Show Notes: coder.show/466

The post Luxury Emotional Manipulation | Coder Radio 466 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/333

The post Unix Keyboard Joy | BSD Now 333 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/128

The post Linux Action News 128 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/349

The post Their Rules, Your Choice | Coder Radio 349 first appeared on Jupiter Broadcasting.

##Headlines
###The future of ZFS in FreeBSD

The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: https://www.delphix.com/blog/kickoff-future-eko-2018 This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL https://github.com/zfsonfreebsd/ZoF so that we might all have a single shared code base.
A port for ZoF can be found at https://github.com/miwi-fbsd/zof-port Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at https://reviews.freebsd.org/D18520
This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.

###FreeBSD Quarterly Status Update

With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.
The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.
Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.
—Daniel Ebdrup

##News Roundup
###One year of flying with the Raven: Ready for the Desktop?

It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.

• Ravenports

Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).

For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.

And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.

###Modern KDE on FreeBSD

New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.
What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).

###The many ways to launch FreeBSD in EC2

Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):

• Launch FreeBSD and SSH in
• Launch FreeBSD and provide user-data
• Use the AMI Builder to create a customized FreeBSD AMI
• Build a FreeBSD AMI from a modified FreeBSD source tree
• Build your own disk image

I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.

###Using the GOG.com installers for Linux, on NetBSD

GOG.com prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.
GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.

• The installers truly are platform-specific:
• macOS games are distributed in a standard .pkg
• Windows games are distributed in a setup wizard .exe
• Linux games are distributed in a goofy shell archive

Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by GOG.com on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.

Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.

Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.

##Beastie Bits

• Software as a Reflection of Values With Bryan Cantrill
• Collection of bmc talks, updated 2018
• wump: incorrect wumpus movement probability
• Debugging Rust with VSCode on FreeBSD
• SMB/CIFS on FreeBSD
• BSD Tattoo
• pkgsrc-2018Q4 branch announcement
• toying with wireguard on openbsd
• new USB audio class v2.0 driver
• Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018
• OpenBSD 6.5 release page is online
• shell access to historical Unix versions in your browser

##Feedback/Questions

• Brad – ZFS Features and Upgrades
• Andre – Splitting ZFS array
• Michael – Priority/nice value for Jails?

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Future of ZFS | BSD Now 279 first appeared on Jupiter Broadcasting.

Episode Links:

linuxactionnews.com/81

The post Linux Action News 81 first appeared on Jupiter Broadcasting.

Show Notes:

coder.show/308

The post The Nicheing Down Fallacy | CR 308 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Feedback / Follow Up

• Noah aks about side project

Hoopla

Coder 300 Super Show

• First episode was published on June 11th, 2012

In 2012

• The Mars Science Laboratory or “Curiosity Rover” successfully lands on Mars.
• US President Barack Obama is re-elected for his second term.
• US Attorney General Eric Holder is held in contempt of Congress.
• End of the world was supposed to be Dec 21st of 2012… Stupid Mayan Calendar.
• The space shuttle Endeavour has its final flight in September.
• Microsoft releases the Windows 8
• Instagram releases a version for the Android operating system.
• Facebook goes public and its initial stock offering was at thirty-eight dollars per share.

New Coder Radio Features

• Totally re-worked back-end.
• Based on industry best practices, much faster downloads.

• Rolling out on Spotify soon.

• New RSS feed: coder.show/rss

• Links will now be in the feed, including mobile podcast clients.

• New contact page: coder.show/contact

• Chris taking back over the editing, going to focus on incremental improvements to our sound.

• Chapter Markers in the MP3 file. Sick of hardware talk, skip right over it with a single tap.
• Easy to find show notes, with new coder.show/XXX site layout.

New Coder Swag

• Coder Radio 300 Shirt and Hoodie

• Coder Radio Coasters

• Coder Radio 300 Poster

Calendar 2 made $2K in 3 days mining cryptocurrency, but Apple says it violated Mac App Store guidelines | 9to5Mac

Qbix CEO Greg Magarshak explained in a statement to 9to5Mac that shortly after the story broke yesterday, Apple removed Calendar 2 from the App Store for violating guideline 2.4.2, which says apps should be designed to be power efficient.

Stack Overflow Developer Survey 2018

This year, we covered a few new topics ranging from artificial intelligence to ethics in coding. Here are a few of the top takeaways from this year’s results:

• DevOps and machine learning are important trends in the software industry today. Languages and frameworks associated with these kinds of works are on the rise, and developers working in these areas command the highest salaries.
• Only tiny fractions of developers say that they would write unethical code or that they have no obligation to consider the ethical implications of code, but beyond that, respondents see a lot of ethical gray. Developers are not sure how they would report ethical problems, and have differing ideas about who ultimately is responsible for unethical code.
• Developers are overall optimistic about the possibilities that artificial intelligence offers, but are not in agreement about what the dangers of AI are.
• Python has risen in the ranks of programming languages on our survey, surpassing C# in popularity this year, much like it surpassed PHP last year.

10 Years of iOS SDK

How as iOS development changed from the original release of the SDK
iOS’s general influence on development culture as a whole. Good? Bad?
Where iOS development was and where it looks to be going

The post Developers Rule the World | CR 300 first appeared on Jupiter Broadcasting.

Recent major flaws found in in critical open source software have sent the Internet into a panic. From Shellshock to Xen we’ll discuss how these vulnerabilities can be chained together to own a box.

Plus how secure are VLANs, a big batch of your questions, our answers, and much much more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Bash plus Xen bug send the entire internet scrambling

• A critical flaw was discovered in the bash shell, used as the default system shell in most versions of linux, as well as OS X.
• The flaw was with the parsing of environment variables. If a new variable was set to contain a function, if that function was followed by a semi-colon (normally a separator that can be used to chain multiple commands together), the code after the semicolon would be be executed when the shell started
• Many people are not aware, that CGI scripts pass the original request data, as well as all HTTP headers to the scripts via environment variables
• After those using bash CGI scripts ran around with chickens with their heads cut off, others came to realize that even if the CGI scripts are actually perl or something else, if they happen to fork a shell with the system() call, or similar, to do something, that shell will inherit those environment variables, and be vulnerable
• As more people spent brain cycles thinking of creative ways to exploit this bug, it was realized that even qmail was vulnerable in some cases, if a user has a .qmail file or similar to forward their email via a pipe, that command is executed via the system shell, with environment variables containing the email headers, including from, to, subject etc
• While FreeBSD does not ship with bash by default, it is a common dependency of most of the desktop environments, including gnome and KDE. PCBSD also makes bash available to users, to make life easier to linux switchers. FreeNAS uses bash for its interactive web shell for the same reason. While not vulnerable in most cases, all have been updated to ensure that some new creative way to exploit the bug does not crop up
• Apparently the DHCP client in Mac OS X also uses bash, and a malicious DHCP server could exploit the flaw
• The flaw also affects a number of VMWare products
• OpenVPN and many other software packages have also been found to be vulnerable
• The version of bash on your system can be tested easily with this one-liner:
  env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
• Which will print “this is a test”, and if bash has not yet been patched, will first print ‘vulnerable’
• ArsTechnica: Bug in bash shell creates big security hole on anything with linux in it
• Concern over bash bug grows as it is actively exploited in the wild
• First bash patch doesn’t solve problem, second patch rushed out to resolve issue
• Now that people are looking, even more bugs in bash found and fixed
• Shellshock fixes result in another round of patches as attacks get more clever
• Apple releases patch for shellshock bug
• There were also a critical update to NSS (the Mozilla cryptographic library, which was not properly validating SSL certificates)
• The other big patch this week was for Xen
• It was announced by a number of public cloud providers, including Amazon and Rackspace, that some virtual server host machines would need to be rebooted to install security fixes, resulting in downtime for 10% of Amazon instances
• It is not clear why this could not be resolved by live migrations
• All versions of Xen since 4.1 until this patch are vulnerable. The flaw is only exploitable when running fully virtualized guests (HVM mode, uses the processor virtualization features), and can not be exploited by virtual machines running in the older paravirtualization mode. Xen on ARM is not affected
• Xen Security Advisory
• Amazon Blog Post #1
• Amazon Blog Post #2
• Rackspace Blog Post
• Additional Coverage: eweek

Cox Communications takes the privacy of its customers seriously, kind of

• A female employee of Cox Communications (a large US ISP) was socially engineered into giving up her username and password
• These credentials were then used to access the private data of Cox Customers
• The attacker apparently only stole data about 52 customers, one of which was Brian Krebs
• This makes it sound like a targeted attack, or at least an attacker by someone who is (or is not) a fan of Brian Krebs
• It appears that the Cox internal customer database can be accessed directly from the internet, with only a username and password
• Cox says they use two factor authentication “in some cases”, and plan to expand the use of 2FA in the wake of this breach
• Cox being able to quickly determine exactly how many customers’ data was compromised suggests they atleast have some form of auditing in place, to leave a trail describing what data was accessed
• Brian points out: “This sad state of affairs is likely the same across multiple companies that claim to be protecting your personal and financial data. In my opinion, any company — particularly one in the ISP business — that isn’t using more than a username and a password to protect their customers’ personal information should be publicly shamed.” “Unfortunately, most companies will not proactively take steps to safeguard this information until they are forced to do so — usually in response to a data breach. Barring any pressure from Congress to find proactive ways to avoid breaches like this one, companies will continue to guarantee the security and privacy of their customers’ records, one breach at a time.”

Other researches recreate the BadUSB exploit and release the code on Github

• The “BadUSB” research was originally done by Karsten Nohl and Jakob Lell, at SR Labs in Germany.
• Presented at BlackHat, it described being able to reprogram the firmware of USB devices to perform other functions, such as a USB memory stick that presented itself to the computer as a keyboard, and typed out commands once plugged in, allowing it to compromise the computer and exfiltrate data
• Brandon Wilson and Adam Caudill were doing their own work in this space, and when they heard about the talk at BlackHat, decided to accelerate their own work
• They have now posted their code on Github
• “The problem is that Nohl and Lell—and Caudill and Wilson—have not exploited vulnerabilities in USB. They’re just taking advantage of weaknesses in the manner in which USBs are supposed to behave“
• “At Derby Con, they were able to demonstrate their attack with the device pretending to be a keyboard that typed out a predetermined script once it was plugged into the host computer. They also showed another demo where they had a hidden partition on a flash drive that was not detected by the host PC“
• “It’s undetectable while it’s happening,” Wilson said. “The PC has no way of determining the difference. The way a PC determines the type of device all happens through the USB and code on the other device. Our ability to control that code means you cannot trust anything a USB device tells you.”
• The way around this issue would be for device manufacturers to implement code signing
• The existing firmware would only allow the firmware to be updated if the new firmware was signed by the manufacturer, preventing a malicious users from overwriting the good firmware with ‘bad’ firmware
• However, users could obviously create their own devices specifically for the purpose of the evil firmware, but it would prevent the case where an attack modifies your device to work against you
• At the same time, many users might argue against losing control over their device, and no longer being able to update the firmware if they wish
• The real solution may be for Operating Systems and users to evolve to no longer trust random USB devices, and instead allow the user to decide if they trust the device, possibly something similar to mobile apps, where the OS tells the user what functionality the device is trying to present
• You might choose to not trust that USB memstick that is also attempting to present a network adapter, in order to override your DHCP settings and make your system use a set of rogue DNS servers

Feedback:

• GroffTheBSDGoat

• [Suggestion] Is it possible to enable https on www.jupiterbroadcasting.com?

• I need a cli encryption tool

• Security of a VLAN?

• Weird emails delivered to wildcard mailbox

• Bash Shellshock vs SSH

• Is open source better?

Round Up:

• Chinese iOS Trojan Targets Jailbroken iPhones Used by Hong Kong Protesters
• The science of network troubleshooting
• GitHub.com blacklisted in Russia as of today
• TheSecuritySetup.com profiles H. D. Moore’s setup
• An FBI informant led hacks against 30 countries—now we know which ones
• How hackers accidentally sold a homemade pre-release XBox One to the FBI
• LibreSSL: More Than 30 Days Later
• Cross site scripting vulnerability at eBay has existed since atleast February, redirected users to password harvesting sites and other malicious links which clicking on auction listings
• OpenVPN vulnerable to Shellshock Bash vulnerability
• Large advertising network Zedo found serving malware infected advertisements, including via Google’s DoubleClick advertising service, affected large sites including Last.fm
• The Open Technology Fund (backed by Google, Dropbox and others) is attempting to team User Interface Designers with Security Experts to design new security and cryptography tools that are easy to use
• Why parts of the internet stopped working – A small company accidently started announcing the entire internet routing table it received from one of its upstreams via its second upstream provider, causing large swaths of the internet to be routed via their connection
• Second same-origin policy bypass flaw in Android Browser

The post Xen Gets bashed | TechSNAP 182 first appeared on Jupiter Broadcasting.

Amazon’s success with EC2 and S3 is making them bleed money, as investors start to get nervous we’ll debate if the cloud’s price race to the bottom can lead to anything but awful.

Linus tells it like it is, we bust some Android FUD, and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Amazon apparently set to launch Square-competitor in August as it develops biometric payment solutions

Amazon could be preparing to launch its own mobile credit card reading hardware in the coming weeks, according to internal Staples documents hinting at such a launch that we’ve obtained. According to the documents, Staples stores will prepare next month to stock a new product called the “Amazon Card Reader” alongside existing card readers from Square, PayPal, and Staples’ own in-house brand. The small hardware, which will likely connect to smartphones to process payments, will cost $9.99, according to the Staples internal sales systems…

An exact launch date for the product is unconfirmed, but Staples has asked its stores to wait until Tuesday, August 12th to put up new signage related to the Amazon Card Reader, so it’s possible that the release is scheduled for that week.

• Amazon may be going after Square with a credit card reader of its own | The Verge

Amazon’s Cloud Is Growing So Fast It’s Scaring Shareholders

Yesterday Amazon said that while its cloud business grew by 90 percent last year, it was significantly less profitable. Amazon’s AWS cloud business makes up the majority of a balance sheet item it labels as “other” (along with its credit card and advertising revenue) and that revenue from that line of business grew by 38 percent. Last quarter, revenue grew by 60 percent. In other words, Amazon is piling on customers faster than it’s adding dollars to its bottom line.

The company’s chief financial officer, Tom Szkutak, blamed the drop on “substantial” price reductions the company has made to products such as its core EC2, storage and database services. “They ranged from 28 percent to 51 percent depending on the service,” he said on a conference call with analysts.

The thing is that even as Amazon’s business matures to the size of a company like VMware, its worrying to investors to see profitability slipping. That’s pretty much the meta-narrative of Amazon as a whole, though, which says it could lose as much as $810 million in the current quarter. The company is taking losses to invest in the future, and Amazon’s 10 percent stock drop today shows that some investors are uncomfortable with that.

Amazon.com Inc. missed analysts’ estimates for a second straight quarter, sending the shares tumbling 11 percent.

Trend Micro backs off Google Play malware claims

In a recent press release, Trend Micro made a fairly bold claim about malware running rampant in the Google Play Store. The release, dated July 15, 2014, began as follows:

Google Play populated with fake apps, with more than half carrying malware

Potentially evil doppelgangers for the most popular apps are inundating the Google Play store, with many carrying malware, according to a new blog post and report by Trend Micro, a global developer of cyber security solutions.

In the report more than 77 percent of the top 50 apps on the Google Play store have repackaged or fake apps associated with them.

It turns out that Trend Micro is guilty of a little over-eager language that obfuscated the nature of some of these threats. While there are indeed fake versions of many popular Android apps available for download, Trend failed to mention in their initial promotion for the report that the apps in question were posted outside the Play Store, and had to be installed manually in what’s commonly known as a side-load. This requires users to download the app in a browser, ignore a standard security warning about APK files, and disable a security option in Android’s main settings menu.

• Trend Micro caught lying about Android security

Linus Torvalds: “GCC 4.9.0 Seems To Be Terminally Broken” – Slashdot

A critique from Linus Torvalds of GCC 4.9.0. after a random panic was discovered in a load balance function in Linux 3.16-rc6. in an email to the Linux kernel mailing list outlining two separate but possibly related bugs, Linus describes the compiler as “terminally broken,” and worse (“pure and utter sh*t,” only with no asterisk).

• A slice:

“Lookie here, your compiler does some absolutely insane things with the spilling, including spilling a *constant. For chrissake, that compiler shouldn’t have been allowed to graduate from kindergarten. We’re talking “sloth that was dropped on the head as a baby” level retardation levels here …. Anyway, this is not a kernel bug. This is your compiler creating completely broken code. We may need to add a warning to make sure nobody compiles with gcc-4.9.0, and the Debian people should probably downgrate their shiny new compiler.”*

The post Cloud Gateway Drug | Tech Talk Today 33 first appeared on Jupiter Broadcasting.

A company known for backup shuts down after their AWS account gets hacked, the Hedge fund thats under attack, how far you can get with a little cab data…

Your questions, our answers, and much, much more!

Thanks to:

— Show Notes: —

Company shuts down after their AWS account compromised, all customer data deleted

• Code Spaces, a source code hosting and backup service has ceased doing business
• On June 17th the company came under a DDoS attack, which is apparently business as normal for them
• Later, they found messages in their Amazon Web Services portal, urging them to contact a hotmail address
• When contacted, the attacker demanded a large ransom
• When Code Spaces attempted to change their passwords in the AWS control panel, additional administrator accounts added by the attacker were used to delete all EC2 virtual machines, S3 stores and EBS volumes in the account before all accessed could be revoked
• The most embarrassing part of the situation is the text on the original Code Spaces website:
  “Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again,” “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
• It is not clear what the Code Spaces backup strategy was, but it seemed to involve the same Amazon account
• In general, the idea with an “offsite” backup is to separate it from a failure of the primary. If you keep the backups for your database beside the database server and your office burns down, what good are the backups
• What if Amazon suffered a catastrophic data loss? or what if your account is compromised?
• The backups should have at least been in a different Amazon account that was very strictly controlled, or better yet, stored in some other service
• It is still unclear how the account was compromised, but it seems likely that Code Spaces was not making use of the Amazon’s Multi-Factor Authentication service, which offers either a mobile phone app, or two different types of hardware authenticators (key fob and credit-card style)

Poorly anonymized NYC Taxi data, de-anonymized

• Under an Open Data initiative, the New York City Taxi & Limousine Commission released the anonymized GPS logs of all taxi trips in 2013 (173 million trips)
• Chris Whong got a hold of this data and did some interesting stuff with it
• When he was done with it, he posted the data for everyone
• Developer Vijay Pandurangan took a look at the data and noticed that the medallion and hack numbers appeared to simply be MD5 hashes
• In particular, the driver with ID# CFCD208495D565EF66E7DFF9F98764DA appeared to have an impossibly large number of trips
• Turns out, that is the MD5 hash of “0”, cases where the data was unavailable
• Realizing that the data was only anonymized using MD5, and knowing the structure of a drivers license # (5-7 characters, with specific characters being numbers or letters), he was able to brute force all 24 million combinations in only 2 minutes using a single CPU
• Once this was done, he had the original un-anonymized data
• Using other websites, it is possible to link the medallion and hack numbers to the owners names
• Original Post
• Additional Coverage – Ars Technica
• To prevent this, there are a number of approaches, the fastest but weakest is a ‘secret key’. Instead of md5(hack#) just do md5(SUPERLONGSECRETKEYhack#), as long as the attacker doesn’t know the secret key, and it is long enough to make guessing it impractical, the data would remain anonymized
• Another option is to use the md5 hash of the encrypted form of the value. However this eventually just relies on a secret key as well. However, if the data never needs to be anonymized, a very strong key can be used, and that key can then be destroyed, making decryption impossible.

Hackers attack hedge fund for monetary gain

• BAE systems, a British defense contractor that also specializes in cyber security, was called in to investigate after computers at a hedge fund were hacked
• The attackers somehow infiltrated the HFT (High Frequency Trading) system, and injected delays of several hundred microseconds into the order entry system
• This causes the Hedge Fund to miss out on profits it could have made on the trades
• It is suspected, that the attackers capitalized on this to make those profits themselves
• “Hedge funds “really have inadequate cybersecurity as a whole” and the attacks threaten to undermine the systems used globally for high-speed trading, said Tom Kellerman, chief cyber security officer for Trend Micro Inc. ”

Feedback:

• Docker flaw

• RE: Docker containers and “secure root” in a container 0

• Mirror SSD with HDD?

• SnapRAID

Round Up:

• Massachusetts high court orders suspect to decrypt his computers
• Department of Justice Canada IT department runs moch phishing campaign against staff, 37% take the bait in December, rates cut in half in April re-test after awareness campaign and additional training
• Security Industry is failing to fix underlying dangers – applications need to be securely written, rather than have security bolted on
• Huawei (Chinese router manufacturer) has some very strict password complexity requirements
• Company wins law suite with bank to recover funds stolen by hackers. 3.5 million was stolen from the company account in 2011 when it was taken over by hackers. The bank managed to claw back all but $299,000 of it, and the company sued the bank for the remaining balance and won $350,000
• Cisco open sources FNR cipher, designed to very quickly encrypt IP addresses to anonymize log data
• World Cup Security Team Accidentally Shares Its Awful Wi-Fi Password
• “Yo” mobile app hacked by 3 Georgia Tech students, founder hires one of the hackers
• LastPass CEO: The Truth About Your Password Security

The post Restores are Everything | TechSNAP 168 first appeared on Jupiter Broadcasting.

We embrace Daylight saving time with a special call-in edition of Coder Radio. Topics include a chat with one of the developers behind the online JavaScript assembly emulator, the encroachment of DRM in everyday life, and why Mozilla’s Persona has been put out to pasture and the difficult problem that creates for developers.

Plus your feedback, and much more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes: —

Feedback

• Git workflow with bitbucket
• Stypi

Open Mic:

• yasp

• Keurig Will Use DRM In New Coffee Maker To Lock Out Refill Market

• RubyGems.org Amazon Bill (+$7000)…

• Mozilla cutting support for Persona

• Five reasons Microsoft could become a top Android smartphone company

• Identity at Mozilla

• Identity/Firefox Accounts – MozillaWik i
• Our live doc

The post Persona Non Grata | CR 92 first appeared on Jupiter Broadcasting.

We sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\’ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

EuroBSDCon and AsiaBSDCon

• This year, EuroBSDCon will be in September in Sofia, Bulgaria
• They\’ve got a call for papers up now, so everyone can submit the talks they want to present
• There will also be a tutorial section of the conference
• AsiaBSDCon will be next month, in March!
• All the info about the registration, tutorials, hotels, timetable and location have been posted
• Check the link for all the details on the talks – if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!

FreeBSD 10 on Ubiquiti EdgeRouter Lite

• The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
• This article goes through the process of installing and configuring FreeBSD on it to use as a home router
• Lots of good pictures of the hardware and specific details needed to get you set up
• It also includes the scripts to create your own images if you don\’t want to use the ones rolled by someone else
• For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
• Of course if you\’re more of an OpenBSD guy, you can always see our tutorial for that too

Signed pkgsrc package guide

• We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
• It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
• He goes through the process of signing packages with a public key and how to verify the packages when you install them
• The author also happens to be an EdgeBSD developer

Big batch of OpenBSD hackathon reports

• Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
• In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
• In the third, jsg updated libdrm and mesa and did various work on xenocara
• In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead – but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\’s done
• In the fifth, claudio talks about some stuff he did for routing tables and misc. other things

This episode was brought to you by

Interview – Chris Buechler – cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

• Our buddy from the Linux foundation continues his switching to BSD journey
• In day 13, he covers some tips for new users, mentions trying things out in a VM first
• In day 14, he starts setting up XFCE and X11, feels like he\’s starting over as a new Linux user learning the ropes again – concludes that ports are the way to go
• In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
• In day 16, he dives into the world of FreeBSD jails!

BSD books in 2014

• BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
• In this post, he details some of his plans for 2014
• In includes at least one OpenBSD book, at least one FreeBSD book and…
• Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
• Check the link for all the details

How to build FreeBSD/EC2 images

• Our friend Colin Percival details how to build EC2 images in a new blog post
• Most people just use the images he makes on their instances, but some people will want to make their own from scratch
• You build a regular disk image and then turn it into an AMI
• It requires a couple ports be installed on your system, but the whole process is pretty straightforward

PCBSD weekly digest

• This time around we discuss how you can become a developer
• Kris also details the length of supported releases
• Expect lots of new features in 10.1

Feedback/Questions

• Sean writes in: https://slexy.org/view/s216xJoCVG
• Jake writes in: https://slexy.org/view/s2gLrR3VVf
• Niclas writes in: https://slexy.org/view/s21gfG3Iho
• Steffan writes in: https://slexy.org/view/s2JNyw5BCn
• Antonio writes in: https://slexy.org/view/s2kg3zoRfm
• Chris writes in: https://slexy.org/view/s2ZwSIfRjm

• Our email backlog is pretty much caught up. Now\’s a great time to send us something – questions, stories, ideas, requests for something you want to see, anything
• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router tutorial got a couple improvements and fixes
• Just because our tutorial contest is over doesn\’t mean you can\’t submit any, we would love if more listeners wrote up a tutorial on interesting things they\’re doing with BSD
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• The BSD Now shirt design has been finalized, we have the files and are working out the printing details… expect them to be available in early-to-mid March!

The post A Sixth pfSense | BSD 25 first appeared on Jupiter Broadcasting.

We\’ve got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE – yes it\’s finally here! We\’re gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we\’ll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We\’ve got a round of your questions and the latest news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 10.0-RELEASE is out

• The long awaited, giant release of FreeBSD is now official and ready to be downloaded
• One of the biggest releases in FreeBSD history, with tons of new updates
• Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system… the list goes on and on
• Start up your freebsd-update or do a source-based upgrade right now!

OpenSSH 6.5 CFT

• Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5
• Huge, huge release, focused on new features rather than bugfixes (but it includes those too)
• New ciphers, new key formats, new config options, see the mailing list for all the details
• Should be in OpenBSD 5.5 in May, look forward to it – but also help test on other platforms!
• We\’ll talk about it more when it\’s released

DIY NAS story, FreeNAS 9.2.1-BETA

• Another new blog post about FreeNAS!
• \”I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS\”
• Really long article with lots of nice details about his setup, why you might want a NAS, etc.
• Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes

OpenBSD needed funding for electricity.. and they got it

• Briefly mentioned at the end of last week\’s show, but has blown up over the internet since
• OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments
• They needed about $20,000 to cover electric costs for the server rack in Theo\’s basement
• Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations
• From Bob Beck, \”we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation\”
• This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large

This episode was brought to you by

Interview – Colin Percival – cperciva@freebsd.org / @twitter

FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics

Tutorial

Bandwidth monitoring and testing

News Roundup

pfSense talk at Tokyo FreeBSD Benkyoukai

• Isaac Levy will be presenting \”pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments\”
• He\’s also going to be looking for help to translate the pfSense documentation into Japanese
• The event is on February 17, 2014 if you\’re in the Tokyo area

m0n0wall 1.8.1 released

• For those who don\’t know, m0n0wall is an older BSD-based firewall OS that\’s mostly focused on embedded applications
• pfSense was forked from it in 2004, and has a lot more active development now
• They switched to FreeBSD 8.4 for this new version
• Full list of updates in the changelog
• This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no!

Ansible and PF, plus NTP

• Another blog post from our buddy Michael Lucas
• There\’ve been some NTP amplification attacks recently in the news
• The post describes how he configured ntpd on a lot of servers without a lot of work
• He leverages pf and ansible for the configuration
• OpenNTPD is, not surprisingly, unaffected – use it

ruBSD videos online

• Just a quick followup from a few weeks ago
• Theo and Henning\’s talks from ruBSD are now available for download
• There\’s also a nice interview with Theo

PCBSD weekly digest

• 10.0-RC4 images are available
• Wine PBI is now available for 10
• 9.2 systems will now be able to upgrade to version 10 and keep their PBI library

Feedback/Questions

• Sha\’ul writes in: https://slexy.org/view/s2WQXwMASZ
• Kjell-Aleksander writes in: https://slexy.org/view/s2H0FURAtZ
• Mike writes in: https://slexy.org/view/s21eKKPgqh
• Charlie writes in (and gets a reply): https://slexy.org/view/s21UMLnV0G
• Kevin writes in: https://slexy.org/view/s2SuazcfoR

Contest

• We\’ll be giving away a handmade FreeBSD pillow – yes you heard right
• All you need to do is write a tutorial for the show
• Submit your BSD tutorial write-ups to feedback@bsdnow.tv
• Check bsdnow.tv/contest for all the rules, details, instructions and a picture of the pillow.

• All the tutorials are posted in their entirety at bsdnow.tv
• The poudriere tutorial got a couple fixes and modernizations
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Stop commenting on the Jupiterbroadcasting pages and Youtube! We don\’t read those!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Tendresse for Ten | BSD Now 21 first appeared on Jupiter Broadcasting.

We sit down for an interview with Jordan Hubbard, one of the founders of the FreeBSD project – and the one who invented ports! Later in the show, we\’ll be showing you some new updates to the OpenBSD router tutorial from a couple weeks ago. We\’ve also got news, your questions and even our first viewer-submitted video, right here on BSD Now.. the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Getting to know your portmgr

• In this interview they talk to one of the \”Annoying Reminder Guys\” – Erwin Lansing, the second longest serving member of FreeBSD\’s portmgr (also vice-president of the FreeBSD Foundation)
• He actually maintains the .dk ccTLD
• Describes FreeBSD as \”the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community.\”
• In the next one they speak with Martin Wilke (miwi@) which is strange since he\’s \”on hiatus\” + hasn\’t done anything in a long time
• The usual, \”what inspires you about FreeBSD\” \”how did you get into it\” etc.

vBSDCon wrap-up compilation

• Lots of write-ups about vBSDCon gathered in one place
• Some from OpenBSD guys
• Some from FreeBSD guys
• Some from RootBSD
• Some from iXsystems
• Some from Verisign
• And of course our own wrap-up chat in BSD Now Episode 009

Faces of FreeBSD

• This week they talk to Gábor Páli from Hungary
• Talks about his past as a game programmer and how it got involved with FreeBSD
• \”I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use.\”
• He\’s been contributing since 2008 and does lots of work with Haskell in ports
• He also organizes EuroBSDCon and is secretary of the FreeBSD Core Team

Dragonfly 3.6 released

• dports now default instead of pkgsrc
• Big SMP scaling improvements
• Experimental i915 and KMS support
• See our interview with Justin Sherrill if you want to hear (a lot) more about it – nearly an hour long
• Matt Dillion’s comments

ZFS TRIM bug on FreeBSD -CURRENT r258632

• Do not upgrade to or past 258632, there is a ZFS TRIM bug that could result in data loss
• If you have already upgraded, disable TRIM with vfs.zfs.trim.enabled=0 immediately
• Roll back to a previous kernel, and then scrub your pool
• A fix is expected shortly

Interview – Jordan Hubbard – jkh@freebsd.org / @omgjkh

FreeBSD\’s founding and future

Tutorial

Building an OpenBSD router, part 2

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.
• A few weeks back we showed you how to build a high performance BSD router
• Lots of work has been done to clean up and reorganize it, it\’s cut up into sections now, also has a new section about power saving
• It\’s been updated for \”switchless\” operation, using a virtual ethernet interface and some bridging magic (special thanks to Ryan for helping me test that)
• This updated guide will show you how to do an all-in-one router to replace your consumer one without any additional hardware
• We\’ll also showcase some extras – the email alerts, errata checking script and SSH/Tor tunnels
• The errata script now auto-detects if you\’re running -release, -stable or -current and acts accordingly; can automatically patch your source code and alert you

News Roundup

pfSense 2.1 on AWS EC2

• We now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)
• In keeping with the community spirit, they’re also offering a free \”public\” AMI
• Check the FAQ and User Guide on their site for additional details
• Interesting possibilities with pfSense in the cloud

Puffy on the desktop

• Distrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review
• They talk about using it on the desktop, how to set it up
• Very long write-up, curious Linux users should give it a read
• Ends with \”Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn\’t mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave\”

Two-factor authentication with SSH

• Blog post about using a yubikey with SSH public keys
• Uses a combination of a OTP, BSDAuth and OpenBSD\’s login.conf, but it can be used with PAM on other systems as well
• Allows for two-factor authentication (a la gmail) in case your private key is compromised
• Anyone interested in an extra-hardened SSH server should give it a read

PCBSD weekly digest

• 10.0 has approximately 400 PBIs for public consumption
• They will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree – please help test them, this is pretty big news in and of itself!
• PCDM is coming along nicely, more bugs are getting fixed
• Added ZFS dataset options to PCBSD’s new text installer front-end

Feedback/Questions

• Ben writes in: https://slexy.org/view/s2ag1fA7Ug
• Florian writes in: https://slexy.org/view/s2TSIvZzVO
• Zach writes in: https://slexy.org/view/s20Po4soFF
• Addison writes in: https://slexy.org/view/s20ntzqi9c
• Adam writes in: https://slexy.org/view/s2EYJjVKBk
• Adam\’s BSD Router Project tutorial can be downloaded here.

• Lots of links in today\’s show notes, check them out. All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you have stories about how you or your company uses BSD, interesting things you\’ve done, crazy network stories or cool projects, send them to us!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: the FreeBSD foundation\’s year-end donation is going on, please help out if you can. Happy Thanksgiving!

The post Bridging the Gap | BSD Now 13 first appeared on Jupiter Broadcasting.

A compromise at Apple turns Mike’s week upside down. Reeling from the setback we dig into Mike’s concerns with Canonical’s crowd sourced Ubuntu Edge phone.

Why we\’re a bit dismayed at Firefox OS’ attempts to kill the app store…

And we answer your hard questions.

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• ZOMG, MIKE! Crypto is NOT broken… except that it is….
• Patrick’s Email
• Kyle was inspired by our Pomo love and wrote this web app
• Cary’s email: [In defense of Apple(https://slexy.org/view/s216d3rIzI)
• David is working on a project for a school system and though the law does not require that he encrypt the data itself in the database (make it not human readable that is) he wonders if he should anyway.
• Matty’s email: Could talk about \”environments\”
• Chris asks if we believe that devs who focus on langs that are run by corps are hurting their careers long term.
• Isak’s email: Working on a Game

Dev World Hoopla

• Apple Dev Center Down

• Apple Developer Website Hacked: Developer Names, Addresses May Have Been Taken

In an email to developers today, Apple revealed that its Developer Center website was breached by unknown hackers and was taken offline last Thursday as a precaution.

• UPDATE: Turkish hacker posts video of Apple Dev Centre breach | ITProPortal.com

\”This is definitely not an hack attack. I have reported all the bugs I have found to the company and waited for approval. I am being accused of hacking but I have not given any harm to the system and i did notwanted to damage [sic],\” writes the user Ibrahim Baliç.

He has since told the Guardian, \”My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it.\”

• FireFox wants to kill App Stores

• How Firefox OS plans to kill — not reinvent — the app store | VentureBeat

\”In essence, with Firefox OS, we made app discovery as easy as browsing the web, and we give you a very good reason to brush up the mobile optimised web sites you already have on the web,\” writes Mozillan Chris Heilmann on the company blog.

• Ubuntu Edge | Indiegogo

In the car industry, Formula 1 provides a commercial testbed for cutting-edge technologies. The Ubuntu Edge project aims to do the same for the mobile phone industry — to provide a low-volume, high-technology platform, crowdfunded by enthusiasts and mobile computing professionals.

Tool of the Week

[asa]B005JN9310[/asa]

Hard Drives for Jupiter:

• Hard Drives for Jupiter

Follow the show

• Email the show
• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Sour Apple | CR 59 first appeared on Jupiter Broadcasting.

From text editors and compilers to Project management tools Mike shares his toolchain for getting projects done.

But we start with fending off the trolls, trouncing Chris over the OYUA, and struggling with nuances of an open sources ASP.NET.

Plus defending a dev underfire for speaking his mind, and we answer a batch of your emails.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes —

Feedback

• Jeramy writes:

“Michael failed to mention that Microsoft released ASP.NET to the open source community and now ASP.NET can be run on any server with any database management system.”

• John shares his sister’s web-based calendar: www.keilascode.com
• Folks love the SNES generation

Hoopla

• Aaron Seigo – Google+ RE: In Canonical\’s recent announcement

• Heroku | Cloud Application Platform

Pick of the week

[asa]B002KO9JB0[/asa]
[asa]B001HBCVX0[/asa]

Tool of the week

• Ruby Mine

Follow the show

• Email the show
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Gandalf the Whiteboard | CR 37 first appeared on Jupiter Broadcasting.

The guys attempt to answer when to sunset a project, Github calls you stupid, and is depending on other software that can’t last forever simply kicking the can down the road?

Plus taking on too many projects at once, your feedback, Mike’s pick of the week, and more!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Show Notes:

Feedback

• Notbryant is taking “Intro to Software Engineering” and is learning about project management and asks for “any advice on not being an evil PM”
• Jimmy has a problem:

“I tend to get too serious about too many projects at the same time.
Any advice would be greatly appreciated. I was already working on porting an application, almost at completion, but now my Raspberry Pi has arrived. Sigh.”

Also wants to share his blog

The End

• Software doesn’t last forever.
• 1 Year, 2 Years, 3 Years
• “Sun-setting” a project

Book of the Week

[asa]078214327X[/asa]

Tool of The Week

• SmartGitHg

Follow the show

• Email the show
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post GitHub Calls You Stupid | CR 34 first appeared on Jupiter Broadcasting.

Chris, Mike, and special guest Ben Morse take a look at startup life and everything that comes with it.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Show Notes:

Feedback

• Mihaela writes in to share her love of Delphi and also reccomend that I take a look at C++ builder and Dev Expresses add ons for Windows apps.
• Bill shares some interesting Ubuntu related info — apparently Ubuntu charges for apps.Ubuntu API
• Brian asks that we cover software licences.
• Tim’s email Contracting vs Full Time?

• Cole writes in asking about what tools for design are commonly used in the iOS development space. He also asks about open-source Objective-C as a way to make up for the ‘sin of Mac’

• Code Journal

Starting up!

If it’s ok, I’d like to introduce the book pick first, as an ice breaker for the startup life topic

• Key Lean Startup Principles:
• MVP, and Concierge MVP

• Leap of Faith assumptions
  +Build, Measure, Learn feedback loop.

• Engine of Growth

• Improving innovation ( start w/ baseline, then improve ) / cut
• Virality Constant / cut

• Piviot / cut

• Equity and paperwork

• Out Sourcing vs Building a team
• Being an architect
• Choosing a technology stack
  • Fundraising

Book of the Week

[asa]0307887898[/asa]

Tool of the Week

• Tortoise Git

Follow Ben:

• joynme
• joynme on Twitter
• Ben on Twitter

Follow the show

• Email the show
• Live Monday 9am PDT
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post The Modest Rockstar | CR 20 first appeared on Jupiter Broadcasting.

It was a tough week for the cloud, we’ll run down the list and summarize what happened to the services we all depend on so much!

Plus a big batch of your questions, our answers, and a rocking round-up!

All that and a lot more, on this week’s TechSNAP.

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show: