HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Frank Karlitschek | Twitter

Founder of Nextcloud, founder of ownCloud, Free Software Developer, former KDE e.V. board member, photographer and founder of openDesktop .org

Nextcloud scanning people’s owncloud and nextcloud instances for security vulnerabilities.

• Security Holes: German Parties and Ministries Vulnerable To Hacking Attacks

“While researching the product versions being used, his employees noticed that many customers were using disturbingly old software in order to store their data on the web. Karlitschek then informed the Cert emergency team at BSI. He says it was clear to him after the politically motivated hacker attacks in the U.S. that this was also “an explosive issue.”

• Nextcloud Security Scan Results

• Someone scans the internet for NC/OC instances – hosting – Nextcloud community

• Nextcloud releases security scanner to help protect private clouds – Nextcloud

While developing the security scanner we had a look at the state of security of private cloud servers online. Many administrators might not be aware how easy it is to get a list of servers on the web! Services like shodan.io provide the ability to search for specifics and it is simple to get a list of tens of thousands of instances and look at them.

• Nextcloud scanning people’s owncloud and nextcloud instances for security vulnerabilities and alerting “security organizations” about vulns. : selfhosted

Reporting that information to a third party after that is pretty hard to justify in my mind regardless of whatever ‘greater good’ argument you can make regarding internet security. That is simply not the way white hats work. You can’t report vulnerabilities to a third party without trying to contact the party in question first.

This is doubly important because it appears you picked up some residential users by accident. Nearly everyone on this sub does /r/selfhosted because they don’t like third parties to hold their info. The whole idea of a private cloud to protect privacy is the #1 selling point on your own website. On top of the privacy concerns, nearly every home user running nextcloud is doing so against their ISPs TOS. That makes the privacy issues doubly important because they could lose the ability to host their cloud altogether.

EDIT: I’d like to further add, that the integrity of an OSS project is entirely dependant on trusting the devs. Very few people have the time of skill to go through all the code themselves and so trusting OSS is akin to trusting the devs that run the show. If we can’t trust the devs, it may as well be closed source. Again, especially in this sub, there is a reason people like to use OSS. It’s pretty hard to justify using nextcloud if people can’t trust the devs to be open and transparent.

— PICKS —

Runs Linux

Gemini PDA Android & Linux keyboard mobile device

Planet Computers introduces the Gemini PDA from Planet Computers on Vimeo.

Gemini is an ultra-thin clamshell mobile device with fully integrated tactile QWERTY keyboard, that fits in your pocket. Designed for Android, it also features a dual boot Linux option. Gemini is fully equipped with 4G, WiFi & Bluetooth enabling both data communications and mobile phone calls.

Desktop App Pick

Tweet Nest

A browsable, searchable and easily customizable archive and backup for your tweets

Distro of the Week

Plasma 5 ISO Update March

View post on imgur.com

We are proud to announce a fresh new Update for our Plasma 5 version of Neptune 4.5.

This version brings the latest and greatest of the Plasma 5 world to you. This includes Plasma 5.8.5 together with the desktop fix for contextmenu aswell as Dolphin 16.12.2, Kdenlive 16.12.2, Chromium 56, Icedove 45.6.

— NEWS —

Libreboot calls on AMD to release source code and specs on new Ryzen platforms

Just imagine what would happen if AMD started to produce cheap, affordable
libre hardware, to the point where Libreboot could start supporting newer systems
from AMD. The possibilities are endless! People would jump towards AMD
and AMD’s sales would go through the roof, while we in the libre hardware
community would finally have systems from a manufacturer that cares for
our freedoms to use our computers without proprietary software.

Firefox 52 Released with WebAssembly Support, Enhanced Sync

Firefox drops NPAPI support in this release (a change we’ve known about for a long time) for everything bar Adobe Flash. While this sounds trivial it does mean that GNOME users can’t install GNOME extensions from the GNOME Extensions website using Firefox as-is, as of this release.

• Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP • The Register

The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and Acrobat are gone, daddy, gone.

• GNOME Shell integration – Chrome Web Store

Chrome OS Has Double the Marketshare of Regular Linux in USA

Chrome OS usage is up by over 50% compared to the previous year, when the thin-client OS hit a then-high of 2.02%.

Feedback:

Mail Bag

Laptop Reviewed on LAS – Sold on Ebay

Hi Noah! This isn’t really a question about the product. I just wanted to contact you. It’s hilarious because in the LAS episode, you were asked how and when do you run into LAS fans… well, here I am!

I’ve been on the market for an x260 since you unveiled your purchase in LAS episode 422, so I was shocked and excited to see the first great priced one I came across (fully equipped with WWAN too!) that wasn’t 720p belonged to you! Happy to be buying from you! Even more happy to escape 4GB of ram soldered and be able to use GNS3 on my laptop without sweating

Please be sure to mention your impressions of the X270 on LAS if you get the chance I also have two requests if you don’t mind:

1. Please keep the LAS sticker on the windows key!

2. You don’t need to load windows on it, if you haven’t already! 100% Linux here.

The laptop remains as pure as the day you got it and installed Linux without a single boot into Windows! That’s good news

I’ll make a post on /r/linuxactionshow when I receive the laptop

p.s. I find it quite funny that the laptop is priced the same as the Galago Pro 13″ starting price Even though you posted this before SCALE.

-Mark

• Name Stefan

• Subject New Format Feedback

• Message:

Hey there Chris and Noah,

First and foremost: I love the show, keep up the great work.

In my opinion the new show format is perfect for attracting new viewers, because there is nothing more disappointing on youtube than clicking on a video and having to listen trough like 40 min of random stuff before you get to the the actual information you want to hear about.

That said, I also have an Idea for the show notes (and yes I know this is a lot of work, but it would be very convenient for the viewers): timestamps for different topics during the show like “Bad Voltage” (https://www.badvoltage.org/2017/02/23/2×04/) does.

e.g. [00:14:22] Disassembled: Gitlab…

So if I wanted to listen to the Gitlab story first I could skip to that time, or if I don’t want to hear > about Gitlab on yet another Podcast I could skip to the next timestamp.

Just to be clear, I don’t want to tell you how to publish your Podcast, I’m just saying it would be convenient.

Also, an idea for an app pic:

Because I know you guys love CLI tools: Pandoc (https://pandoc.org/)
Pandoc is for text what ffmpeg is for audio/video or imagemagic is for pictures
It translates every text format you’ll ever use into every other text format you’ll ever want. You could even convert HTML to epub (gigantic wikipedia pages into eBooks)

Cheers
Stefan aka thefenriswolf

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Altispeed Technologies
• System76 – system76

The post NextCloud's Can of Worms | LAS 460 first appeared on Jupiter Broadcasting.

The founder of ownCloud joins us to discuss their latest release, future plans and challenges. And we’ll ask a batch of the tough questions you sent in.

Then we take a look at CRUX, a legendary Linux distribution with an amazing history. Plus an app pick that will instantly tickle your retro bone, a cautious tale…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

CRUX Linux Review:

Brought to you by: System76

• Today we’re kicking off our most substantial Ubuntu computer sale of the year.…

About: Crux

CRUX is a lightweight Linux distribution for the x86-64 architecture targeted at experienced Linux users. The primary focus of this distribution is keep it simple, which is reflected in a straightforward tar.gz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages. The secondary focus is utilization of new Linux features and recent tools and libraries. CRUX also has a ports system which makes it easy to install and upgrade applications.

In short, CRUX might suit you very well if you are:

• A somewhat experienced Linux user who wants a clean and solid Linux distribution as the foundation of your installation.
• A person who prefers editing configuration files with an editor to using a GUI.
• Someone who does not hesitate to download and compile programs from the source.

History of CRUX

• Started May 2000
• No public releases made during this time
• A strong community by 2002, and was responsible for working together and adding important package management features to the distro.

• CRUX was built from scratch and has never been based on any other Linux distribution.

• Tracked by Distrowatch since 2002-01-14

CRUX vs Arch

• Before creating Arch, Judd Vinet admired and used CRUX; a minimalist distribution created by Per Lidén. Originally inspired by ideas in common with CRUX and BSD, Arch was built from scratch, and pacman was then coded in C.
• Arch and CRUX share some guiding principles: for instance, both are architecture-optimized, minimalist and K.I.S.S.-oriented.
• Both ship with ports-like systems, and, like *BSD, both provide a minimal base environment to build upon.
• Arch features pacman, which handles binary system package management and works seamlessly with the Arch Build System. CRUX uses a community contributed system called prt-get, which, in combination with its own ports system, handles dependency resolution, but builds all packages from source (though the CRUX base installation is binary).
• Arch officially supports x86_64 and i686 only, whereas CRUX officially offers only x86_64.
• Arch uses a rolling-release system and features a large array of binary package repositories as well as the Arch User Repository. CRUX provides a more slimmed-down officially supported ports system in addition to a comparatively modest community repository.

CRUX 3.1 Released July 17th 2014

Toolchain updates

CRUX 3.1 comes with a multilib toolchain which includes glibc 2.19.0, gcc 4.8.3 and binutils 2.24

Kernel

Linux 3.12.24

Xorg

CRUX 3.1 ships with Xorg 7.7 and xorg-server 1.15.1.

CRUX Install:

• Very Manual.

Packages in CRUX

The package system (pkgutils) is made with simplicity in mind, where all packages are plain tar.gz files (i.e. without any kind of meta data).

When a package is installed using pkgadd a new record is added to the package database (stored in /var/lib/pkg/db). The basic package system does not have any kind of dependency checking, thus it will not warn you if you install a package that requires other packages to be installed. The included prt-get tool, however, does support dependencies.

Since the package file itself does not contain any meta data. Instead, the package manager uses the package filename to determine the package name and version.
Thus, when installing a package file named bash#2.05-1.pkg.tar.gz, the package manager will interpret this as a package named bash at version 2.05-1.

If pkgadd is unable to interpret the filename (e.g. # is missing or the filename does not end with .pkg.tar.gz) an error message will be printed and pkgadd will abort without installing the package.

Package management frontend: prt-get

To address the different requirements towards package management in CRUX, a number of users started discussion about an advanced package management frontend to pkgutils, with dependency handling and support for large install transactions. The result of this community effort is prt-get, a tool which provides a number of features on top of pkgutils while keeping pkgutils’ original character and power. Its main features are

• Dependency handling
• Build logging
• Powerful search and query functionality

Nowadays prt-get is an official project and tool of the CRUX project.

The Ports System

The term Ports System refers to a remote repository containing ports and a client program capable of downloading ports from that repository. CRUX users use the ports(8) utility to download ports from the repository and place them in /usr/ports/. The ports utility uses rsync(1) or httpup(1) to do the actual downloading/synchronization.

A port is a directory containing the files needed for building a package using pkgmk. This means that this directory at least has the files Pkgfile (which is the package build description) and .footprint (which is used for regression testing and contains a list of files this package is expected to contain once it is built). Further, a port directory can contain patches and/or other files needed for building the package. It is important to understand that the actual source code for the package is not necessarily present in port directory. Instead the Pkgfile contains an URL which points to a location where the source can be downloaded.

Have a Question about CRUX? Ask one of the Devs!

— PICKS —

Runs Linux

The Future of Desktop Computing? – Computerphile – YouTube

Tablets are taking over from desktop computing but what if we merge the two? This prototype demonstrates something new, that builds upon something centuries old – working with paper on your desk.

• How To Install and Configure Syncthing to Synchronize Directories on Ubuntu 14.04 | DigitalOcean

Desktop App Pick

cool-old-term

• ‘cool-old-term’: This retro styled Terminal Emulator could be the coolest we’ve seen yet! | Tech Drive-in

Developed by Swordfish’s Labs, cool-old-term is a terminal emulator which tries to mimic the look and feel of the old cathode tube screens. It has been designed to be eye-candy, customizable, and reasonably lightweight.

Weekly Spotlight

Toxic

Toxic is a Tox-based instant messaging client which formerly resided in the Tox core repository, and is now available as a standalone application.

.

qTox

Powerful Tox client that tries to follow the Tox UI mockup while running on all major systems.
This GUI uses code from @nurupo’tos ProjectTox-Qt-GUI, in particular the “Core” Toxcore wrapper.
However, it is not a fork.

Features

• One to one chat with friends
• Group chats
• File transfers, with previewing of images
• Audio calls
• Video calls (alpha)
• Tox DNS
• Translations in various languages

Missed any of our OSCON 2014 Interviews? Here’s each interview broken out and added to an OSCON Playlist

— NEWS —

OpenSUSE Factory Turns Into Rolling Release Distribution

OpenSUSE Factory will still serve where openSUSE development takes place, but it’s also going to aim for being a distribution on its own as a “tested and stable fresh-daily bleeding-edge distribution.”

Fedora security team is announced

== What are we doing? ==

The Security Team’s mission is to assist packagers in closing security vulnerabilities. Once alerted to a
vulnerability on a package, the security team can help work with upstream to obtain a patch or a new release
of a package. Once we have a patch or a new release we attach it to the vulnerability bug and work with
packagers to get the fix pushed.

== How bad is the problem now? ==

As of a few days ago we had 566 open vulnerability tickets that cover both Fedora and EPEL. The breakdown of
those bugs by severity looks like this:

• Critical: 3
• Important: 69
• Moderate: 366

• Low: 128

• Answering questions regarding the Fedora Security Team | Sparks’ Open Source and Security Journal

Fedora 21 Has Been Delayed By Three Weeks

At Wednesday’s Fedora Engineering and Steering Committee it was agreed upon to push back the entire release process by three weeks. This three weeks is to give additional time to finish outstanding work prior to the changes freeze and for also then working around Fedora’s “Flock” contributor conference.

Fedora 21 will not be officially released now until at least 4 November while the alpha release is at 26 August, beta release on 30 September, and the final change deadline on 21 October. The updated Fedora 21 schedule can be found via this Fedora Wiki page.

OMG! Fedora is just getting a security team? Does this mean Fedora has been insecure this entire time?!?

Umm, no, it doesn’t mean that Fedora has been insecure this entire time. In all actuality Fedora is in pretty good shape overall. There is always room for improvement and so we’re organizing a team to help facilitate that improvement.

XBMC Is Getting a New Name – Introducing Kodi 14

We are excited to announce that the media center software we’ve all loved for so many years will have a new name, starting with version 14. Instead of XBMC 14, we’d like to introduce you to Kodi 14.

ownCloud 7 Released With more Sharing And Control | ownCloud.org

ownCloud 7 Community Edition has significant feature improvements for users, administrators and developers.

• ownCloud 7 Released With more Sharing And Control | ownCloud.org

Questions for Frank:

• What brought about Server-to-Server syncing, and how close to real time is that syncing?

• Sleepee asks: Any plans for better auditing on who shared filed. He’s working in an Enterprise, and the management would like some records.

• Seal20 asks: I could not find anyway to replace the last closed and evil tool: evernote. I hate it but I couldn’t switch to any other free alternative. Do you plan do include an evernote alternative somewhere down the road?

• Seal20 also asks: What about an “owncloud phone” you could rip off an android os from all google or even better start from a firefox os and include all owncloud related apps: cal/carddav sync, owncloud news, sync apps, etc! I and i am sure others will surely pay a premium for this!

• pierre4l asks: I wonder whether the focus of OwnCloud is going to be home users wanting to set up their personal cloud servers, or whether it is veering more to the enterprise deployments. Or is it trying to be a solution for all?

• OwnCloud apps seems to be really growing. Where do you see OwnCloud apps going? Even casual games on apps.ownCloud.com

• autodidactos: I know there are two email client apps available (roundcube and rainloop) but neither seem to be as integrated as an official client would be. Are there any plans for an official OwnCloud email client?

— FEEDBACK —

• More info about the soccer robots

• Can Arch Be used as a Workstation?

• Alt to Attic – Sam

• The All New Oculus Rift Development Kit 2 (DK2) Virtual Reality Headset

— CHRIS’ STASH —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— MATT’S STASH —

• Check out LINUX Unplugged
• Matt’s Articles
• Geek And The Gamer

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post ownCloud 7 Interview | LAS 324 first appeared on Jupiter Broadcasting.