Code by Doing – Code School
• Learn to code | Codecademy
• Agencyport Software
• Meet MadCap Flare | Authoring, Publishing and Content Management

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE: So Angela, today we’re joined by Jami. She’s a technical writer with a company in Boston. She does a lot of interesting work trying to translate developers and in her position for developers. So we talk a little bit about that and we get into what it means to be a technical write and kind of dig into that whole career path.
ANGELA: And before we get into this interview, I would just like to say that you can support the network and the ongoingness of this show, Women’s Tech Radio, by going to pateron.com/today. And that is where you will find that we put out a podcast specifically to thank the patrons that are supporting the network. It’s Tech Talk Today. It’s a quick show that we do four days a week of the top headlines. And it’s just a thank you. It’s something that we’re able to launch because we are getting funding that way. So, again, you can support Women’s Tech Radio through patreon.com/jupitersignal.
PAIGE: And to get started, we asked Jami what she’s doing in technology today.
JAMI: I’m currently a tech writer. I work for Agency Port Software in Boston. We are a technology company that offers web-based software and tools to P&C insurance companies, and I’m pretty much responsible for creating and maintaining all of their product documentation and as well as the developer documentation site where all that documentation lives. So mostly my responsibilities are related to actual documentation. So I document any updates to the products and the release notes whenever releases go out. And then the other half is I’m actually dealing with the technical aspects of the site. So we make sure everything is up and running, everything is displaying properly, the styles look good, the features looks good. I”m working mostly in a tool called MadCap Flare. It’s an authoring tool. But I also work heavily in CSS and a little bit of Javascript and now learning a little bit more about Bootstrap.
PAIGE: So are you working in MadCap Flare? Is that like your internal program and then you’re also starting to author some of the stuff for the web and that’s why you’re diving into CSS and HTML and stuff?
JAMI: Yeah. So, MadCap Flare, it’s an external software component that you can use to actually build documentation sites. So you kind of organize everything and it builds HTML files that then compile out that you can build an actual site with. But we wanted something a little bit more modern and that we can customize a lot more than what’s built into the product. So that’s why we kind of bring in the CSS and the Javascript and the Bootstrap so that we can make it a little bit more modern and trendy to kind of meet our company’s branding.
PAIGE: So is this something — technical writing is actually — we haven’t had a technical writer on the show yet.
ANGELA: Uh-uh.
PAIGE: So this is kind of fun. What does it mean to do technical writing? I think you kind of grazed over it, but what do you do as a technical writer, like in the nitty gritty?
JAMI: Well, in my position now you’re working with the developers. You’re working with the engineers to find out exactly what is done on a project as related to a product. So whenever they make changes, we have to make sure that we’re relaying that information to whoever the audience is. So in my current case, our audience is actual developers who are customizing our software for clients. So they need to learn how to customize everything. So those updates go in for the content and we also relay the updates as for release notes. So we’re constantly keeping communication to our clients to what we’re being, what’s being done into the product.
PAIGE: So you’re kind of translating developers, and in your position, for developers?
JAMI: Yes. In prior positions where I’ve worked as a tech writer it was kind of the opposite. Where I was interpreting developers notes and trying to decipher it into a language that any man could understand, like they have no technical background but they need to understand. But in my current case it’s, I’m actually relaying developer information for another developer, if that makes sense.
ANGELA: Yeah.
PAIGE: Totally. So are you super technical? Are you a developer yourself? How does that work for you to kind of translate like that?
JAMI: I’m not really a developer per say. I mean, I’m starting to learn a lot more, especially in the past year or so. But I’m more of the content side of it. So I can understand it, but if you give me something to code completely in Javascript, i don’t know how to do that just yet, but I could at least read it and understand what’s going on.
PAIGE: Well, that’s actually a lot farther than some developers I know. So you’re doing really well.
JAMI: Thanks.
PAIGE: Is that something you went to school for? To be — either to understand Javascript or to be a technical writer?
JAMI: Actually, no. I actually don’t have really any formal training as far as even technical writing. My degree was actually in creative writing and journalism and I started working for a small IT company right out of college kind of helping with their help desk and I just gradually made my way up. And now today, I — since working with developers and having to actually look at code, it’s kind of forced me to learn, but also — I’m mean it’s not like a forcing, but — so it’s interesting to finally learn how to do some of this stuff. And then actually to learn more. I’ve been taking classes on Code School and Codecademy and trying to actually dig into code and try to figure it out so that I can understand what they’re talking about.
PAIGE: Very cool. So you’re self-teaching yourself so you can have more understanding at work?
JAMI: Right. Exactly.
PAIGE: And do cool things. Very cool.
JAMI: Right.
PAIGE: That’s actually how I got started.
JAMI: Very nice.
PAIGE: I always like to ask this sort of question, but how does it flip around? Do you feel like you have this creative writing and journalism background and you’re trying to learn code. Do you feel like any of the developers are actually trying to learn how to write more like humans?
JAMI: In some cases, yes. Yes.
PAIGE: Awesome.
JAMI: Or maybe we wish that they did, I guess.
PAIGE: Maybe somebody should write a Codecademy for technical writing so that we could learn how to write better documentation.
JAMI: That would be nice.
PAIGE: Yeah. I think they’re based out of Boston or New York. I think they’re in New York.
JAMI: I’m not sure. Yeah.
PAIGE: They’re very close. How did you get where you are? It sounds like you started out of college and you had the college degree. Have you always had an interest in tech or was it just kind of that random happenstance?
JAMI: Well, I mean, I’ve always been into computers and tech, and I’m really tech savvy. So just kind of, I kind of fit in right away in the department and I just — I love it. I mean, I’m always learning something new. It’s always evolving. So, I just — I’ve kind of found that happy medium where I’m writing, but I’m also getting the chance to actually work in tech.
PAIGE: I think it’s interesting how the tech — like if we look at it from a broad perspective. It really is a very deep field. It takes a lot of disciplines. You know, we’ve had so many different people on the show; artist, developers, designers, and writers now and there’s really — there’s room for all of us in this field to do good things.
JAMI: Right.
PAIGE: So why tech? You said you’re tech savvy. What does that mean to you and is it — what kind of stokes your fire in the tech end of things?
JAMI: Well, I think it’s kind of — because I have this personality where I like to kind of be a detective and try to figure things out. So I think in tech I kind of get that opportunity. Where it’s like, oh I don’t know why this page isn’t showing up right. Let me see why. Let me try to fix this. Okay, that’s not working. Let me try this. And just trying to find the answer. If it’s either online or talking to people. And it’s like you kind of get the opportunity to see what you did right away.
PAIGE: Yeah. We actually had an interview, a couple of weeks ago by now, where we talked to somebody about failing. And I think that willingness to explore and to fail forward, like oh does this worK? And to break it and then fix it is — that’s that mindset for me. It’s super important.
JAMI: Absolutely. Yeah, and it helps you learn because I mean for me I’m more of a hands on person, so actually digging in and trying to do things is how I’m going to figure out how to do it.
ANGELA: Is there anything tech related that you do outside of work, like hobby wise? Like blogging or?
JAMI: I did for a while. I was — I did blog for a while. I did some side freelance work for Bot.com for a while, for like two years. So I had to maintain their — maintain my — I had my own personal site and I had to do all that stuff. I was into photography for a while. So I was editing photos a lot. Right now I just really — I honestly haven’t had a whole lot of spare time to do a lot of outside tech related stuff, but I mean I’ve been using a computer for the past probably 20 years or so.
ANGELA: Yeah.
J; So it’s like attached to me. It’s just a part of our lives now. Tech is always around me.
PAIGE: Yeah, totally. You can’t get away from it anymore.
JAMI: No. It’s like a — it’s literally attached to you hip.
PAIGE: I guess you could move to Amish country in Pennsylvania.
JAMI: Yeah.
PAIGE: That’s about it.
ANGELA: I heard there’s a really good buffet.
PAIGE: Really?
ANGELA: Yeah, really.
PAIGE: I don’t know. I mean, are they offended-
ANGELA: My mom went to it and so did one of my friends.
PAIGE: I’ve had some of the best pancakes ever in Amish country, so maybe it’s relevant. I don’t know. Very fun. So you’re in the Boston community. How is the — kind of the tech community out there?
JAMI: It’s really booming right now, it seems. I mean, I’ve been here a little over a year, but especially in the area we’re in, we’re kind of near South Boston and just companies are moving in, startups and just everything. It’s very tech heavy right now.
PAIGE: I’m from the Boston area, I will admit.
JAMI: Uh-huh.
PAIGE: What is kind of your favorite thing about — I know you just moved up there. What’s kind of your favorite Boston thing so far?
JAMI: I’d say just being in the city to me is just exhilarating. Because I’m kind of from — I grew up in a small Florida town and kind of moved around Florida a lot where we didn’t really have that metropolitan feel. And of course the weather here. And summer/spring is very nice. Winter is a little bit challenging. But I love public transportation so getting on the train everyday to me is exciting.
PAIGE: Boston public transit, I had no idea how spoiled i was until I moved away from Boston, but it’s pretty much, once you get out of the Boston, New York, DC corridor, once you get out of there the rest of the country does not have the kind of public transport that the northeast has, and I had no idea.
JAMI: No. Yeah.
PAIGE: But I’m surprised you say summer. Well, I guess you’re from Florida. Honestly the worst part of New England weather to me is the hot, sticky summers, but Florida definitely takes the cake on that one.
ANGELA: Yeah.
JAMI: Right. Right. Yeah, it’s not that — I mean it’s been high 80s but it’s not that bad.
PAIGE: We also ask a couple of things that people do. So what else do you do with your free time?
JAMI: Well, I have a little dog named Penny so I like to spend time a lot with her. I like to research old train stations, which is kind of silly, but it’s kind of like a new thing since I’ve moved up here to New England. There’s a lot of — obviously a lot of history, a lot of hold history. But a lot of old train stations that have either been renovated into other things or they’re just kind of missing and you just kind of see pieces of them and you want to know why. Like why, what happened? And things like that.
PAIGE: That’s really fascinating. You should blog about that.
JAMI: It’s such a random thing. I don’t know why I’m so obsessed with it.
ANGELA: Yeah, no, seriously. Yeah, if you started a blog I bet you could get-
PAIGE: I would follow that.
ANGELA: Click revenue, because trains and stuff like that is really a popular thing.
JAMI: Probably.
PAIGE: Even if you’re in a for a casual ride, the Rail to Trail project that has happened through most of New England is fascinating.
JAMI: Yes.
PAIGE: And you get to go by a lot of those old train stations and things.
JAMI: Yes, we have one that actually runs right by our house. We haven’t been since fall, but we take the dog and it’s very interesting. Some of the old signals are even still there. And the old crossover bridges. It’s very cool.
PAIGE: New England is a really fascinating place for history. Definitely. Highly recommend. So you’re teaching yourself right now. What are some of the things that are hardest for you, even just learning like — is it jus getting your head around the logic of it? Like understanding terms? Like what is a variable? What is a function? Like what’s your sticking points and how are you getting over them or how are you not?
JAMI: I think it’s more the logic, because I’m kind of still in the midst of doing some of the online courses for Javascript. And it’s just — I don’t know if it’s the math portion or it’s just kind of all of it at once, like the, you know, if L statements and things like that. Sometimes it kind of throws me around. It’s just trying to figure it out. They give you a sample. Okay. Here’s some code, now try to fix it. Or you’ve got to write this yourself. here’s your variables and write it. So it’s just digging in and trying to figure it out is the best way how I get through it.
PAIGE: I like that. I also usually encourage people who are new to programming to write it out in plain English first.
JAMI: Uh-huh.
PAIGE: And then try to make it into code.
JAMI: Right.
PAIGE: Because if you write the logic in a way that you understand it and then translate, it can kind of help that step. Are you just doing stuff online? Are you going to meetups or anything?
JAMI: I haven’t gone to any meetups yet. I know there are a lot in the Boston area. I know there are couple of, especially for women they’re actually creating — there’s a lot of groups that are actually for women that want to code and you could actually get involved in these groups and they do meetups. And basically at any level you could just want to learn and you could get into the groups and start working with them and learn more. And that’s something I’d love to do. I just haven’t had the chance right now, unfortunately.
PAIGE: I definitely encourage you to check that out. I’m actually the director for Women Who Code Portland and I know that we have a Boston chapter.
JAMI: NIce.
PAIGE: And I think Girl Develop It is out there if you want something more workshoppy.
JAMI: Right.
PAIGE: I highly recommend both of those.
ANGELA: Do you have, at your job, are you the only technical writer or is there somebody else that you — that also does that?
JAMI: No, I am the sole technical writer. I was actually hired on last year to help their documentation section. They were using and old Drupal platform and they wanted something more robust and more modern that could actually kind of help users navigate it through better. So that’s kind of where I came along. I’ve had a little over six years’ experience as a tech writer so I kind of brought my expertise in and helped them find the MadCap Flare tool to build their documentation set. So I’m the sole person on that — in that full team right now.
ANGELA: Job security.
JAMI: Yes.
ANGELA: Have you ever met another technical writer? Like with either a partnering company or a client that has a technical writer?
JAMI: Yes.
ANGELA: Yeah? Is that-
JAMI: Yes.
ANGELA: Are you guys able to like share hidden jokes and — I don’t know.
JAMI: Sometimes. Yeah, so my last job before this one I was actually on a technical writing team. We had — I think at one time we had about five writers and a supervisor that we’d all been — you know, we were all tech writers. So we all knew the jokes, whether it be about a specific programmer or just the logic of things. Of, oh like, oh your authoring tool is doing something weird again. Oh no. You know, things like that. It’s mostly just weird little quirks.
ANGELA: Uh-huh.
PAIGE: Did you ever put easter eggs inside technical documentation like we do with programs?
JAMI: Uh, no I haven’t.
PAIGE: You should consider it.
ANGELA: Yeah. You work on that. We’ll check back with you in six months.
JAMI: Okay. Yeah.
ANGELA: No, just kidding.
PAIGE: So, if someone was listening to the show and is a writer currently, they’re freelance or whatever they’re doing, or maybe they’re finishing a degree or something and they wanted to get into technical writing, what kind of advice would you give them?
JAMI: I would just say to get out there and read as much as you can about it. I mean, from my perspective, I didn’t have an actual formal tech writing training. I didn’t go to school for it. So you kind of have to be tech savvy in some sense, and you have to be willing to learn. You have to be open minded that things are going to change and that you have to kind of be up and current and to — you know, whether it be the current authoring tools platforms that are available or the other kinds of ways that you can make your documentation better. And it’s just to get out there and try to create something. Take online courses or tutorials and just do what you can. Because this is just how you can learn.
PAIGE: Do you have any courses you might recommend for technical writing?
ANGELA: Maybe not yet. I think you’re probably in the early stages of figuring out what it is that would have been helpful?
JAMI: Yeah. And I mean, back when I was starting to learn six years ago there wasn’t — I don’t think there was a whole lot free online, you know, tutorials like there are now. But there are books out there that you could look in technical writing. I believe there’s a site called technicalwriting.com, if that’s still available. I”m not sure. BUt I think that’s a community so you can share ideas and things like that.
PAIGE: We’ve had some people give the advice before of people who are even just looking to get into development to — if they wanted to kind of dip their toes in open source that actually doing documentation work for open source projects is valuable. Do you think that would be valuable for a technical writer as well?
JAMI: Yes, definitely. If you really want to just get your experience, get your foot in the door, and if you’re willing to either volunteer your time or something like that, it definitely — definitely find — or a startup. Or something like that, that really could use some documentation help. ANd if you’re open to learning along the way with them.
PAIGE: So just like development, just get your feet in and do the work and it will pay off.
JAMI: Correct.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Don’t forget you can find the full transcription either in the YouTube description or on JupiterBroadcasting.com. Find the Women’s Tech Radio dropdown and you can also listen to our back catalogs. We have a lot of amazing shows on there.
PAIGE: So many great women have been on this show. You can also find us on iTunes. If you have a moment, leave us a review. We’d love to hear what you think. You can also contact us by dropping us a line at WTR@JupiterBroadcasting.com or followng us on Twitter, @heywtr. Thanks so much for listening.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post Technical Writing | WTR 37 first appeared on Jupiter Broadcasting.

Mike takes a victory lap as we discuss the big announcements from Google I/O. Then we get into a heated discussion around how GitHub should be used vs how most people use it.

Plus some great feedback, Mike & Chris share some bold predictions & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla

Google I/O:

• Google I/O: Chris’ Take

• Google I/O: Make’s Take

• Android M Dev Preview delivers permission controls, fingerprint API, and more | Ars Technica

• Google I/O 2015 – Keynote – YouTube

Announcing GitTorrent: A Decentralized GitHub

The biggest change for developers in Android M will be user-selectable permissions. Currently, Android permissions are an all-or-nothing affair—you give the app the full list of permissions it wants or your don’t install it at all. In Android M, Google will be letting users pick and choose which permissions they allow in an app, and the company will provide a control panel for managing permissions.

Google will also revamp the way it displays and explains permissions to users. We were able to talk to Google VP of Product Management Brian Rakowski before the show, and he says permissions have been “dramatically simplified” and reorganized into a “smaller, more understandable list.”

Feedback:

• Getting it Done

The post You're Gitting it Wrong | CR 156 first appeared on Jupiter Broadcasting.

Is Microsoft confusing the container market & blowing the implementation?

Plus Apple gets caught rejecting Pebble compatible apps, we may have finally found the perfect Linux dev laptop & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

LFNW Update

Hoopla

• Apple [NOT] now rejecting apps with Pebble Smartwatch support [mod title edit] – Pebble Forums

Feedback:

• Open Source as a Trap Laptop Discussion

• And why do you not like Java?

Code of the Week

Codeship Manager by listener Philip

The post Compromising Virtual Clouds | CR 151 first appeared on Jupiter Broadcasting.

Reverse Engineering Incentives to Improve Security. New Jersey school district computers held for ransom & the flash bug that lives on from 2011 with a twist!

Plus some great networking questions, drone powered Internet & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Reverse Engineering Incentives — to Improve Security

• Gunnar Peterson writes a blog post about an interesting way to improve security in the enterprise
• Based on a scheme Walmart used in the 1980s, where employees got a bonus if “stock shrinkage” (theft) was below a certain level
• This kept more employees from stealing, where before they had no incentive not to
• So, he morphs the idea for information security:
• “I’ve often said that no one wants to write insecure code, and I wonder if something similar would work in infosec. Could a company put a fixed number each year towards an “average” breach cost and then if one does not occur, credit it back in a bonus to the tech staff, developers and sys admins?”
• “Think – digital version of days since last workplace injury. My guess is that incentives along those lines would very probably work way better than the majority of products on RSA trade show floor, and at a fraction of the cost.”
• He discusses the various problems with the idea
• How do you define what is a breach
• Instead what about a “pay for each bug found”?, but he points out the possibility of the Cobra Effect
• So the idea is: “we do not end up on the front page of the newspaper in a breach story” means everyone gets a bonus payout roughly equal to what we would pay in response cost on a rolling two years basis. This should tend to focus the mind and inspire people. Fired up? Ready to go? Now let’s go install some patches!
• “Its not perfect of course, but has the advantage of focusing attention onto the issues of strategic impact and puts security people, developers, sys admins and other on the same side of the table. To me, this is long overdue and a powerful organizational tool.”
• “Some might argue that incentives are silly, these are professional developers. What we need is regulation. We have used regulations, for example PCI or Company security policies, for a long time in infosec, they are not worthless, but they are not optimal either. At the very least they are only one tool in the toolbox and we should look at others.”
• “Security people’s main role is to be a barrier between an organization and stupid. So the real question is – what kind of barrier is the most effective? Regulations create the hostile, tactical and divided environments in which security people operate today. Bonuses have a way of getting people’s attention I have noticed and they have a way of getting people to work together.”
• “What I think the outcome here would look like is to simplify the coordination between the security team and dev/ops teams. On any engagement I easily spend 30-50% of my time on James Baker-style shuttle diplomacy trying to convince devs and ops folks that security is not deliberately setting out to destroy their timeline, bonus and career. If you just took that portion out of it, that means that any security time and dollars that get spent are spent on trying to solve actual security problems not Security/Dev/Ops Glasnost.“
• It is an interesting idea, although it only seems to work for commercial software development

New Jersey school district computers held for ransom

• An attacker has taken over a Gloucester County school’s district’s computer network, and is demanding payment of 500 bitcoins ($128,000) to return control of the system
• “Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Parents cannot receive emails with students grades and other information.”
• The superintendent said the attacker “did not access any personal information about students, families or teachers”
• It is unclear how the attacker could prevent teaching from accessing records, but not give the attacker access to those same records
• The Superintendent said, without Smartboards, students used pens, pencils and papers, going back to, what he described, “education as it was 20 or 30 years ago.”
• “We are still a long way from being fully operational. We have to work to restore the functionality of all of our computers.”
• “The school district is being forced to postpone the Common Core-mandated PARCC state exams”
• It seems like the school needs a better backup system
• A similar cryptolocker style attack hit the college I was consulting for a few weeks ago
• They immediately dumped the system and restored from that mornings backup, and were back up in a few hours
• I teased them that if they were using ZFS, they could have just done “zfs rollback” and been back up in a few minutes, with less data loss
• You still need backups, of everything
• A full Disaster Recovery plan is in order for a school board, students should still be able to use the Cafeteria no matter what is wrong with the computers
• A cold spare using a read-only backup, that doesn’t allow new changes, but at least allows access to important information like parents’ phone numbers, seems to be in order
• NJ School District Hit With Ransomware-For-Bitcoins Scheme t

Flash bug from 2011 still lives on

• CVE-2011-2461 was an interesting Flash bug
• Unlike a typical flash bug, the problem was in the Adobe Flex SDK, used to write the flash programs that run in your browser (.swf files)
• So, the fix wasn’t a newer version of the Flash player, but a patch to the tools used to author the flash files
• However, even years later, it seems many of these old flash files are still around, and users are still vulnerable because of it
• “The particularity of CVE-2011-2461 is that vulnerable Flex applications have to be recompiled or patched; even with the most recent Flash player, vulnerable Flex applications can be exploited. As long as the SWF file was compiled with a vulnerable Flex SDK, attackers can still use this vulnerability against the latest web browsers and Flash plugin.”
• Adobe released a tool to patch .swf files, seems to be rarely used
• Researchers at NibbleSec ran into the problem while investigation a SOP (Single Origin Policy) bypass attack
• Researchers presented their findings at the Trooper 2015 conference
• During their scan, they found that many sites still host vulnerable Flash applications, including Google, Yahoo, Adobe, SalesForce, and more
• “SOP prevents scripting content loaded from one website—or an origin—from affecting the content of another website. For example, a script hosted on website X that’s loaded by website Y in an iframe should not be able to read sensitive content about the other site’s visitors, like their authentication cookies. Neither should website Y be able to obtain information about users of website X by simply loading a resource from it.”
• “Without this mechanism in place, any malicious site could load, for example, Gmail in a hidden iframe and when authenticated Gmail users visit the malicious site, it could steal their Gmail authentication cookies.”
• It will be interesting to see if the new found attention actually gets this bug solved

Feedback:

• Friendly backup
• Encrypting Your ownCloud Files — ownCloud User Manual 7.0 documentation

• How ownCloud uses encryption to protect your data | ownCloud.org

• Networking issue

• Additional SSH Tunnelling Considerations

• Free Experian for the Premera hack

Round Up:

• Despite privacy policy, RadioShack customer data up for sale in auction
• Flaw in Hilton Honors reward site allowed any account holder to hijack other accounts
• Squid bug in Red Hat performs an ‘rf -fr /*’ on restart.
• Healthcare and Software still not getting along
• Because of CloudFlare shared SSL, Ted Cruz’s New Presidential Campaign Donation Website Shares Security Certificate With Nigerian-Prince.com
• Advice for dealing with tax fraud, straight from the scammers who cause it
• Facebook’s Aquila Drone Will Beam Down Internet Access With Lasers
• Apple buys FoundationDB, immediately removes downloads from website
• Amazon Cloud Drive goes unlimited: $11.99/year for photos and $59.99/year for everything
• SnapChat burns up your data plan
• Bruce Schneier | Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
• Still, no one knows what is, and what is not, a “cyber incident”
• Bitcoin exchange AllCrypt, had their wordpress blog installed on the same server. Attacker drains entire wallet by modify database
• A brilliant Tinder hack made hundreds of bros unwittingly flirt with each other

The post Lunch Lady Lockdown | TechSNAP 207 first appeared on Jupiter Broadcasting.

Mai is a senior developer at Phase 2 with a masters in Computer & Information Technology.

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Phase2 Technology
• Blackboard
• Moodle
• NYC Camp
• Drupal
• Girls Who Code

Full transcription of previous episodes can be found at heywtr.tumblr.com

The post Local Tech Community | WTR 18 first appeared on Jupiter Broadcasting.

Erin Clark works at iXsystems as a system administrator and discusses the various technology and hardware background that is needed to be in that position.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

iXsystems
FreeNAS

The post Erin Clark | WTR 6 first appeared on Jupiter Broadcasting.

If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!

Plus we dig through the Sony hack, answer a ton of great question & a rocking roundup!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Reinventing Computers And The Internet From Scratch, For The Sake Of Security

• DARPA funded research is looking at how we might design the Internet if we had to do it over again
• Many decisions that were made 30 and 40 years ago when UNIX and TCP/IP were designed, may be done differently today
• The overall project has a number of sub-projects:
  • CRASH – Clean-Slate Design of Resilient, Adaptive, Secure Hosts
  • MRC – Mission-Oriented Resilient Clouds
  • CTSRD – Clean Slate Trustworthy Secure Research and Development (Custard)
• BERI: Bluespec Extensible RISC Implementation: a open-source hardware-software research and teaching platform: a 64-bit RISC processor implemented in the high-level Bluespec hardware description language (HDL), along with compiler, operating system, and applications
• CHERI: capability hardware enhanced RISC instructions: hardware-accelerated in-process memory protection and sandboxing model based on a hybrid capability model
• TESLA: temporally enforced security logic assertions: compiler-generated runtime instrumentation continuously validating temporal security properties
• SOAAP: security-oriented analysis of application programs: automated program analysis and transformation techniques to help software authors utilize Capsicum and CHERI features
• The goal is to design newer secure hosts and networks, without having to maintain backwards compatibility with legacy systems, the biggest problem with changing anything on the Internet
• This is why there are still things like SSLv3 (instead of just TLS 1.2+), why we have not switched to IPv6, and why spam is still such a large problem
• I for one would definitely like to replaced SMTP, but no one has yet devised a plan for a system that the world could transition to without breaking legacy email while we wait for the rest of the world to upgrade
• “Corporations are elevating security experts to senior roles and increasing their budgets. At Facebook, the former mantra “move fast and break things” has been replaced. It is now “move slowly and fix things.””
• For performance reasons, when hardware and programming languages were designed 30 and 40 years ago, it was decided that security would be left up to the programmer
• The CHERI project aim to change this, by implementing ‘Capabilities’, a sandboxing and security mechanism into the hardware, allowing the hardware rather than the software to enforce protections, preventing unauthorized access or modification of various regions of memory by malicious or compromised applications.
• CHERI, and the software side of the project, Capsicum, are based on FreeBSD, but are also being ported to Linux, where Google plans to make extensive use of it in its Chrome and Chromium browsers.
• Additional Coverage

Sony Internal Network Hacked

• No, this is not Episode 3 of TechSNAP, Sony was hacked, again
• Hackers identifying the selves as Guardians of Peace (GOP) claim to have stolen as much as 100TB of data from Sony
• One questions how they managed to exfiltrate such a huge amount of data without being noticed. A full 1 GBPS internet connection would have to run at full capacity for 10 days to move that much data. It seems a lot of the data was likely compressible, but unreleased movies etc would not be
• At this point, only about 40GB of data has been leaked, mostly internal documents
• “The data dump includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 3,500 U.S. staff. And there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.”
• When will companies learn that a spread sheet is not a secure place to store sensitive information
• In a memo to Employees Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal said “While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession,”
• Additional Coverage – CNET – 47,000 Social Security Numbers leaked, Celebrity Data included
• Additional Coverage – Sony Employees receive email threats: “your family will be in danger”
• Additional Coverage – BuzzFeed – Inside the Sony Data
• Additional Coverage – Gizmodo – Sony hack worse than thought
• Additional Coverage – Washington Post
• Additional Coverage – Edgadget
• Additional Coverage – The Verge
• George Clooney predicted the Sony Hack in December (in a now leaked email)
• Additional Coverage – BitDefender – Take Aways from the Sony Hack
• Additional Coverage – ArsTechnica – Attackers also stole certificates to sign malware

Feedback:

• Jupiter Dev Summit on Monday the 15th

• Remotely activate/disable firewall rules?

• AuthPF (works, especially remotely)

• FreeNAS/ZFS Filesystem Relationships

• Screenshot

• Naming software bugs like storms

• [ways to use as much bandwidth a possible? ](https://www.reddit.com/r/techsnap/comments/2oftzo/ways_to_use_as_much_bandwidth_a_p
  ossible/)

• Malware Authorship Language

• 31C3 – The 31st Chaos Communication Congress Who will be there?

Round Up:

• Sony hack: Studio Tries to Disrupt Downloads of its Stolen Files
• Brian Krebs interviewed on 60 Minutes
• Reset Linux Root Password
• Payment Processor “Charge Anywhere” transmitted some data in plain text, finds malware on their network stealing the data
• Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
• Fabrice Bellard (FFMPEG, QEMU, etc) introduces BPG, a replacement for JPG based on HEVC, better image quality in smaller size. Javascript based decoder means all browsers can render the images already
• Ron Wyden (D-OR) Introduces bill to prevent FBI backdoors — “The Secure Data Act would ban agencies from making manufacturers alter their products to allow easier surveillance or search”
• Man arrested for trying to sell detailed plans for next US Air Craft Carrier to Egypt
• DMCA should be altered to allow tinkering with hardware
• Flaw in Mantis bug tracker allow attackers and spammers to bypass captchas
• Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
• Why you should only trust open source for your sensitive emails

The post Signed by Sony | TechSNAP 192 first appeared on Jupiter Broadcasting.

The classic battle flairs up this week, and the guys discuss how an over controlling sysadmin can slow down an important project, and why that problem seems to be so much worse in business.

Plus the market is still hot for Java, but don\’t discount Python or C#, making a big career change, and the standard for replacing your own inhouse tools.

Thanks to:

• Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes: —

Feedback

• About C#/.NET
• Software Craftsmanship.
• Needs to replace in house tool, not sure which language to use.
• The new hotness: C++11?!
• Feedback on Windows
• You Asked for a Microsoft Windows Plug
• Digital Ocean

Handy Tool:

• TLDRLegal – Compare Open Source Licenses

The post Ops vs Dev | CR 84 first appeared on Jupiter Broadcasting.

This week we\’ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\’s future plans and much more. After that, if you\’ve ever wondered what all this SSH stuff is about, today\’s tutorial has got you covered. We\’ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\’s presentation video
• Most of us never get to see the dev summit talks since they\’re only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an \”OpenBSD for Linux users\” talk at a Michigan Unix Users Group.
• He says \”Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\”
• Really informative presentation, pretty long, answers some common questions at the end

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer\’s room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It\’ll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!

FreeBSD foundation\’s year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year

Interview – Amitai Schlair – schmonz@netbsd.org / @schmonz

• The NetBSD Foundation, pkgsrc, future plans
• Can you start off by telling us a little bit about who you are and how you got involved with BSD in general?
• What are all your roles with the NetBSD project? What \”hats\” do you wear?
• What kind of tasks are assigned to the foundation? What does being on the board entail?
• Since you\’re also very involved with pkgsrc, could you give us a brief overview of what pkgsrc is, and how it compares to something like ports?
• What\’s planned for the next big release of NetBSD, and when can we expect it?
• In what ways do you personally use NetBSD? Desktops, servers, toasters? All of the above?
• If some of our listeners want to get involved with NetBSD and pkgsrc, where would you recommend they go to help out?
• How can people find you? Anything else you\’d like to mention?
• https://twitter.com/schmonz

Tutorial

A guide to SSH and tmux

• OpenSSH and tmux, a match made in heaven
• This guide shows how to do basic tasks with SSH
• Persistent sessions with tmux increase productivity

News Roundup

PS4 released

• Sony\’s Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they\’re using
• Always good to see BSD being so widespread

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes

pbulk builds made easy

• NetBSD\’s pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM

Feedback/Questions

• Peter writes in: https://slexy.org/view/s21oh3vP7t
• Kjell-Aleksander writes in: https://slexy.org/view/s21zfqcWMP
• Jordan writes in: https://slexy.org/view/s2ZmW77Odb
• Christian writes in: https://slexy.org/view/s2BZq7xiyo
• entransic writes in: https://slexy.org/view/s21xrk0M4k

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Collecting SSHells | BSD Now 12 first appeared on Jupiter Broadcasting.

A compromise at Apple turns Mike’s week upside down. Reeling from the setback we dig into Mike’s concerns with Canonical’s crowd sourced Ubuntu Edge phone.

Why we\’re a bit dismayed at Firefox OS’ attempts to kill the app store…

And we answer your hard questions.

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• ZOMG, MIKE! Crypto is NOT broken… except that it is….
• Patrick’s Email
• Kyle was inspired by our Pomo love and wrote this web app
• Cary’s email: [In defense of Apple(https://slexy.org/view/s216d3rIzI)
• David is working on a project for a school system and though the law does not require that he encrypt the data itself in the database (make it not human readable that is) he wonders if he should anyway.
• Matty’s email: Could talk about \”environments\”
• Chris asks if we believe that devs who focus on langs that are run by corps are hurting their careers long term.
• Isak’s email: Working on a Game

Dev World Hoopla

• Apple Dev Center Down

• Apple Developer Website Hacked: Developer Names, Addresses May Have Been Taken

In an email to developers today, Apple revealed that its Developer Center website was breached by unknown hackers and was taken offline last Thursday as a precaution.

• UPDATE: Turkish hacker posts video of Apple Dev Centre breach | ITProPortal.com

\”This is definitely not an hack attack. I have reported all the bugs I have found to the company and waited for approval. I am being accused of hacking but I have not given any harm to the system and i did notwanted to damage [sic],\” writes the user Ibrahim Baliç.

He has since told the Guardian, \”My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it.\”

• FireFox wants to kill App Stores

• How Firefox OS plans to kill — not reinvent — the app store | VentureBeat

\”In essence, with Firefox OS, we made app discovery as easy as browsing the web, and we give you a very good reason to brush up the mobile optimised web sites you already have on the web,\” writes Mozillan Chris Heilmann on the company blog.

• Ubuntu Edge | Indiegogo

In the car industry, Formula 1 provides a commercial testbed for cutting-edge technologies. The Ubuntu Edge project aims to do the same for the mobile phone industry — to provide a low-volume, high-technology platform, crowdfunded by enthusiasts and mobile computing professionals.

Tool of the Week

[asa]B005JN9310[/asa]

Hard Drives for Jupiter:

• Hard Drives for Jupiter

Follow the show

• Email the show
• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Sour Apple | CR 59 first appeared on Jupiter Broadcasting.

From text editors and compilers to Project management tools Mike shares his toolchain for getting projects done.

But we start with fending off the trolls, trouncing Chris over the OYUA, and struggling with nuances of an open sources ASP.NET.

Plus defending a dev underfire for speaking his mind, and we answer a batch of your emails.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes —

Feedback

• Jeramy writes:

“Michael failed to mention that Microsoft released ASP.NET to the open source community and now ASP.NET can be run on any server with any database management system.”

• John shares his sister’s web-based calendar: www.keilascode.com
• Folks love the SNES generation

Hoopla

• Aaron Seigo – Google+ RE: In Canonical\’s recent announcement

• Heroku | Cloud Application Platform

Pick of the week

[asa]B002KO9JB0[/asa]
[asa]B001HBCVX0[/asa]

Tool of the week

• Ruby Mine

Follow the show

• Email the show
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Gandalf the Whiteboard | CR 37 first appeared on Jupiter Broadcasting.