Documentation – Jupiter Broadcasting

Talk about a Happy New Year. The reason: it turns out we’re not dead. In fact, we’re more alive than ever, thanks to a rescue by readers—specifically, by the hackers who run Private Internet Access.

This is exactly what we had hoped for in recent years, but hardly expected. Really and truly, I waited to put up our farewell post until all hope was lost. But hey, it turns out you don’t have to believe in miracles to experience one, because that’s exactly what happened here.

Second, they’re eager to support us in building Linux Journal 2.0 around the substantial core of devoted readers we had through the many years of Linux Journal 1.x. And, this means we need to hear from you!

Google’s experimental Fuchsia OS can now run on the Pixelbook

Google’s in-development operating system, Fuchsia, has a new development device: The Google Pixelbook. Google’s $1,000 laptop usually runs Chrome OS, but with the latest Fuchsia builds, you can swap out the browser-based OS for Google’s experimental operating system.

Fuchsia is still incredibly difficult to get running. Along with the Pixelbook, Fuchsia only supports two other obscure pieces of hardware: an Acer Switch Alpha 12 laptop and old Intel NUCs from 2015.

The extreme difficulty in getting Fuchsia to run reinforces the fact that Fuchsia is currently a secret, deep-in-development operating system that Google isn’t really ready to talk about or encourage people to try just yet.

TING

Ting – mobile that makes sense

‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.

Details of the vulnerability within Intel’s silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft’s Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue.

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.

The mysterious case of the Linux Page Table…

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

An introduction to Joplin, an open source Evernote alternative

Joplin is an open source cross-platform note-taking and to-do application. It can handle a large number of notes, organized into notebooks, and can synchronize them across multiple devices.The notes can be edited in Markdown, either from within the app or with your own text editor, and each application has an option to render Markdown with formatting, images, URLs, and more.

As such, its synchronization is designed without any hard dependency to any particular service. Most of the synchronization process is done at an abstract level, and access to external services, such as OneDrive or Dropbox, is done via lightweight drivers.

Joplin was designed as a replacement for Evernote, so it can import complete Evernote notebooks, as well as notes, tags, resources (attached files), and note metadata (such as author, geolocation, etc.) via ENEX files.

Valve: Linux Catbot VAC ban claims were hoaxed by hackers to ‘sow distrust among anti-cheat systems’

initially wrote that Valve was banning Linux users with Linux usernames that included the word ‘catbot’, but Valve has said those claims were a “tactic employed by cheaters to try and sow discord and distrust among anticheat systems”.

“Linux historically hasn’t been a problem for cheating–the base rate of cheating is significantly lower on Linux than it is on Windows. Unfortunately, a ‘healthy’ community of cheaters grew up around catbot on linux and their impact on TF became large enough that they simply could no longer be ignored. Those banned users are very annoyed that VAC has dropped the hammer on them.”

Linux Academy

Linux Academy | Linux and AWS Online Training

2017 Best Practices

Bad predictions and plans for maintenance

All the Annoying Tech Chores You Need to Do When You Have Time

Like your car, or your kitchen, your tech devices will run best when they’re maintained properly—and that means finding time to do all those low-level maintenance tasks that aren’t much fun, but can keep everything stable and smooth, and avoid problems in the future.

Update your Software
Go through old files and free up some space
Monitor for problems
Get Organized
Update router and other firmware
Move to the cloud?

Linux resolutions for 2018

It’s always a good idea to start a new year with renewed intentions to be even better users and administrators of our Linux systems.

Automate the boring stuff
Learn a new language
Try a new OS
Focus on Security
Restore those backups!
Document, Document, Document
Most importantly, have some fun!

The post Invest In Popcorn | LINUX Unplugged 230 first appeared on Jupiter Broadcasting.

Schoolhouse Exploits | TechSNAP 296

chris — Thu, 08 Dec 2016 21:37:05 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Project Zero: Breaking the chain

“Much as we’d like it to be true, it seems undeniable that we’ll never fix all security bugs just by looking for them. One of most productive ways to dealing with this fact is to implement exploit mitigations. Project Zero considers mitigation work just as important as finding vulnerabilities. Sometimes we can get our hands dirty, such as helping out Adobe and Microsoft in Flash mitigations. Sometimes we can only help indirectly via publishing our research and giving vendors an incentive to add their own mitigations.”
“This blog post is about an important exploit mitigation I developed for Chrome on Windows. It will detail many of the challenges I faced when trying to get this mitigation released to protect end-users of Chrome. It’s recently shipped to users of Chrome on Windows 10 (in M54), and ended up blocking the sandbox escape of an exploit chain being used in the wild.”
“It’s possible to lockdown a sandbox such as Chrome’s pretty comprehensively using Restricted Tokens. However one of the big problems on Windows is locking down access to system calls. On Windows you have both the normal NT system calls and Win32k system calls for accessing the GUI which combined represents a significant attack surface.”
“While the NT system calls do have exploitable vulnerabilities now and again (for example issue 865) it’s nothing compared to Win32k. From just one research project alone 31 issues were discovered, and this isn’t counting the many font issues Mateusz has found and the hundreds of other issues found by other researchers.”
“Much of Win32k’s problems come from history. In the first versions of Windows NT almost all the code responsible for the windowing system existed in user-mode. Unfortunately for 90’s era computers this wasn’t exactly good for performance so for NT 4 Microsoft moved a significant portion of what was user-mode code into the kernel (becoming the driver, win32k.sys). This was a time before Slammer, before Blaster, before the infamous Trustworthy Computing Memo which focussed Microsoft to think about security first. Perhaps some lone voice spoke for security that day, but was overwhelmed by performance considerations. We’ll never know for sure, however what it did do was make Win32k a large fragile mess which seems to have persisted to this day. And the attack surface this large fragile mess exposed could not be removed from any sandboxed process.”
“That all changed with the release of Windows 8. Microsoft introduced the System Call Disable Policy, which allows a developer to completely block access to the Win32k system call table. While it doesn’t do anything for normal system calls the fact that you could eliminate over a thousand win32k system calls, many of which have had serious security issues, would be a crucial reduction in the attack surface.”
“However no application in a default Windows installation used this policy (it’s said to have been introduced for non-GUI applications such as on Azure) and using it for something as complex as Chrome wasn’t going to be easy. The process of shipping Win32k lockdown required a number of architectural changes to be made to Chrome. This included replacing the GDI-based font code with Microsoft’s DirectWrite library. After around two years of effort Win32k lockdown was shipping by default.”
The problem is that plugins, like Flash and PDFium, run via the PPAPI, and cannot have access to the Win32k blocked
“This would seem a pretty large weak point. Flash has not had the best security track record (relevant), making the likelihood of Flash being an RCE vector very high. Combine that with the relative ease of finding and exploiting Win32k vulnerabilities and you’ve got a perfect storm.”
“It would seem reasonable to assume that real attackers are finding Win32k vulnerabilities and using them to break out of restrictive sandboxes including Chrome’s using Flash as the RCE vector. The question was whether that was true. The first real confirmation that this was true came from the Hacking Team breach, which occurred in July 2015. In the dumped files was an unfixed Chrome exploit which used Flash as the RCE vector and a Win32k exploit to escape the sandbox. While both vulnerabilities were quickly fixed I came upon the idea that perhaps I could spend some time to implement the lockdown policy for PPAPI and eliminate this entire attack chain.”
“For a better, more robust solution I needed to get changes made to Flash. I don’t have access to the Flash source code, however Google does have a good working relationship with Adobe and I used this to get the necessary changes implemented. It turned out that there was a Pepper API which did all that was needed to replace the GDI font handling, pp::flash::FontFile. Unfortunately that was only implemented on Linux, however I was able to put together a proof-of-concept Windows implementation of pp::flash::FontFile and through Xing Zhang of Adobe we got a full implementation in Chrome and Flash.”
So, with some work, most of the code in Flash that needed access to the Win32k API could be removed, so access to it could be blocked
“From this point I could enable Win32k lockdown for plugins and after much testing everything seemed to be working, until I tried to test some DRM protected video. While encrypted video worked, any Flash video file which required output protection (such as High-bandwidth Digital Content Protection (HDCP)) would not.”
“Still this presents a problem, as video along with games are some of the only residual uses of Flash. In testing, this also affected the Widevine plugin that implements the Encrypted Media Extensions for Chrome. Widevine uses PPAPI under the hood; not fixing this issue would break all HD content playback.”
“The ideal way of fixing this would be to implement a new API in Chrome which exposed enabling HDCP then get Adobe and Widevine to use that implementation. It turns out that the Adobe DRM and Widevine teams are under greater constraints than normal development teams. After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash. I was able to have meetings with Widevine (they’re part of Google) and the Adobe DRM team but in the end I decided to go it alone and implement redirection of these APIs as part of the sandbox code.”
It seems that the DRM code is so locked down, that even the developers at the companies that created it, cannot modify it
So the Chrome developer just created a compatibility layer, that brokers the Win32k calls to a separate process, that is outside of the Win32k API blocking, so the calls can succeed
“From the first patch submitted in September 2015 to the final patch in June it took almost 10 months of effort to come up with a shipping mitigation. The fact that it’s had its first public success (and who knows how many non-public ones) shows that it was worth implementing this mitigation.”
“In the latest version of Windows 10, Anniversary Edition, Microsoft have implemented a Win32k filter which makes it easier to reduce the attack surface without completely disabling all the system calls which might have sped up development. Microsoft are also taking pro-active effort to improve the Win32k code base.”

‘Avalanche’ Global Fraud Ring Dismantled

“In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.”
“The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the high number of malware families managed through the platform.”
“The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, 5 individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. Also, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing[1] to combat botnet[2] infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked.”
“Built as a criminal cloud-hosting environment that was rented out to scammers, spammers other ne’er-do-wells, Avalanche has been a major source of cybercrime for years. In 2009, when investigators say the fraud network first opened for business, Avalanche was responsible for funneling roughly two-thirds of all phishing attacks aimed at stealing usernames and passwords for bank and e-commerce sites. By 2011, Avalanche was being heavily used by crooks to deploy banking Trojans.”
““Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data,” the NCA said in a statement released today on the takedown. The criminals used the stolen information for fraud or extortion. At its peak 17 different types of malware were hosted by the network, including major strains with names such as goznym, urlzone, pandabanker and loosemailsniffer. At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.””
“The Avalanche network was especially resilient because it relied on a hosting method known as fast-flux, a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind an ever-changing network of compromised systems acting as proxies.”
By constantly changing addresses, it is hard for researchers and others to report the compromised hosts. Even when trying constant lookups, a researcher will only see a fraction of the actual hosts in the network.
“It’s worth noting here that Avalanche has for many years been heavily favored by crime gangs to deploy Zeus and SpyEye malware variants involved in cleaning out bank accounts for a large number of small to mid-sized businesses. These attacks relied heavily on so-called “money mules,” people willingly or unwittingly recruited into helping fraudsters launder stolen funds.”
“The Shadowserver Foundation, a non-profit organization of security professionals that assisted in what the organization described in a post on the takedown as an 18-month collaboration with law enforcement, described Avalanche as a “Double Fast Flux” botnet. Individual nodes within the botnet are registered and then quickly de-registered as the host associated with a Domain Name Service A address record for a single DNS name The destination addresses for a DNS record often change as quickly as once every 5 minutes, and can cycle through hundreds or thousands of IP addresses. And there are multiple domain names for command and control nodes hard-coded into the botnet malware, allowing the bots to switch to a different domain name if a specific domain is blocked.”
Additional Coverage
EuroPol Announcement
EuroPol Technical Infographic

Meet the men who spy on women through their webcams

The article describes some miscreants using RATs (Remote Administration Trojans) to control people’s computers, then using it to harass them and/or spy on them in various ways
It describes a scenario of a ratter watching and taunting a victim. Trying to scare and shock them
“See! That shit keeps popping up on my fucking computer!” says a blond woman as she leans back on a couch, bottle-feeding a baby on her lap.
“The woman is visible from thousands of miles away on a hacker’s computer. The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman’s screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun. He enters a series of shock and pornographic websites and watches them appear on the woman’s computer.”
“The woman is startled. “Did it scare you?” she asks someone off camera. A young man steps into the webcam frame. “Yes,” he says. Both stare at the computer in horrified fascination. A picture of old naked men appears in their Web browser, then vanishes as a McAfee security product blocks a “dangerous site.””
“Far away, the hacker opens his “Fun Manager” control panel, which provides a host of tools for messing with his RAT victims. He can hide their Windows “Start” button or the taskbar or the clock or the desktop, badly confusing many casual Windows users. He can have their computer speak to them. Instead, he settles for popping open the remote computer’s optical drive”
“Copies of the incident aren’t hard to find. They’re on YouTube, along with thousands of other videos showing RAT controller (or “ratters,” as they will be called here) taunting, pranking, or toying with victims. But, of course, the kinds of people who watch others through their own webcams aren’t likely to limit themselves to these sorts of mere hijinks—not when computers store and webcams record far more intimate material.”
“”Man I feel dirty looking at these pics,” wrote one forum poster at Hack Forums, one of the top “aboveground” hacking discussion sites on the Internet (it now has more than 23 million total posts). The poster was referencing a 134+ page thread filled with the images of female “slaves” surreptitiously snapped by hackers using the women’s own webcams. “Poor people think they are alone in their private homes, but have no idea they are the laughing stock on HackForums,” he continued. “It would be funny if one of these slaves venture into learning how to hack and comes across this thread.””
“Whether this would in fact be “funny” is unlikely. RAT operators have nearly complete control over the computers they infect; they can (and do) browse people’s private pictures in search of erotic images to share with each other online. They even have strategies for watching where women store the photos most likely to be compromising.”
I have always found people’s storage and organization strategies fascinating, especially for material they are trying to ‘hide in plain sight’
“RAT tools aren’t new; the hacker group Cult of the Dead Cow famously released an early one called BackOrifice at the Defcon hacker convention in 1998. The lead author, who went by the alias Sir Dystic, called BackOrifice a tool designed for “remote tech support aid and employee monitoring and administering [of a Windows network].” But the Cult of the Dead Cow press release made clear that BackOrifice was meant to expose “Microsoft’s Swiss cheese approach to security.” Compared to today’s tools, BackOrifice was primitive. It could handle the basics, though: logging keystrokes, restarting the target machine, transferring files between computers, and snapping screenshots of the target computer.”
“”I seem to get a lot of female slaves by spreading Sims 3 with a [RAT] server on torrent sites,” wrote one poster. Another turned to social media, where “I’ve been able to message random hot girls on facebook (0 mutual friends) and infect (usually become friends with them too); with the right words anything is possible.””
“Calling most of these guys “hackers” does a real disservice to hackers everywhere; only minimal technical skill is now required to deploy a RAT and acquire slaves. Once infected, all the common RAT software provides a control panel view in which one can see all current slaves, their locations, and the status of their machines. With a few clicks, the operator can start watching the screen or webcam of any slave currently online.”
“One of the biggest problems ratters face is the increasing prevalence of webcam lights that indicate when the camera is in use. Entire threads are devoted to bypassing the lights, which routinely worry RAT victims and often lead to the loss of slaves.”
“Unfortunately she asked her boyfriend why the light on her cam kept coming on,” one RAT controller wrote. “And he knew, she never came back :)”
“RATs can be entirely legitimate. Security companies have used them to help find and retrieve stolen laptops, for instance, and no one objects to similar remote login software such as LogMeIn. The developers behind RAT software generally describe their products as nothing more than tools which can be used for good and ill. And yet some tools have features that make them look a lot like they’re built with lawlessness in mind.”
“RATs aren’t going away, despite the occasional intervention of the authorities. Too many exist, plenty of them are entirely legal, and source code is in the wild (a version of the Blackshades source leaked in 2010). Those who don’t want to end up being toyed with in a YouTube video are advised to take the same precautions that apply to most malware: use a solid anti-malware program, keep your operating system updated, and make sure plugins (especially Flash and Java) aren’t out of date. Don’t visit dodgy forums or buy dodgy items, don’t click dodgy attachments in e-mail, and don’t download dodgy torrents. Such steps won’t stop every attack, but they will foil many casual users looking to add a few more slaves to their collections.”
“If you are unlucky enough to have your computer infected with a RAT, prepare to be sold or traded to the kind of person who enters forums to ask, “Can I get some slaves for my rat please? I got 2 bucks lol I will give it to you :b” At that point, the indignities you will suffer—and the horrific website images you may see—will be limited only by the imagination of that most terrifying person: a 14-year-old boy with an unsupervised Internet connection.”
Honestly, this article was rather tame in its list of possibly things the ratters could do to you.
To pay off webcam spies, Detroit kid pawns $100k in family jewels for $1,500

Feedback:

Round Up:

The post Schoolhouse Exploits | TechSNAP 296 first appeared on Jupiter Broadcasting.

The Sonic Philosophy | CR 147

chris — Mon, 30 Mar 2015 14:52:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Transitions in life comes in many forms, work, relationships, gadgets. How we deal with the process of transition is key & why we shouldn’t be anxious about a transition, even if it’s a difficult one.

Plus a bit about GitHub’s ongoing DDoS, switching from PHP to Ruby & a new contender for the perfect Linux dev rig.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Feedback

Dev World Hoopla

GitHub suffers ‘largest DDoS’ attack in site’s history

GitHub is suffering a DDoS attack deemed the largest in the website’s history and believed to originate from China.

The coding website is a popular repository for projects from game engines to security applications and web app frameworks, and is used by programmers and tech firms to develop and share tools. Since Thursday, the website has been under fire in a DDoS attack of a scale which has forced GitHub staff to rally and attempt to mitigate access problems.

In a blog post last week, GitHub said the distributed denial of service (DDoS) attack is the largest in github.com’s history. Beginning on March 26, at the time of writing the onslaught is yet to end.

GitHub says the attack “involves a wide combination of attack vectors,” which “includes every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub says.

The “specific class” of content may be related to China. As reported by the Wall Street Journal, GitHub’s traffic surge is based on visits intended for China’s largest search engine, Baidu. Security experts told the p

Transitions

The process or a period of changing from one state or condition to another.
Undergo or cause to undergo a process or period of transition.
Transition can be a lot of things… You view on a technology, the status of a relationship, or a job.
We should not resist the process of transition. Without it, we can’t eventually fix whatever needs fixing, move forward, and arrive at our destination.

The post The Sonic Philosophy | CR 147 first appeared on Jupiter Broadcasting.

How Non-Devs Can Help Linux | LAS 350

chris — Sun, 01 Feb 2015 19:20:50 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

What are the best options for non-coders and developers to contribute to their favorite open source project? We’ll break down some of the barriers we’ve faced & approaches we like to help out in a non-development capacity.

Plus the common ways the Ghost vulnerability is being exploited, how you can do your taxes under Linux & a few surprises!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Contribution to open source when your not a developer

Brought to you by: System76

Problems we’ve faced trying to help

Who could use the money the most ie: Mozilla vs Tox
Abandoned IRC, unclear if anyone still “owning” the project.
Mixed ways of funding. I want to contribute, but each project has their own payment system, and way of handling it.

Non-Monetary ways to help

Advocation for software,
Documentation
Community outreach
Bug Triage, find dupes, discover missing information developers would need to fully troubleshoot.

— PICKS —

Runs Linux

Samsung Smart Refrigerator

The Samsung 4-Door refrigerator with 8″ Wi-Fi Enabled LCD will allow you to browse the web, access apps and connect to other Samsung smart devices – opening up a world of interactive communication and entertainment.

Samsung’s new smart fridge mirrors your smart phone

Desktop App Pick

Gourmet Recipe Manager

Gourmet Recipe Manager is a recipe-organizer available for Windows, Linux, and other Unix systems.

Weekly Spotlight

BeansBooks

Easily create invoices and purchase orders, pay bills and track sales tax. Import and automatically categorize bank transactions.

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

WordPress, PHP Apps, Subject to Ghost glibc Attacks

“Less than 48 hours after the disclosure of the Ghost vulnerability in the GNU C library (glibc), researchers have uncovered that PHP applications, including the WordPress content management system, could be another weak spot and eventually in the crosshairs of attackers.

Ghost is a vulnerability in glibc that attackers can use against only a handful of applications right now to remotely run executable code and gain control of a Linux server. The vulnerability is a heap-based buffer overflow and affects all Linux systems, according to experts, and has been present in the glibc code since 2000. ???An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback???s post URL,??? wrote Sucuri research Marc-Alexandre Montpas in an advisory published Wednesday. ???And it does so by using gethostbyname(). So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.???”

LibreOffice gets a streamlined makeover, native alternatives for major Microsoft

The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft’s OOXML formats.

Official Google Drive Linux Client Screenshots Leaked

The screenshots above are bundled with the official Google Drive Mac client and they first appeared with version 1.18.7821.2489 (I checked the previous version and some random old versions and none contained these screenshots), released on October 30, 2014, which isn’t long ago and it most probably means that Google is testing Drive for Linux internally. So we might actually see an official release pretty soon.

Bill Gates Inadvertently Shows Off Ubuntu on His Facebook Page

The Internet is abuzz today after Bill Gates published an image on his Facebook page and a link towards his website with the text “15 years from now, most people in poor countries will be able to take classes online.” It’s a sound goal and it’s perfectly doable, but in the image posted on Facebook the operating system is Ubuntu.

— FEEDBACK —

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Find us on Google+

Find us on Twitter

Follow the network on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post How Non-Devs Can Help Linux | LAS 350 first appeared on Jupiter Broadcasting.

Building a Better Gnome | LINUX Unplugged 76

chris — Tue, 20 Jan 2015 19:13:31 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Christian Hergert the creator of Gnome Builder joins us to discuss his projects funding campaign, quitting his full time job to work on open source & answering a major concern of developers looking to target Linux.

Ubuntu announces their Internet of Things OS, we’re a bit skeptical. Plus Linus takes a firm stance on public disclosure of vulnerabilities & Kernel documentation.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Pre-Show:

SteamLeft

FU:

XPS 13 Ultrabook with Touch Screen Details | Dell
8GB RAM
512GB SSD
i7-5500U Processor
13.3-inch UltraSharp(TM) QHD+ (3200 x 1800) display
McAfee(R) Live Safe Image (Trial Version)
An Early Look At Intel 5Th Gen Core Series Broadwell Performance For Notebooks

In some quick-take graphics and gaming tests, we’re seeing something like a 20 percent boost over the previous generation, which is a major upgrade for most users.

USD charts | BitcoinAverage – bitcoin price index

Mark Shuttleworth » Smart things powered by snappy Ubuntu Core on ARM and x86

Transactional updates. App store. A huge range of hardware. Branding for device manufacturers.

In this release of Ubuntu Core we’ve added a hardware abstraction layer where platform-specific kernels live. We’re working commercially with the major silicon providers to guarantee free updates to every device built on their chips and boards. We’ve added a web device manager (“webdm”) that handles first-boot and app store access through the web consistently on every device. And we’ve preserved perfect compatibility with the snappy images of Ubuntu Core available on every major cloud today. So you can start your kickstarter project with a VM on your favourite cloud and pick your processor when you’re ready to finalise the device.

Robots embrace Ubuntu as it invades the internet of things

“Snappy” Ubuntu Core came out of Canonical‘s mobile efforts (which are yet to go anywhere) and was made available on Amazon Web Services, Microsoft Azure and the Google Cloud Platform at the end of 2014. Now it’s available for smart devices, and Canonical has already got players such as the Open Source Robotics Foundation (OSRF), drone outfit Erle Robotics and connected hub maker NinjaBlocks on board.

Security problems need to be made public: Linus Torvalds

In the Q&A session at Linux.conf.au, Torvalds also said he is pleased that the Linux kernel played a part in making free software more approachable and open.

“I actually think one of the things that Linux has been really good at … and this is going to raise a few hackles. I like open source, and I like this whole working together with commercial companies, and this whole notion that you don’t need to vilify people who also do closed source,” he said.

“So, for me personally, one of the big things I’m happy about is that I was part of the group, who tried to take — and now, this is when Tridge will stand up and give the other answer — who tried to take this very us against the world approach of free software and made it more open, not just in name, but also acceptable to people who don’t necessarily believe in our values, but believe that our model is better and that’s, to me, something that Linux was really instrumental in.

“At the same time, I’m really happy about Git too, because I think Git has spread more than the kernel in some respects, and maybe I’ll be remembered more for Git than Linux. We’ll see.”

Keynote: Linus Torvalds – YouTube

Runs Linux from the people:

Send in a pic/video of your runs Linux.
Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

Post-Show

Linux Mint Unveils Pocket-Sized ‘MintBox Mini’ PC – OMG! Ubuntu!

The post Building a Better Gnome | LINUX Unplugged 76 first appeared on Jupiter Broadcasting.

SouthEast LinuxFest Unplugged | LINUX Unplugged 46

chris — Tue, 24 Jun 2014 16:17:15 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’ve got another round of great exclusive interviews from the floor of SouthEast LinuxFest 2014.

Find out why Slackware is still going strong, the BSD kindness brigade & more!

Thanks to:

Direct Download:

RSS Feeds:

Show Notes:

FU:

Trolling Delays Linux Release Of The Stanley Parable

southeastlinuxfest – YouTube

New Shows : Tech Talk Today (Mon – Thur) HowTo Linux (Fridays)

Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

The post SouthEast LinuxFest Unplugged | LINUX Unplugged 46 first appeared on Jupiter Broadcasting.

Commit This Bit | BSD Now 41

chris — Thu, 12 Jun 2014 15:23:00 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week in the big show, we’ll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan.

As always, answers to your questions and all the latest news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD moves to Bugzilla

Historically, FreeBSD has used the old GNATS system for keeping track of bug reports
After years and years of wanting to switch, they’ve finally moved away from GNATS to Bugzilla
It offers a lot of advantages, is much more modern and actively maintained and
There’s a new workflow chart for developers to illustrate the new way of doing things
The old “send-pr” command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)
This will hopefully make reporting bugs a lot less painful

DIY NAS: EconoNAS 2014

We previously covered this blog last year, but the 2014 edition is up
More of a hardware-focused article, the author details the parts he’s using for a budget NAS
Details the motherboard, RAM, CPU, hard drives, case, etc
With a set goal of $500 max, he goes just over it – $550 for all the parts
Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions

DragonflyBSD 3.8 released

Justin announced the availability of DragonflyBSD 3.8.0
Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts
It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions
Work continues on for the Intel graphics drivers, but it’s currently limited to the HD4000 and Ivy Bridge series
See the release page for more info and check the link for source-based upgrade instructions

OpenZFS European conference 2014

There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure
Matt Ahrens, Introduction
Michael Alexander, FhGFS performance on ZFS
Andriy Gapon, Testing ZFS on FreeBSD
Luke Marsden, HybridCluster: ZFS in the cloud
Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS
Chris George, DDRdrive ZIL accelerator: random write revelation
Grenville Whelan, High-Availability
Phil Harman, Harman Holistic
Mark Rees, Storiant and OpenZFS
Andrew Holway, EraStor ZFS appliances
Dan Vâtca, Syneto and OpenZFS
Luke Marsden, HybridCluster and OpenZFS
Matt Ahrens, Delphix and OpenZFS
Check the link for slides and other goodies

Interview – Benedict Reuschling – bcr@freebsd.org

BSD documentation, getting commit access, unix education, various topics

News Roundup

Getting to know your portmgr, Steve Wills

“It is my pleasure to introduce Steve Wills, the newest member of the portmgr team”
swills is an all-round good guy, does a lot for ports (especially the ruby ports)
In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more
He used to work for Red Hat, wow

BSDTalk episode 242

This time on BSDTalk, Will interviews Chris Buechler from pfSense
Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes
They also touch on recent concerns in the pfSense community about their license change, that they may be “going commercial” and closing the source – so tune in to find out what their future plans are for all of that

Turn old PC hardware into a killer home server

Lots of us have old hardware lying around doing nothing but collecting dust
Why not turn that old box into a modern file server with FreeNAS and ZFS?
This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)
Most of our users are already familiar with all of this stuff, nothing too advanced
Good to see BSD getting some well-deserved attention on a big mainstream site

Unbloating the VAX install CD

After a discussion on the VAX mailing list, something very important came to the attention of the developers…
You can’t boot NetBSD on a VAX box with 16MB of RAM from the CD image
This blog post goes through the developer’s adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller
In the end, he got it booting – and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM…

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview or have a tutorial you’d like to see, let us know
The DNSCrypt tutorial has been updated to reflect the newest version
There were some more serious OpenSSL security problems, make sure your systems get patched as soon as possible
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Commit This Bit | BSD Now 41 first appeared on Jupiter Broadcasting.

PXE Dust | BSD Now 32

chris — Thu, 10 Apr 2014 18:43:25 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We show off OpenBSD\’s new \”autoinstall\” feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now – it\’s the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD ASLR status update

Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD
He\’s implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)
Work has also started on testing ASLR on ARM, using a Raspberry Pi
He\’s giving a presentation at BSDCan this year about his ASLR work
While we\’re on the topic of BSDCan…

BSDCan tutorials, improving the experience

Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials
The tutorials are called \”Building the network you need with PF, the OpenBSD packet filter\” and \”Transitioning to OpenBSD 5.5\” – both scheduled to last three hours each
He\’s requesting anyone that\’ll be there to go ahead and contact him, telling him exactly what you\’d like to learn
There\’s also a bit of background information about the tutorials and how he\’s looking to improve them
If you\’re interested in OpenBSD and going to BSDCan this year, hit him up

pkgsrc-2014Q1 released

The new stable branch of pkgsrc packages has been built and is ready
Python 3.3 is now a \”first class citizen\” in pkgsrc
14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64
There\’s a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD – you could even use pkgsrc instead of pkgng or ports if you were so inclined
They\’re also looking into signing packages

Only two holes in a heck of a long time, who cares?

A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list
He questions \”what\’s the big deal\” about OpenBSD\’s slogan being \”Only two remote holes in the default install, in a heck of a long time!\”
Luckily, the community and Theo set the record straight about why you should care about this
Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD
It spawned a discussion about ease of management and Linux\’s poor security record, definitely worth reading

Interview – Dru Lavigne – dru@freebsd.org / @bsdevents

FreeBSD\’s documentation printing, documentation springs, various topics

Tutorial

Automatic, unattended OpenBSD installs with PXE

News Roundup

pfSense 2.1.1 released

A new version of pfSense is released, mainly to fix some security issues
Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router
There are also some NIC driver updates and other things
Of course if you want to learn more about pfSense, watch episode 25
2.1.2 is already up for testing too

FreeBSD gets UEFI support

It looks like FreeBSD\’s battle with UEFI may be coming to a close?
Ed Maste committed a giant list of patches to enable UEFI support on x86_64
Look through the list to see all the details and information
Thanks FreeBSD foundation!

Ideas for the next DragonflyBSD release

Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release
They\’re aiming for late May for the next version
Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support
Gasp, they\’re even considering dropping i386

PCBSD weekly digest

Lots of new PBI updates for 10.0, new runtime implementation
New support for running 32 bit applications in PBI runtime
Autodetection for DVD / Audio CD insertion / plus playback
Latest GNOME 3 and Cinnamon merged, new edge package builds

Feedback/Questions

BSD Now has an official IRC channel now. #bsdnow on irc.freenode.net
All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
Just a quick reminder: If you\’re running OpenSSL 1.0.1 through 1.0.1f please update it and regenerate, rotate and revoke your keys if you run a server with HTTPS, IMAPS, etc – huge security hole! (Also DES offers some insight on the FreeBSD security process)
We\’re lucky it wasn\’t OpenSSH

The post PXE Dust | BSD Now 32 first appeared on Jupiter Broadcasting.

Documentation is King | BSD Now 30

chris — Thu, 27 Mar 2014 21:38:46 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We chat with Warren Block to discuss BSD documentation efforts and future plans. If you\’ve ever wondered about the scary world of mailing lists, today\’s tutorial will show you the basics of how to get help and contribute back. There\’s lots to get to today, so sit back and enjoy some BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD on a Sun T5120

Our buddy Ted Unangst got himself a cool Sun box
Of course he had to write a post about installing and running OpenBSD on it
The post goes through some of the quirks and steps to go through in case you\’re interested in one of these fine SPARC machines
He\’s also got another post about OpenBSD on a Dell CS24-SC server

Bhyvecon 2014 videos are up

Like we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon
The talks have apparently already been uploaded!
Subjects include Bhyve\’s past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization
Lots more detail in the videos, so check \’em all out

Building a FreeBSD wireless access point

We\’ve got a new blog post about creating a wireless access point with FreeBSD
After all the recent news of consumer routers being pwned like candy, it\’s time for people to start building BSD routers
The author goes through a lot of the process of getting one set up using good ol\’ FreeBSD
Using hostapd, he\’s able to share his wireless card in hostap mode and offer DHCP to all the clients
Plenty of config files and more messy details in the post

Switching from Synology to FreeNAS

The author has been considering getting a NAS for quite a while and documents his research
He was faced with the compromise of convenience vs. flexibility – prebuilt or DIY
After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice
The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
Speaking of FreeNAS…

This episode was brought to you by

Interview – Warren Block – wblock@freebsd.org

FreeBSD\’s documentation project, igor, doceng

Tutorial

The world of BSD mailing lists

News Roundup

HAMMER2 work and notes

Matthew Dillon has posted some updated notes about the development of the new HAMMER version
The start of a cluster API was committed to the tree
There are also links to design document, a freemap design document, that should be signed with a digital signing software from the
sodapdf esign site

BSD Breaking Barriers

Our friend MWL gave a talk at NYCBSDCon about BSD \”breaking barriers\”
\”What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We\’ll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years.\”
He also has another upcoming talk, (or \”webcast\”) called \”Beyond Security: Getting to Know OpenBSD\’s Real Purpose\”
\”OpenBSD is frequently billed as a high-security operating system. That\’s true, but security isn\’t the OpenBSD Project\’s main goal. This webcast will introduce systems administrators to OpenBSD, explain the project\’s mission, and discuss the features and benefits.\”
It\’s on May 27th and will hopefully be recorded

FreeBSD in a chroot

Finch, \”FreeBSD running IN a CHroot,\” is a new project
It\’s a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)
All the details and some interesting use cases are on the github page
He really needs to change the project name though

PCBSD weekly digest

Lots of bugfixes for PCBSD coming down the tubes
LZ4 compression is now enabled by default on the whole pool
The latest 10-STABLE has been imported and builds are going
Also the latest GNOME and Cinnamon builds have been imported and much more

Feedback/Questions

Bostjan writes in (IRC suggests md5deep)
Don writes in
kaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams)
Harri writes in

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
We wanted to give the Bay Area FreeBSD Users Group a special mention, if you\’re in the San Francisco Bay Area, there\’s a very healthy BSD community there and they regularly have meet-ups
If you listened to the audio-only version of this week\’s episode, you\’re really missing out on Warren\’s fun animations in the interview!

The post Documentation is King | BSD Now 30 first appeared on Jupiter Broadcasting.

The Big Xbone | CR 77

chris — Mon, 25 Nov 2013 12:35:28 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Is the Xbox One the next big App platform? We’ll share theories. Plus where do books fit in for self education? Are they too slow, or is there a place for the printed medium in a rapidly developing industry?

Plus a batch of your emails, our follow up, and more!

Thanks to:

Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Feedback

Akshay’s Email
Alex’s Email
Jed jumps in on the ergonomics / standing desk chat
How’s the Surface Pro going?

Dev World Hoopla

Chris and Mike get some new threads
XBox When?

Books for Learning Programming

The thread that got me thinking
Are books too slow?
Have Code School and similar services made programming books obsolete?
Did they ever really make a whole lot of sense?

Book of the Week

[asa]0385474547[/asa]
[asa]1451654960[/asa]

Who Owns the Future Audio Book

Follow the hosts and the show:

The post The Big Xbone | CR 77 first appeared on Jupiter Broadcasting.

Hiding in the Silence | TechSNAP 92

chris — Thu, 10 Jan 2013 17:40:46 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

A zero day vulnerability takes down some major wikis, how Polish researchers hide secret messages in Skype’s silence.

Plus quitting your job and make your successors life a little easier, a war story, and a big batch of your questions, and our answers!

All that and more on this week’s TechSNAP!

Thanks to:

GoDaddy.com

Use our code tech295 to get a .COM for $2.95.

Something else in mind? Use go20off5 to save 20% on your entire order!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Fill out my Wufoo form!

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Zero day vulnerability in MoinMoin wiki software takes down many Major Wikis

wiki.debian.org security breach
FreeBSD Wiki shutdown to avoid compromise: 503 wiki.FreeBSD.org is offline due to security issue
wiki.python.org Compromised : techsnap
If you had an account on any wiki powered by MoinMoin, it is recommended that you change the password on that account, and any other accounts that shared that password (don’t share passwords between sites)

Polish researchers hide secret messages in silence

A group from the Warsaw University of Technology (I was there a few months ago, for EuroBSDCon), have developed a way to communicate in secret using the silences during a skype call
The new form of steganography takes advantage of the specially formatted packets that the Skype protocol uses to denote silence (to try to suppress background noise and save bandwidth)
Skype transmits voice data in 130 byte packets, but packets representing silence are only 70 bytes long
They have created software called SkyDe (SkypeHide), which intercepts some of the silent packets and replaces them with an encrypted message. On the other end, the software decrypts the hidden message, which can contain text, audio or video.
The hidden messages are indistinguishable from a regular silence packet, and allow data to be transferred at up to 1 kilobit per second (128 bytes per second, not very useful for real time audio/video, but could easily hide text messages or files)
The researchers will be presenting the details of their system at the 1st ACM Workshop on Information Hiding and Multimedia Security in Montpellier, France, this June

Cloud ‘secure ftp’ client Accellion contains password reset bug

A security researcher investigating Facebook stumbled upon a bug that allowed him to reset the password of any facebook user whose email address he knew
By using his own account, and then modifying the parameters of an HTTP POST, the researcher was able to reset the password of any other user
The bug turned out to be in Accellion, a mobile file sharing application
The bug has since been fixed by Accellion and Facebook, but many private cloud instances are still vulnerable
The HTTP POST passed the new password and email address as parameters, and was only secured by a cookie containing referrer= base64 encoded email address
In a secure setup, this cookie should have at least been the MD5 of the email address and a secret key, something that an attacker could not predict/create
Youtube video demonstrating the attack

John McAfee – One man intelligence agency

John McAfee is a British American computer programmer, and the founder of McAfee Inc. (Acquired by Intel in 2010 for $7.68 billion)
On April 30, 2012 John McAfee’s home in Belize was raided, but he was never charged with a crime
After this incident, John McAfee decided to start fighting back
Below and some highlights from his blog post, detailing what he claims were his activities against the Belize government, and the results
He purchases 75 inexpensive laptops and infected them with malware that could log keystrokes, activate webcam and microphones, etc and reported the results back to him, and then released the packaging
He then began giving these laptops as gifts to government employees, police officers, Cabinet Minister’s assistants, girlfriends of powerful men, boyfriends of powerful women, etc
He also hired ‘social engineers’ to get close to certain people, to infect their computers, to change settings on their cell phones (disable auto-delete of old text messages), etc
With these key loggers in place, he was able to gain access to the usernames and passwords for email, facebook, and internal government accounts, as well as the content of emails and other correspondence, even if it was later deleted
With the webcam and microphone malware, he was also able to capture the face and voices of some of his targets
He also claims to have found evidence that the Belize government was issuing fake passports to lebanese terrorists to allow them to enter the United States

War Story:

Ben noted it has been a while since we’ve had a War Story, so he submitted this one:

*
It was the summer of 2005 and I was attending a local University of Wisconsin 2-year community college and working in IT there at the same time. The entire IT department consisted of my boss, who was the “everything admin,” myself, and one other student. That place was jinxed. Every time the boss left for any reason at all, all hell would break loose–whether it be our ISP would have an outage, power outages, fiber patches that would just die, or whatever. Needless to say, I was a bit nervous when my boss announced he was going to be gone fishing somewhere in Canada for 2 weeks with no access to a cellular signal. If anything broke that we couldn’t handle, we were to contact the higher-ups in Madison.

Everything ran smoothly Monday and Tuesday. Things were looking up. I arrived at work Wednesday morning and the dean met me at the door. He informed me that there was a power outage overnight and none of the admin staff had access to voicemail. I was not pleased to hear this as I had never so much as touched the voicemail system. The other student employee had never done anything with it either, but we decided to take a peek and see if we could figure it out. To make things even better, my office phone was dead and so were all the other phones in the newer buildings on campus.

The phone system at the campus was made up of two small Nortel DMS–100 switches. The first one was installed sometime in the early 1980s and was mostly full. This one serviced the older buildings on campus. The newer buildings were serviced by a newer DMS–100 that included a voicemail module on one of the line cards. I powered on the serial terminal sitting on top of the newer DMS–100 and found an error message indicating the source of the problem. One of the fans in the chassis failed and the unit would not boot until the fan had been replaced.

Nortel could have used a few lessons in making parts replaceable. It took 10 minutes of tinkering to get the front panel off and find the failed fan. It was completely seized up. A few more minutes with the screwdriver and the fan was removed. It looked like a standard 120mm case fan at first but then my co-worker noticed that it was a 24v fan. So much for that idea. I called down to Madison and talked to one of the admins there. Naturally, this unit hadn’t been covered under a service contract in the past 5 years or so. He told me to see what I could come up with.

I did some googling and found a few fans that might work, but none of them had a speed sensor wire and they would take a few days to arrive. That wasn’t going to work. My next thought was to get a 12v regulator or some resistors to build a regulator and run a standard 120mm fan. The physics lab didn’t have any of the parts I needed and the local Radio Shack was useless (I could do it now but back then I didn’t have the hardware skills to hack one together from the parts RS had…) Meanwhile, my co-worker was fooling around with the dead fan. He grabbed the fan blades and twisted and it came unstuck. It didn’t spin very well but we figured it might not have to. We went back downstairs and re-mounted the fan. I power-cycled the chassis while my co-worker used a can of compressed air to spin the blades of the fan. Success! The switch booted up. We quickly unhooked the fan so it wouldn’t short anything out and put the covers back on the cabinet. Luckily there were no line cards behind the fan so it’s failure wouldn’t affect the switch too much. Everything booted up and was stable. The bosses in Madison were impressed and said they would work on a replacement fan. When I left a year later there was still a can of compressed air on the top of the switch in case the power went out… Thinking back, I wonder what my tuition money got spent on.

Thanks for your continued efforts on TechSnap, LAS, Unfilter, Coder Radio, Sci Byte, and the Faux Show. They keep me company when the dog is running me after work.

A subscriber and serial affiliate user,

Ben

Feedback:

Round-Up:

The post Hiding in the Silence | TechSNAP 92 first appeared on Jupiter Broadcasting.

Process Them! | CR 19

chris — Mon, 15 Oct 2012 11:01:22 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Sometimes we need a little process to get the job done. Mike and Chris discuss the challenges of getting things done your own way, while adapting to the needs of the job, or the project.

Plus practical advice on building a better workflow can naturally lead to better communication, and setting proper expectations.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Show Notes:

Feedback

Macarthur’s got the quote of the week ‘Anyway, I do agree with you that it\’s not perfect, but no language will stop people from writing bad code, nothing ever will.’
Matt wants to know why I think students who learned Java can’t learn JavaScript Prototypical model and what I think of Codecademy and the like for learning JS.
Stephen writes in to share some resources on some low level / robotics development
Rutger has a question about a SQL database in Git and how to manage it.
Wouter writes in bemoaning Google Play’s insistence on credit cards rather than Paypal and wonders how that might affect app sales.
Colin sends in a letter as a Haskell program that shares information on other Haskell programs. Also, Colin shares that Haskell is the 18th most popular lang on Github.

This Week’s Dev World Hoopla

How Taxcloud Stole My Code…
The web is aflame with Typescript!
Brand new BitBucket.org!

Wait! What! I’m not a PM!

What do we mean by process?
Not just for PM’s anymore?
Why do I need this?

Internal Process Management

Effective coding techniques
Time management
Why I Don’t Do Unpaid Overtime…

External Process Management

Automate, Automate, Automate!
Communicate
Continuous deployment, if possible

Audiobook of the Week

Idea Man – Audio Book

Kindle/Paper:
[asa]B004CLYKM2[/asa]