Show Notes: linuxunplugged.com/402

The post Our Worst Idea Yet | LINUX Unplugged 402 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/395

The post The ACME Era | TechSNAP 395 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Malware found preinstalled on 38 Android phones used by 2 companies

• Malicious apps were surreptitiously added somewhere along the supply chain.

• Check Point didn’t disclose the names of the companies that owned the infected phones. One of the affected parties was a “large telecommunications company” and the other was a “multinational technology company.”

• It’s interesting how this came on out March 10 and the WikiLeaks notice about compromised cellphones came out a few days earlier. Coincidence?

“Vault 7” by WikiLeaks

• A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

• Among the more notable disclosures which, if confirmed, “would rock the technology world”, the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

• NOTE: From what I’ve read, this compromise involves first compromising the phone in question and as such is not an attack on the apps themselves.

• Kreb’s coverage

• Krebs says: “The documents for the most part don’t appear to include the computer code needed to exploit previously unknown flaws in these products, although WikiLeaks says those exploits may show up in a future dump. This collection is probably best thought of as an internal corporate wiki used by multiple CIA researchers who methodically found and documented weaknesses in a variety of popular commercial and consumer electronics.”

• Krebs also says: “Some of the exploits discussed in these leaked CIA documents appear to reference full-on, remote access vulnerabilities. However, a great many of the documents I’ve looked at seem to refer to attack concepts or half-finished exploits that may be limited by very specific requirements — such as physical access to the targeted device.”

• See also Espionage vs. Surveillance

• Best advice: patch your shit, secure physical access, it is not as bad as WikiLeaks is making it out to be.

Feedback

• VLANing vs. subnetting

• [Just getting into freebsd](https://slexy.org/view/s2GHEJe0zR

• Bacula disk autochanger

• Blocking ip from attempting connections to postfix email server

  • https://techarena51.com/index.php/confiigure-fail2ban-block-brute-force-ips-scanning-postfix-logs/

  • WordPress and Fail2ban

Round Up:

• Year 2036/2038 problems

• Vibrator Maker To Pay Millions Over Claims It Secretly Tracked Use

• These are the 24 Senators that introduced a bill to let telecoms sell your private internet history

• EFF Applauds Amazon For Pushing Back on Request for Echo Data

• If Your iPhone is Stolen, These Guys May Try to iPhish You

• internet-connected backup drive was not password protected – contains military data

• Congratulations @freebsdfndation for the @Intel partnership and $250,000 donation!

• The CIA’s “Development Tradecraft DOs and DON’Ts”

• Nintendo Switch ships with unpatched 6-month-old WebKit vulnerabilities

• exploit toolkit for the Nintendo Switch

+Silent Data Corruption Is Real

The post Don’t Panic & P your S | TechSNAP 310 first appeared on Jupiter Broadcasting.

On today\’s show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Tailoring OpenBSD for an old, strange computer

• The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU
• Obviously he had to install some kind of BSD on it!
• This post goes through all his efforts of trimming down OpenBSD to work on such a limited device
• He goes through the trial and error of \”compile, break it, rebuild, try again\”
• After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working

pkgsrcCon and BSDCan

• pkgsrccon is \”a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\”
• This year it will be on June 21st and 22nd
• The schedule is still being worked out, so if you want to give a talk, submit it
• BSDCan\’s schedule was also announced
• We\’ll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more
• Kris\’ presentation was accepted!
• Tons of topics, look forward to the recorded versions of all of them hopefully!

Two factor auth with pushover

• A new write-up from our friend Ted Unangst
• Pushover is \”a web hook to smartphone push notification gateway\” – you sent a POST to a web server and it sends a code to your phone
• His post goes through the steps of editing your login.conf and setting it all up to work
• Now you can get a two factor authenticated login for ssh!

The status of GNOME 3 on BSD

• It\’s no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems
• OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use
• This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast
• A few recent posts from some GNOME developers show that they\’re finally working with the BSD guys to improve portability
• The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us – it\’s a beautiful thing
• This goes right along with our interview today!

This episode was brought to you by

Interview – Joe Marcus Clark – marcus@freebsd.org

The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics

Tutorial

The FreeBSD Ports Collection

News Roundup

DragonflyBSD 3.8 goals and 3.6.1 release

• The Dragonfly team is thinking about what should be in version 3.8
• On their bug tracker, it lists some of the things they\’d like to get done before then
• In the meantime, 3.6.1 was released with lots of bugfixes

NYCBSDCon 2014 wrap-up piece

• We\’ve got a nice wrap-up titled \”NYCBSDCon 2014 Heats Up a Cold Winter Weekend\”
• The author also interviews GNN about the conference
• There\’s even a little \”beginner introduction\” to BSD segment
• Includes a mention of the recently-launched journal and lots of pictures from the event

FreeBSD and Linux, a comparative analysis

• GNN in yet another story – he gave a presentation at the NYLUG about the differences between FreeBSD and Linux
• He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \”distros,\” development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences
• Serves as a good introduction you can show your Linux friends

PCBSD CFT and weekly digest

• Upgrade tools have gotten a major rewrite
• You have to help test it, there is no choice! Read more here
• How dare Kris be \”unimpressed with\” freebsd-update and pkgng!?
• Various updates and fixes

Feedback/Questions

• Jeffrey writes in: https://slexy.org/view/s213KxUdVj
• Shane writes in: https://slexy.org/view/s20lwkjLVK
• Ferdinand writes in: https://slexy.org/view/s21DqJs77g
• Curtis writes in: https://slexy.org/view/s20eXKEqJc
• Clint writes in: https://slexy.org/view/s21XMVFuVu
• Peter writes in: https://slexy.org/view/s20Xk05MHe

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Our email backlog is totally caught up now, so email us all your questions!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Port Authority | BSD Now 26 first appeared on Jupiter Broadcasting.