management – Jupiter Broadcasting

“On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai/Prolexic, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed.”
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.”
“Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 363 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 363 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.”
Almost all of the previous large scale DDoS attacks were the result of ‘reflection’ and ‘amplification’ attacks
That is, exploiting DNS, NTP, and other protocols to allow the attackers to send a small amount of data, while spoofing their IP address to that of the victim, and cause the reflection server to send a larger amount of data.
Basically, have your bots send spoofed packets of a few bytes, and the reflector send as much as 15 times the amount of data to the victim. This attack harms both the victim and the reflector.
Thanks to the hard work of many sysadmins, most DNS and NTP servers are much more locked down now, and reflection attacks are less common, although there are still some protocols vulnerable to amplification that are not as easy to fix
“In contrast, the huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices. According to Akamai, none of the attack methods employed in Tuesday night’s assault on KrebsOnSecurity relied on amplification or reflection. Rather, many were garbage Web attack methods that require a legitimate connection between the attacking host and the target, including SYN, GET and POST floods.”
“There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.”
“I’ll address some of the challenges of minimizing the threat from large-scale DDoS attacks in a future post. But for now it seems likely that we can expect such monster attacks to soon become the new norm.”
“Many readers have been asking whether this attack was in retaliation for my recent series on the takedown of the DDoS-for-hire service vDOS, which coincided with the arrests of two young men named in my original report as founders of the service.”
“I can’t say for sure, but it seems likely related: Some of the POST request attacks that came in last night as part of this 620 Gbps attack included the string “freeapplej4ck,” a reference to the nickname used by one of the vDOS co-owners.”

The shot heard round the world

In this followup post, Krebs discusses “The Democratization of Censorship”
You no longer need to be a nation state to censor someone, you just need a big enough botnet
“Allow me to explain how I arrived at this unsettling conclusion. As many of you know, my site was taken offline for the better part of this week. The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor.”
“Let me be clear: I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple.”
This poses a huge problem. The bad guys now know the magic number, 650 gbps, at which point even the most expensive DDoS protection service will boot you off and shutdown your site.
“Nevertheless, Akamai rather abruptly informed me I had until 6 p.m. that very same day — roughly two hours later — to make arrangements for migrating off their network. My main concern at the time was making sure my hosting provider wasn’t going to bear the brunt of the attack when the shields fell. To ensure that absolutely would not happen, I asked Akamai to redirect my site to 127.0.0.1 — effectively relegating all traffic destined for KrebsOnSecurity.com into a giant black hole.”
“Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.”
This raises another question, what happens when the bad guys perform an attack large enough to disrupt Google?
This was the topic of the closing keynote at EuroBSDCon last weekend, sadly no video recordings are available.
“Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.”
“In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.”
“Earlier this month, noted cryptologist and security blogger Bruce Schneier penned an unusually alarmist column titled, “Someone Is Learning How to Take Down the Internet.” Citing unnamed sources, Schneier warned that there was strong evidence indicating that nation-state actors were actively and aggressively probing the Internet for weak spots that could allow them to bring the entire Web to a virtual standstill.”
“Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services,” Schneier wrote. “Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that.”
“Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cyber command trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.”
“What exactly was it that generated the record-smashing DDoS of 620 Gbps against my site this week? Was it a space-based weapon of mass disruption built and tested by a rogue nation-state, or an arch villain like SPECTRE from the James Bond series of novels and films? If only the enemy here was that black-and-white.”
“No, as I reported in the last blog post before my site was unplugged, the enemy in this case was far less sexy. There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords. Most of these devices are available for sale on retail store shelves for less than $100, or — in the case of routers — are shipped by ISPs to their customers.”
“Some readers on Twitter have asked why the attackers would have “burned” so many compromised systems with such an overwhelming force against my little site. After all, they reasoned, the attackers showed their hand in this assault, exposing the Internet addresses of a huge number of compromised devices that might otherwise be used for actual money-making cybercriminal activities, such as hosting malware or relaying spam. Surely, network providers would take that list of hacked devices and begin blocking them from launching attacks going forward, the thinking goes.”
While we’d like to think that the hacked devices will be secured, the reality is that they probably won’t be. Even if there was a firmware update, how often do people firmware update their IP Cameras? Their DVRs?
The cable companies might be able to help by pushing firmware updates, and they have some incentive to do so, as the attacks use up their bandwidth
In the end, even if ISPs notified their customers that they were part of the attack, how is a regular person supposed to determine which of the IoT devices was used as part of the attack?
If you don’t know how to use a protocol analyzer, and the attack is not ongoing right now, how do you tell if it was your DVR, your SmartTV, your Thermostat, or your refrigerator that was attacking Krebs?
And if we thought that 650 gbps was enough to make almost any site neel to an attacker, OVH.net reports a botnet of 150,000 CCTV/Camera/DVR units, each with 1 – 30 mbps of upload capacity, attacking their network with a peak of 1.1 terabits (1100gbps) of traffic, but they estimate the capacity of the botnet at over 1.5 terabits
“I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections.”
“The sad truth these days is that it’s a lot easier to censor the digital media on the Internet than it is to censor printed books and newspapers in the physical world. On the Internet, anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor.”
The possible solutions presented at EuroBSDCon were even scarier. Breaking the Internet up along national borders, and only allowing traffic to pass between countries on regulated major services like Facebook and Google.
Additional Coverage: Forbes
Additional Coverage: Ars Technica

Firefox preparing to block Certificate Authority for violating rules

“The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites.”
“The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the past nine months to avoid an industry-mandated ban on the use of the SHA-1 hashing algorithm, Mozilla officials charged in a report published Monday. SHA-1-based signatures were barred at the beginning of the year because of industry consensus they are unacceptably susceptible to cryptographic collision attacks that can create counterfeit credentials. To satisfy customers who experienced difficulty retiring the old hashing function, WoSign continued to use it anyway and concealed the use by dating certificates prior to the first of this year, Mozilla officials said. They also accused WoSign of improperly concealing its acquisition of Israeli certificate authority StartCom, which was used to issue at least one of the improperly issued certificates.”
“Taking into account all the issues listed above, Mozilla’s CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA,” Monday’s report stated. “Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly issued certificates issued by either of these two CA brands.”
So, existing certificates will continue to work, to avoid impact on those who paid for certificates, but Mozilla will not trust any newly issued certificates
“WoSign’s practices came under scrutiny after an IT administrator for the University of Central Florida used the service to obtain a certificate for med.ucf.edu. He soon discovered that he mistakenly got one for www.ucf.edu. To verify that the error wasn’t isolated, the admin then used his control over the github subdomains schrauger.github.com and schrauger.github.io to get certificates for github.com, github.io, and www.github.io. When the admin finally succeeded in alerting WoSign to the improperly issued Github certificates, WoSign still didn’t catch the improperly issued www.ucf.edu certificate and allowed it to remain valid for more than a year. For reasons that aren’t clear, Mozilla’s final report makes no explicit mention the certificates involving the Github or UCF domains, which were documented here in August.”
Some other issues highlighted in the Mozilla report:
- “WoSign has an “issue first, validate later” process where it is acceptable to detect mis-issued certificates during validation the next working day and revoke them at that point. (Issue N)”
- “If the experience with their website ownership validation mechanism is anything to go by, It seems doubtful that WoSign keep appropriately detailed and unalterable logs of their issuances. (Issue L)”
- “The level of understanding of the certificate system by their engineers, and the level of quality control and testing exercised over changes to their systems, leaves a great deal to be desired. It does not seem they have the appropriate cultural practices to develop secure and robust software. (Issue V, Issue L)”
- “For reasons which still remain unclear, WoSign appeared determined to hide the fact that they had purchased StartCom, actively misleading Mozilla and the public about the situation. (Issue R)”
- “WoSign’s auditors, Ernst & Young (Hong Kong), have failed to detect multiple issues they should have detected. (Issue J, Issue X)”
Mozilla Report
Mozilla Wiki: WoSign issues
WoSign incident report

Feedback:

Round Up:

The post Botnet of Things | TechSNAP 286 first appeared on Jupiter Broadcasting.

IoT and Chill | LAS 432

chris — Sun, 28 Aug 2016 17:51:22 +0000

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Internet of Linux?

Can the Internet of Things really be under the control of Linux users?
Home Assistant
SmartThings Hub “How Things Work”

Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control. Installation in less than a minute.

Ryan has a new job

Community Manager at System76 -> Ryan’s blog post
System76 Blog Post -> Community Manager at System76
System76 “secret lab” and new project
New Oryx Pro, w/ GTX 10-series -> New Oryx Pro

Controlling IoT with Open Source:

— PICKS —

Runs Linux

Promethean

The ActivBoard Touch combines multi-touch functionality, a dry-erase surface and award-winning software to foster a truly interactive learning experience. It provides teachers with a wide range of tools to support their daily instruction while respecting tight budgets. – See more at:

https://support.prometheanworld.com/download/activinspire.html

Desktop App Pick

BleachBit

BleachBit “stifles investigation” of Hillary Clinton

BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn’t know was there. Designed for Linux and Windows systems, it wipes clean a thousand applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more.

Spotlight

KDE Connect 1.0 is here!

Today we are officially publishing the first stable release of KDE Connect. Hooray! This version is the most solid yet feature-packed version we ever released. It’s been in development for a year now and it took a lot of hard work, we hope you like it!

New Linux Show: User Error

— NEWS —

Having offended everyone else in the world, Linus Torvalds calls own lawyers a ‘nasty festering disease’

“I actually think we *should* talk about GPL enforcement at the kernel summit, because I think it’s an important issue,” Torvalds gently began, “but we should talk about it the way we talk about other issues: among kernel developers. No lawyers present unless they are in the capacity of a developer and maintainer of actual code, and in particular, absolutely not the Software Freedom Conservancy.”

Torvalds needs to rethink this position: Linus Torvalds calls own lawyers a 'nasty festering disease' https://t.co/qn94chknAn

— Christine Hall (@BrideOfLinux) August 27, 2016

Linus Torvalds says GPL was defining factor in Linux’s success

“The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that’s a big deal for community management.”

Linux's High Elders discuss if GPL compliance is best sought via relationship or lawsuit. Read this then the thread: https://t.co/DtybdizL3e

— Simon Phipps (@webmink) August 26, 2016

Bytemark sponsor Ubuntu MATE

A couple of weeks ago the _Bytemark_Managing Director,
_Matthew Bloch, contacted the Ubuntu
MATE team to offer free hosting for the project. As of August 18th 2016
all the Ubuntu MATE infrastructure is hosted on Bytemark Cloud Servers._

Secure, Monitor and Control your data with Nextcloud 10

Nextcloud 10 is now available with many new features for system administrators to control and direct the flow of data between users on a Nextcloud server. Rule based file tagging and responding to these tags as well as other triggers like physical location, user group, file properties and request type enables administrators to specifically deny access to, convert, delete or retain data following business or legal requirements. Monitoring, security, performance and usability improvements complement this release, enabling larger and more efficient Nextcloud installations. You can get it on our install page or read on for details.

Mail Bag

Jupiter Broadcasting and System76 – The Sisko Blogs
https://slexy.org/view/s2HF7CcZIo

Call Box

Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

The post IoT and Chill | LAS 432 first appeared on Jupiter Broadcasting.

Below the Surface | CR 174

chris — Mon, 12 Oct 2015 15:12:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The cultural challenges of living too far out of a “tech hotzone” hit home today. We discuss the recent revelations both of us have had.

And our reactions and lessons learned from LastPass selling, if Microsoft has nailed convergence & the practicality of the Surface Book.

Plus a quick chat about Chef & other automation platforms great for developers & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Hoopla

LogMeIn buys LastPass password manager for $110 million | Ars Technica

The maker of LastPass, a popular password manager, is being acquired by LogMeIn in a sale worth at least $110 million.

Microsoft Display Dock

Plug your Lumia 950 or 950 XL into a Display Dock and the external monitor starts up. The keyboard and mouse are ready to go, and with a 60 FPS refresh rate, catching up on email is flicker-free and super-smooth. With full HD output and a USB-C port that charges your phone while you work

Surface Book

Feedback

The post Below the Surface | CR 174 first appeared on Jupiter Broadcasting.

Internal Learning | WTR 41

chris — Thu, 24 Sep 2015 00:02:09 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Kristen is the founder of edifyedu, a consulting company geared at educating tech businesses on internal learning & people relations.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

kristen@edifyedu.com

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE:: So Angela, today we talk to Kristen who is a friend of mine from Portland and she is the founder of Edify.edu and she work with tech companies to help them develope learning plans and leadership and all kinds of things. We dig into a bunch of those topics with her.
ANGELA: Awesome. Before we get into that, I would like to mention that you can support Women’s Tech Radio by going to patreon.com/jupitersignal. It is a general bucket where the whole network is supported, but if you donate you will know that your funds are partially going to support Women’s Tech Radio. Go to patreon.com/jupitersignal.
PAIGE: We get started with our conversation with Kristen by asking her what she’s up to in technology these days.
KRISTEN: I have been working on my own company, called Edify, for almost a year now. In the middle of September we’ll reach a reach anniversary and that will be really fun. But Edify is a company that works with tech and creative companies on their internal learning. And so, I spent several years in the education world and in alternative learning environments, but over the past two years I’ve been really interested in how learning in a classical sense actually helps tech companies become better, become more diverse, and become more inclusive. And so I tried to take that work into Edify and kind of give that information in kind of that applesauce medicine format. So tech companies don’t necessarily know that’s what we’re doing, but that is what we’re doing.
ANGELA: Applesauce medicine. Can you describe that a little more? That’s really interesting.
KRISTEN: It’s possible that only my mom did this, but I definitely had to take medicines that I didn’t want to take and that didn’t taste very good when I was a kid. So she would crunch them up and put them in applesauce and so I didn’t really know until later that that’s what she was doing. And so you’re getting this really healthy medicine that you need, but it taste good. And so sometimes it’s really hard for tech companies who are run by, basically, all white men or have no women on their board, who have no women in upper leadership, to understand how diversity and inclusion and good workplace practices are beneficial to their work. But when they hear things like internal learning helps you with retention. Internal learning helps you with time to productivity. It helps your employees be happier, which helps your culture. Those are things that they pay attention to, but my work is built off of this understanding and this body of knowledge that knows that working in diversity and inclusion initiatives is not only the medicine that they need, it’s what they need to continue to grow. And it’s what everybody in this society needs.
ANGELA: Right. It’s well for, a commercial well-check.
KRISTEN: Yeah.
ANGELA: Yeah. What? Why did you look at me like that?
PAIGE: Oh, well-checkup, like, I didn’t know what you meant. Well-checkup like going to the doctor for your annual.
ANGELA: Yeah. They just call them well-checks. Yeah, not even checkup. Well-checks.
KRISTEN: Yeah, just to make sure you’re doing good.
ANGELA: Yeah.
PAIGE: What exactly do you mean by internal learning?
KRISTEN: What Edify means by internal learning is something that the rest of the industry calls training and development or learning and development. And those two offices are typically within the HR department or sometimes they’re built out into their own department in larger companies. And they are groups of people, or sometimes one or two people, within a company who take it upon themselves to manage their company onboarding, so bringing in new employees. They typically will work on manager training. They’ll work on any kind of technical training that employees need to be successful. And I have a theory that’s kind of backed up by some research that I’ve done, and research that others have done as well, that for the past 30 or 40 years learning and development and training development haven’t really been very successful and they’re sort of a necessary evil. And so I don’t use that terminology when I talk about Edify, so I use the term internal learning. That helps my clients and future clients, hopefully, see we really care about the learning of the employees inside of this company. We care about how successful they are. We care about how easily they’re able to access information that they need to be good at their jobs and to give back to the company in their way that they were hired.
ANGELA: Okay. And your company, is it like, do you go in as a consultant or is it like a monthly ongoing thing? Is it temporary?
KRISTEN: Yeah. I go in as a consultant. And I joke, but I’m actually pretty serious about it, that I don’t think a company should ever have to hire me again. If they have to hire me again for the same thing, that means I did not do a really good job of helping them understand how to evolve the program or the process that we developed together. And so, typically, what consulting for me looks like is I’ll sit with a potential client who explains a problem. It usually comes out of a place of desperation or a place of fear. That could look like, well our company is growing very quickly right now and I don’t know how to handle onboarding new employees in multiple countries. Or they could say I just feel like our managers aren’t being as successful as they could be and we already sent them to leadership training, so I don’t know how to solve that problem. And that’s what Edify will come in and do. We’ll say, okay let’s do some time around discovering. What’s the lay of the land in this organization. How does your culture affect the way people work and the way people learn? How does the company’s marketplace affect the way people learn and need to be productive? So it’s a consulting engagement, but many problems are approached with different frameworks. I use a framework that I’ve developed called the learning culture framework to guide whatever kind of work we’re doing. And I believe that there is sort of a connection between each effort of learning. A connection between onboarding and a connection between succession planning for when an employee leaves. And so that’s how i approach consulting.
PAIGE: So internal learning. I’m getting my head around that. Learning culture. That all makes sense. I love the idea that succession planning. I haven’t even heard that term before. That’s pretty fascinating.
KRISTEN: Yeah.
PAIGE: You’ve got all this kind of stuff and it sounds like a pretty broad framework. What was it that sparked you to apply this to tech companies specifically?
KRISTEN: You know, I actually come from a very non-technical background. My background is in museum education, actually, and I’m more of an art historian than I am a technologist. I started my career in museums and in non-profits and was always pretty tech savvy and a decent earlier adopter of a lot of technical things. Like I hopped on TaskRabbit and Fiverr to figure out what those were and lots of different things early on. And I started to realize how unhappy I was in the situations that I was working in. And they were mostly museums and nonprofits. And I started to put all the pieces together and I realized these are management problems. These are learning problems where employees are being as successful as they could be, because they’re not getting the information and the knowledge that they need to do well in their jobs. And so I left in search of other things and that sort of landed me in a very random job. I was doing business development for a small web development agency here in Portland. And that was also short-lived. I was only there for about a year, but it was a huge learning curve. And I learned all about how WordPress work and how Drupal works and how and how D3 and Angular work. And I learned what Git was and started learning to code myself and realized that this whole industry of tech startups that i had been kind of ignoring, but knew about, is actually the way that companies are moving and starting to look at this idea that all companies are eventually going to be tech companies in some variety or in some way. I realized that if there are management problems inside of the nonprofit and museum world, and I also saw them at the development agency that I was working at, that there are probably issues elsewhere. And so as i made more friends in the tech environment here in Portland, they all started to tell me this education stuff that you’re working on seems really relevant to my job. Can you help me with this onboarding project. Or can you give me some tips for how I might educate my subordinate employee, you know, somebody who works under me. And I realized that that’s what I should be working on. At that time i had been working in a different way with Edify. I was doing lots of different educational processes and tools for small businesses that really didn’t have anything to do with internal learning. It was actually a lot of customer education. And then I realized I needed to switch from that and so it ultimately became this spur of everything is going to be tech and tech is very confused right now. So if I can add something that’s helpful I’m going to try to do that.
ANGELA: That’s really interesting, because one thing I’ve noticed about, I’ve been working with just random, different companies and they have a speciality, you know, be it like business or daycare or whatever, but all of them seem to have a tech problem.
KRISTEN: Yeah.
PAIGE: Yeah.
ANGELA: All of them.
PAIGE: I think the way that you put it where all companies are going to become a tech company at least in some way. I mean, look at your biggest standout. A lot of people talk about Sears. Sears is one of the oldest companies in America and even they had to, even many years ago, suck it up and become partly a tech company. They built one of the first available internal point of services softwares. It’s a Sears thing.
KRISTEN: I didn’t know that. That’s cool.
PAIGE: Yeah. Everybody touches technology at this point.
KRISTEN: Right.
PAIGE: It’s almost inescapable.
ANGELA: Uh-huh.
KRISTEN: Right. You see companies like Honeywell, which used to be more of a home hardware kind of things. They would make fans and things like that. And they are really trying hard to get into internet of things right now. So there are companies that are not traditionally tech companies, but then there are a lot of companies that are definitely tried and true tech companies. Especially here in Portland and on the west coast in general. What I’ve seen as a pattern, and this is a broad generalization, but I’ve seen as a pattern that tech companies, startups are started by some person, typically some guy, with a passion for some problem. An engineer, some of us, entrepreneurs in general are problem seekers and problem solvers and we get really fixated on one thing. And sometimes when you’re fixated on one thing it’s really hard for you to see how the other things contribute to the one thing that you’re really interested in. And I’ve noticed that the companies that are successful and then are able to be nimble and move along and continue growth, they don’t just focus on the product. They focus on the people who make the product. And that’s a lot harder. And then so it’s a lot more time intensive. It doesn’t have to necessarily be painful or expensive, monetarily or resource wise, But it’s something that you want to plan for. And so I’ve tried to start my work with companies that are in that hundred to 400 person range so that they don’t make these mistakes when they’re the size of HP or the size of Intel.
PAIGE: They’re almost uncorrectable at that point.
KRISTEN: Right. I mean, I really don’t want to work for Intel, actually. Like 100,000 employees, I cannot imagine trying to get their, you know, everybody on the same page. I call for, in a lot of my, with a lot of my clients I request and we work on growth plans for each employee or for categories of employees and I can’t imagine doing that for 100,000 employees.
PAIGE: Yeah. I think in that scenario you end up in the train the trainer role as opposed to a (indiscernible) things role. Have you found that working specifically with tech and specifically with small tech companies that you kind of, have you run into the struggle of lack of soft skills on the founder and management side?
KRISTEN: Oh yeah. Yeah, definitely. There’s a company who shall remain unnamed, but I discovered recently from several employees that there’s some behavior on their management team, on their leadership level C-suite team that was really deceptive and that was designed to basically get information that he wanted out of employees and kind of shame other employees that did not give him the answer that he wanted to see. And that’s a really, not only in that a manipulative behavior, it’s unfortunately typical. And you see a lot of people, and this goes many ways, but right now in the ecosystem it’s mostly male, you see these CEOs and these C level people trying to manipulate situations so that they will win. So that their product will win. And they don’t really care what happens to do that. And that is, again, kind of the undercurrent of the work that I do is to try to make those things not happen. I care that your company wins effectively in an ethical good way, but I also want you to care about the employees that help you get there. And so I do see a problem with soft skills and I don’t know if I want to make the generalization that it’s because they’re techies. I’m definitely not somebody who would call myself a techie. I obviously come out of a very low tech world. Most of the museums that I worked for are still on slides and they don’t have an internal system for that. And they’re still in the process of digitizing everything.
PAIGE: Are you like a microfiche expert?
KRISTEN: Unfortunately, yes. I haven’t touched any microfiche for a really long time, actually, maybe like three or four years, but I did a lot of research using them. Obviously, there’s a gap in soft skills and I’m not really sure, I kind of think of it as an epidemic so I’m not really sure how to approach that. I think the best thing that people could be doing, especially within code schools and other places where their, you know, you’re teaching sort of the next generation of business owners or the next generation of coders is to actually blatantly teach soft skills. And to teach people skills.
PAIGE: Yeah, this is actually a big discussion that we’ve been having with one of the code schools that I work at and work with is that the biggest problem they’re having with grads who aren’t getting hired isn’t their technical skills, it’s their soft skills.
KRISTEN: Right.
PAIGE: It’s their ability to interview, to present themselves, and how do you tackle that.
KRISTEN: Right. Yeah, That actually links very strongly to manager training. One problem i see in tech very often is that people, programmers, software engineers will be good at their job and as a company grows somebody will need to manage a team. And so, the best coder gets promoted to management. And that is actually a horrible way to (indiscernible) at your next level of management. Because of two reasons; one, just because you are good at one job does not mean that you’re going to be good at managing other people doing that job. And two, when you take somebody away from doing the thing that they love, they kind of lose a little bit of spark. They lose a little bit of what they’re interested in. And now they have to watch other people do what they like. And that’s actually really, really hard. That’s why many people actually try to get away from management and keep doing what they like and they have no management aspirations, because they see this happen over and over again.
PAIGE: That’s outside of tech even.
KRISTEN: Oh, yeah.
PAIGE: The old atican, like you get promoted to the level of incompetence and left there.
KRISTEN: Yes, you do. And the traditional way of dealing with that is to say, okay I’m going to send you to leadership training. I actually have a client who did that and they told me, okay well we’ve figured out that our managers weren’t doing a great job, you know, we had people leaving and citing the reason for leaving as my manager cannot give me good feedback. My manager cannot manage meetings. So they have very clear lines of distinction that their managers aren’t doing a good job, but they didn’t know what to do about it. So they sent them to a pretty expensive leadership training course and nothing happened. They came back, nothing changed. Effectively, the only thing that changed was that now these people knew their leadership style, which is pretty much useless. And I think people will argue with me about that, but I think knowing your leadership style has nothing to do with your ability to be flexible or to give feedback or to be a good manager. And sometimes you do need to be a good leader and leadership training can help, but it is really about those soft skills and it’s about your ability to read a situation and know what’s most effective for that situation. Or to know this person is not doing a good job, but maybe that’s not their strongsuit. So maybe I can give them some more training or I can move them to a different place in the company so that they can be more successful. That’s what kind of those soft skills are and unfortunately it’s almost like — have you ever heard of biological magnification, where a toxin will build up in an environment, in an ecosystem year after year and you’re sort of left with a really, really toxic set of eggs, like with DDT in the ‘70s. And so that happens in management. You add bad skills on bad behavior upon poor knowledgement or knowledge understanding of management and that’s what you get. So maybe code schools will listen to this and teach their students soft skills.
ANGELA: RIght. Now I have a question. When the C-level management is the problem, how do you address that? Do you, just in the politest way possible be like you’re the problem?
KRISTEN: I wish it were that easy.
ANGELA: Or do you work with the management underneath them to try to promote change upward and downward or how does, I’m just curious.
KRISTEN: Yeah. I’ve been in several situations where management, or say the executive director or the CEO really was the problem and the best thing that I’ve been able to find is to model good behavior and to get everyone else to start modeling good behavior and what’s funny about that is if people start to change the culture within an organization and then somebody isn’t wanting to change with them, what they’re going to find is the culture has shifted and left them behind and that they’re really different now or that the culture is really different from them. What that does is hopefully says to that person who is the problem, hey look, we’ve all made this decision because we think this is the right way to go and we hope you’ll join us. We hope you’ll kind of see this good behavior. The other thing is to work with people around that person who are maybe on the same level and get them to realize that. Unfortunately there are situations where maybe there’s only one person at the top, like in small organizations and there really isn’t anybody who is a peer. I had an experience, actually several experiences in nonprofits and in the web development agency that I worked at where there was no peer to the person at the top and it was very clear to everybody that the person at the top was the problem. And unfortunately, in those kind of circumstances sometimes it’s better for you to just leave and to find a different role outside of the company because you don’t want to continue to bang your head against a wall, basically in a mentally unsafe place. And so, sometimes you can’t change people. I hate to end on that note.
ANGELA: Yeah, I know. And now we all owe you a consulting fee, I think.
KRISTEN: No, no.
ANGELA: Just kidding.
PAIGE: I mean, it is definitely, stuff rolls downhill, you know.
ANGELA: Yeah.
PAIGE: It always-
ANGELA: Stuff.
KRISTEN: Stuff. Lots of stuff. Good stuff, bad stuff.
PAIGE: Yeah, it’s true. It’s true. It’s one of the talks we have about, in diversity, diversity rolls downhill. If you have a diverse senior team-
KRISTEN: Yes.
PAIGE: You have a diverse workforce that’s, you know, if you have an ignorance in your chain a lot of times you have an ignorant workforce.
KRISTEN: Yeah.
ANGELA: Right.
KRISTEN: I was actually just looking at a company that called me, actually, unsolicited, to see if I wanted to do some work with them, which is always great. Like business owners love that. It’s awesome. However, I went and I looked and I looked at their website and out of 20 people they have three women on their team and they are all in pretty low level positions. And it just immediately puts me off. I mean, I’m making, obviously I’m making some assumptions and some judgements, but I get the luxury of working with companies that I want to work with and I’m always interested, you know, I’ll always take a meeting or always take a call, but I think when you see companies that haven’t made an effort or they’re not talking about it or they’re not publishing their diversity numbers, it means that they don’t necessarily think or know it’s a problem.
ANGELA: Right, or prioritize it.
KRISTEN: Right.
PAIGE: Working with someone who is going to listen is very important.
ANGELA: Yeah.
KRISTEN: Yes. I have definitely tried to talk to people who did not want to listen and it’s a very frustrating experience.
PAIGE: I like to say, you know, I like to change the old aticom, like you can lead a horse to water, you can even make him drink. You can’t make him like it.
ANGELA: Yeah.
KRISTEN: It’s true. It’s true. I can definitely put people through trainings and awesome strategic planning processes, but they might not like it and they might not do anything about it.
PAIGE: Yeah. Exactly. Cool. Well, this has been an awesome conversation, Kristen. I’m always excited to hear what you’re up to. If people want to catch you online what’s the best way to do that. If maybe they want to talk to you about their company.
KRISTEN: Definitely. If you want to talk to me, I’m always on email. So the best way to do that is at my email, which is Kristen@Edifyedu.com or on Twitter. So those are the top two. And you can either talk to the @EdifyEdu Twitter the @KristenMaeve Twitter, which I think are both in the show notes.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Remember, you can find a full transcript of the show over at JupiterBroadcasting.com in the show notes. You can also use the contact form that’s at the top of JupiterBroadcasting.com and you can subscribe to teh RSS feeds.
PAIGE: You can also find us on YouTube or iTunes. If you’re on iTunes feel free to take a moment and leave a review. We’d love to hear what you think. You can also contact us directly at WTR@JupiterBroadcasting.com or follow us on Twitter. our Twitter handle is @HeyWTR. Thanks for listening.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post Internal Learning | WTR 41 first appeared on Jupiter Broadcasting.

Extortion Startups | TechSNAP 229

chris — Thu, 27 Aug 2015 19:02:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The real fallout from the Ashley Madison hack gets personal. The Android StageFright patch that doesn’t cover all of the holes, and turning a KVM into a spying appliance.

Plus a great batch of questions, our answers, and a rocking round up.

All that and a heck of a lot more on this week’s TechSNAP!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Ashley Madison Fallout

According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.
Earlier today Krebs heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service.
The individual “Mac” who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.
Mac says he’s more worried about targeted extortion attacks. A few years ago, he met a woman via AshleyMadison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who’s been married for more than 10 years, Mac said his life would be “incredibly disrupted” if extortionists made good on their threats.
Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address.
Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cybersecurity officer at Trend Micro.
The leaked AshleyMadison data could also be useful for extorting U.S. military personnel and potentially stealing U.S. government secrets, experts fear. Some 15,000 email addresses ending in dot-mil (the top-level domain for the U.S. military) were included in the leaked AshleyMadison database, and this has top military officials just a tad concerned.
According to The Hill, the U.S. Defense Secretary Ash Carter said in his daily briefing Thursday that the DoD is investigating the leak.
Almost None of the Women in the Ashley Madison Database Ever Used the Site
A light-weight forensic analysis of the AshleyMadison Hack
City employees among emails listed in Ashley Madison hack
John McAfee thinks he knows who hacked Ashley Madison
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors
The only thing potentially interesting or useful in AshMad CEO’s inbox…

Android StageFright patch doesn’t cover all of the holes

Google released to the open source Android project a new patch for the Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack.
“We’ve already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update,” a Google spokesperson told Threatpost. Last week at Black Hat, Google announced that it would begin
The original four-line code fix for CVE-2015-3824, one of several patches submitted by researcher Joshua Drake of Zimperium Mobile Security’s zLabs who discovered the flaw in Stagefright, still leads to a crash and device takeover. Jordan Gruskovnjak, a security researcher at Exodus, found the problem with the patch, and Exodus founder Aaron Portnoy today hinted that there could be similar problems in all the patches.
“They failed to account for an integer discrepancy between 32- and 64 bit,” Portnoy told Threatpost this morning. “They’re not accounting for specific integer types, and [Gruskovnjak] was able to bypass the patch with specific values that cause a heap buffer allocated to overflow.”
“According to public sources, many more issues have been discovered since they reported the bugs in MPEG4 processing on Android. I expect we will see continuing fixes to the Stagefright code base for the coming months,” Drake said in an email to Threatpost. “The story is long from over.”
Exodus Intelligence notified Google on Aug. 7, the first day of DEF CON in Las Vegas and two days after Drake’s Stagefright presentation at the Black Hat conference. Google has assigned CVE-2015-3864 to the issue.
In addition to Nexus devices, Google said it sent the original patches to other mobile providers, including: Samsung for its Galaxy and Note devices; HTC for the HTC One; LG for the G2, G3 and G4; Sony for its Xperia devices; and Android One.
The vulnerabilities affect Android devices going back to version 2.2; newer versions of Android have built-in mitigations such as ASLR that lessen the effects of Stagefright exploits. Google said last week that 90 percent of Android devices have ASLR enabled, and that the next release of its Messenger SMS app also contains a mitigation requiring users to click on videos in order to play them.
Additional Coverage: Forbes
The news is compounded by yet more Android vulnerabilities
Checkpoint Security: Certifigate
Major Android remote-access vulnerability is now being exploited

Turning a KVM into a spying appliance

Researchers presented their work at BlackHat on how to teach a keyboard switch to spy on its users
“When it comes to large systems, there are a lot more computers than there are people maintaining them. That’s not a big deal since you can simply use a KVM to connect one Keyboard/Video/Mouse terminal up to all of them, switching between each box simply and seamlessly. The side effect is that now the KVM has just as much access to all of those systems as the human who caresses the keyboard. [Yaniv Balmas] and [Lior Oppenheim] spent some time reverse engineering the firmware for one of these devices and demonstrated how shady firmware can pwn these systems, even when some of the systems themselves are air-gapped from the Internet.”
Early KVM switches were just physical hardware switches that allowed more than one computer to be controlled by a single Keyboard, Video (Monitor), and Mouse
By the year 2000, we had Matrix KVMs that could be chained together and used to control more than 1000 computers from a single keyboard
USB Stacks, Video Transcoding, Virtual Media (mount an ISO from your workstation as if it was a usb cdrom drive) drove KVMs towards being entire computers in and of themselves, with an operating system, that could be hacked
The firmware shipped with the device was obfuscated, and at the start, the researchers were unable to find anything useful. Not a single string in the firmware
By comparing a number of different firmware versions, they were able to figure out which part of the firmware image was the version number. This gave them a starting point
Looking at the circuit board of the KVM they found some common ASICs, which provided more clues
Once they cracked the obfuscation, they now had code they could analyze
“Of course reading the firmware is only the first step, you need to show that something useful (insidious) can be done with it. During the talk the pair demonstrated their custom firmware switching to a different system, “typing” in the password (which would have been logged earlier when a human typed it in), and echoing out a binary file which was then executed to load malware onto the system.”
“Yes, you need physical access to perform this attack with the KVM used during the talk. But some KVMs allow firmware updates over IP, and many of them have web interfaces for configuration. There are many vectors available here and knowing that, the discussion turns to prevention. Keystroke statistics are one way to prevent this kind of attack. By logging how fast characters are being typed, how tight the cadence is, and other human traits like use of backspace, the effectiveness of this type of attack can be greatly reduced.”
This is interesting research, and makes me even more suspicious of the 16 port, 2 user, IP-KVM I use to manage some of my servers.

Feedback

Round Up:

The post Extortion Startups | TechSNAP 229 first appeared on Jupiter Broadcasting.

Experience LinuxCon 2015 | LAS 379

chris — Sun, 23 Aug 2015 05:34:58 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We take you to LinuxCon like never before. The container trend goes big and community leaders are taking bold stands & the quiet debate that’s brewing.

Plus a super thin Linux laptop, Google’s Linux router the OnHub, Munich to ditch Linux for Windows & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Web Hosting, Cloud and Dedicated Servers – OVH

Discover our Web, Dedicated and Cloud solutions.

LinuxCon’s surprise keynote speaker Linus Torvalds muses about open-source software | ZDNet

In a broad-ranging question and answer session, Linus Torvalds, Linux’s founder, shared his thoughts on the current state of open source and Linux.

Linus Torvalds: Security is never going to be perfect

Linus seemed as excited about containers as a fish would be about a bicycle. “I am so happy that the kernel tends to be fairly far removed from all these issues, all the buzzwords and all the new technologies,” he said. “We end up being in a situation where we only care about us working on and how people use the kernel. I am so focused on the kernel that I don’t even care very much. We see when people need technologies from us to implement all of this, obviously there is c-groups and virtualization, if you do it that way. So we see that side of it. But at the same time, I don’t get involved in politics between all the different groups and all the stuff that goes on top of the kernel. And I am really happy I don’t have to.”

Torvalds: Don’t talk to me about containers and other buzzwords

“I am a very plodding, pedestrian kind of person,” Torvalds said during a Q&A session with Linux Foundation boss Jim Zemlin at LinuxCon in Seattle on Wednesday. “I look six months ahead. I look ahead at this release and I know what’s coming up in the next one.

“I don’t think planning 10 years ahead is necessarily very sane. Because if you think about Linux ten years back and where Linux was ten years ago, trying to plan for where we are now would have been completely insane.”

Mark Shuttleworth says Snappy was born long before CoreOS and the Atomic Project | ITworld

Mark Shuttleworth, founder of Canonical and Ubuntu, made a surprise visit at LinuxCon. I sat down with him for a video interview and talked about Ubuntu on IBM’s new LinuxONE systems, Canonical’s plans for containers, open source in the enterprise space and much more.

LinuxCon: Core Infrastructure Initiative Boosts Security Efforts

The Linux Foundation announced the new badging effort in a press conference with media and analysts. She said the program is akin to the badges used on the popular Github code-development and -sharing site.

— PICKS —

Runs Linux

Museum of Science and Industry in Chicago – RUNS LINUX

Sent in By: Anton C

I visited the Museum of Science and Industry in Chicago recently and one of the exhibits was about robotics. I spotted one robot that recognizes faces and appears to be controlled by a Linux box.

I would also like to share my recent first experience with System76. I purchased a Meerkat to replace my HTPC that just died. The day after I made the purchase, the Meerkat went on sale. System76 called to notify me that because of the sale, I could either get my money back for the amount of the sale, or I could get a free memory upgrade and still get some money back!
Frankly, I’m astounded at that level of customer service. I’ve never experienced anything like it before and I thought it deserved a mention.

Desktop App Pick

FileZilla 3.13.0 released

FileZilla is a free and open source FTP client. It’s available for all major operating systems including Windows, Mac and obviously Linux. The latest version includes couple of new features and few bug fixes that make it more stable.

*
There are couple of new features and bug fixes in this release.
*

Display home directory instead of root directory if the last used directory does not exist
Larger initial size of main window if there is no stored size
Slightly increased size of page selection box in settings dialog

Bugfixes and minor changes:

Fix assertion in directory listing parser
Fix drag&drop of remote files which broke in 3.13.0-rc1

Weekly Spotlight

GitLab Mattermost, an open source on-premises Slack alternative | GitLab

We’re very excited to announce that we’ll ship GitLab Mattermost, an open source, on-premises messaging app (like Slack) along with GitLab.

GitLab Mattermost will first be included with the Omnibus packages of GitLab 7.14 (due August 22nd).
We think GitLab Mattermost will be a great addition for GitLab users that need all software on-premises.

— NEWS —

Super Thin Asus Zenbook

13.3-Inch FHD (1920×1080) anti-glare matte display with an ultra-wide 170-degree viewing angle
Latest Intel Core M-5Y10 (turbo up to 2GHz) processor
Fanless design that is quiet, clean, and energy efficient
8GB RAM
256GB Solid State Drive
10-Hours Battery Life (vendor claim)
Dual-band 802.11AGN Wi-Fi
Bluetooth 4.0
3 USB 3.0 ports
HDMI port

ZenBook UX305 is even slimmer than the new Macbook. It's also about half the price. #Incredible pic.twitter.com/ATSENGVMIi

— ASUS North America (@ASUSUSA) March 11, 2015

Google’s Linux Router

Google and TP-Link unveiled a Gentoo Linux based “OnHub” WiFi-ac router for consumers with 13 antennas, Bluetooth, and ZigBee, controlled by a mobile app.

Google’s embedded and IoT horizons appear to be expanding beyond its own Nest subsidiary. The company, which is now technically just another company in the new Alphabet umbrella organization, has partnered with router-maker TP-Link to launch a $200 WiFi router, and potentially, a home automation router. Later this year, Google says it will announce other OnHub branded devices, including an Asus-made device.

The OnHub is available for pre-order at $200 at a variety of locations including the Google Store. Retail availability is set for Aug. 31. More information may be found in the Google OnHub announcement, the Google OnHub page, and the TP-Link OnHub page.

Specifications listed for the OnHub include:

Processor — Qualcomm Atheros IPQ8064 (2x ARM/Krait cores @ 1.4GHz)
Memory:
- 1GB DDR3L RAM
- 4GB eMMC flash
- 8MB NOR flash
Wireless networking:
- 6x 2.4GHz 802.11b/g/n 3×3 antennas
- 6x 5GHz 802.11b/g/n /ac 3×3 antennas
- AUX 802.11a/b/g/n/ac 1×1 antenna
- Bluetooth 4.0 with Smart Ready
- 802.15.4 (ZigBee and Thread)
- WPA2-PSK security
Wired networking:
- Gigabit Ethernet LAN port
- Gigabit Ethernet WAN port
- QCA8337 gigabit switch
- Other I/O — USB 3.0 port
Other features — 3W speaker; ambient light sensor; 6x tri-color LED arrays; TPN (Infineon SLB 961); built-in diagnostics; removable outer shell; blue and black colors
Power — <12V/3A DC in; 100~240V 50~60Hz AC in
Operating temperature — 0 to 40°C
Weight — 1.9 lb
Dimensions — 10.8 x 5.0 x 5.0 in.
Operating system — Gentoo Linux

Germany to Ditch Linux for Windows

Two influential politicians in a German city that ditched Microsoft in favour of Linux are agitating for a switch back to Windows.

The councillors from Munich’s conservative CSU party have called the custom version of Ubuntu installed on their laptops “cumbersome to use” and “of very limited use”.

The letter from the two senior members of the city’s IT committee asks mayor Dieter Reiter to consider removing the Linux-based OS and to install Windows with Microsoft Office.

The city spent years migrating about 15,000 staff to Limux, a custom-version of Ubuntu, and other open source software – a move the city said had saved it more than €10m ($11m).

GOG Now Has Nice and Friendly Linux Installer – Softpedia

The GOG distribution platform started to release Linux games less than a year ago, but it’s made great progress in the meantime. Now, the developers are working on a new installation for Linux games that should be much easier to use.

Linux Installer for GOG Games

Jolla Tablet available for PreOrder

Secure your Jolla Tablet from the next limited production batch. The Jolla Tablet pre-ordered now will start shipping in the end of October. Act fast, availability is limited. Pre-orders are open for everyone in EU, Norway, Switzerland, United States, Canada, Australia, India and Hong Kong.

Feedback:

https://slexy.org/view/s202pu2wrV
https://slexy.org/view/s20aht44WU
https://slexy.org/view/s212Vt3oTh
Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Friday:

The post Experience LinuxCon 2015 | LAS 379 first appeared on Jupiter Broadcasting.

Miles of WiFi | LINUX Unplugged 104

chris — Tue, 04 Aug 2015 17:47:34 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Ubuntu publishes their roadmap for the next few releases & we discuss what the future might hold for “Ubuntu Personal”. Plus the major challenges Linux gaming is facing.

Then we’ve got insights from the experts on building robust wifi for your home, enterprise or even large events… Powered by Linux!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Pre-Show:

Windows 10 is unfinished | gbl08ma’s personal website

Catch Up:

T – 242d!

It’s only 242 days until April 1st, 2016, the month where another great Ubuntu Long Term Support (LTS) release will be born. Ubuntu 16.04 will be the most sophisticated release of Ubuntu so far.

In my old/new role as Canonical’s Shepherd for all things related to Ubuntu Client (meaning Ubuntu, Phones, Tablets and everything related), I wanted to take a few moments and share our current plans for the remaining time until Ubuntu 16.04.

Canonical Publishes Impressive Roadmap for All of Their Ubuntu Products

“The chart shows Ubuntu as the center of gravity for everything that revolves around it. We will be seeing a solid 15.10 leading to the Long Term Support release 16.04. I personally expect some improvements around the Dash and general usability improvements for users with high resolution screens in addition to the work that’s done to polish and stabilize Ubuntu to the level an LTS release deserves,” wrote Olli Ries.

The chart itself is very interesting, but above all else, it shows that Ubuntu for regular users is still pretty much the focus of their efforts. The Ubuntu community is afraid that Canonical is putting too much work into the mobile space or containers, but in the end, everything they do seems to come back to the desktop.

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Drop Ubuntu Software Centre and Adopt GNOME Software

GlobalVision Powers SELF 2015 Wifi with Linux

GlobalVision setup and ran the WIFI and Internet access for the SouthEast Linux Fest 2014 held in Charlotte, NC. The event had a little over 600 attendees over a 3 day weekend. We worked directly with the hotel hosting the event to run the cable in the event area to prevent hazards or from guests seeing or tripping over them. GlobalVision arranged to get a temporary dedicated Internet line to allow for faster speeds for event guests. Next we brought all of the gear needed for the network and had it set up and running in just a few hours. After the event was over GlobalVision removed everything and restore the area to the original look and feel.

GlobalVision | Greenville High Speed Internet & Phone Service

GlobalVision offers a full range of services for businesses large or small. Our connectivity solutions include fiber, Metro Ethernet, T-1, and fixed wireless internet, as well as voice options ranging from traditional phone service to the best VoIP phones. With our state-of-the-art data and collocation center, we also provide data storage and recovery, hosting, server space, and application hosting.

Linux Academy

Linux Academy | Linux and AWS Online Training

Should We Drop the dream of Linux Gaming?

Gaming on Linux struggles to take off. With Windows seeming less and less “evil” is it time to accept having a Windows install around if you want to game, and let Linux focus on its strengths?

Shadow of Mordor: Performance Tests

The result leaves nothing to speculation:

Max FPS: 81.40 on Windows vs 50.87 on Ubuntu [ 62% of the Windows Performance ]
Average FPS: 55.83 on Windows vs 30.16 on Ubuntu [ 54% of the Windows Performance ]
Lowest FPS: 31.65 on Windows vs 6.84 on Ubuntu [ 22 % of the Windows Performance ]
Amplitude (Max vs Min FPS) : 49.75 on Windows vs 44.03 on Ubuntu

As you can see the game runs about half as fast as the Windows version on average

Shadow of Mordor Performance: Windows 10 vs. Ubuntu Linux – Phoronix

Steam gamers already use Windows 10 more than all Linux distros combined | PCWorld

That’s what the July 2015 Steam hardware and software survey reveals, at least, as first spotted by Windows Central.

Windows dominates among Steam users, with 44.91 percent using Windows 7 64-bit, and 31.65 percent using Windows 8.1 64-bit. According to the numbers, Windows 10 64-bit can already be found on 2.21 percent of Steam users‘ systems, with the **32-bit variant found on another 0.09 percent. **

By contrast, the most-used Mac operating system among Steam gamers is OS X “Yosemite” 10.10.3 at 1.10 percent, though when you take all available versions of Yosemite into account, it’s found on 2.4 percent of all systems. All four tracked Linux OSes combined account for a mere 0.55 percent of use.

TING

Ting – mobile that makes sense

The big LAS Experiment

Runs Linux from the people:

Send in a pic/video of your runs Linux.
Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

The post Miles of WiFi | LINUX Unplugged 104 first appeared on Jupiter Broadcasting.

Ripping me a new Protocol | TechSNAP 221

chris — Thu, 02 Jul 2015 19:05:26 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Amazon releases s2n, a new TLS implementation

s2n (signal2noise) is a brand new implementation of the TLS protocol in only ~6000 lines of code
It has been fully audited, and will be re-audited once per year, paid for by Amazon
It does not replace OpenSSL, as it only implements the TLS protocol (libssl) not the crypto primitives and algorithms (libcrypto). s2n can be built against any of the various libcrypto implementations, including: OpenSSL, LibreSSL, BoringSSL, and the Apple Common Crypto framework
The API appears to be very easy to use, and prevent many common errors
The client side of the library is not ready for use yet
Features:
- “s2n encrypts or erases plaintext data as quickly as possible. For example, decrypted data buffers are erased as they are read by the application.”
- “s2n uses operating system features to protect data from being swapped to disk or appearing in core dumps.”
- “s2n avoids implementing rarely used options and extensions, as well as features with a history of triggering protocol-level vulnerabilities. For example there is no support for session renegotiation or DTLS.”
- “s2n is written in C, but makes light use of standard C library functions and wraps all memory handling, string handling, and serialization in systematic boundary-enforcing checks.”
- “The security of TLS and its associated encryption algorithms depends upon secure random number generation. s2n provides every thread with two separate random number generators. One for “public” randomly generated data that may appear in the clear, and one for “private” data that should remain secret. This approach lessens the risk of potential predictability weaknesses in random number generation algorithms from leaking information across contexts. “
One of the main features is that, instead of having to specify which set of crypto algorithms you want to prefer, in what order, as we have discussed doing before for OpenSSL (in apache/nginx, etc), to can either use ‘default’, which will change with the times, or a specific snapshot date, that corresponds to what was the best practise at that time
Github Page
Additional Coverage – ThreatPost
It will be interesting to see how this compares with the new TLS API offered by LibreSSL, and which direction various applications choose to go.

How the NSA’s XKEYSCORE works

“The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.”
“XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.”
“The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.”
“In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.”
You might expect some kind of highly specialized system to be required to do all of this, but that is not the case:
“XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.”
The security of the system is also not as good as than you might imagine:
“Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.”
“When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.”
“There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.”
The system is not well designed, and could likely have been done better with existing open source tools, or commercial software designed to classify web traffic
“When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.”
Your traffic is analyzed and will probably match a number of classifiers. The most specific classifier is added as a tag to your traffic. Eventually (3-5 days), your actual traffic is deleted to make room for newer traffic, but the metadata (those tags) are kept for 30-45 days
“This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.””
“One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.”
“To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).”
“Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.”
All of this information is based on the Snowden leaks, and is from any years ago
“If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.”
Part 2 of Article

[SoHo Routers full of fail]

Home Routers that still support RIPv1 used in DDoS reflection attacks

RIPv1 is a routing protocol released in 1988 that was deprecated in 1996
It uses UDP and so an attacker can send a message to a home router with RIP enabled from a spoofed IP address, and that router will send the response to the victim, flooding their internet connection
““Since a majority of these sources sent packets predominantly of the 504-byte size, it’s pretty clear as to why they were leveraged for attack purposes. As attackers discover more sources, it is possible that this vector has the potential to create much larger attacks than what we’ve observed thus far,” the advisory cautions, pointing out that the unused devices could be put to work in larger and more distributed attacks.”
“Researchers at Akamai’s Prolexic Security Engineering and Research Team (PLXsert) today put out an advisory about an attack spotted May 16 that peaked at 12.9 Gbps. Akamai said that of the 53,693 devices that responded to RIPv1 queries in a scan it conducted, only 500 unique sources were identified in the DDoS attack. None of them use authentication, making them easy pickings.”
Akamai identified Netopia 2000 and 3000 series routers as the biggest culprits still running the vulnerable and ancient RIPv1 protocol on devices. Close to 19,000 Netopia routers responded in scans conducted by Akamai, which also noted that more than 5,000 ZET ZXv10 and TP-Link TD-8000 series routers collectively responded as well. Most of the Netopia routers, Akamai said, are issued by AT&T to customers in the U.S. BellSouth and MegaPath also distribute the routers, but to a much lesser extent.

Home Routers used to host Malware

Home routers were found to be hosting the Dyre malware
Symantec Research Paper of Dyre
Affected routers include MikroTik and Ubiquiti’s AirOS, which are higher end routers geared towards “power user” and small businesses
“We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”
“Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.”

Feedback:

ZFS with 4K drives?
ZFS Replication Between FreeNAS and Linux
Splitting a pool
DNS Transfer Email Downtime Followup
FreeBSD Mastery: ZFS — Not just about ZFS

Round Up:

The post Ripping me a new Protocol | TechSNAP 221 first appeared on Jupiter Broadcasting.

Chronicles of a Linux Switcher | LAS 360

chris — Sun, 12 Apr 2015 17:09:16 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We follow the journey of users who have just made the switch to Linux. We document what went great & what hasn’t worked.

Plus a big announcement is made, great news for Ubuntu MATE, a quick look at Elementary OS Freya Beta & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

— PICKS —

Runs Linux

Mall Kiosk Runs Linux

Sent in by sent by Ricardo R.

Walking through a mall I found a kiosk that is running Ubuntu

Desktop App Pick

Gramps Genealogical Research Software

Gramps is a free software project and community. We strive to produce a genealogy program that is both intuitive for hobbyists and feature-complete for professional genealogists. It is a community project, created, developed and governed by genealogists.

Sent by Adrian

Weekly Spotlight

BitPay’s Internal Mining Pool

At BitPay we are huge proponents of open source software and of course cool gadgets! To do some of our internal testing, we built a small pool of bitcoin miners that run raspbian. Those two miners each have a powered USB hub and a few usb miners each. They are cooled by a pair of simple USB fans. All of which sits neatly on the corner of my desk! Gotta love how easy it is to deploy something like this in such a small form factor on linux… It’s reliable, fast, and just plain looks awesome sitting on my desk!

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Ubuntu MATE Inks First Hardware Deal

Entroware laptops __start from £379.99. __This bags an ‘Orion’ laptop powered by an Intel Pentium 3550M (Haswell) processor running at 2.3GHz, 4GB DRR3 RAM, a 500GB 5400RPM HDD and integrated Intel graphics. Desktops begin at £299.

Ubuntu MATE hardware partnership with Entroware | Ubuntu MATE

Ubuntu MATE forges exciting partnership with Linux hardware startup Entroware.

elementary OS Freya Available For Download, See What`s New

For those not familiar with elementary OS, this is an Ubuntu-based Linux distribution (with Freya being based on Ubuntu 14.04 LTS, supported until April 2019) which ships with its own desktop environment, called Pantheon, and its own custom application for the most part, which look great, integrate very well with the desktop and ship with sane defaults so the user doesn’t have to tweak anything.

Evolve OS Changes Name due to Legal Warning

Thank you everyone for helping us in the naming process!
In that time, one name cropped up time and time again. A name we do own, and one indicative of our history and roots.

Solus Project

Valve games for Mesa/DRI developers

Hi,
At Collabora (my lovely dayjob), we’ve been working with Valve on
SteamOS. Valve are keen to give back to the community, and we’ve been
discussing ways they can help do that, including providing free access
to Valve games on Steam to Debian developers last year.

We’re happy to say that this has been extended to Mesa developers as
well, to say thanks for all the great work. If you have 25 commits or
more (an arbitrary number) to Mesa0 in the past five years, please
drop me an email (with ‘Steam’ in the subject) with your freedesktop
username and Steam username. We can then get you access to all past
and future Valve-produced games available on Steam[1].
Thanks for all the great work, and enjoy.
Cheers,
Daniel

Gnome 3.16 Hits

My Updated 3.16 Packages for GNOME Extensions by Michael Tunnell aka RottNKorpse

GNOME, desktop environment project, released their latest version of 3.16 recently so I decided to make an update to my previous extension package releases. I made a similar post last year for the GNOME 3.14 Release because some of my extension broke. Unfortunately, some of those extensions are still unmaintained and thus not updated for 3.16 either. So I am continuing to update some extensions for myself and anyone else who wants them.

Intel Compute Stick, world’s smallest PC, will cost $150 with Windows, $110 with Linux

Intel Atom quad-core processor, 2GB of RAM, 32GB of storage and 802.11b/g/n Wi-Fi. It plugs directly into a monitor or TV via HDMI, and is powered through a Micro USB jack on the side of the stick. There’s also a full-sized USB port, and Bluetooth 4.0 for connecting a mouse and keyboard.

— FEEDBACK —

https://slexy.org/view/s22YoWUjOt
https://slexy.org/view/s20bsAHlV9
https://slexy.org/view/s206wSNobi

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Chronicles of a Linux Switcher | LAS 360 first appeared on Jupiter Broadcasting.

Get A Job, You Linux Bum! | LAS 359

chris — Sun, 05 Apr 2015 06:46:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Have you ever thought it’s better to create a job then apply for one? This week we dive into what it takes to build a business that runs on open source & supports open source.

Plus Microsoft’s surprise move, openSUSE jumps ahead, running just about any Android app under Linux & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Jump to Noah’s On Location Video

https://youtu.be/xgVp2YM5CFE?t=44m43s

Best Enterprise Router for the Money

Mikrotik

Best Autonomous Access Points For the Money

EnGenius

Best Cloud Access Points for the Money

UBNT – Ubiquiti Networks

Best Display for Internet Kiosk

Asus VS248H-P 24-Inch Full-HD LED-lit LCD Monitor

Best PC for Internet Kiosk for Internet Kiosk

Intel NUC DN2820FYKH with Intel Celeron N2820

Best USB Wifi Dongle

Panda 300Mbps Wireless-N USB Adapter

Brought to you by: System76

Ubiquiti Networks – Wireless networking products for broadband and enterprise

— PICKS —

Runs Linux

Bowling Alley Runs Linux

Sent in by douglascodes

I was at a work party at a bowling alley last night. There were some problems with the alley score system and they had to reboot, so I took some pics of the startup. I wasn’t able to catch it in these pictures. But it is running Ubuntu 10.10.

Desktop App Pick

ClipGrab – Free YouTube Downloader & Converter

ClipGrab is a free downloader and converter for YouTube, Vimeo, Metacafe, Dailymotion and many other online video sites.

It converts downloaded videos to MPEG4, MP3 or other formats in just one easy step.

Weekly Spotlight

Go For It!

Go For It! is a simple and stylish productivity app, featuring a to-do list, merged with a timer that keeps your focus on the current task. To-do lists are stored in the Todo.txt format. This simplifies synchronization with mobile devices and makes it possible to edit tasks using other front-ends, like my Todo.txt Kupfer Plugin. If you already use Todo.txt, beware of the fact, that Go For It! automatically archives completed tasks to the done list!

Project belong to community member mank319

Sent in by dardevelin

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Microsoft Adopts ODF

Microsoft has confirmed it will start supporting the Open Documents Format (ODF) in the next update to Office 365, following a lengthy battle against the UK government.
In 2014, Microsoft went against the government’s request to support ODF, claiming its own XML format was more heavily adopted. The UK government refutes the claim, stating that ODF allows users to not be boxed into one ecosystem.

Gnome 3.16 systemd-journal coming in next Tumbleweed snapshot

It’s official, Gnome will be in the next Tumbleweed snapshot and the development experience is highly anticipated. A clean installation works, but the guys are working on one last test before its released. We’re not promising an early Easter gift, but Tumbleweed users won’t have to wait long for Gnome’s latest upgrade.

A small change to Linux can be seen in Tumbleweed with a change from the syslog to systemd-journal; the systemd-journal as a binary file needs special tools to look at it.

systemd-journal has been in Fedora since Fedora 18

Audacity 2.1.0 Released

For a long time, we have wanted Real-Time Preview for effects.
It seemed nearly unachievable without major restructuring.
But with Audacity 2.1.0, we have it in
LADSPA, VST, and Audio Unit (OS X) effects!
Thanks to Leland Lucius for these great new capabilities!

Much improved
Noise Reduction
effect replaces Noise Removal. Thanks to new contributor Paul Licameli!

Lots of other improvements to effects, also thanks to Leland, including:

VST: FXB preset banks, hosting multiple plugins

All effects can now be used in Chains, and can be sorted on name, publisher, or class.

Most Nyquist effects now have Preview button.

Redesigned Meter Toolbars show a lot more information in smaller area. Thanks, Leland Lucius and James Crook!

Spectral Selection
in Spectrogram view. Thanks to Paul Licameli!

How to Install and Run Android Apps in a Linux OS

Basically, anyone with a computer will be able to get an APK file and get it running inside the Google Chrome browser with a minimum amount of effort. What’s even more interesting is that the app only needs Google Chrome installer, it doesn’t need it to run. If you check the background processes, you will notice that a Chrome one is running along with the Arc Welder.

ARC Welder – Chrome Web Store

Gentoo, after 10 years, has a new website! – not April Fools this time!

Blender New Version 2.74 Is Out With New Tools And Improvements

The Blenders Institute’s sixth open film

The Blender Institute’s sixth film project, codenamed Gooseberry, is in deep into the most open production from the Blender Institute yet. If you’ve been following the project so far, then you already have a sense of what Blender means by an “open production”—lots of sharing.

— FEEDBACK —

https://slexy.org/view/s21U3xrhmC
https://slexy.org/view/s21HV3g6cB
https://slexy.org/view/s21o90indI
op5 IT monitoring – eliminate time thieves on Vimeo

“Built on top of Nagios you say?”
Yes, with some added features like proper report generation, a sweet REST API, easy to use load-balancing/redundancy, a business logic engine and of course commercial support!

PS: I managed to sneak in a JB shout-out in one of our cheesy promo videos: https://vimeo.com/107821073

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Get A Job, You Linux Bum! | LAS 359 first appeared on Jupiter Broadcasting.

Meet SELKS | Linux Action Show 351

chris — Sun, 08 Feb 2015 11:04:24 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The Co-creators of a Linux distribution that allows you to harness some of the most powerful open source security software join us to discuss bringing Enterprise grade security to the masses.

Plus building your own ideal Linux laptop, the Yolla Tablet surprise & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

SELKS project Interview

Brought to you by: System76

Open Source | Stamus Networks

Stamus Networks believes in the innovative power and flexibility that Open Source Software posses. It also offers independence and great adaptability — critical when building security products you can trust. But taking from the community is not enough if you want more common good to emerge. This is why Stamus Networks makes its best to contribute back to the Open Source idea.

The main part of our contribution back to Open Source is our two projects SELKS, a live and installable ISO implementing a ready to use Suricata IDS/IPS, and Scirius, a web interface dedicated to Suricata ruleset management.

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager.

From start to analysis of IDS/IPS and NSM events in 30 sec.

Interview

Peter & Eric co-founders of SELKS
Open Source | Stamus Networks

Stamus Networks believes in the innovative power and flexibility that Open Source Software posses. It also offers independence and great adaptability — critical when building security products you can trust. But taking from the community is not enough if you want more common good to emerge. This is why Stamus Networks makes its best to contribute back to the Open Source idea.

The main part of our contribution back to Open Source is our two projects SELKS, a live and installable ISO implementing a ready to use Suricata IDS/IPS, and Scirius, a web interface dedicated to Suricata ruleset management.

— PICKS —

Runs Linux

Scientist who are creating nanobots, Runs Linux

Sent in by Ionut

Meet Professor Brad Nelson, a pioneer in the field of nanorobotics who’s developing tiny robots to go places almost beyond our imagination.

Desktop App Pick

Virtual Machine Manager

The virt-manager application is a desktop user interface for managing virtual machines through libvirt. It primarily targets KVM VMs, but also manages Xen and LXC (linux containers).

Weekly Spotlight

Tails

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity,

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Useable Specs FSF Laptop

The Free Software Foundation (FSF) today awarded Respects Your Freedom (RYF) certification to the Libreboot X200 laptop. The RYF certification mark means that the product meets the FSF’s standards in regard to users’ freedom, control over the product, and privacy.

Libre Office for Android

The free app allows you to view Open Document files (.odt, .odf, etc.) and a number of alternative and proprietary file formats, including the ubiquitous .doc and .docx, on an Android smartphone or tablet. The app is available to download from the Play Store today.

Yolla Tablet Returns to Indiegogo

The Jolla Tablet, has returned to Indiegogo.com. After the successful first phase of our Indiegogo campaign in Nov-Dec last year, we’re now moved to the next phase, and continuing our campaign on Indiegogo at least until the end of February 2015.

Open Lunchbox Project

Open Lunchbox is the latest project attempting to do an open-source laptop design. Open Lunchbox is trying to do their laptop project in a modular, open hardware design.

— FEEDBACK —

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Meet SELKS | Linux Action Show 351 first appeared on Jupiter Broadcasting.

Linux Powered Schools | LINUX Unplugged 68

chris — Tue, 25 Nov 2014 17:35:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’re joined by a classroom full of special guests, we talk with the students from Penn Manor School District, where they’ve given every high school student a Linux laptop & integrated the students into the help desk. We get the inside scope on the challenges, roadblocks & successes of this large desktop Linux deployment.

Plus a preview of our upcoming interview with Mark Shuttleworth & his take on the recent criticism and exodus from Debian & getting started in a Linux career.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Pre-Show:

FU:

Charlie’s Angles

PM Technology Blog | Penn Manor School District Tech News and Stories

Mark Shuttleworth on the Tone of Discussion

A preview clip from our interview with Mark Shuttleworth which will run in Sunday’s Linux Action Show.

Runs Linux from the people:

Send in a pic/video of your runs Linux.
Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

Post-Show

Best of Jupiter Broadcasting Submission Form

The post Linux Powered Schools | LINUX Unplugged 68 first appeared on Jupiter Broadcasting.

Go Big or Go Lean! | CR 109

chris — Mon, 07 Jul 2014 12:59:58 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Mike reflects on his transition from dedicated developer to business management, what makes a business “big” vs “lean” and what the guys feel is a good fit for their goals.

Plus when to cut yourself off from a pet coding project, a book that promises to help you pick a Javascript Framework and more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

— Show Notes: —

Feedback / Follow Up:

Dev Hoopla:

Earlier this month the Yorba Foundation received a formal notice from the Internal Revenue Service (IRS) denying Yorba 501(c)(3) tax-exempt status. It’s possible this is nothing to be concerned with (at least, not unless you’re a part of Yorba). Reading their response, I believe this denial is actually a cause for concern for free software groups within the United States, and perhaps abroad.

The IRS reasons that since Yorba’s open source software may be used for any purpose, Yorba is not a charity. Consider all the for-profit and non-charitable ways the Apache server is used; I’d still argue Apache is a charitable organization.

The post Go Big or Go Lean! | CR 109 first appeared on Jupiter Broadcasting.

Ghost of Partition | BSD 28

chris — Thu, 13 Mar 2014 18:13:30 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week we\’re at AsiaBSDCon, so it\’ll be a shorter episode. We\’ve got an interview with Eric Turgeon, founder of the desktop-focused GhostBSD project. Haven\’t heard of GhostBSD? Well stay tuned then. We\’ll be back next week with a normal episode.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Interview – Eric Turgeon – ericturgeon@ghostbsd.org / @GhostBSD1

GhostBSD

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We especially want to hear some tutorial ideas that you guys would like to see
If you have something you want to talk about on the show – anything cool involving BSD, whether you\’re a developer or not – we\’d be glad to interview you, just get in touch with us
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Ghost of Partition | BSD 28 first appeared on Jupiter Broadcasting.

HDR Photography on Linux | LAS s30e06

chris — Sun, 19 Jan 2014 13:49:22 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Ian Hex a talented photographer whose workflow is completely under Linux, joins us to discuss his must have open source photo management tools for Linux, how he creates his amazing HDR images, and his thoughts on strengths and weakness of using Linux for photography.

PLUS: Spotify gets in on the recent Debian debate, Ubuntu scores high marks in the UK, Steam Dev Days Highlights…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

Ian Hex: Linux Photographer

Brought to you by: System76

What’s particularly rad about this tutorial is that the photos are processed using 100% organic, free and open-source software. That means it’s, of course, free of cost but also you’re free to modify the software exactly how you want. Furthermore, as it’s open-source, you are free to examine the inner guts of the software as much as you like and, should you wish to, you can modifications or even contribute advancements to the software yourself! You don’t need to worry about the cost of forced upgrades or deliberate obsolescence. It’s yours. =)

– Picks –

Runs Linux:

Desktop App Pick

Weekly Spotlight

Penn Manor Highschool Readies 1725 Linux Laptops

— NEWS —

– Feedback: –

Steam Machines
SUSE has almost 25 job openings at the moment!
Join us LIVE as we lead up to episode 300, we’ll be discussing content/format/etc show ideas with our live chat room leading up to 300.

— Chris’ Stash —

Neutered Net Neutrality | Unfilter 81

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

Check out LINUX Unplugged

— Find us on Google+ —

— Find us on Twitter —

— Follow the network on Facebook: —

Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

The post HDR Photography on Linux | LAS s30e06 first appeared on Jupiter Broadcasting.

Master Linux with Puppet | LAS | s26e03

chris — Sun, 24 Mar 2013 13:11:41 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Puppet is an an open source configuration management tool that our friend Allan uses every single day. He joins us to discuss this free tool that can help you manage 1 to thousands of Linux boxes.

Then a look at Linux Mint Debian Edition, Fedora’s Wayland strategy, some Kickstarter games that look great…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com

Use our code hostdeal3 to score economy hosting for $1 a month, for one year.

35% off your ENTIRE order just use our code go35off3 until the end of the month!

Ting.com

Visit las.ting.com to save $25 off your device or service credits.

Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

Manage Multiple Linux Boxes, with Puppet:

Brought to you by: System76

– Picks –

Runs Linux:

NVIDIA’s CEO Runs Linux
Thanks to 1roxtar for catching this

Android Pick:

MightyText
Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

Search our past picks:

Linux Action Show Lookup
Thanks to sakuramboo!

Git yours hands all over our STUFF:

— NEWS —

News:

— FEEDBACK —

Kevin Google+ – Virtualization
OSS Google Reader
Files are packaged in .deb or .rpm, why can’t they be version agnostic?

— Chris’ Stash —
Jupiter Gaming – Google+
Jupiter Colony – Google+
Sing up for the Bitcoin Show Draft!
Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

— Find us on Google+ —

— Find us on Twitter —

— Follow the network on Facebook: —

Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

The post Master Linux with Puppet | LAS | s26e03 first appeared on Jupiter Broadcasting.

The Javascript Problem | CR 18

chris — Mon, 08 Oct 2012 11:34:16 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Mike and Chris take a walk down a dangerous and controversial road — the state of Javascript in modern web development.

Plus a frank look at TypeScript, blaming developers, your emails, and much more.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Show Notes:

Feedback

Jay wants to know how the Android update cycle and the device manufacturers’ different versions of Android affect developers.
Carlo’s email
Isak asks what we think about Typescript
Charles writes in with some more info on Haskell
Matt shares an interesting article about Adobe
Matt (diff Matt?) is working on an iOS app that will have a server backend component and is wondering how to make a profit on the app — given the hosting costs over time.

This Week’s Dev World Hoopla

NCEES licensing exam for Software Engineers
Windows Phone 8 SDK oddness
TypeScript / The Javascript Problem

The Language Itself

No classical inheritance.
Too loose

Developers

Too stupid / lazy??
Too sloppy??

Tool of the Week

Typescript

Book of the Week

Basic Category Theory

The post The Javascript Problem | CR 18 first appeared on Jupiter Broadcasting.

Easy LVM | LAS | s18e08

chris — Sat, 24 Sep 2011 17:25:20 +0000

Want to stack your Linux box full of hard drives? Join them into one giant pool of storage? It’s easy, we’ll show you how to combine two drives, or even hundreds!

Plus – Is Microsoft trying keep Linux off PC’s with Windows 8? We discuss!

And so much more!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

[ad#shownotes]

Episode Show Notes:

News:

LVM Easy:

A LVM Frontend for KDE
Using system-config-lvm
Format your drives as a Physical volume (PV) then you can add that raw storage to a volume group.
Then create logical volumes, and these will show up as drive devices. Format these with your file system of choice.
Chris often creates his home directory on a logical volume, for future growth!
Logical Volume Manager Overview
FreeBSD GEOM

Find us on Google+

Chris
Allan

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Catch the show LIVE at 10am on Sunday:

https://jblive.tv

The post Easy LVM | LAS | s18e08 first appeared on Jupiter Broadcasting.