With Bedrock Linux you are longer restricted to any single Linux distro’s userland. Mix CentOS, Arch, Debian, Ubuntu and more all on the same installation! You can have your cake and eat it too! Want X11 from Debian and Chromium from Arch? No problem! We’ll show you how Bedrock Linux makes it all possible.

Plus: A new round of SSL vulnerabilities strike Linux, the FSF helps you encrypt your emails and a quick steam roundup…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Bedrock Linux:

Brought to you by: System76

Bedrock Linux

• Bedrock Linux 1.0alpha4 Flopsie

Bedrock Linux is a Linux distribution created with the aim of making most of the (often seemingly mutually-exclusive) benefits of various other Linux distributions available simultaneously and transparently.

If one would like a rock-solid stable base (for example, from Debian or a RHEL clone) yet still have easy access to cutting-edge packages (from, say, Arch Linux), automate compiling packages with Gentoo\’s portage, and ensure that software aimed only for the ever popular Ubuntu will run smoothly – all at the same time, in the same distribution – Bedrock Linux will provide a means to achieve this.

Bedrock Linux: Introduction

brc (\”BedRock Chroot\”)

_brc__provides the ability to run commands in clients, properly chrooting to
avoid conflicts. Once Bedrock Linux is properly set up, it will allow the user
to transparently run commands other__wise not available in a given client. For
example, if _firefox__is installed in a Arch client but not in a Debian client,
and a program from the Debian client tries to execute __firefox_, the Arch
_firefox__will be executed as though it were installed locally in Debian.

If __firefox__is installed in multiple clients (such as Arch and Fedora), and
the user would like to specify which is to run (rather than allowing Bedrock
Linux to chose the default), one can explicitly call __brc_, like so: _brc
fedora firefox_._

If no command is given, brc will attempt to use the user\’s current $SHELL.
If the value of $SHELL is not available in the client it will fail.

Bedrock Linux presentation at Ohio Linuxfest 2012 – YouTube

The audio from the Bedrock Linux presentation at the Ohio Linuxfest 2012 was recorded; however, the video was not. For convenience this is played over the slides here. Sadly, no demos are visible here.

— Picks —

Runs Linux

OPI – Reclaim Your Digital Life

OPI is your private cloud with no third party eyes on your information. Still OPI will also allow you to share information with others, on your conditions.

• Private file and mail server gizmo runs Ubuntu

Desktop App Pick

Otter Browser

Otter Browser, project aiming to recreate classic Opera (12.x) UI using Qt5.

Weekly Spotlight

Tech Talk Today

HowTo Linux

Minimum Workspaces – GNOME Shell Extensions

— NEWS —

A New Round Of OpenSSL Vulnerabilities Discovered

• Heartbleed 2: OpenSSL Shows More Security Flaws

The latest flaw is less of a risk than Heartbleed, because it would require hackers to locate themselves between computers communicating, such as over a public Wi-Fi network.

• Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered | Threat Level | WIRED

The new attack does have other limitations: It can only be used when both ends of a connection are running OpenSSL. Most browsers use other SSL implementations and so aren’t affected, says Ivan Ristic, director of engineering at the security firm Qualys, though he adds that Android web clients likely do use the vulnerable code. Among servers, only those using more recent versions of SSL are affected–about 24 percent of the 150,000 servers that Qualys has scanned. He also warns that many VPNs may use OpenSSL and thus be vulnerable. “VPNs are a very juicy target,” Ristic says. “People who really care about security use them, and there’s likely to be sensitive data there.”

GnuTLS Flaw Leaves Many Linux Users Open To Attacks

A new flaw has been discovered in the GnuTLS cryptographic library that ships with several popular Linux distributions and hundreds of software implementations. According to the bug report, \”A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.\” A patch is currently available, but it will take time for all of the software maintainers to implement it.
A lengthy technical analysis is available. \”There don\’t appear to be any obvious signs that an attack is under way, making it possible to exploit the vulnerability in surreptitious \”drive-by\” attacks. There are no reports that the vulnerability is actively being exploited in the wild.\”

Reset the Net with our email self-defense guide

Google Online Security Blog: Making end-to-end encryption easier to use

Today, we’re adding to that list the alpha version of a new tool. It’s called End-to-End and it’s a Chrome extension intended for users who need additional security

• end-to-end – End-To-End – Google Project Hosting

ChromeBrew: 3rd party package manager for Chrome OS.

Chromebooks with Chrome OS run a linux kernel – the only missing piece to use them as full-featured linux distro was gcc and make with their dependencies. Well, the piece isn\’t missing anymore. Say hello to chromebrew!

Steam Hits The Big 500 For Linux Games

• Steam Reached 500 Linux Games

That is one heck of a milestone isn\’t it? 500 Linux compatible games are now on Steam which is a pretty great number to point anyone at. No longer will people keep stating \”but Linux has no games\”

— Feedback —

• Texas Linux Fest 2014 JB Check-In

• South East Linux Fest 2014 JB Check-in

• June 13-14th
• q5sys will be giving away two RPi.
• Check in on the LAS sub thread, and say hi to q5sys at SELF.
• One on Friday, and one on Saturday.

• Also catch his talk 5:15-6:15: Puppy Linux Deconstructed: About all the technical wizardry behind puppy which makes it work like it does.

• Tech Talk Today launched!

• Support Tech Talk Today and JB on Patreon

• The Jolla – Imgur

— Chris\’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged
  +Are Ubuntu Derivatives a Bad Idea?
  +BattleBlock Theater – Part 3 | Geek And The Gamer

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Introducing Bedrock Linux | LAS 316 first appeared on Jupiter Broadcasting.

Just when you thought openSSL was safe, we’ve got a whole new round of security flaws. Plus we’ll go inside a massive online carding shop.

Then it’s your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

OpenSSL and GnuTLS flaws

• A series of new vulnerabilities have been found in both SSL/TLS libraries
• Latest Versions:
• OpenSSL 0.9.8za.
• OpenSSL 1.0.0m.
• OpenSSL 1.0.1h.
• CVE-2014-0224 — An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
• CVE-2014-0221 — By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
• CVE-2014-0195 — A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
• CVE-2014-0198 — A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2010-5298 — A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
• CVE-2014-3470 — OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
• OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper \”Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”. This issue was previously fixed in OpenSSL 1.0.1g.
• GnuTLS releases update to fix flaws as well
• CVE-2014-3466 — A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length
• Deeper analysis of the GnuTLS flaw

Inside a carding shop

• Bryan Krebs releases his expose on the inner workings of a professional carding shop
• This shop focused on ‘dumps’, full track data that can be written to blank cards, allowing the fraudster to take the card into a big box store, and buy large ticket items that can easily be sold for cash
• “The subject of this post is “McDumpals,” a leading dumps shop that first went online in late April 2013. “
• “Like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale. Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud.”
• Bryan has a great slideshow that shows some of the regions and retails that were compromised, and what the sets of cards sell for

Feedback:

• Forever Changing IP Address?

• Lan neutrality

• Can you give me an advice regarding zfs on my nas?!

• YouTube / Google Video and Net Neutrality

• Any Swedish Techsnap fans?

Round Up:

• Linux users at risk as ANOTHER critical GnuTLS bug found
• It\’s not Net Neutrality that\’s at stake, it\’s Cable Company Fuckery
• New Heartbleed attack hits Android devices and routers over Wi-Fi
• Malware creation breaks record 160,000 new samples per day
• Google Releases End-to-End Encryption Extension
• Insecure by design and trusted by default, the hell that is unpatchable embedded systems
• Linksys E4200 vulnerability allows attacker to bypass admin password
• New Soraya Malware includes Form Grabbing, Memory Scraping Functionality
• Heartbleed exploitable over enterprise wireless networks
• Vulnerabilities found in law enforcement surveillance systems
• Crucial launches new data center grade SSDs, but also new MX100 consumer line at under 50 cents per GiB

The post House of Credit Cards | TechSNAP 165 first appeared on Jupiter Broadcasting.

Can a cheap Chromebook loaded with Linux replace an Ultrabook? Is this the best bang for the battery life? We load Linux on the Acer C720 and put it to the test.

Plus: The big security mistake that impacts tons of open source software, a quick demo of the new Krita release, our picks of the week…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

— Show Notes: —

Chromebook Acer C720 Running Linux Review:

Brought to you by: System76

• My UltraPro has finally arrived! The JB Logo looks pretty awesome if I may say so myself… almost like it was designed for it.

• Amazon.com: Acer C720 Chromebook (11.6-Inch, 2GB)

• Buying Chromebooks for their Hardware, not their OS

• Acer C720 inxi text Output

• Acer C720 inxi Image Output

• How to upgrade the SSD in your Acer C720 Chromebook

Whatever the reason, you may find the paltry offering of a 16GB SSD on the Acer C720 Chromebook to be lacking for some use cases out there. You can pick up a C720P model with 32GB of internal storage — and a touchscreen — for $50 more than the regular C720, but what if you already have one or need more than 32GB? Well, it turns out it’s extremely simple to replace the SSD in the Acer C720, and we’re going to show you how to do it.

Installing Arch Linux on the C720

• Acer C720 Chromebook – ArchWiki

• Need to enable legacy bios mode.

• Has a guide on getting the trackpad to work.

• SeaBIOS – coreboot

SeaBIOS is an open source implementation of a 16bit X86 BIOS. SeaBIOS can run in an emulator or it can run natively on X86 hardware with the use of coreboot.

SeaBIOS is the default BIOS for qemu and kvm.

Battery Life

• IBAM, the Intelligent Battery Monitor

• thermal_daemon · GitHub

• CPU Frequency Scaling

Tip: To monitor cpu speed in real time, run:

$ watch grep \“cpu MHz\” /proc/cpuinfo

• Power saving – Audio

Cons:

• Screen Viewing Angle is really limited. Even leaning on my hand with elbow on the desk decreases viewability by a very noticeable amount.
• Only one USB3 Port.

– Picks –

Runs Linux:

• Gabe Newell, the CEO of Valve, Runs Linux. Debian GNU/Linux

Desktop App Pick

• uGet 1.10.4 Released and a bit of Celebration

This year marks the 11th Year of uGet, that’s right, uGet has been available to the Linux community for over 11 years now and we are not slowing down, we are excited for the future of uGet! If you’re excited too then please consider donating to the project. (blog post about the donation drive)

Weekly Spotlight

• Dukto R6

• Simple user interface

• No server or internet connection needed

• Zero configuration

• Clients auto-discovery

• High speed file transfer

• Multi-OS native support

• Portable version available

• Multi files and folders transfer

• Transfers log

• Send and receive text snippets (eg. useful for sending URLs)

• Open received files directly from the application

• Windows 7 taskbar integration with progress and transfer indicator

• Show your IP addresses on the IP connection page

• Full Unicode support

• Metro style UI

• Free and open source

• There is one issue with Dukto though: its security: the application doesn’t use any passwords, no encryption, etc., so its developer recommends using it only on trusted local area networks.

Dukto is a free open source project, licensed under GPL. Official releases are made by me for the following platforms:

• Windows (XP or later)

• OS X (10.6.x or later)

• Linux (packaged for Ubuntu and Fedora)

• Symbian (for Nokia touch phones)

• Write up at Web Upd8: Dukto LAN File Transfer Tool Is Easy To Use, Multi-Platform

— NEWS —

A longstanding GnuTLS certificate validation botch

Perhaps the biggest irony is that the fix changes a handful of “goto cleanup;” lines to “goto fail;”. It also made other changes to the code (including adding a “fail” label), but the resemblance to the Apple bug is too obvious to ignore. While the two bugs are actually not that similar, other than both being in the certificate validation logic, the timing and look of the new bug does give one pause.

The problem boils down to incorrect return values from a function when there are errors in the certificate.

It is hard to say how far back this bug goes, as the code has been restructured several times over the years, but the GnuTLS advisory warns that all versions are affected.

Emacs, wget, NetworkManager, VLC, Git, and others.

Fedora 20 system, attempting to remove GnuTLS results in Yum wanting to remove 309 dependent packages, including all of KDE, Gnucash, Calligra, LibreOffice, libvirt, QEMU, Wine, and more.

It was a code audit done by GnuTLS founder Nikos Mavrogiannopoulos (at the request of Red Hat, his employer) that discovered the bug.

• Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Video Acceleration Takes The Backseat On Chrome For Linux

Due to notorious Linux graphics drivers, Google developers working on Chrome/Chromium aren’t looking to enable hardware video acceleration by default anytime soon. The problem ultimately comes down to poor Linux graphics drivers.

Ami Fischman explained in a bug comment yesterday, “There is a history of users disabling the blacklist (entirely) because they want a feature that is disabled. That destabilizes the entire browser, and users frequently forget about this action (and waste time trying to re-stabilize their browser later). If this landed I expect that sooner or later we’d get a rash of blog posts explaining how to get HW decode on linux ‘for free’ (by disabling the GPU blacklist) and the overall result for our Linux userbase would be a worse experience (because the blacklist will never be consulted on their system), not better (b/c they’ll have HW acceleration of h.264 decode). This is a judgement call and I can certainly see how reasonable people can disagree, but this is my personal judgement.”

Ami went on to imply that the VA-API Linux support will never be in good enough shape for Chrome, “We don’t ship code we consider to be permanently ‘experimental’ or ‘beta’, only code we expect to be stable/production-quality eventually, if not at landing. This feature will never graduate to that status, so this CL is effectively shipping a feature that is known to be mostly-broken on most Linux installations.”

Chrome developer Jorge Lucangeli Obes also commented on this report, “Supporting GPU features on Linux is a nightmare (I know from dealing with the GPU sandbox). Enabling this feature should come after thinking how we can make it available without making Chrome on Linux less stable.”

Fedora To Have a “Don’t Ask, Don’t Tell” For Contributors

"The Fedora Project is now going to enforce a “Don’t Ask, Don’t Tell” policy for contributors. What the project’s engineering committee is asking their members to conceal is a contributor’s nationality, country of origin, or area of residence. There’s growing concern about software development contributions coming from export restricted countries by the US (Cuba, Iran, North Korea, Sudan, and Syria) with Red Hat being based out of North Carolina

• Developers from Cuba, Iran, North Korea, Sudan & Syria can’t contribute to US based open source projects?

Krita 2.8.0 Released

Some major updates in Calligra office suite are:

• The word processor, Words received support for comments

• Sheets has better support for pivot tables

• Kexi now runs on Windows and about 30 major issues has been fixed in this visual database application.

• Flow now supports SVG based stencils.

• A thumbnail sketch of Krita 2.8

The 2.8 release marks the debut of several new under-the-hood changes in Krita. The first is a major refactoring of the application’s OpenGL canvas code.

For 2.8 the OpenGL support was brought up to OpenGL 3.1 and OpenGL ES 2.0 compliance (the latter of which enables the tablet-centric “Krita Sketch” variant to run on embedded hardware).

Along the way, Krita’s Windows builds gained OpenGL support as well; 2.8 marks the first version of Krita to be declared stable on Windows

The more interesting improvement for Linux users is an entirely new OpenGL scaling algorithm that offers better quality than the default OpenGL scaling options. The upshot is smoother rendering, especially when zooming in on the canvas.

The new rendering code was written by Kazakov, whose time on the project is funded by the Krita Foundation. Kazakov also undertook the other major piece of plumbing to debut in version 2.8: native support for pressure-sensitive graphics tablets.

– Feedback: –

• Red Hat certificate

• Acer C720 Chromebook

• OpenArtist Distro

— Chris’ Stash —

• Call in Edition of Coder Radio on Monday! 9am PDT / 12pm EDT

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged

• Why XFCE beats KDE and GNOME

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Linux Your Chromebook | LAS s31e03 first appeared on Jupiter Broadcasting.