Show Notes:

Fully Automated Monitoring:

Brought to you by: System76

• FAN « Fully Automated Nagios

• Centreon

• Install and configure SNMP on RHEL or CentOS

• Setup is very easy Screenshot at 08:01:08 ScreenCloud: FAN Setup 08:01:51

Runs Linux:

• A “off-the-shelf” satellite runs, Linux

Android Pick:

• Android XBMC with Jupiter Broadcasting
• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• Geeknote – Evernote console client for Linux, FreeBSD, OS X
  Thanks to: jasonjohnwells

• Picks so far

• Madjo

Search our past picks:

• Linux Action Show Lookup
• Thanks to sakuramboo!

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

News:

• Goldman Sachs: Windows’ true market share is just 20%
• RedShark News – Important breaking news about Lightworks for Linux
• Samba 4 Released
  • Samba4 – SambaWiki
• A New Project To Run Mac OS X Binaries On Linux
• Steam Linux to Launch Open Beta Next Week!
• Readers’ Choice Awards 2012
• Mozilla announces Game On Competition
  • Mozilla Gameon

Feedback:

• Your 2013 Linux Predictions Thread

• Could it be that Canonical and Valve are working much closer together than it seems at first sight?

• Cygwin is great

• Memtest86 is WONKY

• Parker has a few questions

• Midnight Commander vs VIM

• If Apple or Microsoft had implemented this, would you have been so forgiving?

• ScreenCloud Dev Writes In

Chris’ Stash:

• HTML4++ | Coder Radio

What’s Matt Doin?

• Consequences of Dell Embracing Ubuntu
• Writing about Linux, sometimes, even asking tough questions
• Offering newbie centric advice, in my articles

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter:

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook:

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Linux Hits the FAN | LAS | s24e10 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/26161/best-tool-for-the-job-techsnap-80/ Wed, 17 Oct 2012 11:39:58 +0000 https://original.jupiterbroadcasting.net/?p=26161 Samsungs new Flash file system, WoW’s Exploit, Microsoft’s DMCA takedowns, hard core data center tech, and a ton of your questions and our answers!

The post Best Tool for the Job | TechSNAP 80 first appeared on Jupiter Broadcasting.

]]>

Samsung’s new Flash file system, WoW’s Exploit, Microsoft’s DMCA takedowns, hard core data center tech, and a ton of your questions and our answers!

All that and so much more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

Expires 10/31/12

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Samsung creates new Log Structured File System, F2FS for NAND Flash

• Also known as the Flash-Friendly File System
• A file system designed to take advantage of, and avoid some of the drawbacks to SSDs and other flash based storage devices
• It is based on the concept of a Log Structured File System, with some redesign (LSFS is a very old design, based on assumptions that did not come true)
• What is a Log Structured File System
  • Proposed in 1988
  • Stores data in a circular log file, constantly writing new changes to the head of the log
  • Recovers more easily from unexpected shutdowns
  • Based on the assumption that writes need to be faster, as reads will be almost free due to caching
  • Gains speed, especially on rotary devices because writes are done contiguously, instead of seeking to various places
  • SSDs reduce seek times, making discontiguous reads no longer a performance detriment
  • Requires a garbage collection process, where blocks at the tail of the log that are still in use (not superseded by updated blocks) must be rewritten to the head of the log so that the tail can be overwritten by the new head
  • Most modern implementations are not actually circular, but rather break the disk up into segments, and garbage collect the least used segments
• F2FS was designed by Samsung to allow Android based devices to make better use of their eMMC storage
• F2FS is focused on SSDs and other block devices rather than raw NAND devices
• There are other Log Structured File System implementations such as NILFS and BSD-LFS
• There is a FreeBSD project NANDFS to implement a Log Structured File System on raw NAND devices, removing the controller logic/layer from an SSD and allowing the file system to make all of the decisions

---

WoW exploit allows attackers to kill entire cities

• On October 7th, all player and even NPC characters in a number of cities of various servers in the MMO World of Warcraft started dying mysteriously
• Videos show characters just falling over dead in rapid succession
• Forum Thread reporting the issue
• A hotfix has been applied to resolve the issue
• Official Blizzard Response

---

Mozilla pulls Firefox 16 from website due to flaw

• Mozilla has removed the Firefox 16 downloads from their website, reverting to offering 15.0.1
• A vulnerability was found in Firefox 16 that could allow a malicious website to determine what URLs you had visited, and have access to the URLs and possibly URL parameters, which could disclose sensitive information or authentication tokens
• The vulnerable version was pulled from the download page less than a day after it was posted
• No users were automatically updated to Firefox 16, only users to manually downloaded it are vulnerable
• All users of Firefox 16 should downgrade to 15.0.1, any users still using 16 will be automatically upgraded to 16.0.1 when it is released
• Firefox 16 was released with patches for 24 known vulnerabilities , 21 of which were labelled critical
• BBC Coverage

---

Microsoft issues a slew of bad DMCA requests

• Microsoft has stepped up its automated DMCA requests, causing it to incorrectly ask Google to censor/remove search results linking to AMC Theatres, the BBC, Buzzfeed, CNN, HuffingtonPost, TechCrunch, RealClearPolitics, Rotten Tomatoes, ScienceDirect, Washington Post, Wikipedia, the U.S. Government and many more sites
• In another request the software giant seeks the removal of a URL on Spotify.com
• Claiming to be attempting to prevent unauthorized distribution of the Windows 8 Beta, Microsoft listed 65 “infringing” web pages, nearly half of which have nothing to do with Windows 8

---

Thanks to GoDaddy, take a peek at their Data Center:

• Tech.GoDaddy.com – Data Center – YouTube

Feedback:

• What I wish the new hires “knew”.
• What will be in the news the week in October when Allan is at Euro BSD Con?
• Setting up a large scale monitoring system for Linux/Mac/Windows?
  • Often times a function of the driver for the RAID controller, even under Linux/BSD
  • Many controllers offer some type of SNMP agent
• Hegemon8’s batch of questions
• A few Linux SysAdmin questions
• What is an IPKVM?
  • IP-KVM is KVM (keyboard video mouse), over IP
  • Original KVMs allowed you to manage multiple machines from a single keyboard/monitor/mouse
  • IP-KVMs allow you to do this remotely, over the internet, most IP-KVMs also include ‘virtual media’, which allows you to mount DVD or USB images from your client machine, allowing you to rescue or install the OS from across the world
  • I regularly use IP-KVM to manage servers all over europe from my desk
  • Most IP-KVM systems support SSL
• Varnish instead of NGINX in front of Apache?
  • Varnish can be faster, but has no support for something like FastCGI to handle applications
  • Varnish does not support SSL
  • Varnish is probably less useful during a DDoS attack, because it uses 1 thread per connection, whereas NGINX uses a fixed number of threads and is event driven. For a large number of simultaneous connections, NGINX will likely use less system resources
  • Varnish is fast and awesome
• Some guy names Chris asks about ISPs tracking users

Round-Up:

• DHS Issued False ‘Water Pump Hack’ Report; Called It a ‘Success’
• Is TLS provably secure? There is no right answer
• Verizon Details Their Uses for Location Data – Like Tracking Demographics at Large Events
• Cybercrime gang recruiting botmasters for large scale attacks on US banks, because EU banks require 2 factor auth for wire transfers
• Your tax dollars at work: local cops now paid with federal money to troll IRC
• India Minister of Telecom says Telcos should switch to charging only for data, rather than voice calls
• OnLive acquired for just under $5 million
• IETF started HTTP/2.0, including HSTS support

The post Best Tool for the Job | TechSNAP 80 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/11491/keeping-it-up-techsanp-20/ Thu, 25 Aug 2011 21:33:51 +0000 https://original.jupiterbroadcasting.net/?p=11491 Find out how software like Nagios can take your setup to the next level, and Apache and PHP have big security holes, find out why it's time to patch!

The post Keeping it Up | TechSNAP 20 first appeared on Jupiter Broadcasting.

]]>



Apache and PHP have hooked up at the fail party, and we’ll share all the details to motivate you to patch your box!

Then Microsoft takes a stab at AES and we wrap it all up with a complete run down of Nagios, and how this amazing tool can alert you to a potential disaster!

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | WebM Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

[ad#shownotes]

Show Notes:

---

All versions of the apache web server are vulnerable to a resource exhaustion DoS attack

• A single attacker with a even a slow internet connection can entirely cripple a massive apache server
• The attack uses the ‘Range’ header, requesting 1300 different segments of the file, causing the web server to create many separate memory allocations. The existing attack script defaults to running 50 concurrent threads of this attack, which will quickly exhaust all of the ram on the server and drive the server load very high.
• Apache 1.3 is past it’s End Of Life and will not receive an official patch
• A different aspect of this bug (using it to exhaust bandwidth) was pointed out by a Google security engineer over 4 years ago

---

PHP 5.3.7 contains a critical vulnerability in crypt()

• Official Bug Report
• The crypt() function used for hashing password received much attention in this latest version of php, and a bug was inadvertently introduced where when you hash a password with MD5, only the salt is returned. This means that when validating a login attempt, when the hash of the attempt is compared to the stored hash, only the salt will match, resulting in a failed login attempt. However if the user changes their password, or a new user registers, the stored hash will only be the salt, and in that case, any attempted password will result in a successful login attempt.
• PHP 5.3.7’s headline bug fix was an issue with the way blowfish crypt() was implemented on linux (it worked correctly on BSD). Some passwords that contained invalid UTF-8 would result in very weak hashes
• It seems that this error was caught by the PHP unit testing framework, so the fact that it made it in to a production release means that the unit testing was likely not properly completed before the release was made.
• 5.3.7 was released on August 18th. The release was pulled on August 22nd, and 5.3.8 was released on August 23rd

---

Researches have developed a new attack against AES

• Researchers from a Belgian (Katholieke Universiteit Leuven) and a French (Ecole Normale Suprieure) University, working with Microsoft research have developed a new attack against AES that allows an encryption key to be recovered 3 to 5 times faster than all previous attacks
• The attack would still take billions of years of CPU time with currently existing hardware
• Full Paper with Details
• Comments by Bruce Schneier
• Additional Article

---

Feedback

Q: (DreamsVoid) I have a server setup, and I am wondering what it would take to setup a backup server, that would automatically take over if the first server were to go down. What are some of the ways I could accomplish this?

A: This is a rather lengthy answer, so I will actually break it apart, and give one possible answer each week, for the next few weeks. This weeks solution is to use DNS Failover. For this feature, I personally use a 3rd party DNS Service called DNS Made Easy . Once you are hosting your DNS with them, you can enable Monitoring and DNS Failover. This allows you to enter the IPs of more than one server for the DNS entry such as www.mysite.com. Only one IP will be used at a time, so it is not the same as a ‘Round Robin’ setup. This simplifies problems with sessions and other data that would need to be shared between all of the servers if they were used at the same time. DNSMadeEasy will monitor the website every minute from locations all over the world, and if the site is unreachable, it will automatically update your DNS record to point traffic to the next server on your list. It will successively fail over to each server on the list until it finds one that is up. When the primary server comes back, it can automatically switch back. We use this for the front page of ScaleEngine.com, if the site were ever down, it would fail over to a backup server we have at a different hosting provider. This backup copy of the site is still reliant of a connection to our centralized CMS (which also uses DNS Failover), and if that were down too, it fails over to a flat-HTML copy of our website that is updated once per day. This way, our website remains online even if both our primary and secondard hosting are offline, or if all 3 fail over servers for the CMS are down as well.

---

Q: (Al Reid) Nagios seems to be a very good open source and widely used network monitoring software solution, is it possible that you guys could discuss the topic of network monitoring for services, hosts, router, switches and other uses?

A: Nagios is an open source network monitoring system that can be used to monitor a number of different aspects of both the hosts (physical and virtual servers, routers) and the services of those hosts (programs like apache, mysql, etc). The most basic monitoring is just pinging the host, and entering an alert state if the host does not response, or if the latency or packet loss exceed a specific threshold. However the real power of a network monitoring system comes not only from alerting you (via email, text message, audible alarm) when something is down, but actually monitoring and graphing performance over time. For example, with my MySQL servers, nagios monitors not only that they are accessible, but graphs the number of queries per second, and the number of concurrent connections. This way, if I notice higher than expected load on one of the servers, I can pull of the graph and see that, yes, a few hours ago the number of queries per second jumped by 30%, and that is obviously what is causing the additional load. A huge number of things can be monitored using a combination of the nagios tools and the SNMP (Simple Network Management Protocol) interfaces exposed by many devices. For example, we monitor power utilization from our PDUs and traffic through each of our switch ports. Some of the main metrics we monitor on each server are: CPU load, load averages, CPU temperature, free memory, swap usage, number of running processes, uptime (alerts us when a device reboots unexpectedly), free disk space, etc. We also monitor our web servers closely, monitoring the number of connections, requests per second, number of requests waiting on read or write, etc. Nagios monitoring can be taken even further, more advanced SNMP daemons on servers can list the packages that are installed, and a nagios tool could be setup to alert you when a known vulnerable package is detected, prompting you to upgrade that package. Nagios can also monitor your SSL certificates and Domain Names, and alert you when they are nearing their expiration dates (Chris should have this so he doesn’t forget to renew JupiterBroadcasting.com every year). Nagios supports two different methods of monitoring. The first is ‘active’, which is the most commonly used, nagios connects to the server/service and checks that it is running, and gets the performance data, if any. However nagios can also support ‘passive’ data collection, where the server or service pushes performance data to nagios, and nagios can trigger an alert if an update is not received within a specific time frame, this can help solve a common issue we have discussed before, where the monitoring server is a weak point in the security of the network, a single host that is able to connect to even the most secure hosts in your network. With passive monitoring, you can have secure hosts or unroutable LAN hosts push their monitoring and performance data to nagios from behind the firewall, even when nagios cannot connec to that host. Other alternative to nagios are Zabbix, SpiceWorks or Cacti, but I have never used them.

---

Random SQL Injection Comic

Round Up:

• Google hacking exposes large caches of personal data
• Kinectasploit is a mash up of kinect, metasploit and a 3D first person shooter game environment built in blender @ defcon
• Rob “CmdrTaco” Malda Resigns From Slashdot
• Anonymous breaches yet another US Defense Contractor
• MSN stops using Super Cookies
• SpyEye Banking Trojan source code leaked by Reverse Engineering Dream Crew

Bitcoin Blaster:

• FPGA bitcoin mining
• It appears MyBitcoin plan to release their source code
• Video: Bitcoin Conference Keynote – Jeff Garzik
• Bitcoin Enthusiasts Gather in NYC to Meet IRL and Show Off Bitcoin Start-Ups

The post Keeping it Up | TechSNAP 20 first appeared on Jupiter Broadcasting.

]]>