Show Notes: error.show/73

The post Stealing the Top Bunk | User Error 73 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Netflix ISP New Data
• VoxTeleSys

A big thank you to those who joined us for War Stories Night!

• Call In 1-855-450-NOAH
• Listen Live
• Watch Live

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Net Neutrality | Ask Noah 37 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• VoxTeleSys

A big thank you to those who joined us for War Stories Night!

• Call In 1-855-450-NOAH
• Listen Live
• Watch Live

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post War Stories: Part 1 | Ask Noah 36 first appeared on Jupiter Broadcasting.

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Hoopla / Feedback

NodeJS Gets Forked Over

• Ayo.js: humans Before technology
• io.js
• Malice Ghoulpus on Twitter: “Repeated ToC violations by an authority figure went unaddressed. TSC members left. Node has been forked”
• Node.js forks again – this time it’s a war of words over anti-sex-pest codes of conduct • The Register
• When do personal beliefs collide with open source?

It’s Time to Kill the Web

• Native vs the Web
• The beauty of Cocoa
• Benefits of the Web to desktop Linux
• Pragmatism and Reagonomics

Mike’s IT Automation Tips

• Mike’s IT Automation Tips
• Buccaneer’s Podcast for IT Managers
• Importance of Automation

What’s the deal with Node?

• Technical merits of the platform
• Concurrency story
• Comparisons to Go and Ruby

Wes Talk’s Elixir

• Erlang and the BEAM VM
• The Actor Model and OTP
• WhatsApp’s secret weapon
• https://elixir-lang.org/

Elixir is a dynamic, functional language designed for building scalable and maintainable applications.

Elixir leverages the Erlang VM, known for running low-latency, distributed and fault-tolerant systems, while also being successfully used in web development and the embedded software domain.

To cope with failures, Elixir provides supervisors which describe how to restart parts of your system when things go awry, going back to a known initial state that is guaranteed to work.

• Getting Started
• History of Erlang
• The Mess We’re In

The post Elixir of My Soul | CR 277 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Tales of an IT professional sailing around the Antarctic loop – sent in by Eric Miller

• CTD device – A CTD or Sonde is an oceanography instrument used to measure the conductivity, temperature, and pressure of seawater (the D stands for “depth,” which is closely related to pressure). The reason to measure conductivity is that it can be used to determine the salinity.

• Had to reinstall software for a winch to get it working

• Registered a new website and webmail and created a custom email solution so scientists would remotely access their email

security.txt – an RFC in the making

• Based on /.well-known/ of RFC5785 and similar in nature to robots.txt

• JSON was discussed, but dismissed

• CWE (Common Weakness Enumeration) will be used

• Versioning of security.txt by third parties

• Generation utilities have been created](https://github.com/EdOverflow/security-txt/issues/10)

Dumping Data from Deep-Insert Skimmers

• Deep-insert skimmers

• Romanian links to US crime

• European data skimmed from cards, then used in US because chip technology is not widely deployed there

• ‘wands’ inserted deep into the ATM to retrieve data

Feedback

• re Database migrations in Episode 332 jungle boogie writes in to mention Sqitch github by David Wheeler. JB says “This is a program written in perl and looks to have support for many databases”. JB also mentioned [pgBackRest](https://www.pgbackrest.org/] github

• Gary Foard writes in about a command line utility called shred. He uses to erase laptops from a live Linux disc. I checked the FreeBSD manual pages to check it’s there also, and it is – although I had to search for gshred instead of shred to find shred which I find weird. – See sysutils/coreutils in the FreeBSD Ports tree. – Dan notes: not recommended for erasing files any more. Not feasible for COW filesystems.

• prime62 mentioned on the TechSNAP sub-reddit mentioned some password hashing/salting resources: Salted Password Hashing – Doing it Right and The definitive guide to form-based website authentication

• Also seen on Reddit: There is no point [on max password lengths] since the field is hashed.

Round Up:

• Mobile operators deploying portable Cell-On-Wheels/Cell-On-Truck units along eclipse path to handle huge data usage of photos and streaming

• Security Keys

• 83601 is a supervisor number

• Brian Krebs Fan Creates New Cryptocurrency Miner for Linux Devices

• Random Thoughts – next release of OpenSSL see Password Strength

• Create randomly insecure VMs

• This algorithm cleverly recreates 3D objects from tiny 2D images

The post Rsync On Ice | TechSNAP 333 first appeared on Jupiter Broadcasting.

Is the “Dark Cloud” hype, or a real technology? Using DNS tunneling for remote command and control & the big problem with 1-Day exploits.

Plus your great question, our answers, a breaking news roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

APT Groups still successfully exploiting Microsoft Office flaw patched 6 months ago

• “A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East.”
• “CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.”
• “The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.”
• One of the groups using the exploit targeted the Japanese military industrial complex
• “In December 2015, Kaspersky Lab became aware of a targeted attack against the Japanese defense sector. In order to infect victims, the attacker sent an email with an attached DOCX file exploiting the CVE-2015-2545 vulnerability in Microsoft Office using an embedded EPS (Encapsulated Postscript) object. The EPS object contained a shellcode that dropped and loaded a 32-bit or 64-bit DLL file depending on the system architecture. This, in turn exploited another vulnerability to elevate privileges to Local System (CVE-2015-1701) and download additional malware components from the C&C server.”
• “The C&C server used in the attack was located in Japan and appears to have been compromised. However, there is no indication that it has ever been used for any other malicious purpose. Monitoring of the server activity for a period of several months did not result in any new findings. We believe the attackers either lost access to the server or realized that it resulted in too much attention from security researchers, as the attack was widely discussed by the Japanese security community.”
• The report details a number of different teams, with different targets
• Some or all of the teams may be related
• “The attackers used at least one known 1-day exploit: the exploit for CVE-2015-2545 – EPS parsing vulnerability in EPSIMP32.FLT module, reported by FireEye, and patched by Microsoft on 8 September 2015 with MS15-099. We are currently aware of about four different variants of the exploit. The original one was used in August 2015 against targets in India by the Platinum (TwoForOne) APT group.”
• Kaspersky Lab Report

Krebs investigates the “Dark Cloud”

• “Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes.”
• “In this post, we’ll examine a large collection of hacked computers around the world that currently serves as a criminal cloud hosting environment for a variety of cybercrime operations, from sending spam to hosting malicious software and stolen credit card shops.”
• How do you keep your site online while hosting it on hacked machines you do not control
• How do you keep the data secure? Who is going to pay for stolen credit cards when they can just hack one of the compromised machines hosting your site?
• “I first became aware of this botnet, which I’ve been referring to as the “Dark Cloud” for want of a better term, after hearing from Noah Dunker, director of security labs at Kansas City-based vendor RiskAnalytics. Dunker reached out after watching a Youtube video I posted that featured some existing and historic credit card fraud sites. He asked what I knew about one of the carding sites in the video: A fraud shop called “Uncle Sam,” whose home page pictures a pointing Uncle Sam saying “I want YOU to swipe.””
• “I confessed that I knew little of this shop other than its existence, and asked why he was so interested in this particular crime store. Dunker showed me how the Uncle Sam card shop and at least four others were hosted by the same Dark Cloud, and how the system changed the Internet address of each Web site roughly every three minutes. The entire robot network, or “botnet,” consisted of thousands of hacked home computers spread across virtually every time zone in the world, he said.”
• So, most of these hacked machines are likely just “repeaters”, accepting connections from end users and then relaying those connections back to the secret central server
• This also works fairly well as a DDoS mitigation mechanism
• “the Windows-based malware that powers the botnet assigns infected hosts different roles, depending on the victim machine’s strengths or weaknesses: More powerful systems might be used as DNS servers, while infected systems behind home routers may be infected with a “reverse proxy,” which lets the attackers control the system remotely”
• “It’s unclear whether this botnet is being used by more than one individual or group. The variety of crimeware campaigns that RiskAnalytics has tracked operated through the network suggests that it may be rented out to multiple different cybercrooks. Still, other clues suggests the whole thing may have been orchestrated by the same gang.”
• A more indepth report on the botnet is expected next week
• “If you liked this story, check out this piece about another carding forum called Joker’s Stash, which also uses a unique communications system to keep itself online and reachable to all comers.”

Wekby APT gang using DNS tunneling for C&C

• “Palo Alto Networks is reporting a shift in malware tactics used by the APT group Wekby that has added a rare but effective new tool to its bag of tricks. Wekby attackers are turning to the technique known as DNS tunneling in lieu of more conventional HTTP delivery of command and controls for remote access control of infected computer networks.”
• “Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeam’s Flash zero-day exploit.”
• “The malware used by the Wekby group has ties to the HTTPBrowser malware family, and uses DNS requests as a command and control mechanism. Additionally, it uses various obfuscation techniques to thwart researchers during analysis. Based on metadata seen in the discussed samples, Palo Alto Networks has named this malware family ‘pisloader’.”
• “The initial dropper contains very simple code that is responsible for setting persistence via the Run registry key, and dropping and executing an embedded Windows executable. Limited obfuscation was encountered, where the authors split up strings into smaller sub-strings and used ‘strcpy’ and ‘strcat’ calls to re-build them prior to use. They also used this same technique to generate garbage strings that are never used. This is likely to deter detection and analysis of the sample.”
• “The payload is heavily obfuscated using a return-oriented programming (ROP) technique, as well as a number of garbage assembly instructions. In the example below, code highlighted in red essentially serves no purpose other than to deter reverse-engineering of the sample. This code can be treated as garbage and ignored. The entirety of the function is highlighted in green, where two function offsets are pushed to the stack, followed by a return instruction. This return instruction will point code execution first at the null function, which in turn will point code execution to the ‘next_function’. This technique is used throughout the runtime of the payload, making static analysis difficult.”
• “The malware is actually quite simplistic once the obfuscation and garbage code is ignored. It will begin by generating a random 10-byte alpha-numeric header. The remaining data is base32-encoded, with padding removed. This data will be used to populate a subdomain that will be used in a subsequent DNS request for a TXT record.”
• “The use of DNS as a C2 protocol has historically not been widely adopted by malware authors.”
• “The use of DNS as a C2 allows pisloader to bypass certain security products that may not be inspecting this traffic correctly.”
• “The C2 server will respond with a TXT record that is encoded similar to the initial request. In the response, the first byte is ignored, and the remaining data is base32-encoded. An example of this can be found below.”
• The Malware also looks for specific flags in the DNS response, to prevent it being spoofed by a DNS server not run by the authors. Palo Alto Networks has reverse engineered the malware and found the special flags
• The following commands, and their descriptions are supported by the malware:
  • sifo – Collect victim system information
  • drive – List drives on victim machine
  • list – List file information for provided directory
  • upload – Upload a file to the victim machine
  • open – Spawn a command shell
• “The Wekby group continues to target various high profile organizations using sophisticated malware. The pisloader malware family uses various novel techniques, such as using DNS as a C2 protocol, as well as making use of return-oriented programming and other anti-analysis tactics.”
• Palo Alto Networks Report

Feedback:

• Colo

• Snapshot best practices

• SELinux is cruel to animals

• Work in IT, got this in the mail today.

• Parts of a computer labeled by someone who thinks they know how a computer works

Round up:

• Tor To Use Distributed RNG To Generate Truly Random Numbers
• Skimmers Found at Walmart: A Closer Look
• Foxconn replaces ‘60,000 factory workers with robots’
• FBI warns of wireless keystroke loggers that look like harmless USB chargers
• A third of new cellular customers last quarter were cars
• NIST publishes guide on: Security for Full Virtualization Technologies
• Google aims to kill passwords by the end of this year
• DARPA gives out 7 multi-million dollar grants for research into DDoS mitigation
• Fox ‘Stole’ a Game Clip, Used it in Family Guy & DMCA’d the Original
• Analog malicious hardware, how to slip a backdoor into a chip
• Microsoft promises to stop tricking people into upgrading to Windows 10 when they clearly do not want to
• Google might name and shame slow-to-update Android vendors
• Foul-mouthed worm takes control of wireless ISPs around the globe

The post PIS Poor DNS | TechSNAP 268 first appeared on Jupiter Broadcasting.

Since Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience & feature some of the best feedback we’ve had over the years!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Episode List

• Ideal ZFS Configurations | TechSNAP 135
• TrekSNAP | TechSNAP 134
• Best Tool for the Job | TechSNAP 80
• ZFS Can Do that | TechSNAP 130
• One Ping Only | TechSNAP 133
• Ideal ZFS Configurations | TechSNAP 135
• A Rip in NTP | TechSNAP 237
• EXTenuating Circumstances | TechSNAP 215
• Not Neutrality | TechSNAP 161
• Double ROT-13 | TechSNAP 241

The post A Look Back On Feedback | TechSNAP 251 first appeared on Jupiter Broadcasting.

Oculus VR gets a ship date and we discuss the devices about to hit market. Reddit gets into creating its own content & the NSA brags about transcribing your phone calls.

Plus replacing Plex with Kodi, the burdens of a hand model & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Oculus Rift virtual reality headset will ship in early 2016 | Technology | The Guardian

The first commercial model of Facebook’s much anticipated Oculus Rift virtual reality headset will go on sale in the first quarter of 2016, the company confirmed today.

The announcement ends months of speculation that the release, which had been anticipated to happen by the end of 2015, would slip beyond Christmas. The most high profile device in the virtual reality market, Oculus Rift has been developed primarily for gaming but the technology is also being explored for occupational therapy, education and by film makers.

Reddit launches a video division to create original content | The Verge

Recently it has begun to venture into original content with a podcast and newsletter. Today it is going even further with the launch of its own video division. “Reddit’s mission is to connect people across the world through authentic conversations, collaboration, and community — video is an amazing storytelling medium and there’s no better wellspring of original stories than Reddit,” said co-founder Alexis Ohanian.

• Eye To Eye With Katie Couric: Being A Hand Model (CBS News) – YouTube

How the NSA Converts Spoken Words Into Searchable Text – The Intercept

Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.

Kodi | Open Source Home Theatre Software

Kodi(tm) (formerly known as XBMC(tm)) is an award-winning free and open source (GPL) software media center for playing videos, music, pictures, games, and more. Kodi runs on Linux, OS X, Windows, iOS, and Android, featuring a 10-foot user interface for use with televisions and remote controls. It allows users to play and view most videos, music, podcasts, and other digital media files from local and network storage media and the internet. Our forums and Wiki are bursting with knowledge and help for the new user right up to the application developer. We also have helpful Facebook, Google+, Twitter and Youtube pages.

Open Source Kollaboration | LUP 91 | Jupiter Broadcasting

Aaron Seigo joins us to discuss the Kolab project, open source’s genuine answer to Microsoft Exchange and other groupware solutions. We also discuss the Roundcube project’s fundraiser & possible integration with Kolab.

The post Okay "NSA", I'm Listening… | Tech Talk Today 167 first appeared on Jupiter Broadcasting.

Live from LFNW Scarlett Clark tells us about her work with KDE and Kubuntu!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Scarlett on G+
• LinuxFest Northwest
• Kubuntu
• KDE
• Jupiter Broadcasting
• Groovy
• Python

Full transcription of previous episodes can be found below or also at heywtr.tumblr.com

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE: Angela, today we’re going to interview at Linux Fest Northwest live. We’re doing an interview with Scarlett Clark. She’s a developer on the KDE project and also works for Kubuntu.
ANGELA: But, before we get into the interview, I want to tell you about Patreon.com. You can go to patreon.com/jupitersignal to support Women’s Tech Radio and all the other shows on teh Jupiter Broadcasting Network. Go to jupiterbroadcasting.com and see if there’s another show that you might want to listen to in addition to Women’s Tech Radio. Again, go to patreon.com/jupitersignal.
PAIGE: And we got started with this week’s episode by asking Scarlett what she does with KDE and Kubuntu.
SCARLETT: I am a developer for Kubuntu, so I do a lot of the packaging for the software applications for the user to be able to easily install and whatnot. And then, on the other side of the spectrum I created, wrote all the code to automate job creation and job building for KDE’s continuous integration system. Which, it builds the software packages and then test them to make sure that its functional. And then after they all turn green like they’re supposed to, they’re ready to release to distributions like Kubuntu. And I also went the extra step, and we now are testing for OS X and Windows will be coming next.
PAIGE: Oh, wow.
SCARLETT: Yeah, all the code is already in there. It’s just figuring — Windows is a little more complicated because getting dependencies, you can’t tell the continuous integration system to, hey go to this website, download this file, and use it as a dependency. So, it gets little more complicated, but once we sort that out Windows will also be supported with KDE software.
PAIGE: Wow, I had no idea you guys were going for that. That’s really awesome. Before you did this project was their not test coverage for KDE?
SCARLETT: They had a very old system and it was not reliable. And it was also — the job creation was all manual, and OS X and Windows were not supported.
PAIGE: That’s pretty deep in the weeds. Like building, testing, and all that jazz –
SCARLETT: Oh yes.
PAIGE: – for such a big, robust piece of software. Was that you just woke up one morning and decided to do? How did you end up where you are?
SCARLETT: No, actually, Valerie, the gal you just spoke to, they do this season of KDE and it generally targets students. Obviously, I’m not a student. But, this project didn’t have anybody grabbing on it and she just asked me, are you interested in Dev Ops. I’m like, I’m interested in everything. So, she introduced me to Ben Cooksy, the main sys admin guy, and got rolling. I had no idea what I was getting into when I got into it. So, I ended up learning Groovy, Python, and Java on the fly. I had taken a few classes, but that was years ago in university.
ANGELA: What had you done prior to that? Was anything prior to that technology related other than the several classes you mentioned?
SCARLETT: A long time ago I was IT.
ANGELA: Oh, okay.
SCARLETT: But I had not had any real world experience coding. So, this is my first real world experience coding and i love it.
PAIGE: So, you went from no coding to developing a new test suite for KDE?
SCARLETT: Yes, the back end.
PAIGE: So, how was that journey? How did you go through that? Because learning that many languages and that much theory on the fly –
SCARLETT: Yes. At first it was very overwhelming and I just stared at the blank sheet going, oh no. Oh no. But then, I just bits and pieces at a time and things started coming together, and then oh that makes sense. ANd then it just all came together. And then when the final result, we just went live two days ago and it was smooth.
PAIGE: How long did that project take for you?
SCARLETT: It was several months.
PAIGE: Wow, only months?
SCARLETT: Oh yeah.
PAIGE: Wow.
SCARLETT: Actually, yeah, I surprised a lot of people with how fast.
PAIGE: So, doing all that and learning all that, were there awesome resources that you were using? Was it the community? Did you have books that were –
ANGELA: Online courses?
SCARLETT: Google was good.
ANGELA: Yeah, I bet.
PAIGE: So, I have a lot of ladies who are trying to get in tech, and their biggest holdback is learning how to Google the right things. Did you find that was difficult at first., like knowing how to ask the right questions?
SCARLETT: I’ve been using Google since they were in the garage.
PAIGE: Nice, but asking the right tech question.
ANGELA: Yeah, like sometimes you don’t know what you don’t know.
SCARLETT: I know. That’s actually that you have to develop over time, because I’ve learned to figure out what to ask and how to ask it, and sometimes you don’t get it right the first time and you just have to reword it. That can be challenging. That is just it. When I first started the project I didn’t know what I was looking. So, I actually branched off in wrong directions at first. I had a few setbacks because I wanted to go be a docker, which is the new cool technology. But, it wasn’t — with the OS X and Windows, that ended up being wasted time, because you won’t get native builds, because Docker is Linux. That didn’t quite pan out, but it was fun learning.
PAIGE: Yeah, it’s always good to add new stack to your brain.
SCARLETT: Oh yeah. Yeah.
ANGELA: Yeah. Something will resonate and help you learn something else.
SCARLETT: Absolutely. Yelah.
PAIGE: So, tell me the story of why you were in IT before, and then you weren’t, and now you are again.
SCARLETT: That’s a story of — I had to give up my career to follow my husband to another state and I could not recover.
ANGELA: That’s too bad. Well, you have now.
SCARLETT: I have. Well, yes.
PAIGE: Was it really difficult for you diving back in afterwards, or did it just kind of re-spark that? We had a guest who talks about kind of the mental stimulation of being in this technical field.
SCARLETT: Yeah, I’ve been a Linux advocate/user since 1998. I have my big stack of Red Hat floppy disc. But I have always wanted to contribute, and I could never really find my way in. It’s a tight knit community. But I finally found my way in with Kubuntu and Jonathan Riddell. He just stepped up and, you want to learn how to package? I’m like, sure. He just showed me the ropes and I’ve just been riding the cloud since.
PAIGE: How did you get in touch with Jonathan? What was that?
SCARLETT: I knew Valerie from several mailing groups and stuff. She saw that I was doing documentation for KDE. Actually, an easy way in is doing documentation. And then she introduced me to Jonathan.
PAIGE: I think we have some people who are just getting started. What does doing documentation mean? What does that look like?
SCARLETT: The easiest way is to start with, like Wiki. It’s much simpler than Doc Books. You pretty much well have to know XML and the layout and everything. But Wiki is pretty much just plain text. You just find an app that you really love and just use it, and figure out — use cases of, well somebody might want to do this, and then you just instruct them how to do that and just build on it. That’s the easiest way to really get your food in the door, and it’s pretty simple because you figure out ways that you use the application and then just write about it.
PAIGE: I think, especially as a newer user of an application, sometimes you have an even more valuable input for that.
SCARLETT: Oh yeah.
PAIGE: Because you have just learned it. You know where the pain points are.
ANGELA: Yes. That is, in my current conversion to Linux, it’s very refreshing for the Linux Action Show audience to hear this new user perspective.
SCARLETT: Yes, absolutely. And a lot of times, developers don’t even think of things that a user would try or want to do with their application, so it’s a good way to also give feedback to the developers. I worked on KMail documentation and there was a lot of things that I ran into. I would talk to the developer, how do you do this. And they’re like, oh, well I need to fix that. Thank you.
PAIGE: Did you find being primarily in open source that reaching out to the developer, that was actually a welcomed thing?
SCARLETT: Not generally, but with KDE the are surprisingly very open and very, very nice. I’ve just felt really at home with KDE. It’s been a nice breath of fresh air.
PAIGE: So, you know, don’t give up looking for the right community.
SCARLETT: You’ll find it. Yeah. I’ve been looking for a long time and I just stumbled into it and didn’t expect it.
ANGELA: So, are you from around here?
SCARLETT: I live in Portland, Oregon.
ANGELA: Okay. Do you always come to Linux Fest? And are there any other festivals that you go to?
SCARLETT: This is my first one, but I will be from now on coming to Linux Fest.
ANGELA: I know, isn’t it great?
SCARLETT: Yes, but I go to Academy each year, which is in various places in Europe. This year we’re going to Spain. And then in September I’ll be going into a Random meeting which is in Switzerland for KDE.
ANGELA: Great.
PAIGE: Awesome.
SCARLETT: Yeah, fun and exciting.
PAIGE: So, you’re in Portland. Is the rest of the KDE team in Portland?
SCARLETT: No, KDE is all around the world.
PAIGE: How do you guys work together? What kind of tools do you use to keep in touch?
SCARLETT: IRC.
PAIGE: IRC?
SCARLETT: Yeah, I live in IRC.
PAIGE: Do you use version control to work together?
SCARLETT: Git.
PAIGE: Git, which is, of course of Linux. Linus, thank you. What’s your stack of tools look like right now. I always like to find out what other developers are using.
SCARLETT: I use Eclipse because it’s the only good Groovy plugin that I could find. And I use KDevelop for the Python work.
PAIGE: And do you have a favorite hardware, like laptop, tablet that you’re into? Or because KDE is so nice and friendly it works on just about everything?
SCARLETT: Yeah, I have Kubuntu on my desktop, my laptop, and then my phone has, you know, Android.
ANGELA: Nice.
PAIGE: Very cool. So, I guess last question, what are you the most excited about, about what’s coming down the pipe for technology? Either with Linux or just with general stuff.
SCARLETT: We are going to be porting our apps on to Android, so that’s kind of big.
PAIGE: Oh wow, that’s exciting.
SCARLETT: That’s what the whole Switzerland trip is about.
PAIGE: Oh nice. Very cool. We’ll have to keep an eye on that. That will be great. KDE on your Android.
ANGELA: Thank you for listening to his episode of Women’s Tech Radio. Don’t forget, you can email us, WTR@jupiterbroadcasting.com, or you can use the contact form that is over at jupiterbroadcasting.com.
PAIGE: Don’t forget to follow us on Twitter, @HeyWTR. You can also find us on iTunes or any of your other RSS feeds. The RSS feed is available on the website at jupiterbroadcasting.com. And if you have a minute, leave us a review or some feedback. We’d love to hear from you.

Transcribed by Carrie Cotter | transcription@cotterville.net

The post Living The Linux Life | WTR 25 first appeared on Jupiter Broadcasting.

Coming up this time on the show, we’ll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we’ll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Optimizing TLS for high bandwidth applications

• Netflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD
• TLS has traditionally had too much overhead for the levels of bandwidth they’re using, so this pdf outlines some of their strategy in optimizing it
• The sendfile() syscall (which nginx uses) isn’t available when data is encrypted in userland
• To get around this, Netflix is proposing to add TLS support to the FreeBSD kernel
• Having encrypted movie streams would be pretty neat

Crypto in unexpected places

• OpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)
• One place you might not expect crypto to be used (or even needed) is in the “ping” utility, right? Well, think again
• David Gwynne recently committed a change that adds MAC to the ping timestamp payload
• By default, it’ll be filled with a ChaCha stream instead of an unvarying payload, and David says “this lets us have some confidence that the timestamp hasn’t been damaged or tampered with in transit”
• Not only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward
• Maybe we can look forward to a cryptographically secure “echo” command next…

Broadwell in DragonFly

• The DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status
• Matt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn’t work
• The two main show-stoppers right now are the graphics and wireless, but they have someone who’s already making progress with the GPU support
• Wireless support will likely have to wait until FreeBSD gets it, then they’ll port it back over
• None of the BSDs currently have full Broadwell support, so stay tuned for further updates

DIY NAS software roundup

• In this blog post, the author compares a few different software solutions for a network attached storage device
• He puts FreeNAS, one of our favorites, up against a number of opponents – both BSD and Linux-based
• NAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface
• If you’ve been thinking about putting together a NAS, but aren’t quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names
• Some competition is always good, gotta keep those guys on their toes

Interview – Antoine Jacoutot – ajacoutot@openbsd.org / @ajacoutot

OpenBSD at M:Tier, business adoption of BSD, various topics

News Roundup

OpenBSD on DigitalOcean

• When DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction – we hoped that all the other BSDs would soon follow
• This is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS
• Using a -current snapshot and some swapfile trickery, it’s possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk
• After doing so, you just boot from their web UI-based console and can perform a standard installation
• You will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step

Initial ARM64 support lands in FreeBSD

• The ARM64 architecture, sometimes called ARMv8 or AArch64, is a new generation of CPUs that will mostly be in embedded devices
• FreeBSD has just gotten support for this platform in the -CURRENT branch
• Previously, it was only the beginnings of the kernel and enough bits to boot in QEMU – now a full build is possible
• Work should now start happening in the main source code tree, and hopefully they’ll have full support in a branch soon

Scripting with least privilege

• A new scripting language with a focus on privilege separation and running with only what’s absolutely needed has been popular in the headlines lately
• Shell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.
• Shill aims to answer the questions “how do we limit the authority of scripts” and “how do we determine what authority is necessary” by including a declarative security policy that’s checked and enforced by the language runtime
• If used on FreeBSD, Shill will use Capsicum for sandboxing
• You can find some more of the technical information in their documentation pdf or watch their USENIX presentation video
• Hacker News also had some discussion on the topic

OpenBSD first impressions

• A brand new BSD user has started documenting his experience through a series of blog posts
• Formerly a Linux guy, he’s tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop
• The first post goes into why he chose BSD at all, why he’s switching away from Linux, how the initial transition has been, what you’ll need to relearn and what he’s got planned going forward
• He’s only been using OpenBSD for a few days as of the time this was written – we don’t usually get to hear from people this early in on their BSD journey, so it offers a unique perspective

PC-BSD and 4K oh my!

• Yesterday, Kris Moore got ahold of some 4K monitor hardware to test PC-BSD out
• The short of it – It works great!
• Minor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box
• PSA: This particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly

Feedback/Questions

• Darin writes in
• Mitch writes in

Discussion

Comparison of BSD release cycles

• FreeBSD, OpenBSD, NetBSD and DragonFlyBSD

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’re still looking for some new interviews, so let us know if you’re interested in coming on the show (or have someone you’d like us to approach)
• If we have any listeners in Poland, there’s a new Polish BSD users group that’s just started up
• If you’re closer to Germany, there’s a local BSD installfest happening on May 15th in the Landshut area
• If neither of those locations are close to you, but India is, there’s the brand new New Delhi BSD users group as well
• Check the show notes for the links to all of those
• Lastly, the EuroBSDCon 2015 call for papers has been extended due to the massive amount of last-minute submissions, so now you’ve got until May 22nd to send in your ideas

The post Business as Usual | BSD Now 86 first appeared on Jupiter Broadcasting.

Researches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race & the security impact of Wifi on a plane.

Plus great feedback, a bursting round up & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Cylance finds “SPEAR” a new spin on an 18 year old Windows vulnerability

• In 1997 Aaron Spangler discovered a flaw in Windows
• By causing a user to navigate to a file://1.2.3.4/ url in Internet Explorer, the user’s windows credentials would be sent to the remote server, to attempt to login to it
• “Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password”
• “It’s a serious issue because stolen credentials can be used to break into private accounts, steal data, take control of PCs and establish a beachhead for moving deeper into a targeted network.”
• “Software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec can be exploited using this vulnerability”
• “Redirect to SMB is most likely to be used in targeted attacks by advanced actors because attackers must have control over some component of a victim’s network traffic.”
• “Less sophisticated attackers could launch Redirect to SMB attacks on shared WiFi access points at locations such as coffee shops from any computer, including mobile devices. We successfully tested this attack on a home network using a Nexus 7 loaded with all required tools.”
• “While the user credentials sent over SMB are commonly encrypted, the encryption method used was devised in 1998 and is weak by today’s standards. A stronger hashing algorithm being used on these credentials would decrease the impact of this issue, but not as much as disabling automatic authentication with untrusted SMB servers. With roughly $3,000 worth of GPUs, an attacker could crack any 8-character password consisting of letters (upper and lower case) as well as numbers in less than half a day.”
• “Microsoft has yet to release a patch to fix the Redirect to SMB vulnerability. The simplest workaround is to block outbound traffic from TCP 139 and TCP 445 — either at the endpoint firewall or at the network gateway’s firewall (assuming you are on a trusted network). The former will block all SMB communication, which may disable other features that depend on SMB. If the block is done at the network gateway’s firewall, SMB features will still work inside the network, but prevent authentication attempts with destinations outside the network. See the white paper for other mitigation steps.”
• “Microsoft did not resolve the issue reported by Aaron Spangler in 1997. We hope that our research will compel Microsoft to reconsider the vulnerabilities and disable authentication with untrusted SMB servers. That would block the attacks identified by Spangler as well as the new Redirect to SMB attack.”
• Cylance Whitepaper (PDF)

Given enough money, all bugs are shallow

• Eric Raymond, in The Cathedral and the Bazaar, famously wrote: “Given enough eyeballs, all bugs are shallow.”
• “The idea is that open source software, by virtue of allowing anyone and everyone to view the source code, is inherently less buggy than closed source software. He dubbed this “Linus’s Law”.”
• “However, the Heartbleed SSL vulnerability was a turning point for Linus’s Law, a catastrophic exploit based on a severe bug in open source software. How catastrophic? It affected about 18% of all the HTTPS websites in the world, and allowed attackers to view all traffic to these websites, unencrypted… for two years.”
• “OpenSSL, the library with this bug, is one of the most critical bits of Internet infrastructure the world has – relied on by major companies to encrypt the private information of their customers as it travels across the Internet. OpenSSL was used on millions of servers and devices to protect the kind of important stuff you want encrypted, and hidden away from prying eyes, like passwords, bank accounts, and credit card information.”
• “This should be some of the most well-reviewed code in the world. What happened to our eyeballs, man?”
• “In reality, it’s generally very, very difficult to fix real bugs in anything but the most trivial Open Source software. I know that I have rarely done it, and I am an experienced developer. Most of the time, what really happens is that you tell the actual programmer about the problem and wait and see if he/she fixes it”
• “Even if a brave hacker communities to read the code, they’re not terribly likely to spot one of the hard-to-spot problems. Why? Few open source hackers are security experts”
• “There’s a big difference between usage eyeballs and development eyeballs.”
• “Most eyeballs are looking at the outside of the code, not the inside. And while you can discover bugs, even important security bugs, through usage, the hairiest security bugs require inside knowledge of how the code works.”
• Peer reviewing code is a lot harder than writing code.
• “The amount of code being churned out today – even if you assume only a small fraction of it is “important” enough to require serious review – far outstrips the number of eyeballs available to look at the code”
• “There are not enough qualified eyeballs to look at the code. Sure, the overall number of programmers is slowly growing, but what percent of those programmers are skilled enough, and have the right security background, to be able to audit someone else’s code effectively? A tiny fraction”
• “But what’s the long term answer to the general problem of not enough eyeballs on open source code? It’s something that will sound very familiar to you, though I suspect Eric Raymond won’t be too happy about it.”
• “Money. Lots and lots of money.”
• “Increasingly, companies are turning to commercial bug bounty programs. Either ones they create themselves, or run through third party services like Bugcrowd, Synack, HackerOne, and Crowdcurity. This means you pay per bug, with a larger payout the bigger and badder the bug is.”
• However, adding more money to the equation might actually make things worse
• “There’s now a price associated with exploits, and the deeper the exploit and the lesser known it is, the more incentive there is to not tell anyone about it until you can collect a major payout. So you might wait up to a year to report anything, and meanwhile this security bug is out there in the wild – who knows who else might have discovered it by then?”
• “If your focus is the payout, who is paying more? The good guys, or the bad guys? Should you hold out longer for a bigger payday, or build the exploit up into something even larger? I hope for our sake the good guys have the deeper pockets, otherwise we are all screwed.”
• I like that Google addressed a few of these concerns by making Pwnium, their Chrome specific variant of Pwn2Own, a) no longer a yearly event but all day, every day and b) increasing the prize money to “infinite”. I don’t know if that’s enough, but it’s certainly going in the right direction.
• “Money turns security into a “me” goal instead of an “us” goal“
• “Am I now obligated, on top of providing a completely free open source project to the world, to pay people for contributing information about security bugs that make this open source project better? Believe me, I was very appreciative of the security bug reporting, and I sent them whatever I could, stickers, t-shirts, effusive thank you emails, callouts in the code and checkins. But open source isn’t supposed to be about the money… is it?”
• “Easy money attracts all skill levels — The submitter doesn’t understand what is and isn’t an exploit, but knows there is value in anything resembling an exploit, so submits everything they can find.”
• “But I have some advice for bug bounty programs, too”:
• “You should have someone vetting these bug reports, and making sure they are credible, have clear reproduction steps, and are repeatable, before we ever see them.”
• “You should build additional incentives in your community for some kind of collaborative work towards bigger, better exploits. These researchers need to be working together in public, not in secret against each other”.
• “You should have a reputation system that builds up so that only the better, proven contributors are making it through and submitting reports”.
• “Encourage larger orgs to fund bug bounties for common open source projects, not just their own closed source apps and websites. At Stack Exchange, we donated to open source projects we used every year. Donating a bug bounty could be a big bump in eyeballs on that code.”

FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen

• The Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas:
• (1) protecting air-traffic control (ATC) information systems,
• (2) protecting aircraft avionics used to operate and guide aircraft
• (3) clarifying cybersecurity roles and responsibilities among multiple FAA offices
• “FAA has taken steps to protect its ATC systems from cyber-based threats; however, significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace systems”
• “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems. As part of the aircraft certification process, FAA’s Office of Safety (AVS) currently certifies new interconnected systems through rules for specific aircraft and has started reviewing rules for certifying the cybersecurity of all new aircraft systems.”
• “FAA officials and experts we interviewed said that modern aircraft are also increasingly connected to the Internet, which also uses IP-networking technology and can potentially provide an attacker with remote access to aircraft information systems. According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors. FAA officials and cybersecurity and aviation experts we spoke to said that increasingly passengers in the cabin can access the Internet via onboard wireless broadband systems.”
• “Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented. The experts said that if the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin. The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems”
• One would hope that the cockpit avionics are separated from the onboard entertainment and wifi systems by more than just a firewall. Even if they are not, a properly configured firewall is very difficult to compromise.
• Additional Coverage – BatBlue
• It seems that the authors of this report were not experts on the subject, and when interviewing experts on the topic, they asked questions like “is there any way to get around a firewall”

Feedback:

• Why does Allan hate CloudFlare?

• Hardware for pfSense

• Best Virtualizer for a few Linux VMs?

• No www or Yes www

Round Up:

• Remote Code Execution Via HTTP Request In IIS On Windows
• Snowden explains why you should use passphrases instead of passwords
• Florida middle schooler arrested, charged with hacking cybercrimes .
• After patch, details emerge about a number of Apple flaws (OS X and iOS) including Darwin Nuke, nVidia driver vulnerabilities, and a kqueue bug
• IBM claims new areal density record with 220TB tape tech
• LA Schools seeking refund after iPad rollout fails miserably
• Hacked French network exposed its own passwords during TV interview
• OEM designs have big impact on Intel Core M performance
• briankrebs on Twitter: “RT @RichardKarash: @SwiftOnSecurity @briankrebs There’s no hope for retail security! At a retail checkout yesterday: https://t.co/mUr9tcw8nD”
• Design vs User Experience

The post SMBTrapped in Microsoft | TechSNAP 210 first appeared on Jupiter Broadcasting.

We follow the journey of users who have just made the switch to Linux. We document what went great & what hasn’t worked.

Plus a big announcement is made, great news for Ubuntu MATE, a quick look at Elementary OS Freya Beta & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

— PICKS —

Runs Linux

Mall Kiosk Runs Linux

Sent in by sent by Ricardo R.

Walking through a mall I found a kiosk that is running Ubuntu

Desktop App Pick

Gramps Genealogical Research Software

Gramps is a free software project and community. We strive to produce a genealogy program that is both intuitive for hobbyists and feature-complete for professional genealogists. It is a community project, created, developed and governed by genealogists.

Sent by Adrian

Weekly Spotlight

BitPay’s Internal Mining Pool

At BitPay we are huge proponents of open source software and of course cool gadgets! To do some of our internal testing, we built a small pool of bitcoin miners that run raspbian. Those two miners each have a powered USB hub and a few usb miners each. They are cooled by a pair of simple USB fans. All of which sits neatly on the corner of my desk! Gotta love how easy it is to deploy something like this in such a small form factor on linux… It’s reliable, fast, and just plain looks awesome sitting on my desk!

Jupiter Broadcasting Meetup

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Ubuntu MATE Inks First Hardware Deal

Entroware laptops __start from £379.99. __This bags an ‘Orion’ laptop powered by an Intel Pentium 3550M (Haswell) processor running at 2.3GHz, 4GB DRR3 RAM, a 500GB 5400RPM HDD and integrated Intel graphics. Desktops begin at £299.

• Ubuntu MATE hardware partnership with Entroware | Ubuntu MATE

Ubuntu MATE forges exciting partnership with Linux hardware startup Entroware.

elementary OS Freya Available For Download, See What`s New

For those not familiar with elementary OS, this is an Ubuntu-based Linux distribution (with Freya being based on Ubuntu 14.04 LTS, supported until April 2019) which ships with its own desktop environment, called Pantheon, and its own custom application for the most part, which look great, integrate very well with the desktop and ship with sane defaults so the user doesn’t have to tweak anything.

• to remember it..!!

• Special Live Hangout – YouTube

Evolve OS Changes Name due to Legal Warning

Thank you everyone for helping us in the naming process!
In that time, one name cropped up time and time again. A name we do own, and one indicative of our history and roots.

• Solus Project

Valve games for Mesa/DRI developers

Hi,
At Collabora (my lovely dayjob), we’ve been working with Valve on
SteamOS. Valve are keen to give back to the community, and we’ve been
discussing ways they can help do that, including providing free access
to Valve games on Steam to Debian developers last year.

We’re happy to say that this has been extended to Mesa developers as
well, to say thanks for all the great work. If you have 25 commits or
more (an arbitrary number) to Mesa0 in the past five years, please
drop me an email (with ‘Steam’ in the subject) with your freedesktop
username and Steam username. We can then get you access to all past
and future Valve-produced games available on Steam[1].
Thanks for all the great work, and enjoy.
Cheers,
Daniel

Gnome 3.16 Hits

• My Updated 3.16 Packages for GNOME Extensions by Michael Tunnell aka RottNKorpse

GNOME, desktop environment project, released their latest version of 3.16 recently so I decided to make an update to my previous extension package releases. I made a similar post last year for the GNOME 3.14 Release because some of my extension broke. Unfortunately, some of those extensions are still unmaintained and thus not updated for 3.16 either. So I am continuing to update some extensions for myself and anyone else who wants them.

• Making Gnome 3.16 Theme Consistent

• and gnome 3.16 is in arch’s repos.

Intel Compute Stick, world’s smallest PC, will cost $150 with Windows, $110 with Linux

Intel Atom quad-core processor, 2GB of RAM, 32GB of storage and 802.11b/g/n Wi-Fi. It plugs directly into a monitor or TV via HDMI, and is powered through a Micro USB jack on the side of the stick. There’s also a full-sized USB port, and Bluetooth 4.0 for connecting a mouse and keyboard.

— FEEDBACK —

• https://slexy.org/view/s22YoWUjOt

• https://slexy.org/view/s20bsAHlV9

• https://slexy.org/view/s206wSNobi

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Chronicles of a Linux Switcher | LAS 360 first appeared on Jupiter Broadcasting.

Have you ever thought it’s better to create a job then apply for one? This week we dive into what it takes to build a business that runs on open source & supports open source.

Plus Microsoft’s surprise move, openSUSE jumps ahead, running just about any Android app under Linux & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Jump to Noah’s On Location Video

• https://youtu.be/xgVp2YM5CFE?t=44m43s

Best Enterprise Router for the Money

• Mikrotik

Best Autonomous Access Points For the Money

• EnGenius

Best Cloud Access Points for the Money

• UBNT – Ubiquiti Networks

Best Display for Internet Kiosk

• Asus VS248H-P 24-Inch Full-HD LED-lit LCD Monitor

Best PC for Internet Kiosk for Internet Kiosk

• Intel NUC DN2820FYKH with Intel Celeron N2820

Best USB Wifi Dongle

• Panda 300Mbps Wireless-N USB Adapter

Brought to you by: System76

• Ubiquiti Networks – Wireless networking products for broadband and enterprise

— PICKS —

Runs Linux

Bowling Alley Runs Linux

Sent in by douglascodes

I was at a work party at a bowling alley last night. There were some problems with the alley score system and they had to reboot, so I took some pics of the startup. I wasn’t able to catch it in these pictures. But it is running Ubuntu 10.10.

Desktop App Pick

ClipGrab – Free YouTube Downloader & Converter

ClipGrab is a free downloader and converter for YouTube, Vimeo, Metacafe, Dailymotion and many other online video sites.

It converts downloaded videos to MPEG4, MP3 or other formats in just one easy step.

Weekly Spotlight

Go For It!

Go For It! is a simple and stylish productivity app, featuring a to-do list, merged with a timer that keeps your focus on the current task. To-do lists are stored in the Todo.txt format. This simplifies synchronization with mobile devices and makes it possible to edit tasks using other front-ends, like my Todo.txt Kupfer Plugin. If you already use Todo.txt, beware of the fact, that Go For It! automatically archives completed tasks to the done list!

Project belong to community member mank319

Sent in by dardevelin

Jupiter Broadcasting Meetup

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Microsoft Adopts ODF

Microsoft has confirmed it will start supporting the Open Documents Format (ODF) in the next update to Office 365, following a lengthy battle against the UK government.
In 2014, Microsoft went against the government’s request to support ODF, claiming its own XML format was more heavily adopted. The UK government refutes the claim, stating that ODF allows users to not be boxed into one ecosystem.

Gnome 3.16 systemd-journal coming in next Tumbleweed snapshot

It’s official, Gnome will be in the next Tumbleweed snapshot and the development experience is highly anticipated. A clean installation works, but the guys are working on one last test before its released. We’re not promising an early Easter gift, but Tumbleweed users won’t have to wait long for Gnome’s latest upgrade.

A small change to Linux can be seen in Tumbleweed with a change from the syslog to systemd-journal; the systemd-journal as a binary file needs special tools to look at it.

• systemd-journal has been in Fedora since Fedora 18

Audacity 2.1.0 Released

• For a long time, we have wanted Real-Time Preview for effects.
  It seemed nearly unachievable without major restructuring.
  But with Audacity 2.1.0, we have it in
  LADSPA, VST, and Audio Unit (OS X) effects!
  Thanks to Leland Lucius for these great new capabilities!
• Much improved
  Noise Reduction
  effect replaces Noise Removal. Thanks to new contributor Paul Licameli!
• Lots of other improvements to effects, also thanks to Leland, including:
  • VST: FXB preset banks, hosting multiple plugins
  • All effects can now be used in Chains, and can be sorted on name, publisher, or class.
  • Most Nyquist effects now have Preview button.
• Redesigned Meter Toolbars show a lot more information in smaller area. Thanks, Leland Lucius and James Crook!
• Spectral Selection
  in Spectrogram view. Thanks to Paul Licameli!

How to Install and Run Android Apps in a Linux OS

Basically, anyone with a computer will be able to get an APK file and get it running inside the Google Chrome browser with a minimum amount of effort. What’s even more interesting is that the app only needs Google Chrome installer, it doesn’t need it to run. If you check the background processes, you will notice that a Chrome one is running along with the Arc Welder.

• ARC Welder – Chrome Web Store

Gentoo, after 10 years, has a new website! – not April Fools this time!

Blender New Version 2.74 Is Out With New Tools And Improvements

• The Blenders Institute’s sixth open film

The Blender Institute’s sixth film project, codenamed Gooseberry, is in deep into the most open production from the Blender Institute yet. If you’ve been following the project so far, then you already have a sense of what Blender means by an “open production”—lots of sharing.

— FEEDBACK —

• https://slexy.org/view/s21U3xrhmC

• https://slexy.org/view/s21HV3g6cB

• https://slexy.org/view/s21o90indI

• op5 IT monitoring – eliminate time thieves on Vimeo

“Built on top of Nagios you say?”
Yes, with some added features like proper report generation, a sweet REST API, easy to use load-balancing/redundancy, a business logic engine and of course commercial support!

PS: I managed to sneak in a JB shout-out in one of our cheesy promo videos: https://vimeo.com/107821073

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Get A Job, You Linux Bum! | LAS 359 first appeared on Jupiter Broadcasting.

We round off the week’s tech news & follow up on the big Lenovo story & discuss HP’s push into Linux powered Networking.

Then Chris share’s the start of his lifestyle reboot & then a in depth discussion on getting into the IT job market.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Lenovo To Wipe Superfish Off PCs t

An anonymous reader send news from the Wall Street Journal, where Lenovo CTO Peter Hortensius said in an interview that the company will roll out a software update to remove the Superfish adware from its laptops. “As soon as the programmer is finished, we will provide a tool that removes all traces of the app from people’s laptops; this goes further than simply uninstalling the app. Once the app-wiping software is finished tonight or tomorrow, we’ll issue a press release with information on how to get it.” When asked whether his company vets the software they pre-install on their machines, he said, “Yes, we do. Obviously in this case we didn’t do enough. The intent of loading this tool was to help enhance our users’ shopping experience. The feedback from users was that it wasn’t useful, and that’s why we turned it off. Our reputation is everything and our products are ultimately how we have our reputation.”

HP Targets Cisco and Facebook With New Line of Open-Source Networking Gear

Hewlett-Packard said on Thursday that it would sell a new line of networking switches that are manufactured by a Taiwanese company and depend on Linux-based, open-source software from another company.

Epic Games offers up $5 million in Unreal Dev Grants

Today Epic Games has announced a new initiative — one that could see your game netting between $5,000 and $50,000 in no-strings-attached funding from the engine provider.

HEALTH WATCH: sweatthesweetstuff — Eating healthy doesn’t have to be boring and that working out can be fun!

I want people to understand their bodies. To know that there is a connection between what we put in it and on it, and how that makes us feel. That eating right isn’t just about losing weight, it’s about how good we can feel! On the inside and out. It doesn’t stop at our dress size and energy levels (which are great) but it can help improve other things like your skin, hair & nails, achy joints, headaches, allergies, asthma, your menstrual cycle, IBS, indigestion, several diseases, even cancer. Your body is smart. It knows what to do. You just have to give it the right stuff.

The post Chris' Lifestyle Reboot | Tech Talk Today 137 first appeared on Jupiter Broadcasting.

Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

New flash zero day found being exploited in the wild, no patch yet

• The new exploit is being used in some versions of the Angler exploit kit (the new top dog, replacing former champ blackhole)
• The exploit kit currently uses three different flash exploits:
• CVE-2014-8440 – which was added to the exploit kit only 9 days after being patched
• CVE-2015-0310 – Which was patched today
• and a 3rd new exploit, which is still being investigated
• Most of these exploit kits rely on reverse engineering an exploit based on the patch or proof of concept, so the exploit kits only gain the ability to inflict damage on users after the patch is available
• However, a 0 day where the exploit kit authors are the first to receive the details, means that even at this point, researchers and Adobe are not yet sure what the flaw is that is being exploited
• Due to a bug in the Angler exploit kit, Firefox users were not affected, but as of this morning, the bug was fixed and the Angler kit is now exploiting Firefox users as well
• Additional Coverage – Krebs On Security
• Additional Coverage – PCWorld
• Additional Coverage – Malware Bytes
• Additional Coverage – ZDNet

How was your credit card stolen

• Krebs posts a write up to answer the question he is asked most often: “My credit card was stolen, can you help me find out how”
• Different ways to get your card stolen, and your chance of proving it:
• Hacked main street merchant, restaurant (low, depends on card use)
• Processor breach (nil)
• Hacked point-of-sale service company/vendor (low)
• Hacked E-commerce Merchant (nil to low)
• ATM or Gas Pump Skimmer (high)
• Crooked employee (nil to low)
• Lost/Stolen card (high)
• Malware on Consumer PC (very low)
• Physical record theft (nil to low)
• “I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.”
• Luckily, since most consumers enjoy zero liability, they do not have to worry about trying to track down the source of the fraud
• With the coming change to Chip-and-Pin in the US, the liability for some types of fraud will shift from the banks to the retailers, which might see some changes to the way things are done
• Banks have a vested interest in keeping the results of their investigations secret, whereas a retailer who is the victim of fraudulent cards, may have some standing to go after the other vendor that was the source of the leak
• Machine Learning for Fraud Detection

15% of business cloud accounts are hacked

• Research by Netskope, a cloud analysis company, finds that only one in ten cloud apps are secure enough for enterprise use
• In their survey, done using network probes, gateways, and other analysis techniques (rather than asking humans), they found that the average large enterprise uses over 600 cloud applications
• Many of these applications were not designed for enterprise use, and lack features like 2 factor authentication, hierarchical access control, “group” features, etc
• The report also found that 8% of files uploaded to cloud storage provides like Google Drive, Dropbox, Box.com etc, were in violoation of the enterprises’ own Data Loss Prevention (DLP) policies.
• The downloading numbers were worst, 25% of all company files in cloud providers were shared with 1 or more people from outside the company. 12% of outsiders had access to more than 100 files.
• Part of the problem is that many “cloud apps” used in the enterprise are not approved, but just individual employees using personal accounts to share files or data
• When the cloud apps are used that lack enterprise features that allow the IT and Security teams to oversee the accounts, or when IT doesn’t even know that an unapproved app is being used, there is no hope of them being able to properly manage and secure the data
• Management of the account life cycle: password changes, password resets, employees who leave or are terminated, revoking access to contractors when their project is finished, etc, is key
• If an employee just makes a dropbox share, adds a few other employees, then adds an outside contractor that is working on a project, but accidently shares all files instead of only specific project files, then fails to remove that person later on, data can leak.
• When password resets are managed by the cloud provider, rather than the internal IT/Security team, it makes it possible for an attacker to more easily use social engineering to take over an account
• Infographic
• Report

Feedback:

• ZFS me timbers

• Allan’s Modified Lenovo

• Sharing a large movie collection over the internet

• RAID alternatives for a bug

Round Up:

• Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)
• CERT-UK offers a new best practices guide to combat social engineering
• FBI seeks to legally hack you if you are using TOR or a VPN
• Java patches 19 security holes (13 with 10/10 exploitability score). Make sure you are running at least 7u75 or 8u31
• NSA says it has proof DPRK was behind Sony hack, because they had already hacked the DPRK
• Government health care website quietly sharing personal data
• Steam shell script bug causes it to rm -rf /
• NSA Preps America for Future Battle
• Diary of an NSA Intern
• Password reuse causes spike in Hotel Rewards fraud
• The Sorry State of In-Flight Wi-Fi
• Technical mistake, not terrorist DDoS downed french media websites
• Blackhat, the movie, gets the technobabble mostly right
• All you need is a clipboard, or a stethoscope

The post Dude Where's My Card? | TechSNAP 198 first appeared on Jupiter Broadcasting.

The Chaos Computer Club gets blocked by UK “porn filters” & YouTube is ramping up the heat with secret exclusive deals to content creators.

Then its a full round-up in the Sony Pictures trainwreck of a hack, Fedora 21 is released, emails & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Chaos Computer Club website in blocked by UK “porn filter”

A significant portion of British citizens are currently blocked from accessing the Chaos Computer Club’s (CCC) website. On top of that, Vodafone customers are blocked from accessing the ticket sale to this year’s Chaos Communication Congress (31C3).

Since July 2013, a government-backed so-called opt out list censors the open internet. These internet filters, authorized by Prime Minister David Cameron, are implemented by UK’s major internet service providers (ISPs). Dubbed as the “Great Firewall of Britain”, the lists block adult content as well as material related to alcohol, drugs, smoking, and even opinions deemed “extremist”.

Users can opt-out of censorship, or bypass it by technical means, but only a minority of users know how to bypass those filters.

YouTube Offering Its Stars Bonuses – WSJ

Facebook Inc. and video startup Vessel, among others, have tried to lure YouTube creators to their services in recent months, according to people familiar with the discussions.

In response, Google is offering some of its top video makers bonuses to sign multiyear deals in which they agree to post content exclusively on YouTube for a time before putting it on a rival service. The bonuses can be tied to how well videos perform, but YouTube is making a wide range of offers to counter rivals, according to people involved in the discussions. For several months, YouTube also has been offering to fund additional programming by some of its video makers.

These people say YouTube executives are particularly concerned about Vessel, though the startup has yet to disclose any details about its service or video makers it has signed.

In recent weeks “YouTube has been in a fire drill” led by Robert Kyncl, global head of business, trying to hold on to its stars, according to a person close to the company.

It’s Here! Announcing Fedora 21!

Fedora 21 Release Announcement

The Fedora Project is pleased to announce Fedora 21, the final release, ready to run on your desktops, servers, and in the cloud. Fedora 21 is a game-changer for the Fedora Project, and we think you’re going to be very pleased with the results.

TL;DR?

Impatient? Go straight to https://getfedora.org/ and get started. Otherwise, read on!

Sony Pictures hack was a long time coming, say former employees — Fusion

“Sony’s ‘information security’ team is a complete joke,” one former employee tells us. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it. A hack of our file server about a year ago turned out to be another employee in Europe who left himself logged into the network (and our file server) in a cafe.”

The information security team is a relatively tiny one. On a company roster in the leaked files that lists nearly 7,000 employees at Sony Pictures Entertainment, there are just 11 people assigned to a top-heavy information security team. Three information security analysts are overseen by three managers, three directors, one executive director and one senior-vice president.

Another former employee says the company did risk assessments to identify vulnerabilities but then failed to act on advice that came out of them. “The real problem lies in the fact that there was no real investment in or real understanding of what information security is,” said the former employee. One issue made evident by the leak is that sensitive files on the Sony Pictures network were not encrypted internally or password-protected.

Sony Pictures has said little about its security failures since the hack, but seven years ago, its information security director was very chatty about “good-enough security.” Back in 2007, Jason Spaltro, then the executive director of information security at Sony Pictures Entertainment, was shockingly cavalier about security in an interview with CIO Magazine. He said it was a “valid business decision to accept the risk” of a security breach, and that he wouldn’t invest $10 million to avoid a possible $1 million loss.

Seven years later, Spaltro is still overseeing data security. Now senior vice president of information security, his salary is over $300,000 this year according to one of the leaked salary documents — and will get bumped over $400,000 if he gets his bonus.

• Sony Describes Hack Attack as ‘Unprecedented’ | Re/code

In his comments, Mandia described the malicious software used in the attack against Sony as “undetectable by industry standard antivirus software.” He also said that the scope of the attack is unlike any other previously seen, primarily because its perpetrators sought to both destroy information and to release it to the public. The attack is one “for which neither SPE nor other companies could have been fully prepared,” Mandia said.

• Expat Newswire | Sony Pictures Hack Traced to Bangkok Hotel

The hacks were traced to the St. Regis Bangkok, a 4.5 star resort where basic rooms cost over $400 per night. It remains unclear whether the hacks were done from a room or a public area, but investigations into the breach have traced the attack to the hotel on December 2nd at 12:25 am, local time.

• Sony saved thousands of passwords in a folder named ‘Password’ – Telegraph

It appears that the leaked files include the Social
Security numbers of 47,000 employees and actors, including Sylvester
Stallone, Judd Apatow and Rebel Wilson.

They also include a file directory entitled ‘Password’, which includes 139
Word documents, Excel spreadsheets, zip files, and PDFs containing thousands
of passwords to Sony Pictures’ internal computers, social media accounts,
and web services accounts.

• DOJ Launches New Cybercrime Unit, Claims Privacy Top Priority – Slashdot

Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice, announced on Thursday the creation of a new Cybercrime Unit, tasked with enhancing public-private security efforts. A large part of the Cybersecurity Unit’s mission will be to quell the growing distrust many Americans have toward law enforcement’s high-tech investigative techniques. (Even if that lack of trust, as Caldwell claimed, is based largely on misinformation about the technical abilities of the law enforcement tools and the manners in which they are used.) “In fact, almost every decision we make during an investigation requires us to weigh the effect on privacy and civil liberties, and we take that responsibility seriously,” Caldwell said. “Privacy concerns are not just tacked onto our investigations, they are baked in.”

Feedback:

• dyslexic pc readers

The post Sony Security Café | Tech Talk Today 102 first appeared on Jupiter Broadcasting.

It’s a mailbag special with a hidden message. Mike and Chris discuss burnout a bit more, the pitfalls of bad Q&A, automated UI testing, and the open source projects we’re thankful for this year.

Thanks to:

• Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

• Jupiter Broadcasting 2014 Limited Shirt

• Support Jupiter Broadcasting Page

Feedback

• Burned Out, Pulling apps, and contracts

• Battle of the IDEs

• Software/Code Quality Driven Down by the Man

• Automated UI Testing0

• Node Frustration

• Suggestion Community based CR – Mumble edition

Book of the Week

[asa]B00G8UL474[/asa]

Follow the hosts and the show:

• FingertipTech on Twitter

• Email the show

• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Code Your Enthusiasm | CR 78 first appeared on Jupiter Broadcasting.

Hiring can be a real pain in the butt. The guys share the horror stories from interviews they’ve conducted that went horribly wrong. Plus a few tips for getting a gig.

Then the guys chew on the dev hoopla of the week, and read some great emails.

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.
UnitySync Visit dirwiz.com/unitysync use code coder for an extended trial and a year of maintenance.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• George’s Email: Wants to Quit!
• Araon’s Email: I\’m pissed^H^H^H^H^H^Hannoyed at mobile app developers
• Mike’s Email: Speaking of Lawyers…

Dev World Hoopla

• Indian IT firm accused of discrimination against “stupid Americans”

Infosys allegedly achieved this ratio \”by directly discriminating against individuals who are not of South Asian decent in hiring, by abusing the H-1B visa process to bring workers of South Asian descent into the country rather than hiring qualified individuals already in the United States, and by abusing the B-1 visa system to bring workers of South Asian descent into the United States to perform work not allowed by their visa status rather than hiring individuals already in the United States to perform the work.\” Infosys \”used B-1 visa holders because they could be paid considerably lower wages than other workers including American-born workers,\” the lawsuit states.

• Stupid Americans

Interviewing

• Fizz Buzz Test

The \”Fizz-Buzz test\” is an interview question designed to help filter out the 99.5% of programming job candidates who can\’t seem to program their way out of a wet paper bag.
The text of the programming assignment is as follows:

• Fizz buzz – Wikipedia, the free encyclopedia

Fizz buzz (also known as bizz buzz, or simply buzz) is a group word game for children to teach them about division.[1] Players take turns to count incrementally, replacing any number divisible by three with the word \”fizz\”, and any number divisible by five with the word \”buzz\”.

• Coding Horror: Why Can\’t Programmers.. Program?

Like me, the author is having trouble with the fact that 199 out of 200 applicants for every programming job can\’t write code at all. I repeat: they can\’t write any code whatsoever.

Book Pick:

[asa]0735611319[/asa]

Follow the show

• Email the show
• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post FizzBuzzed! | CR 62 first appeared on Jupiter Broadcasting.

Oracle patches 128 vulnerabilities, you won’t believe how many of them are critical.

Plus how twitter can solve their hacking problem, ZFS questions galore, and much much more!

On this week’s TechSNAP.

Thanks to:

GoDaddy.com Use our code tech295 to score .COM for $2.95! 35% off your ENTIRE first order just use our code go35off4 until the end of the month!

Support the Show: