Show Notes: linuxunplugged.com/417

The post Run Every Distro At Once | LINUX Unplugged 417 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/375

The post Wrong About Pop! | LINUX Unplugged 375 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/430

The post All Good Things | TechSNAP 430 first appeared on Jupiter Broadcasting.

Show Notes/Links: linuxunplugged.com/274

The post Open Source by Default | LINUX Unplugged 274 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes

• affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64

• The original blog post

• The official advisory

• The following is not a complete list of CVEs found during the research

• The primary CVE

• Some are secondary and directly related CVE

• Some are independently exploitable and related to sudo

The RNC Files: Inside the Largest US Voter Data Leak

• misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC)

• names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.

• exposing the personal information of over sixty-one percent of the entire US population

Dan’s DNS setup

• DNS can be thought of as a phone book
• Once ran a single DNS server at home
• Had both internal (non public) and public hosts in the same zone file
• Moved internal hosts to .int subdomain
• had master/slave in public, but went to svn later
• Held zone files in svn, published them directly to servers

Feedback

• Freenas – Transferring files locally see sysutils/fusefs-ntfs

• Password managers filling in credentials

• Episode 323 Yellow dots give you see also https://en.wikipedia.org/wiki/EURion_constellation

• You cannot turn off Windows 10 Telemetry with a Group Policy

Round Up:

• WannaCry computer worm to North
  Korea

• Rooting a Printer

• Travel (Linux) laptop setup

• FreeNAS 11.0 is Now Here

The post DNS Mastery | TechSNAP 324 first appeared on Jupiter Broadcasting.

Inspired by the Let’s Encrypt project, we break down the basics of SSL & how easy it is to set up on your Linux box now.

Plus hacking GRUB by hitting backspace 28 times, the Linux Foundation wants the Blockchain, without the Bitcoin and their bedfellows are concerning, the steady steps towards cross distro application bundles & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Linux Academy Apache and SSL Self Signed Certificates

Apache and SSL Self Signed Certificates

This course will detail how to install and configure Apache web services to answer for HTTPS connections. In addition, we will show how to generate a key file to use for obtaining a third party certificate and then use that key to generate a full self-signed certificate. Finally, we will configure our SSL VHOST to use that SSL certificate and verify its availability and content serving from an external location.

Let’s Encrypt

What is encryption

Asymmetric vs Symmetric Antenna

Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated.

Asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing. The private key is never exposed. A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key.

Secure Socket Layer

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.

More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.

Let’s Encrypt

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands.
No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let’s Encrypt provides certificates for free, no need to arrange payment.

This page describes how to carry out the most common certificate management functions using the Let’s Encrypt client. You’re welcome to use any compatible client, but we only provide instructions for using the client that we provide.

The key principles behind Let’s Encrypt are:

• Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate
  at zero cost.
• Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
• Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
• Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
• Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

• Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

• Welcome to the Let’s Encrypt client documentation! — Let’s Encrypt 0.2.0.dev0 documentation

• Caddy 0.8 Released with Let’s Encrypt Integration

Today, I’m very excited to announce Caddy 0.8! It features automatic HTTPS, zero-downtime restarts, and the ability to embed Caddy in your own Go programs.

— PICKS —

Runs Linux

George’s Hacked Acrua, Runs Linux

He’s been keeping the project to himself and is dying to show it off. We pace around the car going over the technology. Hotz fires up the vehicle’s computer, which runs a version of the Linux operating system, and strings of numbers fill the screen. When he turns the wheel or puts the blinker on, a few numbers change, demonstrating that he’s tapped into the Acura’s internal controls.

Desktop App Pick

Nuvola Player

Nuvola Player is a runtime for web-based music streaming services providing more native user experience and integration with Linux desktop environments than usual web browsers can offer. It tries to feel and look like a native application as possible.

Sent in by Rikai

Weekly Spotlight

GDriveFS

GDriveFS is an innovative FUSE wrapper for Google Drive developed under
Python 2.7.

DOUBLE SPOTLIGHT

Block Spoilers for Star Wars

Force Block is safer than ever! Now, in addition to our standard pattern matching logic which requires a critical mass of related keywords to initiate a block, we’ve added a handful of instant-blocking keyphrases, sourced from people who have seen the film via early screenings. One of our engineers took one for the team punching those in! Ironic, he could save others from spoilers… but not himself.

— NEWS —

You Can Break Into a Linux System by Pressing Backspace 28 Times. Here’s How to Fix It

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware. Fortunately, Marco and Ripoll have made an emergency patch to fix the Grub2 vulnerability. Ubuntu, Red Hat, and Debian have all issued patches to fix it as well.

Linux is often thought of as a super secure operating system, but this is a good reminder to take physical security just as seriously as network security (if not more). Take extra care when your machine is around people you don’t know, especially if your system has sensitive data on it.

Description

A vulnerability in Grub2 has been found. Versions from
1.98 (December, 2009) to 2.02 (December, 2015) are affected.
The vulnerability can be exploited under certain circumstances,
allowing local attackers to bypass any kind of authentication
(plain or hashed passwords). And so, the attacker may take
control of the computer.

Grub2 is the bootloader used by most Linux systems including
some embedded systems. This results in an incalculable number
of affected devices.

As shown in the picture, we successfully exploited this
vulnerability in a Debian 7.5 under Qemu getting a Grub
rescue shell.

Am I vulnerable ?

To quickly check if your system is vulnerable, when the Grub
ask you the username, press the Backspace 28 times. If
your machine reboots or you get a rescue shell then your
Grub is affected.

Impact

An attacker which successfully exploits this vulnerability will
obtain a Grub rescue shell. Grub rescue is a very powerful shell
allowing to:

• Elevation of privilege: The attacker is authenticated
  without knowing a valid username nor the password. The
  attacker has full access to the grub’s console (grub
  rescue).

• Information disclosure: The attacker can load a
  customized kernel and initramfs (for example from a USB) and
  then from a more comfortable environment, copy the full disk
  or install a rootkit.

• Denial of service: The attacker is able to destroy
  any data including the grub itself. Even in the case that the
  disk is ciphered the attacker can overwrite it, causing a
  DoS.

Linux Foundation assembles gang to build a better Blockchain

The Linux Foundation has decided the time is right to apply its special brand of collaboration to the Blockchain, the distributed ledger technology behind Bitcoin and other cryptocurrencies.

The Foundation is talking up the blockchain as a supply-chain enhancer and electronic-transaction-speeder-upper, thanks to its provision of a distributed ledger that has no central point of control and therefore allows secure peer-to-peer information exchange.

Big companies desperately hoping for blockchain without Bitcoin is exactly like 1994: Can't we please have online without Internet??

— Marc Andreessen (@pmarca) December 18, 2015

• Wall Street’s New Distributed Ledger Blockchain | PYMNTS.com

there’s a big group of backers in the financial, tech and business industries that have taken the next step to making blockchain move forward without ties to bitcoin.

But as Webster pointed out in her column, “if we kill bitcoin that means we will also kill and bury the blockchain since bitcoin is what keeps the blockchain alive.” Because bitcoin is the method of transport used by the blockchain to move data between the miners, there’s a case for why bitcoin’s blockchain has stuck around.

But big banks like JPMorgan, along with the support of IBM and Intel want to bury that vision and resurrect their own vision for what they envision to be a more productive use case for the concept of a distributed ledger. This is like a blockchain, but sans the bitcoin.

The goal of the Open Ledger Project is not to work in the cryptocurrency space, but rather to leverage the technology behind the distributed ledger in order to streamline business tools that enable transactions and documents to move between parties faster. Another goal of the project would be to create open ledgers that can decide who can access that ledger.

XDG-App Continues Maturing For GNOME App Sandboxing

XDG-App has made much progress and is found in a “tech preview” state for GNOME 3.18 but it’s not until GNOME 3.20 and later where things will get more interesting. Alexander Larsson has provided a “Christmas 2015” update concerning the project for GNOME sandboxing.

Google’s killing Chrome support for 32-bit Linux, Ubuntu 12.04, and Debian 7

In an update posted to the Chromium-dev mailing list, Google’s Dirk Pranke wrote:

“To provide the best experience for the most-used Linux versions, we will end support for Google Chrome on 32-bit Linux, Ubuntu Precise (12.04), and Debian 7 (wheezy) in early March, 2016. Chrome will continue to function on these platforms but will no longer receive updates and security fixes.

We intend to continue supporting the 32-bit build configurations on Linux to support building Chromium. If you are usingPrecise, we’d recommend that you to upgrade to Trusty.”

Feedback:

Brought to you by: System76

• https://slexy.org/view/s20p9vkcTi

• https://slexy.org/view/s21mtiOvGQ

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Friday:

• https://jblive.tv
• Network Calendar

The post Let's Encrypt: A New Hope | LAS 396 first appeared on Jupiter Broadcasting.

Who doesn’t like a good party? Some folks will tell you that Linux is boring, or for geeks. This week we’ll show you how you can have a very loud and bright time with Linux.

Plus Valve officially pins down a Steam Machine launch date. More encryption for Linux, and did the CHIP guys underestimate the cost of their $9 computer?

Plus some great feedback, some helpful app picks & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Party With Linux

+Linux Compatible DMX Interface

Brought to you by: System76

— PICKS —

Runs Linux

• Train Ad Sensor Runs Linux

Video of ad system that uses a raspberry pi to sense when a train is coming so that it can start playing a specific part of an ad.

Sent in by Dumitru V.

Desktop App Pick

• Q Light Controller Plus

QLC+ is a fork of the great QLC project written by Heikki Junnila. This project aims to continue the development of QLC and to introduce new features.
The primary goal is to bring QLC+ at the level of other lighting control commercial softwares

• Controls an arbitrary number of universes, 512 DMX channels each
• Fixture editor to create and customize fixtures
• 440+ ready made fixtures
• Web access for remote control
• Input/Output plugins to support a wide variety of hardware and software
• MIDI Input / Output and Feedbacks (for devices with motorized faders)
• MIDI support of Notes, Control Change, Program Change and Beat clock
• Virtual Console to get the best while performing live shows
• Quick access to 750+ gobos, color presets, RGB values, thanks to the Click And Go technology
• Simple Desk for manual DMX channels control
• Multitrack Show editor for offline desk programming
• Audio input/output support
• Import/export fixtures list
• Channels groups
• Fixture remapping
• ArtNet and E1.31 native input/output plugin
• OSC input/output/feedback plugin
• DMX4ALL StageProfi and FX5 DMX USB support
• Dump DMX values into scenes/chasers
• Look & feel based on the Humanity icon theme

Weekly Spotlight

+SSHFS

T his is a filesystem client based on the SSH File Transfer Protocol. Since most SSH servers already support this protocol it is very easy to set up: i.e. on the server side there’s nothing to do. On the client side mounting the filesystem is as easy as logging into the server with ssh.

• Based on FUSE (the best userspace filesystem framework for linux
• Multithreading: more than one request can be on it’s way to the server
• Allowing large reads (max 64k)
• Caching directory contents

Jupiter Broadcasting Meetup

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Steam Machine Launch Date

November 10, 2015: May it forever be known as “Steam Day”—the day Valve will officially unleash its suite of Steam Machines, Steam Link, SteamOS, and the Steam Controller. Sure, it’s almost exactly a year later than anticipated, but…well, if you want one, this is when you can get one. Officially.

“Unofficially,” you can get a Steam Machine and Steam Controller as early as October 16, provided you’re in the market for Alienware’s model. Preordering through GameStop ensures you’ll receive Alienware’s Steam Machine (which Valve previously referred to as “a console that encapsulates the full potential of what a Steam Machine should be”) almost a month early.

HP Enterprise will be all-in

What’s the latest enterprise IT company to proclaim its love of open source? HP, that’s who – or, more specifically, Hewlett Packard Enterprise, one of two companies that will emerge once HP splits this November.

Speaking at the HP Discover conference in Las Vegas this week, CTO Martin Fink said open source will be central to how HP’s enterprise incarnation conducts its business.

“We have taken this very, very seriously and we are all-in on the notion of open source,” Fink said, adding that even game-changing big bets like the Machine will be backed by open source software.

“I want to stress something here: It is not called HP Grommet. It is called Grommet,” Fink said. “It is HP’s contribution to the IT industry to bring consumer-grade capabilities with an enterprise user experience framework so that all of you can take advantage of it.”

Dell Inspiron 14 Ubuntu Review

I ‘ve been using this new Ubuntu notebook from Dell for a couple days, and overall, I’m pretty happy. For a $299 computer (that’s list price, I got mine for $249), it has reasonably good specs, looks nice, and performs about like you would expect considering the hardware and price.

Easy Risk Free Encrypted Colab released for LINUX

Tresorit protects the files you never want leaked or lost.
Work with your most sensitive documents without second thoughts. Use Tresorit to keep control – even when you share with coworkers, clients or vendors

• End-to-end encryption
• Proven Security
• Swiss Privacy
• Encrypted Backup
• Certified secure datacenters
• Up to 1TB encrypted storage

Chip to be $20 not $9

Allwinner confirmed R8 just SOC cost $4.80 but this makes not much sense either this is the price of A33 quad core SOC why they price so expensive obsolete A13 Cortex-A8 SOC???

On my question how then Next Thing Co. sell this computer for $9 Allwinner response is:

“CHIP 9$ computer launched a big advertising campaign to promote their new development board, their actual cost is higher than 9$. After the Kickstarter their computer will sell for 39$.”

So, sorry guys to break your dreams for 1Ghz SOCs costing $1, maybe in future this would be possible, but not now.

— FEEDBACK —

• https://slexy.org/view/s21KDjHKHH
• https://slexy.org/view/s2ASJK9erM

• https://slexy.org/view/s21wgTEAdk

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Party with Linux | LAS 368 first appeared on Jupiter Broadcasting.

We sit down to chat with Justin Sherrill of the DragonflyBSD project about their new 3.6 release. Later on, we\’ll be showing you a huge tutorial that\’s been baking for over a month – how to build an OpenBSD router that\’ll destroy any consumer router on the market! There\’s lots of news to get caught up on as well, so sit back and enjoy some BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenSSH 6.4 released

• Security fixes in OpenSSH don\’t happen very often
• 6.4 fixes a memory corruption problem, no new features
• If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
• Disabling AES-GCM in the server configuration is a workaround
• Only affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9\’s base OpenSSL is unaffected, for example)
• Full details here

Getting to know your portmgr-lurkers

• Next entry in portmgr interview series
• This time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously
• Lots of questions ranging from why he uses BSD to what he had for breakfast
• Another one was since released, with Antoine Brodin aka antoine@

FUSE in OpenBSD

• As we glossed over last week, FUSE was recently added to OpenBSD
• Now the guys from the OpenBSD Journal have tracked down more information
• This version is released under an ISC license
• Should be in OpenBSD 5.5, released a little less than 6 months from now
• Will finally enable things like SSHFS to work in OpenBSD

Automated submission of kernel panic reports

• New tool from Colin Percival
• Saves information about kernel panics and emails it to FreeBSD
• Lets you review before sending so you can edit out any private info
• Automatically encrypted before being sent
• FreeBSD never kernel panics so this won\’t get much use

Interview – Justin Sherrill – justin@shiningsilence.com / @dragonflybsd

DragonflyBSD 3.6 and the Dragonfly Digest

Tutorial

Building an OpenBSD Router

• Replace your crappy consumer router with a custom-built one
• Uses the pf firewall and other built-in OpenBSD utilities
• Very secure, built entirely on top of open source software
• Puts YOU in control of your network

News Roundup

BSD router project 1.5 released

• Nice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router
• It\’s an alternative to pfSense, but not nearly as well known or popular
• New version is based on 9.2-RELEASE, includes lots of general updates and bugfixes
• Fits on a 256MB Compact Flash/USB drive

Curve25519 now default key exchange

• We mentioned in an earlier episode about a patch for curve25519
• Now it\’s become the default for key exchange
• Will probably make its way into OpenSSH 6.5, would\’ve been in 6.4 if we didn\’t have that security vulnerability
• It\’s interesting to see all these big changes in cryptography in OpenBSD lately

FreeBSD kernel selection in boot menu

• Adds a kernel selection menu to the beastie menu
• List of kernels is taken from \’kernels\’ in loader.conf as a space or comma separated list of names to display (up to 9)
• From our good buddy Devin Teske

PCBSD weekly digest

• PCDM has officially replaced GDM as the default login manager
• New ISO build scripts (we got a sneak preview last week)
• Lots of bug fixes
• Second set of 10-STABLE ISOs available with new artwork and much more

Theo de Raadt speaking at MUUG

• Theo will be speaking at Manitoba UNIX User Group in Winnipeg
• On Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)
• If you\’re watching the show live you have time to make plans, if you\’re watching the downloaded version it might be happening right now!
• No agenda, but expect some OpenBSD discussion
• We\’ll let you know if there is a recorded version.

Feedback/Questions

• Dave writes in: https://slexy.org/view/s21YXhiLRB
• James writes in: https://slexy.org/view/s215EjcgdM
• Allen writes in (lol): https://slexy.org/view/s21mCP2ecL
• Chess writes in: https://slexy.org/view/s207ePFrna
• Frank writes in: https://slexy.org/view/s20iVFXJve

• The very extensive written version of today\’s tutorial, with lots of extras we didn\’t mention, is posted on bsdnow.tv, as always – give it a read! There are sections about setting up the router to tunnel all (or specific parts of) your traffic through a VPN or Tor, how to make the router automatically check for updates and email them to you, and much more.
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post The Gateway Drug | BSD Now 11 first appeared on Jupiter Broadcasting.

openSUSE’s community manager Jos Poortvliet joins us to discuss openSUSE 13.1, integrating new technologies such as systemd and wayland, his thoughts on staying competitive, and your questions!

Plus the solid details we now know about SteamOS and Steam Machines, the big upset of the week….

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show: