Show Notes: linuxactionnews.com/251

The post Linux Action News 251 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/426

The post Storage Stories | TechSNAP 426 first appeared on Jupiter Broadcasting.

Episode Links:

linuxactionnews.com/92

The post Linux Action News 92 first appeared on Jupiter Broadcasting.

This week on the show, we’ve got something pretty different. We went to a Linux convention and asked various people if they’ve ever tried BSD and what they know about it. Stay tuned for that, all this week’s news and, of course, answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

LUKS in OpenBSD

• Last week, we were surprised to find out that DragonFlyBSD has support for dm-crypt, sometimes referred to as LUKS (Linux Unified Key Setup)
• It looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well
• LUKS would presumably be an additional option in OpenBSD’s softraid system, which already provides native disk encryption
• Support hasn’t been officially committed yet, it’s still going through testing, but the code is there if you want to try it out and report your findings
• If enabled, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe others BSDs will get it too in time)

FreeBSD gets 64bit Linux emulation

• For those who might be unfamiliar, FreeBSD has an emulation layer to run Linux-only binaries (as rare as they may be)
• The most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype
• Similar systems can also be found in NetBSD and OpenBSD (though disabled by default on the latter)
• However, until now, it’s only supported binaries compiled for the i386 architecture
• This new update, already committed to -CURRENT, will open some new possibilities that weren’t previously possible
• Meanwhile, HardenedBSD considers removing the emulation layer entirely

BSD at Open Source Conference 2015 Nagoya

• We’ve covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they’re expanding
• Their latest report includes many of the NetBSD things you’d expect, but also a couple OpenBSD machines
• Some of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi
• One new addition of interest is the OMRON LUNA88k, running the luna88k port of OpenBSD
• While at the event, NetBSD even revived their older luna68k port
• There was even an old cell phone running Windows games on NetBSD
• Check the mailing list post for some links to all of the nice pictures

LLVM introduces OpenMP support

• One of the things that has kept some people in the GCC camp is the lack of OpenMP support in LLVM
• According to the blog post, it “enables Clang users to harness full power of modern multi-core processors with vector units”
• With Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there
• This could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly

Interview – Eric, FSF, John, Jose, Kris and Stewart

Various “man on the street” style mini-interviews

News Roundup

BSD-licensed gettext replacement

• If you’ve ever installed ports on any of the BSDs, you’ve probably had GNU’s gettext pulled in as a dependency
• Wikipedia says “gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems”
• A new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it’s likely to be portable)
• If you’ve got some coding skills, get involved with the project – the more freely-licensed replacements, the better

Unix history git repo

• A git repository was recently created to show off some Unix source code history
• The repository contains 659 thousand commits and 2306 merges
• You can see early 386BSD commits all the way up to some of the more modern FreeBSD code
• If you want to browse through the giant codebase, it can be a great history lesson
• Paper with additional details and methodology

PCBSD 10.1.2 and Lumina updates

• We mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out
• This minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode
• There’s also a new post on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update

Feedback/Questions

• Jake writes in
• Van writes in
• Anonymous writes in
• Dominik writes in (text answer)
• Chris writes in

Mailing List Gold

• Death by chocolate

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’re recording two episodes next week, so some extra feedback email would be good

The post Vox Populi | BSD Now 91 first appeared on Jupiter Broadcasting.

What’s the best TrueCrypt alternative for Linux? We’ll introduce you to Tomb, a tool that sits on top of open source encryption tools you can trust, that come built into every install of Linux.

Plus we’ll demo native Netflix working on Linux without any plugins, the big changes coming to Fedora…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Tomb :: The Crypto Undertaker

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

All dependencies used in Tomb are common GNU/Linux components, well peer reviewed and found in most distributions. Plus there is no cloud service connected and no network connection needed: Tomb works entirely off-line, of course.

Because dm-crypt is a block-level encryption layer, it only encrypts full devices, full partitions and loop devices. To encrypt individual files requires a filesystem-level encryption layer, such as eCryptfs or EncFS. See Disk encryption for general information about securing private data.

LUKS and Tomb:

The Linux Unified Key Setup or LUKS is a disk-encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

While most disk encryption software implements different and incompatible, undocumented formats, LUKS specifies a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability amongst different programs, but also assures that they all implement password management in a secure and documented manner.1

The reference implementation for LUKS operates on Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend.

dm-crypt and Tomb:

dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel’s Crypto API.

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.

Installing Tomb:

• Tomb needs a few programs to be installed on a system in order to work:
  • zsh
  • gnupg
  • cryptsetup
  • steghide (not required, this is for stashing your key in a jpg)
  • pinentry-curses (or -gtk or -qt as you prefer)

Most systems provide these tools in their package collection, for instance on Debian/Ubuntu one can use ‘apt-get install’ on Fedora and CentOS one can use ‘yum install’

Install Tomb

• To install Tomb simply download the source distribution (the tar.gz file) and decompress it.
  • Arch users can install from the AUR – tomb
• Then enter its directory and run ‘make install’ as root, this will install Tomb into /usr/local:

  sudo make install

• After installation one can read the commandline help or read the manual:

  tomb -h
man tomb (show the full usage manual)

• At this point one can proceed creating a tomb, for instance:

  tomb dig -s 1000 secrets.tomb (be patient and wait a bit)
  tomb forge -k secrets.tomb.key (be patient and follow instructions)
  tomb lock -k secrets.tomb.key secrets.tomb

Mount your Tomb:

tomb open secret.tomb -k secret.tomb.key

• And after you are done:

tomb close

Key Storage:

Steganography helps here. Tomb offers the possibility to bury and exhume keys from jpeg images: if steghide is installed on a system then Tomb will offer this commands in its command-line help.

When securing your private data one of the bigger problems is represented by the fallacy of your memory: in some future you might forget where you left the keys.

This feature lets you keep in mind a certain picture rather than a position in a filesystem, much easy to remember. It also helps in hiding well the key and eventually communicating it without being suspicious, as it is very difficult to detect the presence of a key inside an image without knowing the password you used to seal it.

• Steghide

Hide the key

To hide the key inside an image file (jpeg):

tomb bury -k /path/to/key /path/to/file.jpg

Extractto the hidden key

To extract a pre-hidden key:

tomb exhume -k /path/to/newkeylocation /path/to/file.jpg

Advanced features

• steganography (to hide the key inside a jpeg/wav file)
• bind hooks: can mount some of its subdirectories as “bind” to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
• post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a “paranoid” status (for example, disabling swap), whatever.

Areas for improvement:

• Cleaner key management. IE not having to ever have the key sit on my file system.

• Intergration with Yubikey

• AUR (en) – tomb

• encfs – another option with some possible current issues

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE
library and Linux kernel module to provide the filesystem interface.
You can find links to source and binary releases below. EncFS is open
source software, licensed under the GPL.

— PICKS —

Runs Linux

Fish Who Plays Pokemon, Runs Linux – Twitch

• Catherine and Patrick are two developers from the HackNY Fellows Class of 2014 that attend school at the University of Chicago and Columbia University, respectively. You can follow them on twitter at @catmoresco and @plfacheris.

• Over 22,000 People Are Watching A Fish Play Pokemon By Swimming Around Its Fish Bowl – Business Insider

At the time of writing, over 22,000 are currently watching Grayson play Pokemon, with a little under 50,000 total views.

• An Exclusive Interview With the Fish Playing Pokemon | Motherboard

Desktop App Pick

serman – Dialog-based systemd service management.

“Serman is a simple dialog-based systemd service manager. It provides an easy way to manage services with an overview of what is currently enabled, running, etc.

The package currently includes the original version of serman based on the dialog and a complete rewrite using Python’s ncurses library. The latter is installed as serman2 for testing. It will soon replace the current version of serman.”

Skyward Collapse on Steam

How do you balance — and indeed encourage — a war between factions without letting either side obliterate the other? How do you rule over gods, creatures, and men who refuse to obey you? How do you build a landscape of villages when bandits and mythology are conspiring to tear it down?

Weekly Spotlight

KNOPPIX 7.4.0

Version 7.4.0 of KNOPPIX is based on the usual picks from Debian stable (wheezy) and newer Desktop packages from Debian/testing and Debian/unstable (jessie). It uses kernel 3.15.6 and xorg 7.7 (core 1.16.0) for supporting current computer hardware.

TalkingArch – Home

This is TalkingArch, a respin of the Arch Linux live CD/USB image modified to include speech and braille output for blind and visually impaired users.
Arch Linux
is designed to be simple, lightweight and flexible. TalkingArch retains all the features of the Arch Linux live image, but adds speech and braille packages to make it possible for blind and visually impaired users to install Arch Linux eyes-free

— NEWS —

Turin becomes the first Italian city to adopt Ubuntu and Open Office, saves millions of Euros!

The city administrators calculated that, updating the licences for all the PCs running Windows products will cost them a whopping 22 million Euros over a period of 5 years! At the same time, adopting Linux and open source alternatives will actually save them 6 million Euros during the same period.

It’s Now Possible To Play Netflix Natively On Linux Without Wine Plug-Ins

• Phoronix: It’s Now Possible To Play Netflix Natively On Linux Without Wine Plug-Ins

According to reader reports this Saturday morning, with just modifying the user-agent of the latest beta version of Google’s Chrome web browser, it’s possible to get Netflix running natively on Linux. Thanks to DRM support with HTML5 and Google’s Chrome developers moving quick to implement the support that’s backed by Netflix, you can today run Chrome and play Netflix videos without having to use Pipelight or any other plug-ins — the support simply works through having DRM’ed HTML5 video support.

• Chrome Web Store – User-Agent Switcher for Chrome

Flock 2014 Day One: The State of Copr

Miloslav Suchy delivered a report on the state of Copr yesterday at Flock that demonstrated just how far a service can go in one year. Work on Copr, the lightweight build service for contributor packages that aren’t yet in Fedora officially, started less than a year ago. But the service is already hosting more than 250GB of data and has churned out more than 25,000 builds!

What’s Copr? In a nutshell, it’s a system for building packages and offering repositories for packages that aren’t yet in Fedora or aren’t ready for Fedora – for example, GNOME 3.12 built for Fedora 20 for users who want to go to the latest GNOME before the next Fedora release. Or experimental builds of packages.

Wayland in GNOME

Jasper St. Pierre presented an overview of GNOME’s Wayland support on July 28. St. Pierre’s talk started off with an atypical question-and-answer session as he debugged some last-minute problems with his current Wayland session in GNOME’s Mutter.

— FEEDBACK —

• Someday Came Sooner Than Expected

• The Linux Desktop Getting me Down…

• PC-BSD

• The PC-BSD Tour | BSD Now 49

Add this to your queue

• The Xamarin Solution | CR 112 | A look at where the folks behind Mono are now

• Corner of Shame | CR 113 | Chris chats Oculus VR DK2, iOS8, Overcast.fm and calls

• Anyone out there using owncloud/mozilla_sync with ownCloud 7?

— CHRIS’ STASH —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— MATT’S STASH —

• Check out LINUX Unplugged
• Matt’s Articles
• Geek And The Gamer

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Tomb of Secrets | LAS 325 first appeared on Jupiter Broadcasting.