Show Notes: linuxactionnews.com/246

The post Linux Action News 246 first appeared on Jupiter Broadcasting.

Plus your questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Fixing this Internet before it breaks again

• “What we call the Internet, was not our first attempt at making a global data network that spanned the globe. It was just the first one that worked.”
• “There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again.”
• “Kaminsky, who was delivering the keynote to over 6,000 Black Hat USA 2016 attendees, said problems that need to be addressed within the security community are political, technical and how the security community collaborates.”
• “The internet doesn’t have the equivalent of ‘the guy’ that’s working on cancer. We need institutions and systems. We need to have something like NIH (National Institutes of Health) for cyber. It needs to have good and stable funding,” Kaminsky said. Research, problem solving and solutions are too often conducted in fiefdoms that seldom share the collective solutions needed to help fix the big security issues of the day. “I’m worried. I’m worried about our ability to innovate and our ability to create and I’m worried that we are not building the sort of infrastructure to make the internet a safe place.”
• “By taking a NIH type of approach, Kaminsky argued, the internet would foster a large number of deeply committed security experts to work independently and away from commercial interest that push the security sector to come up with quick fixes to solve big security problems. “We need to make changes and we need to have studies about the way we program and the method that people use to build secure things”
• “So what I’m looking to answer is – forget the layers of abstraction and the politics – how do we get 100 nerds working on a project for 10 years without interrupting them or harassing them and telling them to do different things. How do you make that happen? How you don’t make that happen is how we are doing that in InfoSec today – and that’s with the spare time of a small number of highly paid consultants. We can do better than that”
• “Kaminsky doesn’t see the NIH approach as a panacea to all that ails the security world. In fact, in his talk he described a delicate balancing act where the security community derives the benefits of broader administration without being hamstrung by potential politics. Control, greed and companies driven by profits, he argue, killed the internet of the 1990s. He argues AOL tried to create a walled garden and control everything and make billions. But that internet failed”
• “There are two models of an internet. There is the walled garden and freedom. The walled garden is, ‘okay here is your environment and go ahead and try to use it.’ The other model is that people can put stuff up and other people can use and abuse it. People don’t need to ask for permission they don’t need to beg. Maybe it works and maybe it doesn’t.”
• Are Apple, Facebook, Google, and Microsoft, taking us towards their own versions of AOLs walled garden of the Internet?
• How often does your family’s internet browsing actually leave Facebook?
• He warns, the same way AOL’s walled garden threatened a free internet of the 1990s, government control over encryption could have the same stifling effects on innovation and cyber liberties. “Let’s stop the encryption debate. This is actually useless. It’s driving all the energy away from what are we need to fix,”
• Topping Kaminsky’s fixit list was devising better ways for the security community to collectively move the security ball forward and not view security solutions as individual races to win. “Let’s take our obscure knowledge and real expertise and making it available the rest of the security community,” he said. By sharing knowledge and solutions it allows us to find flaws quicker and fix them even faster.”
• It is not about the splashiest vuln with the coolest name, or having the fastest fix, it is about being in it for the long term, and actually fixing things.

Researchers bypass chip and pin protections by attacking the PoS terminals

• “The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security.”
• “Credit card companies for the most part have moved away from “swipe and signature” credit cards to chip and pin cards by this point; the technology known as EMV (Europay, MasterCard, and Visa) which is supposed to provide consumers with an added layer of security is beginning to see some wear, according to researchers.”
• Except in the US
• The chip card transition in the US has been a disaster
• “Nir Valtman and Patrick Watson, researchers with NCR Corporation, staged a series of malicious transactions in a talk here at Black Hat on Wednesday, demonstrating how they could capture Track 2 data and bypass chip and pin protections.”
• “Instead of attacking the operating system of the POI and POS devices, the researchers bypassed much of the built-in security. This includes integrated cryptographic security schemes. Breaking crypto, after all, is very hard. That’s because cryptography is just math, and math (for the most part) works. But the crypto is just part of the overall security system, the other pieces of which are vulnerable to attack. This was made even easier since much of the information the team sought in their attacks was not encrypted on the payment device.”
• “In their first demonstration, the duo used a Raspberry Pi to capture Track 2 data packets in real time. Via a passive man-in-the-middle compromise, Wireshark picked up two interactions from data entered into a pinpad running flawed production software that’s currently in the wild. The two declined to specify the company’s name, but claimed they had spoken with the vendor and asked them to implement TLS connections, but said they couldn’t as they ran old hardware.”
• “The garbled data can be transformed into readable bits, service code expiration data, discretionary data, and so on, data that can tip a hacker off whether the card is a chip card.”
• The pair showed how easy it’d be to use a malicious form to trick a consumer into re-entering their PIN or a CVV on a card machine. “Consumers trust pinpads, they usually think they entered it wrong,”
• “According to the two researchers, attackers could compromise a pinpad – by injecting a form, Malform.FRM in this instance, when no one’s in the store and quickly change it back to a customized “Welcome!” message. Both Valtman and Watson advocate that pin pads leverage strong crypto algorithms and allow only signed whitelist updates. Point of sale pin pads are usually PCI certified but the two pointed out PCI doesn’t require encryption over a local area network, which is how an attacker could carry out a MiTM attack.”
• So they used the API of the payment terminal to trick the user into actually typing in the CVV, so they could capture it.
• They also socially engineer the user into thinking they mistyped their PIN, and having them enter it a second time. One of which is not expected by the software, and is instead captured by the attackers software
• “Consumers should never re-enter their PIN, as it’s a telltale giveaway that a pin pad may have been compromised, Valtman claimed, before adding that he usually frequents stores that allow him to pay with his Apple Watch, as he finds the technology more secure than EMV”
• “It’s cool, but not a secure standard,” Nir said.
• “As part of our demos, we will include EMV bypassing, avoiding PIN protections and scraping PANs from various channels.”
• Slides
• Additional Coverage

The 2016 Pwnie Awards!

• The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.
• The awards are given out once an year. The tenth annual ceremony will take place on Aug 3rd, 2016 in Las Vegas at the BlackHat USA security conference.
• Best Server-Side Bug: Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow
• Best Client-side bug: glibc getaddrinfo stack-based buffer overflow
• Best Privilege Escalation Bug: Widevine QSEE TrustZone
• Best Cryptographic Attack: SSLv2 Crypto Attack DROWN
• Best Backdoor: Juniper ScreenOS
• Best junk or stunt hack: remotely killing a jeep on the highway
• Best Branding: Mousejack
• Epic Achievement: Never giving up, and never letting us down: Travis Ormandy
• Most Innovative Research: Dedup Est Machina Memory Deduplication as an Advanced Exploitation Vector
• Lamest Vendor Response: Western Digital: MyPassword Drive
• Most over hyped bug: Badlock
• Best Song: Cyberlier
• Most Epic FAIL: no one…!
• Lifetime Achievement Award: Mudge — L0phtcrack, DARPA’s cyber security program
• Epic 0wnage: The Juniper Backdoor
• Honourable Mentions: ImageTragick, Stagefright, SETFKey (1999), BlueCoat getting an Intermediate CA, Insecurity of self-encrypting drives, 60 Minutes hacked phone, BACKRONYM

Feedback:

• IRC Bots

• GitHub – rikai/Showbot: A fork of the Showbot irc bot suited for non-5by5 stuff.

• Virtulizing PFSense

• ZFS/NFS/KVM Question

• Multicast Youtube Home NAT Router

Round Up:

• ‘Webcam hackers caught me wanking, demanded $10k ransom’
• We all know that virus scanners are some of the worst security offenders, so Kaspersky has launched a new bug bounty program, administered by HackerOne, with rewards of up to $50,000
• Cisco: Potent ransomware is targeting the enterprise at a scary rate
• Google brings HSTS to Google.com, talks about the challenges and the process
• Canada Wants To Keep Federal Data Within National Borders
• The Antivirus Industry’s dirty little secret
• This is what Apple should tell you when you lose your iPhone
• Walmart proves Open Source is Big business
• Inside Facebook’s new “Area 404” hardware lab

The post The Internet is Dying | TechSNAP 279 first appeared on Jupiter Broadcasting.

We share our best stories from 2016’s SCALE14x. From the highlights to the bar fights we talk about what it’s like to attend one of the largest community driven Linux events in the world.

Plus the Linux Trojan that’s snapping screenshots & recording audio, Linux Mint is building their own X-Apps, your live calls & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

• Linux Academy Weekly Roundup

SCALE 14x Report

Mark Shuttleworth Keynote and UbuCon

• Free Software in the age of App Stores: https://youtu.be/ybuwdpnEbZU?t=22m50s
• The case for snap packages: https://youtu.be/ybuwdpnEbZU?t=37m17s
• Demo of Snap Packages was great
• AT&T’s latest Linux choice may profoundly shape Ubuntu

AT&T has struck a deal with Canonical that could shape the future of the platform currently “owning” the cloud…

Cory Doctorow Keynote

• Why Cory Doctorow refuses to predict the future (like, seriously) | Opensource.com

SCALE 14x Floor

• Huge floor, lots of great exhibitors

LAS 400 Meetup

• Crazy big meetup, thanks everyone!

ScALE Pictures

• Expo Hall 1
• Expo Hall 2
• Expo Hall 3
• Expo Hall 4
• Ham Radio Presence at ScALE
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Facebook / OpenRack Project
• Anyone know what kind of car Linus Torvalds Rives?
• Indian Dinner Friday Night
• Dinner Sat Night at Mongolian Grill
• Key Signing Party
• Sat Night Ham Radio Dinner

Some Great sessions to watch

• 4 Years in the Trenches with Linux/QEMU/libvirt – YouTube
• From Sys Admin to Netflix SRE – YouTube
• Essential Linux Security – YouTube

— PICKS —

Runs Linux

Nintendo 64 RUNS LINUX!

Uploaded Linux kernel to N64 memory using GameShark Pro with parallel port interface in about 2 minutes. Modified kernel in approx. 1 week of work. Immediately runs out of memory, but could probably be fixed with further modifications.

• Home – mupen64plus

Desktop App Pick

My recommended GNOME Extension

• Chris’ Gnome Work Desktop

This is a listing of twenty extensions for GNOME that I personally use and recommend.
As of this post all them work flawlessly on the latest release of GNOME which is 3.18.2.

Weekly Spotlight

Yarock – Linux music player

Yarock is a modern looking music player, packed with features, that doesn’t depend on any specific desktop environment.
Yarock is designed to provide an easy and pretty music browser based on cover art.
Yarock is easy to build with a minimal set of dependancies, and offers the choose of differents audio back-end.

Lollypop

A GNOME music player.

— NEWS —

Snap-Happy Trojan Targets Linux Servers

Researchers at Dr.Web on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers.

• Trojan for Linux takes screenshots — Dr.Web – innovation anti-virus security technologies. Comprehensive protection from Internet threats.
• Linux.Ekoms.1 the Linux trojan that takes screenshotsSecurity Affairs
• Linux Trojan Takes Screenshots Every 30 Seconds | SecurityWeek.Com

The Linux Mint Monthly News – January 2016

X-Apps will be a collection of generic GTK3 applications using traditional interfaces which can be used as default desktop components in Cinnamon, MATE and Xfce.

Release OBS Multiplatform 0.13.0

This project is a rewrite of what was formerly known as “Open Broadcaster
Software”, software originally designed for recording and streaming live
video content, efficiently.

Semaphor to Give Team Collaboration Privacy

Semaphor helps teams improve their productivity by keeping members focused, informed, and connected. Teams can join group conversations, private message team members, share files, and install trusted third-party integrations knowing their privacy is protected at every step. Following the same privacy-centric design as all SpiderOak solutions, Semaphor uses a Zero Knowledge architecture that ensures nothing leaves a computer or mobile device until after it is encrypted and is never decrypted until it is unlocked with keys only located on individuals’ devices.

KDE neon Website Now Live

@jriddell and friends at @fosdem launching Neon ! pic.twitter.com/ILsoJ4qve2

— Rohan Garg (@rohangarg) January 30, 2016

Serving the freshest packages of KDE software. Developers’ archive with packages built from KDE Git available now, stable archive with packages built from released tars coming soon.

• Kubuntu founder Jonathan Riddell to announce project Neon at FOSDEM | CIO

The @kdecommunity at the @KdeNeon launch party tonight pic.twitter.com/TDVBRoCacu

— jriddell (@jriddell) January 30, 2016

• This initial release of KDE neon is based on the current standard release of Ubuntu 15.10 to better prepare this new project for the upcoming 16.04 long-term release.
• Currently we only have packages built for the developer edition of KDE neon from the KDE Git archives. Packages and installation media for the user edition of KDE neon will be proudly offered shortly.
• KDE neon (@KdeNeon) | Twitter

Feedback:

Brought to you by: System76

• Chris’ call out for the community to help him with his background for the Linux Action

Were you around for today’s (10 January 2016) live show? If not, you should seriously consider taking some time with us on Sunday and watch the live show. Not only will you get more content, but you’ll be able to interact with Chris and Noah.
One of the things that came up today was Chris talking about his background in today’s episode.

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post The Stories of SCALE14x | LAS 402 first appeared on Jupiter Broadcasting.

FOSDEM just wrapped up, where thousands of developers & enthusiasts of free & open source software gather to talk all things Linux.

Plus we drool over the new Raspberry Pi 2 & ask if B+ buyers got a little screwed.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

FU:

• I’m from Vivaldi and want to talk.

• Heavy adblock

• A pointer to the Linux Equivalent of

• Your help is needed coming up with a list of the best Gnome Tweaks and Extensions

• which aur helper do you guys use?

FOSDEM 2015

Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels.

• What’s New in systemd, 2015 Edition

systemd is now a core component of most major distributions. In this talk I want to give an overview over everything new in the systemd project over the last year, and what to expect over the next year.

• How does systemd relate to Plasma? | David Edmundson’s Web Log

Hopefully it clears up what we mean when we talk about systemd and desktop environments, and where we could use different parts of systemd.

It should be apparent that as developers there are parts we want to embrace as it. In many cases it allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it as an optional extra defeats the main benefit.

• daniel.haxx.se » Http2 right now

• Daniel Stenberg (@bagder) | Twitter

• FOSDEM 2015 – Living on Mars: A Beginner’s Guide

Raspberry Pi 2 on sale now at $35 | Raspberry Pi

Let’s get the good stuff out of the way above the fold. Raspberry Pi 2 is now on sale for $35 (the same price as the existing Model B+), featuring:

• A 900MHz quad-core ARM Cortex-A7 CPU (~6x performance)
• 1GB LPDDR2 SDRAM (2x memory)
• Complete compatibility with Raspberry Pi 1

Because it has an ARMv7 processor, it can run the full range of ARM GNU/Linux distributions, including Snappy Ubuntu Core, as well as Microsoft Windows 10.

• Turbocharged quad-core Raspberry Pi 2 unleashed, global geekgasm likely • The Register

Speaking to The Register last week, foundation head honcho Eben Upton said: “I think it’s a usable PC now. It was always the case that you could use a Raspberry Pi 1 as a PC but you had to say ‘this is a great PC in so far as it cost me 35 bucks’. We’ve removed the caveat that you had to be a bit forgiving with it. Now it’s just good.”

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

Post-Show

• Ubuntu Phone Desktop Tablet – YouTube

The post Straight Outta FOSDEM | LINUX Unplugged 78 first appeared on Jupiter Broadcasting.

Apple introduces two new models of iPhones, a payment system & a watch. We stream it all live with our commentary, reactions & live covering for their bumpy stream issues.

This special edition of Tech Talk Today starts a bit bumpy, but finds its legs not too far into the episode.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The hidden structure of the Apple keynote

The Apple Keynotes podcast on the iTunes Store lists 27 events since Steve Jobs unveiled the first iPhone on Jan. 9, 2007. (A few are missing.)

They are an average 88 minutes long, with a similar look and feel—a minimalist slide presentation with live demos from Apple executives and industry leaders, punctuated by videos explaining Apple’s design and manufacturing processes

When Steve Jobs was running Apple and healthy, he dominated the stage. During Jobs’ finest performance—his 2007 iPhone “Stevenote”—he spent more than 90 minutes on stage, with breaks only to invite partners up for remarks, including then-Google CEO (and then-Apple board member) Eric Schmidt.

Cook usually spends less than 20 minutes onstage per event

On average, it has taken about 45 minutes to get to that part. But more recently, it has been shorter. With plenty to cover tomorrow—supposedly including two new iPhones, a wearable device, and a payments system—there shouldn’t be much filler content.

The post Apple Watch Introduction | Tech Talk Today 55 first appeared on Jupiter Broadcasting.

Did Home Depot get struck by the same malware that attacked Target? How the FBI found the Silkroad server, and Reddit just got a big cash infusion… But is it enough?

Plus a nostalgic look back at the WORM drive & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Reddit Raising Big Funding Round With Help From Y Combinator Contacts

Reddit, the social news site with a big Web footprint, is raising a big funding round — with help from some of the people who helped launch the site nine years ago, including co-founder Alexis Ohanian and other people associated closely with startup incubator Y Combinator.

Sources said the site has reached a preliminary agreement to sell less than 10 percent of the company for more than $50 million. That could give the company a valuation of upwards of $500 million.

Home Depot Hit By Same Malware as Target — Krebs on Security

The apparent credit and debit card breach uncovered last week at Home Depot **was aided in part by a new variant of the same malicious software program that stole card account data from cash registers at **Target last December, according to sources close to the investigation.

A source close to the investigation told this author that an analysis revealed at least some of Home Depot’s store registers had been infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.

BlackPOS also was found on point-of-sale systems at Target last year. What’s more, cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator[dot]cc, the same underground cybercrime shop that sold millions of cards stolen in the Target attack.

—

Other clues in the new BlackPOS malware variant further suggest a link between the cybercrooks behind the apparent breach at Home Depot and the hackers who hit Target. The new BlackPOS variant includes several interesting text strings. Among those are five links to Web sites featuring content about America’s role in foreign conflicts, particularly in Libya and Ukraine.

One of the images linked to in the guts of the BlackPOS code.

Three of the links point to news, editorial articles and cartoons that accuse the United States of fomenting war and unrest in the name of Democracy in Ukraine, Syria, Egypt and Libya. One of the images shows four Molotov cocktails with the flags of those four nations on the bottles, next to a box of matches festooned with the American flag and match ready to strike. Another link leads to an image of the current armed conflict in Ukraine between Ukrainian forces and pro-Russian separatists.

Dread Pirate Sunk By Leaky CAPTCHA — Krebs on Security

“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”

“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”

• Nik Cubrilovic – New Web Order » Analyzing the FBI’s Explanation of How They Located Silk Road

Doubts cast over FBI ‘leaky CAPTCHA’ Silk Road rapture • The Register

“The idea that the CAPTCHA was being served from a live IP is unreasonable. Were this the case, it would have been noticed not only by me — but the many other people who were also scrutinizing the Silk Road website. Silk Road was one of the most scrutinized sites on the web, for white hats because it was an interesting challenge and for black hats since it hosted so many Bitcoin (with little legal implication if you managed to steal them).”

Moreover, an externally hosted image would still be routed over Tor and any packet sniffer would be unable to detect the Silk Road’s IP address.

Cubrilovic claimed it was more likely the FBI found and exploited a security vulnerability or discovered an information leak in the Silk Road login page and application.

CenturyLink Said to Seek to Acquire Rackspace Hosting – Bloomberg

CenturyLink has discussed the idea with San Antonio-based Rackspace, which last month said it is still conducting an internal review of its strategic options, according to the people, who asked not to be identified talking about private information. One person said a deal may not be reached for the company, which had a stock-market valuation of $5.33 billion at the end of last week.

Odds of the deal going through are less than 50 percent unless Rackspace is willing to take payment in stock or enter a joint venture, Jaegers said. CenturyLink wants to avoid a debt downgrade that may come with financing a large deal, she said.

What is WORM (write once, read many)?

In computer storage media, WORM (write once, read many) is a data storage technology that allows information to be written to a disc a single time and prevents the drive from erasing the data. The discs are intentionally not rewritable, because they are especially intended to store data that the user does not want to erase accidentally. Because of this feature, WORM devices have long been used for the archival purposes of organizations such as government agencies or large enterprises. A type of optical media, WORM devices were developed in the late 1970s and have been adapted to a number of different media. The discs have varied in size from 5.25 to 14 inches wide, in varying formats ranging from 140MB to more than 3 GB per side of the (usually) double-sided medium. Data is written to a WORM disc with a low-powered laser that makes permanent marks on the surface.

• IBM 3363 optical WORM drive | 102671161 | Computer History Museum

The post Grand Theft Depot | Tech Talk Today 54 first appeared on Jupiter Broadcasting.

It’s our live coverage and reactions to the first two hours of the Google I/O 2014 Keynote. The new Android UI is revealed, improvements to ChromeCast, Android for your car, watches, protesters and more.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

— Headlines —

Keynote Highlights:

• Google I/O 2014 Interrupted by Eviction Protester

• Google’s next version of Android ‘L-release’ has a new look, deeper ties to the web

• Google Introduces Android TV, Its New Platform For Smart TV Apps And Navigation | TechCrunch

• At I/O, Google launches Android Wear, says Moto360 coming this summer | Ars Technica

• Android Now Has 1 Billion Active Users per Month

• Google Chromecast Gets Android Mirroring, Backdrop Slideshows

• Android One will help manufacturers build low-cost phones for developing markets | The Verge

• Google is bringing Android to the car with Android Auto | The Verge

• Google announces Drive for Work with unlimited storage at $10 a month | The Verge

• Google Protester

Google I/O 2014

Google I/O schedule + streams

The post Google I/O 2014 Special | Tech Talk Today 15 first appeared on Jupiter Broadcasting.

On this week\’s episode, we\’ll be giving you an introductory guide on OpenBSD\’s ports and package system.

There\’s also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware.

Lots of interesting news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSDCan 2014 talks and reports, part 2

• More presentations and trip reports are still being uploaded
• Ingo Schwarze, New Trends in mandoc
• Vsevolod Stakhov, The Architecture of the New Solver in pkg
  
• Julio Merino, The FreeBSD Test Suite
• Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
• There\’s also a trip report from Michael Dexter and another (very long and detailed) trip report from our friend Warren Block that even gives us some linkage, thanks!

Beyond security, getting to know OpenBSD\’s real purpose

• Michael W Lucas (who, we learn through this video, has been using BSD since 1986) gave a \”webcast\” last week, and the audio and slides are finally up
• It clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics
• Some of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a \”pressure cooker for ideas,\” briefly touches on GPL vs BSDL, their \”do it right or don\’t do it at all\” attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans
• Here\’s a direct link to the slides
• Great presentation if you\’d like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too

FreeBSD vs Linux, a comprehensive comparison

• Another blog post covering something people seem to be obsessed with – FreeBSD vs Linux
• This one was worth mentioning because it\’s very thorough in regards to how things are done behind the scenes, not just the usual technical differences
• It highlights the concept of a \”core team\” and their role vs \”contributors\” and \”committers\” (similar to a presentation Kirk McKusick did not long ago)
• While a lot of things will be the same on both platforms, you might still be asking \”which one is right for me?\” – this article weighs in with some points for both sides and different use cases
• Pretty well-written and unbiased article that also mentions areas where Linux might be better, so don\’t hate us for linking it

Expand FreeNAS with plugins

• One of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework
• With these plugins, you can greatly expand the feature set of your NAS via third party programs
• This page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience
• Some examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more
• It then goes into more detail about each of them, how to actually install plugins and then how to set them up

Interview – Karl Lehenbauer – karl@flightaware.com / @flightaware

FreeBSD at FlightAware, BSD history, various topics

Tutorial

Ports and packages in OpenBSD

News Roundup

Code review culture meets FreeBSD

• In most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree
• This article describes Phabricator, an open source code review system that we briefly mentioned last week
• Instructions for using it are on the wiki
• While not approved by the core team yet for anything official, it\’s in a testing phase and developers are encouraged to try it out and get their patches reviewed
• Just look at that fancy interface!!

Michael Lucas\’ next tech books

• Sneaky MWL somehow finds his way into both our headlines and the news roundup
• He gives us an update on the next BSD books that he\’s planning to release
• The plan is to release three (or so) books based on different aspects of FreeBSD\’s storage system(s) – GEOM, UFS, ZFS, etc.
• This has the advantage of only requiring you to buy the one(s) you\’re specifically interested in
• \”When will they be released? When I\’m done writing them. How much will they cost? Dunno.\”
• It\’s not Absolute FreeBSD 3rd edition…

CARP failover and high availability on FreeBSD

• If you\’re running a cluster or a group of servers, you should have some sort of failover in place
• But the question comes up, \”how do you load balance the load balancers!?\”
• This video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying
• Also mentions DNS-based load balancing as another option

PCBSD weekly digest

• This time in PCBSD land, we\’re getting ready for the 10.0.2 release (ISOs here)
• AppCafe got a good number of fixes, and now shows 10 random highlighted applications
• EasyPBI added a \”bulk\” mode to create PBIs of an entire FreeBSD port category
• Lumina, the new desktop environment, is still being worked on and got some bug fixes too

Feedback/Questions

• Paul writes in
• Matt writes in
• Kjell writes in
• Paul writes in
• Tom writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you\’d like to see, let us know
• Just a reminder, if you\’re using vnd (vnconfig) on OpenBSD for encryption, it\’s being retired for 5.7 – start planning to migrate your data to softraid
• There were also some security advisories for FreeBSD recently, make sure you\’re all patched up
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post AirPorts & Packages | BSD Now 40 first appeared on Jupiter Broadcasting.

This week on BSD Now… a wrap-up from NYCBSDCon! We\’ll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it\’s BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 10 as a firewall

• Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead
• Now, with the release of 10.0, he\’s apparently changed his mind and switched back over
• It mentions the SMP version of pf, general performance advantages and more modern features
• The author is a regular listener of BSD Now, hi Joe!

Network Noise Reduction Using Free Tools

• Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD
• Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD\’s spamd and other security features to combat spam and malware
• He goes through his experiences with content filtering and disappointment with a certain proprietary vendor
• Not totally BSD-specific, lots of people can enjoy the article – lots of virus history as well

FreeBSD ASLR patches submitted

• So far, FreeBSD hasn\’t had Address Space Layout Randomization
• ASLR is a nice security feature, see wikipedia for more information
• With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)
• We might have Shawn on the show to talk about it, but he\’s also giving a presentation at BSDCan about his work with ASLR

Old-style pkg_ tools retired

• At last the old pkg_add tools are being retired in FreeBSD
• pkgng is a huge improvement, and now portmgr@ thinks it\’s time to cut the cord on the legacy toolset
• Ports aren\’t going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go
• All pkg_ tools will be considered unsupported on September 1, 2014 – even on older branches

This episode was brought to you by

Interview – Luke Marsden – luke@hybridcluster.com / @lmarsden

BSD at HybridCluster

Tutorial

Filesharing with chrooted SFTP

News Roundup

FreeBSD on OpenStack

• OpenStack is a cloud computing project
• It consists of \”a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API.\”
• Until now, there wasn\’t a good way to run a full BSD instance on OpenStack
• With a project in the vein of Colin Percival\’s AWS startup scripts, now that\’s no longer the case!

FOSDEM BSD videos

• This year\’s FOSDEM had seven BSD presentations
• The videos are slowly being uploaded for your viewing pleasure
• Not all of the BSD ones are up yet, but by the time you\’re watching this they might be!
• Check this directory for most of \’em
• The BSD dev room was full, lots of interest in what\’s going on from the other communities

The FreeBSD challenge finally returns!

• Due to prodding from a certain guy of a certain podcast, the \”FreeBSD Challenge\” series has finally resumed
• Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey
• This time he outlines the upgrade process of going from 9 to 10, using freebsd-update
• There\’s also some notes about different options for upgrading ports and some extra tips

PCBSD weekly digest

• After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while
• During their \”fine tuning phase\” users are encouraged to submit any and all bugs via the trac system
• Warden got some fixes and the package manager got some updates as well
• Huge size reduction in PBI format

Feedback/Questions

• After today\’s questions, our email backlog will be just about caught up. Now\’s a great time to send us something – questions, stories, ideas, requests, anything you want
• Derrick writes in: https://slexy.org/view/s21nbJKYmb
• Sean writes in: https://slexy.org/view/s2yhziVsBP
• Patrick writes in: https://slexy.org/view/s20PuccWbo
• Peter writes in: https://slexy.org/view/s22PL0SbUO
• Sean writes in: https://slexy.org/view/s20dkbjuOK

• All the tutorials are posted in their entirety at bsdnow.tv
• Last week\’s NTP tutorial got a small update if you\’re running a LAN-only server, as well as a couple links on how to turn it into a stratum 1 server with a GPS device
• The SSH tutorial also got some updates
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Lastly, the BSD Now t-shirt is close to being ready… stay tuned!

The post The Cluster & The Cloud | BSD Now 24 first appeared on Jupiter Broadcasting.

New and aggressive lines in the battle for gun control have been drawn, and all sides of the debate claim the next battle will be bigger than ever, but we’re just a little skeptical.

Plus: Kidnapping brothers in Cleveland, air strikes in Syria, and a new #1 killer in America. We’ll break it all down and pull out the information you need from this crazy week.

Then it’s your feedback, our follow up, and much much more…

On this week’s episode of, Unfilter.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

Donate Bitcoins

— Show Notes —

Syria’s in the Red

• Israeli military deploys two batteries of Iron Dome anti-rocket defense system – WORLD – Globaltimes.cn

Israel Defense Forces’ Iron Dome, a short-range missile defence system, is positioned on a hill near Zefat, at the Golan Heights on May 5, 2013. The Israeli military deployed two batteries of the Iron Dome anti-rocket defense system to northern Israel following an escalation in tensions with Syria

• US and Russia bid to revive Syria peace talks – YouTube

The United States and Russia have agreed to push both sides in Syria to find an end to the bloodshed, offering to hold an international conference in search of peace.

In talks which stretched late into the night, US Secretary of State John Kerry met first for more than two hours with President Vladimir Putin on Tuesday and then for a further three with Foreign Minister Sergei Lavrov.

“We agreed that Russia and the United States will encourage both the Syria government and opposition groups to find a political solution,” Lavrov told reporters at a concluding news conference that ended after midnight.

Thanks for Supporting Unfilter:

This Week’s New Supporters:

• Joel S, from Australia
• Reyes S, in Texas
• William P, in Texas

• Thanks to our 76 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience.

Gun Fight 2.0 is Coming’

• NRA elects new hard-line leader – YouTube

The board of the National Rifle Association has elected James W. Porter II as its president. Porter, a 64-year-old lawyer from Birmingham, Alabama, is known for his hard-line culture: he is a warrior who has worked for decades to make the NRA a more aggressive political force. His father, Irvine C. Porter, was president of the NRA in 1959 — when the son says the NRA was “a glorified shooting society.”

• Glenn Beck at NRA Rally: ‘Freedom of All Mankind Is at Stake’

“They want to fundamentally transform our country and they’ve just about finished the project,” Beck told an audience of thousands Saturday evening at the NRA convention’s Stand and Fight Rally in Houston, Texas. “They feel they must regulate us until we comply, but I will not comply.”

Cleveland Kidnapping Brothers

• Cleveland police search for more women after tip from kidnap victim, report says | Fox News

Details of a possible fourth victim came to light during police interviews with the oldest victim, Michelle Knight, who reportedly said there was another girl at the home about 10 years ago, but disappeared.

In 2007, Ashley Summers, a 14 year old, disappeared in the same neighborhood. Initially it was believed Summers was a runaway but a few years later, police saw a potential link with the other missing girls.

• Cleveland police search for more women after tip from kidnap victim, report says | Fox News

Details of a possible fourth victim came to light during police interviews with the oldest victim, Michelle Knight, who reportedly said there was another girl at the home about 10 years ago, but disappeared.

In 2007, Ashley Summers, a 14 year old, disappeared in the same neighborhood. Initially it was believed Summers was a runaway but a few years later, police saw a potential link with the other missing girls.

• Charles Ramsey, Amanda Berry rescuer, becomes internet meme.

Charles Ramsey, the man who helped rescue three Cleveland women presumed dead after going missing a decade ago, has become an instant Internet meme.

Painkillers: #1 Cause of Accidental Death in U.S.

• Prescription Painkillers Overtake Car Crashes As Leading Cause Of Accidental Death In US

Prescription painkillers have topped car accidents as the leading cause of accidental death in the U.S., according to a new report. Research by the National Center for Health Statistics show that drug poisoning is now a more common way to go than being killed on the road.

Feedback:

• Why The DHS 1 Billion Rounds of Ammo Story Is a Load of Crap

• Thoughts on the CIA

• Dept. of Homeland Security Forced to Release List of Keywords Used to Monitor Social Networking Sites

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post NRA 2.0 | Unfilter 49 first appeared on Jupiter Broadcasting.