Show Notes: techsnap.systems/407

The post Old School Outages | TechSNAP 407 first appeared on Jupiter Broadcasting.

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Hoopla

• Google Assitant SDK
• Kotlin Native

Persisting Docker Logs

• How to Persist Docker Logs

Continuing Coding Education

Doing some #Linux Academy trainings. Think I might go for some certs. @ChrisLAS

— Michael Dominick (@dominucco) April 29, 2017

• Why Mike is using Linux Academy to get an AWS Cert
• AWS DevOps Engineer
• How much do certs matter?

The post Moby’s Logs | CR 255 first appeared on Jupiter Broadcasting.

Have you heard of Ham Radio? It’s the original open source! We dive in and take you into a ham shack to see what Ham Radio is all about, how it can done on Linux, and how the principles and communities of open source so closely align with this old hobby.

Plus Linux hits over 1k games & the new distro that makes Fedora approachable & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Ham Radio Technician Question Pool

All of the questions you could be asked, available in .doc .pdf or even .txt

Now You’re Talking – Getting started with Ham Radio

This book is exactly right for someone who wants to become a ham radio operator. This book does two things. It is a self study course that will allow you to pass the Technician level FCC test. It is also a general introduction to all of ham radio, covering the highlights of all that can be done in amateur radio. It has just the right level of sophistication to give a good understanding of all facets of amateur radio but does not get into such extreme detail that it is overwhelming.

SVXLINK

SVXLink is an EchoLink client for Linux. This allows you to use Ham Radio on Linux through the internet without actually using radios.

KLog

KLog is a Linux Ham Radio logging program. it can be used as a contest logger or a general purpose logger.

LinPSK

LinPsk is a Psk31 program for Linux using Qt.

QRZ Ham Radio Practice Test

Test your skills by taking the practice exam and see how well you would do.

ARRL Ham Radio on Linux

At this point, since Ubuntu is beginning to look like a really viable alternative OS, the next big issue is whether it will support the ham radio applications that we want to run. Fortunately, the answer to this question is — yes it will.

— PICKS —

Runs Linux

Army Cyber Warfare

Sent in my Romeo S
https://www.youtube.com/watch?v=Fau1u1bHino&feature=youtu.be&t=2m40s

Desktop App Pick

ShellInABox

Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.

https://www.tecmint.com/shell-in-a-box-a-web-based-ssh-terminal-to-access-remote-linux-servers

Weekly Spotlight

Ozon OS Hydrogen Beta Available

Ozon OS “Hydrogen” beta is available for download. This is a Linux distribution based on Fedora, created by a collaboration between Numix Project and Nitrux S.A., “designed to not get into your way and and be simple, sleek and modern while focusing on helping you to get stuff done quickly“.

• Ozon OS Hydrogen Beta Available For Download ~ Web Upd8: Ubuntu / Linux blog

Atom Shell

Ozon OS “Hydrogen” beta ships with four GNOME Shell extensions installed by default: Atom Dock, Atom Launcher, Atom Panel and of course, User Themes so Ozon OS can use its cool GNOME Shell theme out of the box.

Atom Dock is, like its name suggest, a “dock” or application launcher/switcher, that’s displayed at the bottom of the screen and uses intellihide by default (it hides if it overlaps any window in the active window group, but it can be brought up using the mouse pointer). Just like the default GNOME Shell Dash (which is disabled in Ozon OS), you can pin applications to the dock, open a new application window and access the application view

Linux Action Show at LFNW | Offical LAS 2015 Shirt

We are releasing another set of LAS shirts in preparation for LinuxFest Northwest which is at the end of April 2015! We hope to color Bellingham Technical College with LAS supporters donning their favorite Linux podcast!

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Steam hits 1,000 Linux games days after Valve’s big Steam Machine reveal

At the moment, there are 1005 games that support Linux and SteamOS on Steam. That’s out of 4817 total games for all platforms on Steam, or 20.8% of all the games on Steam. And that’s just games—not DLC items, software, demos, or trailers. But, if you expand the search to include everything, there’s 1856 items in the Linux + SteamOS category.

Google Open Source Blog: Bidding farewell to Google Code

Beginning today, we have disabled new project creation on Google Code. We will be shutting down the service about 10 months from now on January 25th, 2016.

The Linux Foundation wants to rein in its insult-spewing leader

On Monday, the Linux Foundation kinda sorta slapped him on the wrist when they issued a new “Code of Conflict” policy that declared “personal insults or abuse are not welcome.”

• Linux kernel patch releases “code of conduct”

Some would say that the center of the problem is Linus Torvalds himself, that his blunt and cavalier attitude towards dealing with other developers has lead to too much tension within the ranks. However, when one man holds such a massive responsibility for that much code (and the patches submitted therein), it only makes sense that he carry a sharp stick and tone. The problem comes when contributors begin calling out Torvalds publicly. This happened recently when Lennart Poettering called Torvalds out for encouraging hate speech and attacks. Poettering went so far to say that the Linux community is a “sick place to be in.”

• The Linux Kernel’s New ‘Play Nice’ Patch | Community | LinuxInsider

Whether this tactic pans out to solve the growing friction within the Linux kernel commuinity remains to be seen. This kind of effort tends to shift power from the individual to those who enforce the code, according to Rob Enderle, principal analyst at the Enderle Group.

NTP’s Fate Hinges On “Father Time”

In April, one of the open source code movement’s first and biggest success stories, the Network Time Protocol, will reach a decision point, writes Charlie Babcock. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks? Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

• Time, NTP, PTP etc. — PHKs Bikeshed

Login screen in Fedora 22 Workstation uses Wayland

Fedora 21 Workstationadded the ability to log in and run a Wayland session from the login screen (GDM), leaving the login screen itself running using the older X protocol. This is changing with a new feature in Fedora 22 enabling the login screen to run on Wayland by default.

— FEEDBACK —

• https://slexy.org/view/s20Wth7QZf

• Amazon.com: Hauppauge 610 USB-Live 2 Analog Video Digitizer and Video Capture Device: Electronics

• https://slexy.org/view/s2f1ofKAec

• https://slexy.org/view/s2y2XD8l2E

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Linux's Slice of HAM | LAS 356 first appeared on Jupiter Broadcasting.

A company known for backup shuts down after their AWS account gets hacked, the Hedge fund thats under attack, how far you can get with a little cab data…

Your questions, our answers, and much, much more!

Thanks to:

— Show Notes: —

Company shuts down after their AWS account compromised, all customer data deleted

• Code Spaces, a source code hosting and backup service has ceased doing business
• On June 17th the company came under a DDoS attack, which is apparently business as normal for them
• Later, they found messages in their Amazon Web Services portal, urging them to contact a hotmail address
• When contacted, the attacker demanded a large ransom
• When Code Spaces attempted to change their passwords in the AWS control panel, additional administrator accounts added by the attacker were used to delete all EC2 virtual machines, S3 stores and EBS volumes in the account before all accessed could be revoked
• The most embarrassing part of the situation is the text on the original Code Spaces website:
  “Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again,” “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
• It is not clear what the Code Spaces backup strategy was, but it seemed to involve the same Amazon account
• In general, the idea with an “offsite” backup is to separate it from a failure of the primary. If you keep the backups for your database beside the database server and your office burns down, what good are the backups
• What if Amazon suffered a catastrophic data loss? or what if your account is compromised?
• The backups should have at least been in a different Amazon account that was very strictly controlled, or better yet, stored in some other service
• It is still unclear how the account was compromised, but it seems likely that Code Spaces was not making use of the Amazon’s Multi-Factor Authentication service, which offers either a mobile phone app, or two different types of hardware authenticators (key fob and credit-card style)

Poorly anonymized NYC Taxi data, de-anonymized

• Under an Open Data initiative, the New York City Taxi & Limousine Commission released the anonymized GPS logs of all taxi trips in 2013 (173 million trips)
• Chris Whong got a hold of this data and did some interesting stuff with it
• When he was done with it, he posted the data for everyone
• Developer Vijay Pandurangan took a look at the data and noticed that the medallion and hack numbers appeared to simply be MD5 hashes
• In particular, the driver with ID# CFCD208495D565EF66E7DFF9F98764DA appeared to have an impossibly large number of trips
• Turns out, that is the MD5 hash of “0”, cases where the data was unavailable
• Realizing that the data was only anonymized using MD5, and knowing the structure of a drivers license # (5-7 characters, with specific characters being numbers or letters), he was able to brute force all 24 million combinations in only 2 minutes using a single CPU
• Once this was done, he had the original un-anonymized data
• Using other websites, it is possible to link the medallion and hack numbers to the owners names
• Original Post
• Additional Coverage – Ars Technica
• To prevent this, there are a number of approaches, the fastest but weakest is a ‘secret key’. Instead of md5(hack#) just do md5(SUPERLONGSECRETKEYhack#), as long as the attacker doesn’t know the secret key, and it is long enough to make guessing it impractical, the data would remain anonymized
• Another option is to use the md5 hash of the encrypted form of the value. However this eventually just relies on a secret key as well. However, if the data never needs to be anonymized, a very strong key can be used, and that key can then be destroyed, making decryption impossible.

Hackers attack hedge fund for monetary gain

• BAE systems, a British defense contractor that also specializes in cyber security, was called in to investigate after computers at a hedge fund were hacked
• The attackers somehow infiltrated the HFT (High Frequency Trading) system, and injected delays of several hundred microseconds into the order entry system
• This causes the Hedge Fund to miss out on profits it could have made on the trades
• It is suspected, that the attackers capitalized on this to make those profits themselves
• “Hedge funds “really have inadequate cybersecurity as a whole” and the attacks threaten to undermine the systems used globally for high-speed trading, said Tom Kellerman, chief cyber security officer for Trend Micro Inc. ”

Feedback:

• Docker flaw

• RE: Docker containers and “secure root” in a container 0

• Mirror SSD with HDD?

• SnapRAID

Round Up:

• Massachusetts high court orders suspect to decrypt his computers
• Department of Justice Canada IT department runs moch phishing campaign against staff, 37% take the bait in December, rates cut in half in April re-test after awareness campaign and additional training
• Security Industry is failing to fix underlying dangers – applications need to be securely written, rather than have security bolted on
• Huawei (Chinese router manufacturer) has some very strict password complexity requirements
• Company wins law suite with bank to recover funds stolen by hackers. 3.5 million was stolen from the company account in 2011 when it was taken over by hackers. The bank managed to claw back all but $299,000 of it, and the company sued the bank for the remaining balance and won $350,000
• Cisco open sources FNR cipher, designed to very quickly encrypt IP addresses to anonymize log data
• World Cup Security Team Accidentally Shares Its Awful Wi-Fi Password
• “Yo” mobile app hacked by 3 Georgia Tech students, founder hires one of the hackers
• LastPass CEO: The Truth About Your Password Security

The post Restores are Everything | TechSNAP 168 first appeared on Jupiter Broadcasting.