Show Notes: linuxunplugged.com/443

The post Linux Did This First | LINUX Unplugged 443 first appeared on Jupiter Broadcasting.

Show Notes: error.show/57

The post Free To Succeed? | User Error first appeared on Jupiter Broadcasting.

A WordPress flaw in the wild is under attack & Microsoft releases more software for Linux. Plus a sneak peak at Google I/O & what new features might land in Android M.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Actively exploited WordPress bug puts millions of sites at risk | Ars Technica

The cross-site scripting (XSS) vulnerability resides in genericons, a package that’s part of a WordPress theme known as Twenty Fifteen that’s installed by default, according to a blog post published Wednesday by security firm Sucuri. The XSS vulnerability is “DOM based,” meaning it resides in the document object model that’s responsible for how text, images, headers, and links are represented in a browser. The Open Web Application Security Project has much more about DOM-based XSS vulnerabilities here.

Microsoft Releases PowerShell DSC For Linux – Slashdot

jones_supa writes: Microsoft is announcing that PowerShell Desired State Configuration (DSC) for Linux is available for download in form of RPM and DEB packages. DSC is a new management platform that provides a set of PowerShell extensions that you can use to declaratively specify how you want your software environment to be configured. You can now use the DSC platform to manage the configuration of both Windows and Linux workloads with the PowerShell interface. Microsoft says that bringing DSC to Linux is another step in the company’s “broader commitment to common management of heterogeneous assets in your datacenter or the public cloud.” Adds reader benjymouse: DSC is in the same space as Chef and Puppet (and others); but unlike those, Microsofts attempts to build a platform/infrastructure based on industry standards like OMI to allow DSC to configure and control both Windows, Linux and other OSes as well as network equipment like switches, etc.

Confirmed: Media Center is Dead – Thurrott.com

“Due to decreased usage, Windows Media Center will not be part of Windows 10,” Mr. Aul tweeted recently.

Digging into the Google I/O 2015 schedule: Android M, voice access, and more | Ars Technica

Google has posted the schedule for Google I/O 2015. While the company tries not to give away too many things with the early schedule, the release always ends up being full of new information. We dug into all the session descriptions, and here’s all the info we could squeeze out of it.

Android M—It looks like Android M, the next version of Android, will be at the show. One sandbox session is called “Android for Work Update” and says, “Android M is bringing the power of Android to all kinds of workplaces.” While full Android releases have alphabetical snack code names, “Android L” launched last year at Google I/O, and the release was a developer preview for what would eventually become Lollipop. So it sounds like Android [letter] is a new pattern that indicates a dev preview.

The post M is for Monopoly | Tech Talk Today 168 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we’ll show you how to roll your own OpenBSD ISOs with all the patches already applied… ISO can’t wait!

This week’s news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pfSense 2.1.4 released

• The pfSense team has released 2.1.4, shortly after 2.1.3 – it’s mainly a security release
• Included within are eight security fixes, most of which are pfSense-specific
• OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
• It also includes a large number of various other bug fixes
• Update all your routers!

DragonflyBSD’s pf gets SMP

• While we’re on the topic of pf…
• Dragonfly patches their old[er than even FreeBSD’s] pf to support multithreading in many areas
• Stemming from a user’s complaint, Matthew Dillon did his own work on pf to make it SMP-aware
• Altering your configuration‘s ruleset can also help speed things up, he found
• When will OpenBSD, the source of pf, finally do the same?

ChaCha usage and deployment

• A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
• This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
• OpenSSH offers it as a stream cipher now, OpenBSD uses it for it’s random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
• Both Google’s fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
• Unfortunately, this article has one mistake: FreeBSD does not use it – they still use the broken RC4 algorithm

BSDMag June 2014 issue

• The monthly online BSD magazine releases their newest issue
• This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, “saving time and headaches using the robot framework for testing,” an interview and an article about the increasing number of security vulnerabilities
• The free pdf file is available for download as always

Interview – Craig Rodrigues – rodrigc@freebsd.org

FreeBSD’s continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

• Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
• In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end – this had the advantage of not requiring any extra disk space, but raised some security concerns
• With signify, now everything is fully downloaded and verified before tar is even invoked
• The pkg_add utility works a little bit differently, but it’s also been improved in this area – details in the post
• Be sure to also read the original post from Adam, lots of good information

FreeBSD 9.3-RC2 is out

• As the -RELEASE inches closer, release candidate 2 is out and ready for testing
• Since the last one, it’s got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
• The updated bsdconfig will use pkgng style packages now too
• A lesser known fact: there are also premade virtual machine images you can use too

pkgsrcCon 2014 wrap-up

• In what may be the first real pkgsrcCon article we’ve ever had!
• Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
• Unfortunately no recordings to be found…

PostgreSQL FreeBSD performance and scalability

• FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
• On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
• Lots of technical details if you’re interested in getting the best performance out of your hardware
• It also includes specific kernel options he used and the rest of the configuration
• If you don’t want to open the pdf file, you can use this link too

Feedback/Questions

• James writes in
• Klemen writes in
• John writes in
• Brad writes in
• Adam writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• There, you’ll also find a link to Bob Beck’s LibReSSL talk from the end of May – we finally found a recording!
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Next week Allan will be at BSDCam, so we’ll have a prerecorded episode then

The post Base ISO 100 | BSD Now 44 first appeared on Jupiter Broadcasting.