drive – Jupiter Broadcasting

Live Long and Floppy | TTT 228

chris — Tue, 05 Jan 2016 11:23:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We cover the breaking news out of CES, Ford’s new found love for the Amazon Echo, the first big LastPass release after LogmeIn & how Star Trek creator Gene Roddenberry’s words were freed from old floppy disks.

Plus our Kickstarter of the week & more!

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

The post Live Long and Floppy | TTT 228 first appeared on Jupiter Broadcasting.

EMerging Science | TTT 197

chris — Tue, 28 Jul 2015 10:13:57 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The new OnePlus 2 specs, price, availability & everything else you should know are out. Motorola doubles down on Moto X with Style, Play & updates Moto G. Microsoft’s Arrow Launcher for Android, Razer acquires OUYA & Scientists confirm ‘impossible’ EM Drive propulsion.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

The post EMerging Science | TTT 197 first appeared on Jupiter Broadcasting.

Open-source Market Penetration | Tech Talk Today 127

chris — Wed, 04 Feb 2015 11:12:10 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The FCC Chairman makes it clear, he plans to push for Title II classification of the Internet. Is Net Neutrality going to save us all? We’ll debate & discuss the mounting counter battle.

Plus Valve is about to reveal their openGL replacement & we take a look at an open source device that’s NSFW.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

FCC Chairman Tom Wheeler: This Is How We Will Ensure Net Neutrality

After more than a decade of debate and a record-setting proceeding that attracted nearly 4 million public comments, the time to settle the Net Neutrality question has arrived. This week, I will circulate to the members of the Federal Communications Commission (FCC) proposed new rules to preserve the internet as an open platform for innovation and free expression. This proposal is rooted in long-standing regulatory principles, marketplace experience, and public input received over the last several months.

Broadband network operators have an understandable motivation to manage their network to maximize their business interests. But their actions may not always be optimal for network users. The Congress gave the FCC broad authority to update its rules to reflect changes in technology and marketplace behavior in a way that protects consumers. Over the years, the Commission has used this authority to the public’s great benefit.

AT&T previews lawsuit it plans to file against FCC over net neutrality | Ars Technica

AT&T seems resigned to the near-certainty that the Federal Communications Commission will reclassify broadband as a common carrier service in order to enforce net neutrality rules. But it isn’t going to let the decision stand without a legal challenge, and the company is already telling the world what it’s going to argue in court.

“I have no illusions that any of this will change what happens on February 26,” when the FCC is expected to vote, AT&T Federal Regulatory VP Hank Hultquist wrote in a blog post yesterday. “But when the FCC has to defend reclassification before an appellate court, it will have to grapple with these and other arguments. Those who oppose efforts at compromise because they assume Title II rests on bullet proof legal theories are only deceiving themselves.”

Toshiba releases super-secure Encrypted USB Flash Drive with hardware-based encryption

“Available in 4GB ($95), 8GB ($112), 16GB ($140) and 32GB ($200) capacities, the Toshiba Encrypted USB Flash Drive uses a built-in mini-keyboard to authenticate access, incorporating a rechargeable battery so the user can enter a secure code before plugging into a USB port. Users simply enter their secure PIN and plug the drive into any USB 2.0 port on a compatible device. Once access is granted, the drive ‘unlocks’ the media, permitting clearance to all of the content stored on the drive. When the drive is removed from a USB port, the drive automatically re-locks and encrypts the stored media”, says Toshiba.

Serious bug in fully patched Internet Explorer puts user credentials at risk | Ars Technica

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.

The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions of Internet Explorer running the latest patches to visit maliciously crafted pages.

glNext: The Future of High Performance Graphics (Presented by Valve)

Join us for the unveiling of Khronos’ glNext initiative, the upcoming cross-platform graphics API designed for modern programming techniques and processors. glNext will be the singular choice for developers who demand peak performance in their applications. We will present a technical breakdown of the API, advanced techniques and live demos of real-world applications running on glNext drivers and hardware.

KICKSTARTER OF THE WEEK: The Mod – Multivibrating Open-Source Dildo | Indiegogo

The Mod is a great vibrator. It’s made from 100% silicone.
Its three powerful motors create amazing sensations, ranging from a lovely low
frequency rumble to patterns that move up and down the shaft. It is USB rechargeable,
and its built in buttons make it easy to control vibration patterns and
intensities.

The post Open-source Market Penetration | Tech Talk Today 127 first appeared on Jupiter Broadcasting.

How Non-Devs Can Help Linux | LAS 350

chris — Sun, 01 Feb 2015 19:20:50 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

What are the best options for non-coders and developers to contribute to their favorite open source project? We’ll break down some of the barriers we’ve faced & approaches we like to help out in a non-development capacity.

Plus the common ways the Ghost vulnerability is being exploited, how you can do your taxes under Linux & a few surprises!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Contribution to open source when your not a developer

Brought to you by: System76

Problems we’ve faced trying to help

Who could use the money the most ie: Mozilla vs Tox
Abandoned IRC, unclear if anyone still “owning” the project.
Mixed ways of funding. I want to contribute, but each project has their own payment system, and way of handling it.

Non-Monetary ways to help

Advocation for software,
Documentation
Community outreach
Bug Triage, find dupes, discover missing information developers would need to fully troubleshoot.

— PICKS —

Runs Linux

Samsung Smart Refrigerator

The Samsung 4-Door refrigerator with 8″ Wi-Fi Enabled LCD will allow you to browse the web, access apps and connect to other Samsung smart devices – opening up a world of interactive communication and entertainment.

Samsung’s new smart fridge mirrors your smart phone

Desktop App Pick

Gourmet Recipe Manager

Gourmet Recipe Manager is a recipe-organizer available for Windows, Linux, and other Unix systems.

Weekly Spotlight

BeansBooks

Easily create invoices and purchase orders, pay bills and track sales tax. Import and automatically categorize bank transactions.

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

WordPress, PHP Apps, Subject to Ghost glibc Attacks

“Less than 48 hours after the disclosure of the Ghost vulnerability in the GNU C library (glibc), researchers have uncovered that PHP applications, including the WordPress content management system, could be another weak spot and eventually in the crosshairs of attackers.

Ghost is a vulnerability in glibc that attackers can use against only a handful of applications right now to remotely run executable code and gain control of a Linux server. The vulnerability is a heap-based buffer overflow and affects all Linux systems, according to experts, and has been present in the glibc code since 2000. ???An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback???s post URL,??? wrote Sucuri research Marc-Alexandre Montpas in an advisory published Wednesday. ???And it does so by using gethostbyname(). So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.???”

LibreOffice gets a streamlined makeover, native alternatives for major Microsoft

The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft’s OOXML formats.

Official Google Drive Linux Client Screenshots Leaked

The screenshots above are bundled with the official Google Drive Mac client and they first appeared with version 1.18.7821.2489 (I checked the previous version and some random old versions and none contained these screenshots), released on October 30, 2014, which isn’t long ago and it most probably means that Google is testing Drive for Linux internally. So we might actually see an official release pretty soon.

Bill Gates Inadvertently Shows Off Ubuntu on His Facebook Page

The Internet is abuzz today after Bill Gates published an image on his Facebook page and a link towards his website with the text “15 years from now, most people in poor countries will be able to take classes online.” It’s a sound goal and it’s perfectly doable, but in the image posted on Facebook the operating system is Ubuntu.

— FEEDBACK —

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Find us on Google+

Find us on Twitter

Follow the network on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post How Non-Devs Can Help Linux | LAS 350 first appeared on Jupiter Broadcasting.

Macs Do Get Viruses | Tech Talk Today 87

chris — Thu, 06 Nov 2014 10:50:35 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

WireLurker is attacking iOS and Macs in China & researches say it could be the future of attacks for the platform. Google fires back at Dropbox & Microsoft by owning your “Open With” menu.

Plus what Office going free means for open source projects like LibreOffice.

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Drive now lets you open files in compatible Mac & PC apps w/ new Chrome extension | 9to5Google

Google announced today that it’s releasing a new Chrome extension called Application Launcher for Drive that allows users to open files directly from its Google Drive service in compatible apps on a Mac or PC. The extension adds an “Open With” option that will let users launch files in apps like, for example, Mac OS X’s Preview app or third-party editing apps like those from Adobe and Microsoft.

Users can enable the feature by installing the new Chrome extension from the Chrome Web Store and making sure files are synced using the latest version of the Drive app for Mac or PC. You’ll then be able to see compatible apps by right-clicking files and selecting “Open With” in Drive (as pictured above).

Researchers Discover New ‘WireLurker’ Malware Affecting Macs and iOS Devices in China – Mac Rumors

Researchers from Palo Alto Networks (via The New York Times) have published a research paper on WireLurker, a malware new family that’s been infecting both Mac OS and iOS systems over the course of the past six months. The researchers say that WireLurker, which is targeting users in China, “heralds a new era in malware attacking Apple’s desktop and mobile platforms.”

The WireLurker malware is the “biggest in scale” in the trojanized malware family, and it is able to attack iOS devices through OS X using USB. It’s said to be able to infect iOS applications similar to a traditional virus, and it is the first malware capable of installing third-party applications on non-jailbroken iOS devices “through enterprise provisioning.”

Thus far, WireLurker has been used in 467 OS X apps in the Maiyadi App Store, which is a third-party Mac app store in China. The apps have been downloaded 356,104 times, infecting hundreds of thousands of users.

According to the researchers, WireLurker looks for iOS devices connected via USB to an infected Mac, installing malicious third-party applications onto the device even without a jailbreak.

Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it’s able to request updates from attackers. It’s said to be under “active development” with an unclear “ultimate goal.”

Former NSA lawyer: the cyberwar is between tech firms and the US government | Technology | The Guardian

Former NSA general counsel Stewart Baker said on Tuesday.

Speaking at Web Summit in Dublin, Baker claimed that moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

“The state department has funded some of these tools, such as Tor, which has been used in Arab Spring revolutions or to get past the Chinese firewall, but these crypto wars are mainly being fought between the American government and American companies,” he said, in conversation with Guardian special projects editor James Ball.

Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

OnePlus One sales numbers: 500,000 smartphones sold to date, stretch goal of 1 million by year’s end | 9to5Google

OnePlus co-founder Carl Pei confirmed to Forbes that OnePlus One smartphone sales have eclipsed the 500,000 mark to date, adding that the Chinese company has a lofty goal of selling 1 million units by the end of the year.

Forbes claims that OnePlus has achieved half a million sales of its flagship One device, which has been available on an invite-only basis since April, with an advertising budget of just $300. That small figure was allocated towards OnePlus experimenting with Facebook advertising.

Models go for $299 and $349.

OnePlus has been able to sell its flagship One smartphone for so cheap because it is only barely profiting off each handset sold. “We’re making a single-figure dollar amount on each phone,” Pei told Forbes. “That’s not the way we’re going to make money in the future, it’s just to keep the operation going.”

Microsoft Changes Tack, Making Office Suite Free on Mobile

“We’d like to dramatically increase the number of people trying Office,” John Case, corporate vice president of Office marketing at Microsoft, said about the new offering. “This is about widening the funnel.”

Microsoft says it has more than 7 million consumers subscribing to Office 365. It says there have been more than 40 million downloads of its Office apps for the iPad. In its most recent quarter, which ended Sept. 30, Microsoft said its consumer Office revenue grew 7 percent.

By making an unabridged version of Office available for free on mobile, Microsoft is betting it can get even more people to start using the software, without stealing sales from the PC and Mac versions of the product, where it still makes truckloads of money.

The post Macs Do Get Viruses | Tech Talk Today 87 first appeared on Jupiter Broadcasting.

Grand Theft Depot | Tech Talk Today 54

chris — Mon, 08 Sep 2014 09:43:57 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Did Home Depot get struck by the same malware that attacked Target? How the FBI found the Silkroad server, and Reddit just got a big cash infusion… But is it enough?

Plus a nostalgic look back at the WORM drive & much more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Reddit Raising Big Funding Round With Help From Y Combinator Contacts

Reddit, the social news site with a big Web footprint, is raising a big funding round — with help from some of the people who helped launch the site nine years ago, including co-founder Alexis Ohanian and other people associated closely with startup incubator Y Combinator.

Sources said the site has reached a preliminary agreement to sell less than 10 percent of the company for more than $50 million. That could give the company a valuation of upwards of $500 million.

Home Depot Hit By Same Malware as Target — Krebs on Security

The apparent credit and debit card breach uncovered last week at Home Depot **was aided in part by a new variant of the same malicious software program that stole card account data from cash registers at **Target last December, according to sources close to the investigation.

A source close to the investigation told this author that an analysis revealed at least some of Home Depot’s store registers had been infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.

BlackPOS also was found on point-of-sale systems at Target last year. What’s more, cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator[dot]cc, the same underground cybercrime shop that sold millions of cards stolen in the Target attack.

—

Other clues in the new BlackPOS malware variant further suggest a link between the cybercrooks behind the apparent breach at Home Depot and the hackers who hit Target. The new BlackPOS variant includes several interesting text strings. Among those are five links to Web sites featuring content about America’s role in foreign conflicts, particularly in Libya and Ukraine.

One of the images linked to in the guts of the BlackPOS code.

Three of the links point to news, editorial articles and cartoons that accuse the United States of fomenting war and unrest in the name of Democracy in Ukraine, Syria, Egypt and Libya. One of the images shows four Molotov cocktails with the flags of those four nations on the bottles, next to a box of matches festooned with the American flag and match ready to strike. Another link leads to an image of the current armed conflict in Ukraine between Ukrainian forces and pro-Russian separatists.

Dread Pirate Sunk By Leaky CAPTCHA — Krebs on Security

“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”

“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”

Nik Cubrilovic – New Web Order » Analyzing the FBI’s Explanation of How They Located Silk Road

Doubts cast over FBI ‘leaky CAPTCHA’ Silk Road rapture • The Register

“The idea that the CAPTCHA was being served from a live IP is unreasonable. Were this the case, it would have been noticed not only by me — but the many other people who were also scrutinizing the Silk Road website. Silk Road was one of the most scrutinized sites on the web, for white hats because it was an interesting challenge and for black hats since it hosted so many Bitcoin (with little legal implication if you managed to steal them).”

Moreover, an externally hosted image would still be routed over Tor and any packet sniffer would be unable to detect the Silk Road’s IP address.

Cubrilovic claimed it was more likely the FBI found and exploited a security vulnerability or discovered an information leak in the Silk Road login page and application.

CenturyLink Said to Seek to Acquire Rackspace Hosting – Bloomberg

CenturyLink has discussed the idea with San Antonio-based Rackspace, which last month said it is still conducting an internal review of its strategic options, according to the people, who asked not to be identified talking about private information. One person said a deal may not be reached for the company, which had a stock-market valuation of $5.33 billion at the end of last week.

Odds of the deal going through are less than 50 percent unless Rackspace is willing to take payment in stock or enter a joint venture, Jaegers said. CenturyLink wants to avoid a debt downgrade that may come with financing a large deal, she said.

What is WORM (write once, read many)?

In computer storage media, WORM (write once, read many) is a data storage technology that allows information to be written to a disc a single time and prevents the drive from erasing the data. The discs are intentionally not rewritable, because they are especially intended to store data that the user does not want to erase accidentally. Because of this feature, WORM devices have long been used for the archival purposes of organizations such as government agencies or large enterprises. A type of optical media, WORM devices were developed in the late 1970s and have been adapted to a number of different media. The discs have varied in size from 5.25 to 14 inches wide, in varying formats ranging from 140MB to more than 3 GB per side of the (usually) double-sided medium. Data is written to a WORM disc with a low-powered laser that makes permanent marks on the surface.

IBM 3363 optical WORM drive | 102671161 | Computer History Museum

The post Grand Theft Depot | Tech Talk Today 54 first appeared on Jupiter Broadcasting.

Neckbeard Entitlement Factor | LINUX Unplugged 28

chris — Tue, 18 Feb 2014 18:01:13 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Michael Hall from Canonical joins us to discuss his personal views on what he’s coined the new 80/20 rule for open source. Are the consumers of open source the biggest hurdle to projects becoming sustainable?

Plus Valve might looking at your DNS history, getting young users to try Linux, and your feedback!

Thanks to:

Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

RSS Feeds:

Show Notes:

FU

HowTo Linux Show… Website?!
GNU/Linux for the younger generation
Chris thinks Internet savvy younger Linuxers will find the resources for the adults and adapt. They just need to be encouraged and told self education is not a bad thing.
Comments about the last LUP show…
Linux in school
Valve, VAC, and trust

There are a number of kernel-level paid cheats that relate to this Reddit thread[1] . Cheat developers have a problem in getting cheaters to actually pay them for all the obvious reasons, so they start creating DRM and anti-cheat code for their cheats. These cheats phone home to a DRM server that confirms that a cheater has actually paid to use the cheat.

VAC checked for the presence of these cheats. If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban. Less than a tenth of one percent of clients triggered the second check. 570 cheaters are being banned as a result.

Cheat versus trust is an ongoing cat-and-mouse game. New cheats are created all the time, detected, banned, and tweaked. This specific VAC test for this specific round of cheats was effective for 13 days, which is fairly typical. It is now no longer active as the cheat providers have worked around it by manipulating the DNS cache of their customers\’ client machines.

Michael Hall: A new 80/20 rule for open source Upstream Liaison

A new 80/20 rule for open source | Michael Hall

Put simply, this rule says that people will tend to appreciate it more when you give them 20% of something, and resent you if you give them 80%. It seems completely counter-intuitive, I know, but that\’s what I was seeing in all of those conversations. People by and large were saying that the reason Canonical and Mozilla were being judged so harshly was because they already did most of what those people wanted, which made them resented that they didn\’t do everything.

Mailsack:

The post Neckbeard Entitlement Factor | LINUX Unplugged 28 first appeared on Jupiter Broadcasting.

Predicting Drive Failures | TechSNAP 136

chris — Thu, 14 Nov 2013 17:32:17 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Preventing data at rest from rotting, Microsoft puts out the warning signal on RC4, and the International Space Station gets infected by malware.

Plus a fantastic batch of your questions, our answers, and much much more!

Thanks to:

Direct Download:

RSS Feeds:

Show Notes:

6 in 10 malware analysts in US have investigated or addressed a data breach that was never disclosed by their company

“The independent blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2013”
“These results indicate that known data breaches may be significantly underreported and are putting customers and partners at risk”
“according the survey, companies with more than 500 employees are even more likely to have had an unreported breach”
A device used by a member of senior management is most likely to be infected by:
Clicking on a malicious link in a phishing email (56%)
Allowing a family member to use a company-owned device (45%)
Visiting a pornographic website (40%)
Installing a malicious mobile app (33%)
“When asked to identify the most difficult aspects of defending their companies\’ networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions.”

Microsoft tells developers to drop RC4 from their applications

They also recommend against using SHA-1, and will stop recognizing the validity of SHA-1 based certificates after 2016
“Since 2005 there have been known collision attacks (where multiple inputs can produce the same output), meaning that SHA-1 no longer meets the security standards for a producing a cryptographically secure message digest”
Additional Coverage
Jacob Appelbaum: RC4 is broken in real time by the #NSA – stop using it.

International Space Station infected by malware

The Malware came aboard on a USB stick carried by a Russian Astronaut
“Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS).”
“Kaspersky said he had been told that from time to time there were \”virus epidemics\” on the station.”
Until recently, the dozens of laptops on the ISS all ran Windows XP
Kaspersky also revealed that an unnamed Russian nuclear facility, which is also cut off from the public internet, was infected with the infamous Stuxnet malware.
“Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage \”all the data is stolen globally… at least twice.\””
Additional Coverage

Feedback:

Round Up:

The post Predicting Drive Failures | TechSNAP 136 first appeared on Jupiter Broadcasting.

Cloud Guilt | LINUX Unplugged 8

chris — Tue, 01 Oct 2013 16:11:37 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Should Linux users be anti-cloud? Why do so many of us feel guilty for using the\”cloud\”?

This week will dig into this conundrum and maybe even solve this more and more complex question.

Plus a little KDE vs Gnome debate, moral pirates, and even RMS\’ workflow.

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

FU

paul4er comments on ZoneMinder Review | LAS s28e10
Chris also managed to make his KDE setup look rather hideous — so no wonder no one would want to look at that for much longer! I see he now also is blaming KDE for what most likely was the unstable and impractical fiddler\’s distro, Arch, wrecking his configuration
donniezazen comments on ZoneMinder Review | LAS s28e10

One think about KDE that has always bugged me is lack of a design philosophy.

— Dat Cloud —

What would be your dream setup?

I would ideally like to have a machine with the speed and memory of a laptop, and the display size of a laptop too, combined with the same freedom that I have now on the Yeelong.

Until I can have them both, freedom is my priority. I’ve campaigned for freedom since 1983, and I am not going to surrender that freedom for the sake of a more convenient computer.

I do hope to switch soon to a newer model of Yeelong with a 10-inch display.

It\’s the little things that make me use the cloud. IE, Dropbox, G+ pictures, Google Docs, etc.

Ex-Microsoft privacy adviser: I don\’t trust company after NSA revelations

Mail Sack:

The post Cloud Guilt | LINUX Unplugged 8 first appeared on Jupiter Broadcasting.

Random Access Fires | TechSNAP 126

chris — Thu, 05 Sep 2013 16:24:27 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

RAM Prices are getting hot, we’ll tell you why.

Plus the router flaw you need to know about, a pfSense disaster, your questions our answers, and much much more.

On this week’s TechSNAP!

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Hynix factory in China suffers damage in Fire. RAM prices shoot up

The factory in Wuxi, China is responsible for 40 – 50% of Hynix’s output and 12 – 15% of all DRAM manufacturing capacity around the globe
The fire started at 07:50 GMT and was extinguished at 09:20 GMT
The fire apparently started while Hynix was installing some new equipment
There was only one minor injury during the file
Hynix has suspended operations at the plant while it evaluates the damage and makes repairs
“Following news of the shutdown all memory suppliers have apparently stopped quoting prices”
Reuters followup article
Hynix reports that the damage is not as bad as initially reported, the huge plumes of black smoke were caused by the fact that the fire was in the air purification system
Shares in Hynix’s competitors rose sharply, but then slackened off once it was reported that the damage was not severe. Micron shares were up 4 percent to $14.615 at midday Thursday, after surging almost 9 percent at one point. Sandisk was up 2.3 percent at $56.60, after climbing 6 percent at its peak.
Samsung had 32.7 percent of the global DRAM market in the second quarter, Hynix 30 percent and Micron owned 12.9 percent
Hynix has published a statement: \”Currently, there is no material damage to the fab equipment in the clean room, thus we expect to resume operations in a short time period so that overall production and supply volume would not be materially affected\”
DRAM chip prices nearly doubled in the first six months of this year due to tight supply during the summer, prices had been starting to return to normal but this event will undoubtedly keep them inflated for some time to come

Amazon looking to hire 100 IT staff who can get Top Secret security clearance to work on CIA private cloud

After IBM won a lawsuit to restart the bidding to decide who would build the CIA’s private cloud, Amazon has started a new recruiting drive
The job openings include: software developers, operations managers and cloud support engineers, among others
Candidates must meet all requirements to get a Top Secret security clearance, including passing a federally administered polygraph exam
“Amazon\’s hiring effort includes an invitation-only recruiting event for systems support engineers at its Herndon, Va., facility on Sept. 24 and 25. “
In filings, Amazon is claiming that it is uniquely qualified to deliver ‘cloud computing’, while analysts have responded by saying that Cloud computing \”simply describes one approach to data center asset provisioning, one that has been around and been practiced by vendors including IBM for many years\”
The government originally accepted Amazon’s bid at $148 million over the IBM bid at $93 million
Part of the problem was the way the government wrote the original RFP
“The vendors were required to address hypothetical scenarios. In one instance, it involved the processing of 100 terabytes of data. But the scenario was ambiguous, and the vendors priced it in different ways, making it impossible to compare prices”
Analysts also said that the CIA \”too casually brush off Amazon\’s outages\” when considering their bid
Amazon\’s effort to get government cloud work includes being certified by the U.S. under its Federal Risk and Authorization Program, or FEDRAMP.

Kingcope finds vulnerabilities in Mikrotik routerOS sshd

Mikrotik RouterOS uses ROSSSH rather than OpenSSH
Kingcope found that ROSSSH is vulnerable to a remote pre-authentication heap corruption
ShodanHQ shows that there are nearly 300,000 devices running ROSSSH
There is an undocumented built-in user account, you can login as ‘devel’ using the admin password, if the file /etc/devel-login exists
By sending a login name consisting of the letter A 100,000 times, you can crash the ssh daemon
Exploitation of this vulnerability will allow full access to the router device

Feedback:

Round up:

The post Random Access Fires | TechSNAP 126 first appeared on Jupiter Broadcasting.

Server Room Fire | TechSNAP 44

chris — Thu, 09 Feb 2012 19:08:08 +0000

It’s a worst case scenario, when a server room catches fire in this week’s war story!

Plus: We’ll share a story that might make you re-think taking advantage of your hard drive warranty, the secrets to reliable SQL replication.

All that and more, in this episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Super special savings for TechSNAP viewers only. Get a .co domain for only $7.99 (regular $29.99, previously $17.99). Use the GoDaddy Promo Code cofeb8 before February 29, 2012 to secure your own .co domain name for the same price as a .com.

Pick your code and save:
cofeb8: .co domain for $7.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
Deluxe Hosting for the Price of Economy (12+ mo plans)
Code: hostfeb8
Dates: Feb 1-29

Direct Download Links:

Subscribe via RSS and iTunes:

Fill out my Wufoo form!

Show Notes:

Crypto crack makes satellite phones vulnerable to eavesdropping

Researchers at the Ruhr University Bochum in Germany have reverse engineered the GMR–1 and GMR–2 encryption systems used by satellite phones and found serious weaknesses
Both algorithms rely on security by obscurity, but by downloading and disassembling the firmware, researchers were able to isolate the cryptographic algorithms
“Unlike standard algorithms such as AES and Blowfish—which have been subjected to decades of scrutiny from some of the world’s foremost cryptographers—these secret encryption schemes often rely more on obscurity than mathematical soundness and peer review to rebuff attacks”
The GMR–1 encryption system uses an algorithm that closely resembles the proprietary A5/2 encryption system that former protected GSM phone networks, before it was phased out in 2006 due to weaknesses that allowed attackers to decrypt calls in real time
The attack against GMR–1 allows anyone with a modest PC and some open source software to decrypt a call in less than an hour. With a cluster of more powerful machines, it is possible to decrypt a call in real time
GMR–2 phones are also vulnerable to cracking when there is known plaintext. This is a particularly glaring issue because the datagrams contains predictable headers and other content that can be known by the attacker, making such attacks possible
Researchers have not yet reverse engineered the audio codec that is used for voice calls, so a call can be decrypted, but not played back (yet). However other data types that do not use the audio codec (fax, SMS, data), have successfully been intercepted
Researchers are only able to intercept communications between the satellite and the user, not communications in the other direction, so only one side of the call can be eavesdropped. This is likely a limitation of the way satellite signals work, to intercept the signal from the phone to the satellite, you would need line of sight, usually requiring an EL-INT aircraft or satellite.

Customer buys refurbished drive from newegg, finds existing partitions and data

This story raises a number of questions about used and refurbished drives
Everyone knows that they should securely erase their drive before they resell it, we covered some of the techniques on TechSNAP 31 – How Malware Makes Money
However, how do you securely erase a drive when it has failed in some way?
You send the drive back to the store or the manufacturer in order to receive a replacement drive, however, you must trust to them to securely erase your data, since the drive was not usable when it left you
In this case it would seem that the drives we repaired, turned around and sold to another customer, without the data being properly erased
It would seem the only option that customers have is to not return the failed drive, which means not taking advantage of their warranty and having to pay full price for the replacement drive

Feedback:

Nehemiah sends in a story related to last weeks war story about DHCP

Q: chocamo from the chatroom asks about MySQL Replication

A: MySQL has a few different replication modes built in, the main one being asynchronous replication, where a slave server constantly reads from the binary log of all changes made to the database. So you start with your two servers in a converged state (meaning they have exactly the same data), then then each time an UPDATE or INSERT command is run on the master, the slave runs the same commands, in the same order, and should continue to have the same data.

However, the slave is read only. If you want to do load balancing of more than just reads, you need to do what is called ‘multi-master replication’, In this setup, you have 2 or more servers that are all masters, and each is also the slave of the server in front of it. Something like: A -> B -> C -> A. So when an INSERT is done on server B, server C then executes that same INSERT statement, and then A, and when the query gets back to B, B notices that the query originated at B, and so skips it, preventing a loop. If you attempt an approach such as this, you will also need to adjust the auto_increment settings in MySQL, you will want the auto_increment_increment to be at least as many servers as you have, and then each server should have a different auto_increment_offset. This is to prevent primary key collisions, so that if an INSERT is done on each of the three servers at the same time, each row ends up with a unique key, otherwise replications stops until you solve the primary key collision. In the ScaleEngine setup, we also have 2 real-only slaves, one from server A and one from server C, the first offers read-only access to customers, to be used by applications that support using a read-only slave, and the other is used for taking backups (we pause replication to get a perfectly consistent copy of the entire database, then resume replication to catch back up to real-time data)

MySQL 5.5 also introduces ‘semi-synchronous replication’. In this mode, the MySQL client does not return from the query until the data has been written to not only the master, but at least X of the N slaves. This allows you to ensure that the data has actually been replicated and is safe from the failure of the master server. Normal replication in MySQL is asynchronous, meaning that when you make a change, the client returns a successful result as soon as the data has been written to the server you are connected to, and then replications happens later, this is normally the desired behaviour because it provides the greatest speed, however if the server you wrote to fails before any other servers replicate the change, that change could be lost. Semi-Synchronous replication attempts to solve this issue by allowing you to wait until there is at least 1 or more additional replicas of the data before returning a successful write. Fully synchronous replication is normally undesirable due to the performance impact.

If a table is too large, you can use ‘partitioning’ to break it in to smaller tables. You can also use the MySQL ‘Federation’ feature, to make databases from more than one server appear to be local to a single server, allowing you to move different databases to different physical machines.

War Story:

This week’s features another war story from our good friend Irish_Darkshadow (the other other Alan)

Setting:
IBM has essentially two “faces”, one is the commercial side that deals with all of the clients and the other is a completely internal organisation called the IGA (IBM Global Account) that provides IT infrastructure and support to all parts of IBM engaged with commercial business.

The IBM email system uses Lotus Domino as the server component and Lotus Notes as the client side application. The Domino servers handle the email for the company but also serve as database hosts and applications hosts. At the point in time when this war story took place, each country had their own server farm for these email / database / application servers. Each individual EMEA (Europe / Middle East / Africa) country then routed email from their in-country servers to the two “hubs”, those being Portsmouth (North Harbour) in the UK and Ehningen in Germany.

The events described below took place in the summer of 2004.

War Story:

Well, there I was once more with the 24×7 on-call phone and bouncing through my weekend without a care in the world. Well, sort of I suppose, if you don’t count a German girlfriend with shopping addiction and two kids with the inability to be quiet and give daddy some quality time with his computers. It was a Sunday afternoon and we were at the cinema which I figured was a safer option than what I chose to do for my last was story (getting very drunk).

The on-call phone started to ring almost immediately after we got out of the movie and it was the duty manager telling me that she had been “summoned” to the office to some of the higher ups for the EMEA geography. My first instinct was “and this is my problem, why?” but I resisted the urge to expose my inner bastard and played nice instead. I suspected that she had simply guessed that being called in to the office without any details was likely not a good sign and it might be useful to have some insurance (or a scape goat) beside her for the upcoming call. Apparently as I was the Crit Sit Manager for that week, I was the aforementioned insurance.

Being the devious little git that I am, I decided to bring the kids with me to the office. That would then allow me to counter any requirements on my time there with a need to get the kids home to feed them / wash them / imprison them…whatever fitted best. Essentially they would be my passport to get out of the office and buy myself some time if I needed it.

The Duty Manager that day was one of those people who had graduated to the position despite having absolutely no technical skill or capability but had an uncanny knack of lunching with the right people and “networking” with the right higher ups. Upon arrival in the office I sat in her office with her to chat about any details she had left out during her call to me. I had the kids running up and down the aisles of the call centre with one of the agents I trusted keeping an eye on them.

Nothing new was divulged prior to the big conference call kicking off and even when they started to expain the purpose of the call, details were being kept very very vague. The driver on the call was a guy from Italian Service Management which completely threw me as I had never seen a high level call originate from that part of the organisation.

The key part of the call went something like this :

Italian Guy: We are, eh, here today to eh, discuss a situation in the Vimercate (vim err kaa tay) site. Eh, perhaps we should proceed on that basis.

Duty Manager: Hello there, xxx here. I’m the duty manager for the EMEA CSC this weekend. I’m not sure what the Vimercate site is. Could you please explain ?

Me : *presses mute on the phone
Vimercate is the server farm location for Italy, all of the email and Lotus Notes database / applications for the country are run from there. If that site is down then IBM Italy will be unable to do ANY business for the duration of the outage.
*unmutes the phone

Italian Guy: It is one of our locations here in Italy that is responsible for some servers.

Duty Manager: Ah ok, thanks for the explanation.

Italian Guy: Well about two hours ago eh….we a, received a call from the cleaning contractors that there was a, some cigarette coming out of the server room. We immediately alerted the rest of Service Management and started dealing with the crisis as a critical situation.

Me: ** rolls about laughing then thinks to telnet to some email servers in that site and nothing was connecting…….the urgency of the call started to dawn on me at this point.

Duty Manager: I’m sorry but I don’t understand what you mean when you say that there was a cigarette coming out of the server room. Did I mishear you?

Italian Guy: Sorry, not cigarette, I mean to say smoke. There was smoke coming out of the server room.

Duty Manager: Oh lord, has anyone been hurt? Is there any emergency service personnel at the site?

Italian Guy: Yes, the fire service were alerted almost immediately and nobody other than the cleaning staff was in the site when the alarm was raised. The fire has spread to other parts of the building and the firemen have been unable to get to the server room yet.

Me: Hi, I’m the crit sit manager here today. Could you please give me a current status on the server room itself? If those servers are not recoverable then we will need to activate the business continuity location and get the backup tapes couriered there. We could be up and running within 12 hours that way.

Italian Guy: Yes, yes, we know all of that. We are service management. We have already started to deal with those things. We invited you onto this call so that you are aware of the issue and can place voice messages on your incoming call lines and have your agents prepared to explain things to our users if they call your help desk. Nothing more.

Me: I have no doubt that you are on top of the situation but in such circumstances the in-country Service Management report in to the EMEA Critical Situations team who then coordinate all actions until there is a satisfactory resolution as per the EOP (Enterprise Operating Procedures). I will be taking point on this for you and liaising with EMEA Service Management for the duration of this situation.

**lots of back and forward, territorial pissing contest arguing took place until it was agree to have a followup call every hour. The second call went something like this :

Me: Good evening folks, how are things progressing on the site now?

Italian Guy: The emergency services are having difficulty due to the age of the building and they have not been able to get to the server room yet. There is nothing else new to say.

Duty Manager: So does that mean the servers are destroyed now or is there still some chance?

Italian Guy: The fire suppression system in the server room activated, that is all that we know right now.

** we adjourned the call and the next two were more of the same until the fifth call :

Italian Guy: The firemen have made it to the server room and have reported that the fire suppression system has not worked correctly. The servers themselves have been fire damaged.

Duty Manager: That’s very unfortunate, how are your efforts to get the backup tapes to the secondary site going?

Italian Guy: Eh, there is a problem with that too. The tape libraries are in the same room as the servers in an enclosure. The firemen have not retrieved them for us yet.

Me: Whoa, hold on a minute. The tapes that we’ve been trying to get into play for the last four hours are actually in the same room with the fire? Why didn’t you tell us that earlier ? If both the servers AND the backup tapes are destroyed then IBM Italy will be offline for days while a secondary site is configured. This completely changes the severity of this situation.

Italian Guy: yes, we believe that both the servers and the tapes have been damaged at this time.

**at this point I resisted the urge to reach my arm through the phone line and throttle this guy.

Duty Manager: So what can we do at this point?

Me: We need to get EMEA Service Management to start prepping a completely fresh site to take over for the ruined server farm. The problem is now that we’ve lost four hours waiting for tapes that were never going to arrive, we could have had the new servers being readied all that time.

So this all continued for a few more calls, I had my girlfriend pick up the kids between the calls and take them home and I just dived in and tried to maintain some momentum in the resolution efforts. Rather than drag it out and bore you to tears, here were the remaining revelations :
Servers were burnt to a crisp.
Backup tapes (which were in the same room) were partially burned but all were smoke damaged.
The fire suppression system simply failed to work
The firemen had to use water due to the composition of the building…WATER…on a room full of electronics.
It took 2 full days to build the new server environment which essentially meant that IBM Italy were unable to do business electronically for that duration.
Nobody ever explained why the tapes were in the server room other than to say – it was an oversight by the IT Manager. Really? an oversight?!?!!
The only bright spot in the entire debacle was that some of the data on the tapes was salvaged and shortened the duration of the outage significantly for some people.

I’m not sure there is a moral to the story or a catchy tag line like “patch your shit” but I suppose that my overriding memory of the whole situation was when I wondered how anyone thought it would be a good idea to put backup tapes in the same physical location as the servers and then neglected to do regular maintenance on an old building that was clearly a fire trap.

Round-Up:

The post Server Room Fire | TechSNAP 44 first appeared on Jupiter Broadcasting.

Great Disk Famine | TechSNAP 30

chris — Thu, 03 Nov 2011 17:15:36 +0000

Anonymous says it’s going after a Mexican Drug Cartel, we’ll share you the amazing details!

Plus: Our tips for controlling remote downloads, and why all I’m going to want for Christmas is hard drives!

All that and more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:

techsnap7: $7.49 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Anonymous says it will go after Mexican Drug Cartel

Anonymous claims one of its members was kidnapped at a street protest
Anonymous claims it will start releasing details about journalists, taxi drivers, police officers and government officials who are on the Cartel’s payroll, if the kidnap victim is not released by November 5th (Guy Fawkes Day)
No information about the person who was allegedly kidnapped has been released
Anonymous hopes that releasing this information, the government will be able to pursue the allegedly corrupt officials. However, depending on the type of information, it is unlikely that the evidence provided would be enough to convict someone.
There are serious concerns that the release or even the threat of the release of such information could result in a violent backlash from the Cartel.
It would seem that anyone who’s name appears on the lists released by anonymous would be in serious danger. A case of mistaken identity or speculation could result in the death of an innocent person.
Anonymous has claimed it would attack a number of entities, including the NYSE and Facebook, a large number of these attacks have never taken place, or were unsuccessful and never mentioned again.

Series of spear phishing attacks against chemical and defense companies

At least 50 different companies were targeted by attackers attempting to steal research and development documents and other sensitive information.
The attacks started in July, and continued through September, it is also believed that the same attackers were targeting NGOs and the auto industry earlier this year.
The attacks where spear phishing attacks, a specialized form of the common email attack. Unlike a typical phishing scam, where an attacker poses as your bank and attempts to get you to enter your login credentials and other personal information in to a fake site designed to mimic the look of your banks site, a spear phishing attack specifically targets individuals, using information that is known about them and where they work. Spear Phishing attacks also commonly involve impersonating someone you might expect to receive such an email from.
The emails sent in this case often took the form of meeting invitations with infected attachments. In other cases when the messages were broadcast to many victims, they took the form of security bulletins, usually riding on actual vulnerability announcements for common software such as Adobe Reader and Flash Player. It also seems the attackers attached the infected files in 7Zip format, to evade many spam filters and virus scanners that block or scan .zip files. The attackers also took to encrypting the zip files with a password, and providing that password in the email, again to avoid virus scanners on the inbound mail servers.
This attackers used PoisonIvy, a common backdoor trojan written by one or more persons who speak Mandarin. The Trojan also contained the address of a Command and Control (C&C) server used to feed it additional instructions.
Once the attackers made their way in to the network through one or more infected machines, they leveraged that access to eventually gain permissions to copy sensitive documents and upload them to an external server where they could then be recovered.
One of the command and control servers was a VPS operated in the United States, owned by a Chinese individual from Hebei province. Investigators have not been able to determine if this individual was part of the attacks, if anyone else had access to the VPS, or if he was acting on behalf of another group. It is possible the server was compromised, or that it could have been made to look like that was the case.
Symantec says that there were a number of different groups attacking these companies during this time span, some using a custom developed backdoor called ‘Sogu’ and using specially crafted .doc and .pdf files. There is no word on if these additional attacks were also successful.
Full Report

Feedback:

Remote Downloads?
Q: I have a question regarding downloads, in particular, remote downloads.
A: There are a number of options, ranging in capability and ease of use.
rTorrent – A command line torrent client, works great over SSH (especially when combined with Screen). This is what Allan uses to seed the Linux Action Show torrents.
uTorrent – uTorrent (microTorrent) is available for windows, mac and linux. It offers an optional web UI (the web UI is the only option for linux) for remotely controlling the torrents, and can also automatically start downloading torrents when they are placed in a specified directory. uTorrent also incorporates an RSS reader.
wget – is a standard command line downloading tool included in most GNU Linux distros. Also available for windows
curl – A library and utility for dealing with http, it is a common feature of most web hosting servers, and easily integrates with PHP. You could write a short PHP script that would download files to the report server when prompted (possibly by an email or access from your mobile phone)

Round UP:

The post Great Disk Famine | TechSNAP 30 first appeared on Jupiter Broadcasting.