Show Notes: linuxunplugged.com/383

The post Murder of a Distro | LINUX Unplugged 383 first appeared on Jupiter Broadcasting.

##Win
Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).

To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to feedback@bsdnow.tv with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.
Only one item to win. All decisions are final. Better luck next time.

##Headlines
###Battle of the Schedulers: FreeBSD ULE vs. Linux CFS

Introduction
This paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.
Operating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.
In fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.
ULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.

Performance analysis
We now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.
Overall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).
When the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.
The performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.
This behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.

Conclusion
Scheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.

###OpenBSD 6.3 on Tuxedo InfinityBook

Disclaimer:
I came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.

OpenBSD on the Tuxedo InfinityBook
I’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not – and possibly look into it.+

Within a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag

The InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:

Intel Core i7-8550U
1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT
250 GB Samsung 860 EVO (M.2 SATAIII)

I used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.

The installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).

Out of the box the graphics works and once installed the machine presents the login.

Video
When X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.

External video is working just fine as well. Either via hdmi output or via the mini displayport connector.

The buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.

Networking
The infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.

ACPI
Neither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:

LCD on/off works (fn+f2)
Keyboard backlight dimming works (fn+f4)
Volume (fn+f5 / fn+f6) works

Sound
The azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.

Touchpad
Can be controlled via wsconsctl(8).
So far I must say, that the InfinityBook makes a nice machine – and I’m enjoying working with it.

iXsystems
iXsystems – Its all NAS

###How ZFS makes things like ‘zfs diff’ report filenames efficiently

As a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.
In theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.
The interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.
If you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:
When a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.
Before I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).
The current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.

##News Roundup
###What is FreeBSD? Why Should You Choose It Over Linux?

Not too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.

In the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.

FreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.

BSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.

What’s FreeBSD Good For?

FreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.

FreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!

FreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.

FreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.

FreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.

FreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.

Why Should You Choose It over Linux?

From what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.

FreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.

Unlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.

FreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.

FreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.

Apart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.

FreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.

FreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.

Both the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.
What is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.

###PS4 5.05 BPF Double Free Kernel Exploit Writeup

Introduction
Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.
This bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes – WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.

Assumptions
Some assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work – more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.

Background
This section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()’s” section if you’re already familiar with this material.

What Are Drivers?
There are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD – the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) – though they can also be used just for software purposes.
There are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space – this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 – typically the most privileged state.
Drivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.

The BPF Device Driver
If we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox – it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.

What Are Packet Filters?
Below is an excerpt from the 4.55 bpfwrite writeup.
Since the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode – this is why read/write access to /dev/bpf should be privileged.

Race Conditions
Race conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well – when it’s used properly.
Locking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) – and they can give an attacker very powerful bugs to work with.

Heap Spraying
The process of heap spraying is fairly simple – allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.
By extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” – the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it – then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.

Follow the link to read more of the article
DigitalOcean
https://do.co/bsdnow

###OpenBSD gains Wi-Fi “auto-join”

In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:

CVSROOT: /cvs
Module name: src
Changes by: phessler@cvs.openbsd.org 2018/07/11 14:18:09

Modified files:
sbin/ifconfig : ifconfig.8 ifconfig.c
sys/net80211 : ieee80211_ioctl.c ieee80211_ioctl.h
ieee80211_node.c ieee80211_node.h
ieee80211_var.h

Log message:
Introduce ‘auto-join’ to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join “wepnetwork” nwkey “12345”
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I’ve been in for the last 3 years
The usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).

Thanks to Peter for working on this feature – something many a Wi-Fi using OpenBSD user will be able to benefit from.

###FreeBSD Jails the hard way
There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.

This post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.

For this guide, I’m going to be putting my jails in /usr/local/jails.

I’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.

I’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.

Full Jail
Make a directory for the jail, or a zfs dataset if you prefer.
Download the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.
Update your FreeBSD base install.
Verify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.
Make sure you jail has the right timezone and dns servers and a hostname in rc.conf.
Edit jail.conf with the details about your jail.
Start and login to your jail.
11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.

Creating a template
Create a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.
Update your template with freebsd-update.
Verify your install
And that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.

Deploying a template with ZFS snapshots
Create a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.
Clone the snapshot to a new jail.
Configure the jail hostname.
Add the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.
Start the jail.
The downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.

Follow the link to see the rest of the article about
Thin jails using NullFS mounts
Simplifying jail.conf
Hopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.

##Beastie Bits

Meetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!
The next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now
Linux Geek Books – Humble Bundle
Extend loader(8) geli support to all architectures and all disk-like devices
Upgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi
The pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages
NetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards
Recently released CDE 2.3.0 running on Tribblix (Illumos)
An Interview With Tech & Science Fiction Author Michael W Lucas
A reminder : MeetBSD CFP
EuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania
Tarsnap

##Feedback/Questions

Wilyarti – Adblocked on FreeBSD Continued…
Andrew – A Question and a Story
Matthew – Thanks
Brian – PCI-E Controller
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Because Computers | BSD Now 2^8 first appeared on Jupiter Broadcasting.

Headlines

DragonFlyBSD: release52 (w/stable HAMMER2, as default root)

• DragonflyBSD 5.2.1 was released on May 21, 2018
• > Big Ticket items:
  

  Meltdown and Spectre mitigation support
  Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectremitigation and machdep.meltdownmitigation.
  HAMMER2
  H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
  Clustered support is not yet available.
  ipfw Updates
  Implement state based “redirect”, i.e. without using libalias.
  ipfw now supports all possible ICMP types.
  Fix ICMPMAXTYPE assumptions (now 40 as of this release).
  Improved graphics support
  The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
  Add 24-bit pixel format support to the EFI frame buffer code.
  Significantly improve fbio support for the “scfb” XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
  Partly implement the FBIOBLANK ioctl for display powersaving.
  Syscons waits for drm modesetting at appropriate places, avoiding races.

PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I’ve published it under the “FreeBSD” folder and not the “PS4” folder.

• Introduction

Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it’s exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found here. I’ve previously covered the webkit exploit implementation for userland access here.

• FreeBSD or Sony’s fault? Why not both…

Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it’s not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) – though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).


seg000:FFFFFFFFA181F15B lea rdi, unk_FFFFFFFFA2D77640
seg000:FFFFFFFFA181F162 lea r9, aBpf ; "bpf"
seg000:FFFFFFFFA181F169 mov esi, 0
seg000:FFFFFFFFA181F16E mov edx, 0
seg000:FFFFFFFFA181F173 xor ecx, ecx
seg000:FFFFFFFFA181F175 mov r8d, 1B6h
seg000:FFFFFFFFA181F17B xor eax, eax
seg000:FFFFFFFFA181F17D mov cs:qword_FFFFFFFFA34EC770, 0
seg000:FFFFFFFFA181F188 call make_dev


We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.

• Race Conditions – What are they?

The class of the bug abused in this exploit is known as a “race condition”. Before we get into bug specifics, it’s important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or “global”). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.

Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a “lock”. If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they’re done with it, failure to do so could result in a deadlock.

While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don’t want to put too much code in between locking and unlocking as it can impact performance.

• See article for the rest

iXsystems

Remote Debugging the running OpenBSD kernel

• Subtitled: A way to understand the OpenBSD internals
  +> The Problem
  +> A few month ago, I tried porting the FreeBSD kdb along with it’s gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.
  +> But sadly I got very busy and the work is stalled but I’m planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.
  +> Installing OpenBSD on Qemu
  +> For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.

  $ qemu-img create -f raw disk.raw 5G
  $ qemu-system-x8664 -m 256M \
  -drive format=raw,file=install63.fs \
  -drive format=raw,file=disk.raw
  +> Custom Kernel
  +> To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:
  …
  +> Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.
  +> Remote debugging kernel
  +> Now it’s to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:
  $ qemu-system-x8664 -m 256M -s \
  -net nic -net user \
  -drive format=raw,file=install63.fs \
  +> Now to finally attach to the running kernel:

Interview – Patrick Mooney – Software Engineer pmooney@pfmooney.com / @pfmooney

• BR: How did you first get introduced to UNIX?
• AJ: What got you started contributing to an open source project?
• BR: What sorts of things have you worked on in the past?
• AJ: Can you tell us more about what attracted you to illumos?
• BR: How did you get interested in, and started with, systems development?
• AJ: When did you first get interested in bhyve?
• BR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?
• AJ: What was the process for getting the bhyve port caught up to current FreeBSD?
• BR: How usable is bhyve on illumOS?
• AJ: What area are you most interested in improving in bhyve?
• BR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?
• AJ: What do you do for fun?
• BR: Anything else you want to mention?

News Roundup

Setting up buildbot in FreeBSD Jails

In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism “jails”. We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.

• Table of contents

  • Choosing host operating system and version for buildbot
  • Create a FreeBSD playground
  • Introduction to jails
  • Overview of buildbot
  • Set up jails
  • Install buildbot master
  • Run buildbot master
  • Install buildbot worker
  • Run buildbot worker
  • Set up web server nginx to access buildbot UI
  • Run your first build
  • Production hints
  • Finished!

• Choosing host operating system and version for buildbot

We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.

It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.

Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.

Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.

• See article for the rest

DigitalOcean

Dumping your USB

One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:

“`

tcpdump -Xx -i usb0

tcpdump: listening on usb0, link-type USBPCAP
12:28:03.317945 bus 0 < addr 1: ep1 intr 2
0000: 0400 ..

12:28:03.318018 bus 0 > addr 1: ep0 ctrl 8
0000: 00a3 0000 0002 0004 00 ………
[…]
“`

As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap’s DLTUSB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLTUSBFREEBSD.
But I didn’t want to embrace xkcd #927, so I look at the existing formats: DLTUSBFREEBSD, DLTUSBLINUX, DLTUSBLINUXMMAPPED, DLTUSBDARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.
Implementing an already existing format gives us out-of-box support for all the tools supporting it. That’s why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:

“`

tcpdump -s 3303 -w usb.pcap -i usb0

tcpdump: listening on usb0, link-type USBPCAP
^C
208 packets received by filter
0 packets dropped by kernel
“`

USB packets can be quite big, that’s why I’m not using tcpdump(8)’s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.
It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.

Run OpenBSD on your web server

• Deploy and login to your OpenBSD server first.

As soon as you’re there you can enable an httpd(8) daemon, it’s already installed on OpenBSD, you just need to configure it:

www# vi /etc/httpd.conf

• Add two server sections—one for www and another for naked domain (all requests are redirected to www).

“`
server “www.example.com” {
listen on * port 80
root “/htdocs/www.example.com”
}

server “example.com” {
listen on * port 80
block return 301 “https://www.example.com$REQUEST_URI”
}
“`

• httpd is chrooted to /var/www by default, so let’s make a document root directory:

www# mkdir -p /var/www/htdocs/www.example.com

• Save and check this configuration:


www# httpd -n
configuration ok


• Enable httpd(8) daemon and start it.


www# rcctl enable httpd
www# rcctl start httpd


• Publish your website

• Copy your website content into /var/www/htdocs/www.example.com and then test it your web browser.

https://XXX.XXX.XXX.XXX/

Your web server should be up and running.

• Update DNS records

If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.

Now as your new server is ready you can update DNS records accordingly.


example.com. 300 IN A XXX.XXX.XXX.XXX
www.example.com. 300 IN A XXX.XXX.XXX.XXX


• Examine your DNS is propagated.

$ dig example.com www.example.com

• Check IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.

• What’s next? Enable HTTPS on your server.

Modern Akonadi and KMail on FreeBSD

For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.

I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.

Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):

sysctl net.local.stream.recvspace=65536
sysctl net.local.stream.sendspace=65536

The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.

Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).

PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.

Beastie Bits

• pkg-provides support for DragonFly (from Rodrigo Osorio)
• Memories of writing a parser for man pages
• Bryan Cantrill interview over at DeveloperOnFire podcast
• 1978-03-25 – 2018-03-25: 40 years BSD Mail
• My 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD
• Sequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux
• University of Aberdeen’s Internet Transport Research Group is hiring

Tarsnap ad

Feedback/Questions

• Dave – mounting non-filesystem things inside jails
• Morgan – ZFS on Linux Data loss bug
• Rene – How to keep your ISP’s nose out of your browser history with encrypted DNS
• Rodriguez – Feedback question! Relating to Windows

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Show Me The Mooney | BSD Now 248 first appeared on Jupiter Broadcasting.

Is a new wave of tech savvy Linux users coming? Chris makes his case & why distributions like Linux Mint won’t be ready for it.

Plus updates from some of our favorite projects, Linux on the PS4 & a quick look at the Fedora 24 beta.

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• Linus Torvalds: Why Choose a Career in Linux and Open Source – YouTube

Follow Up / Catch Up

Linux Running on Playstation 4 Revealed By Hacker Fail overflow, Playstation Jailbreak Could Actually Boost Sales of the Console!

Therefore, when hackers announced earlier in December that it is possible to jailbreak the PlayStation 4, it came out as quite an achievement. This step has been taken further by another group of hackers name failoverflow. They have jailbroken a PS4 and further loaded it with Linux.

Sony Orbis OS is run by the Sony console and it is based on Linux FreeBSD. It was further reported by Engadget that this hack exploits the Webkit bug in order to gain access to the kernel. It also works on Orbis version 1.74. It is also a much older version than the current 3.11 on the PS4. Moreover, the bug has since been patched.

However, it seems like the hacker group’s method can be tailored to further work on future consoles. The first thing done by the group during the jailbreak demonstration was running a Game Boy Advance emulator on the Linux PS4. At the same time, they fired up a copy of Pokemon Emerald.

• Here’s A PS4 Jailbreak with Linux Support [Video]

Solus to Offer Users a Brand-New and Modern Graphical Package Manager

“There is no getting around the fact that the Software Center in Solus 1.1 sucks,” said Josh Strobl. “Software discoverability and ease-of-use for installation of software is incredibly important to us and we want to tackle it with urge__ncy. So we’re doing something about it now, this cycle, and it is going to be amazing.”

SSL Certificate Expired – Manjaro Linux

Our SSL certificate has once again expired. We are waiting for a new one to be issued (while also looking at more sustainable alternatives, i.e. Let’s Encrypt). If you’re having problems accessing any of the sites please use a different browser profile, or Private/Incognito Browsing. You will then be able to add a temporary exception.

Kind regards,
The Manjaro Development Team

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Dogfooding Unity 8

Fedora 24 Beta released!

This new release also features GNOME 3.20. There have been changes to the theming API in GTK+ 3. At this time the API is under heavy development and will not remain stable. As a result, applications that use custom CSS theming for example, may have rendering issues. This could include default applications that come with Fedora 24 Beta Workstation. We request that users try out their favorite GTK+ 3 based applications and report bugs to the upstream developers so they can be fixed in time for the final release.

• Fedora 24 Beta Looks Nice, But Will They Ever Stop Mucking Up Anaconda?

• Introducing the extra wallpapers for Fedora 24

TING

• Ting – mobile that makes sense

Linux Mint: Too Big to Fail?

• Linux Mint 18 Is Getting a Brand New Look

• Linux Mint 18 Will Ship Without Multimedia Support – Slashdot

Linux Mint 18 will no longer provide separate, codec-free installation media for OEM and magazine distribution. Instead, the distribution will ship without multimedia support while making it easy for users to acquire media codecs during the initial installation of the operating system. “OEM installation disks and NoCodec images will no longer be released. Instead, similar to other distributions, images will ship without codecs and will support both traditional and OEM installations. This will reduce our release cycle to 4 separate events and the production and testing of 12 ISO images. Multimedia codecs can be installed easily: From the welcome screen, by clicking on “Multimedia Codecs”, or from the main menu, by clicking on “Menu”->”Sound and Video”->”Install Multimedia Codecs”, or during the installation process, by clicking a checkbox option.” Additional information on the upcoming release of Linux Mint 18 can be found in the project’s monthly newsletter.

Why Mint? We checked the Internet and….

When I reflect on why I’ve chosen Mint over Ubuntu in recent years, it came down to:

• Seriously disliking Unity. (But now I can install Cinnamon packages on Ubuntu easily.)

• Easy ability to play DVD’s. (But it just got a tiny bit harder; not significantly.)

• Wanting to give Shuttleworth the middle finger regarding forcing Unity down people’s throats. (But I think my finger has now been extended long enough.)

• The Linux Mint Blog » Blog Archive » Monthly News – April 2016

As part of the “xapps” initiative, which aims to produce cross-desktop and cross-distribution software, we also released the following applications:

• A media player based on totem, called xplayer.
• A text editor based on pluma, called xed.
• A picture viewer based on eog, called xviewer.
• A document reader based on atril, called xreader.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Krita 2016: Let’s Make Text and Vector Art Awesome! by Krita Foundation

Krita is the free and open source painting application used by artists all over the world. Let’s create awesome text and vector tools!

Support Jupiter Broadcasting on Patreon

The post Flavorless Mint | LINUX Unplugged 144 first appeared on Jupiter Broadcasting.

Our world has forever changed with Microsoft’s announcement of SQL server for Linux. We get a little nostalgic. Plus a look at the new OwnCloud release & updates on some of our favorite projects.

Then we take a look at Shashlik which promises to transparently run Android apps on your Linux desktop & more!

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

A brand new look for future Kodi versions

As you will see the main eye catcher is the whole new home screen which will guide you through all the main sections that are available.

Mozilla Eyes IoT Devices in Plans for Linux-Based Open Source OS

On March 1, Mozilla’s Senior Vice President for Connected Devices, Ari Jaaski, _announced_that the open source organization seeks to “develop, test and evaluate” four IoT software projects. They include Project Link, Project Sensor Web, Project Smart Home and Project Vaani.

fail0verflow on Twitter: “We’ve released the PS4 kexec-style code to load the Linux kernel from Orbis OS.

• ps4-kexec: Implementation of the kexec system call for PS4

This repo implements a kexec()-style system call for the PS4 Orbis kernel
(FreeBSD derivative). This is designed to boot a Linux kernel directly from
FreeBSD.

I just wanted to put out a quick update about bounties!

So far, elementary has paid out over $14,000 to developers fixing bugs.

• elementary – Bountysource

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

ownCloud 9.0 Released with Major Enhancements, Brings Federation to a New Level

W__ith ownCloud 9.0, organizations and institutions like CERN and AARNet will be able to integrate deeply their massive ownCloud installations with various storage solutions and their infrastructure, thanks to the addition of a new storage API (Application Programming Interface) that allows for unimaginable scaling levels.

TING

• Ting – mobile that makes sense

Announcing SQL Server on Linux

Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.

• Microsoft joins the Eclipse Foundation and brings more tools to the community | The Visual Studio Blog

Microsoft is taking its relationship with the Eclipse community to the next level by joining the Eclipse Foundation as a Solutions Member. Joining the Eclipse Foundation enables us to collaborate more closely with the Eclipse community, deliver a great set of tools and services for all development teams, and continuously improve our cloud services, SDKs and tools.

Linux Academy

• Linux Academy | Linux and AWS Online Training

What is Shashlik?

The goal of Shashlik is to provide a way to run Android applications on a standard Linux desktop as easily and simply as possible.

• Shashlik brings Android apps to Linux, and you can try it today

Essentially, Shashlik runs Android in the background on your Linux system. (Shashlik developers are working on stripping down Android as much as possible.) OpenGL and graphics code are rendered directly on your Linux system for speed, but Shashlik provides an Android activity manager, daemons, and intents so Android apps will work properly.

But Shashlik isn’t just an emulator—it aims to provide a more native experience. When you install an Android app, Shashlik will extract its icon and create a menu entry so you can launch that Android app just like you’d launch any other Linux desktop app. All the Android emulation happens behind the scenes.

Post-Show:

• Audiobook – ArchWiki

Support Jupiter Broadcasting on Patreon

The post Microsoft's SeQueL to Linux | LINUX Unplugged 135 first appeared on Jupiter Broadcasting.

Facebook pushes back that it’s been hacked, the PS4 has been jailbroken & Congress snuck a surveillance bill into the federal budget last night.

Plus the FCC wants to talk to T-Mobile and AT&T about their sponsored data plans & our Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

• FauxShow SWAG for the Holidays

Show Notes:

— Episode Links —

• Developer Claims ‘PS4 Officially Jailbroken’ – Slashdot
• The Netflix Tech Blog: Per-Title Encode Optimization
• Regulators want to talk to AT&T, Comcast and T-Mobile about sponsored data – The Washington Post
• Congress snuck a surveillance bill into the federal budget last night | The Verge
• Instagram HACKED! Researcher Hacked Into Instagram Server and Admin Panel
• Man arrested in toymaker hack that exposed data for millions of kids | Ars Technica
• Windows’ authentication ‘flaw’ exposed in detail • The Register

Kickstarter of the Week:

• Fleye – Your Personal Flying Robot by Fleye — Kickstarter

Fleye is a whole new kind of drone. Safe, fun and autonomous. Invent the future of flying robots thanks to its open API and SDK.

The post Instahacked & Jailbroken | TTT 227 first appeared on Jupiter Broadcasting.

LastPass discloses it’s been compromised, we discuss the scope of the hack & what our best and worst options are moving forward.

Plus a recap of the most interesting things from E3 so far & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• LastPass Security Notice | The LastPass Blog
• Microsoft unveils new $150 Xbox One Elite controller—and we’ve held it | Ars Technica
• Microsoft is building a special version of Minecraft for HoloLens | The Verge
• Microsoft is also partnering with Valve for VR on Windows 10
• The Kinect is dead | Polygon
• LeanChair: The portable, reclining standing desk by Wayne Yeager — Kickstarter
• Nintendo Digital Event @ E3 2015 – YouTube
• “For the Love of Spock” – A Documentary Film by Adam Nimoy — Kickstarter

The post LostPass | Tech Talk Today 183 first appeared on Jupiter Broadcasting.

Microsoft’s big announcement is moments away, and we round up the expectations and potential surprises from the event. Plus Popcorn time gives users a built in VPN, Crypto ransomware for Android and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

Headlines

How to Watch Microsoft\’s E3 Show Live, and What to Expect

Microsoft\’s E3 event is its biggest opportunity to distinguish the Xbox One from the PlayStation 4 and help close the gap on Sony\’s sales lead. Still, with a newly-appointed CEO and Phil Spencer now heading the company\’s Xbox division, there\’s no telling what Microsoft has in store

\’Popcorn Time\’ Gives Users Anonymity With a Free Built-In VPN

One of the Popcorn Time forks has included a free VPN option in its software, allowing users to hide their IP-addresses from the public, This feature is a response to copyright trolls, who regularly send settlement requests to users who pirate movies via BitTorrent.

“WARNING Your phone is locked!” Crypto ransomware makes its debut on Android

Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.

Google Chrome overtakes Microsoft\’s Internet Explorer as most-used US web browser

A report released by Adobe Digital Index (ADI) analyzing the market share of web browsers has shown Google\’s freeware is up 6 percent year-over-year, trouncing Internet Explorer – once a lone internet leader – which is sitting at 30.9 percent.

Support Tech Talk Today creating DAILY PODCASTS

Feedback:

• Twitter / jphilipz: @ChrisLAS please add rss feeds

Unfilter Shirt: Unfilter Episode 100 Shirt! | Teespring

Hosts:

Guest:

• Twitter Nunes

Chris:

• Twitter ChrisLAS
• Google+ +ChrisFisher

The post E3 Pre-Show | Tech Talk Today 5 first appeared on Jupiter Broadcasting.

Is the Xbox One the next big App platform? We’ll share theories. Plus where do books fit in for self education? Are they too slow, or is there a place for the printed medium in a rapidly developing industry?

Plus a batch of your emails, our follow up, and more!

Thanks to:

• Help the DigitalOcean community by submitting articles and get paid $50 per published piece!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• Akshay’s Email
• Alex’s Email

• Jed jumps in on the ergonomics / standing desk chat

• How’s the Surface Pro going?

Dev World Hoopla

• Chris and Mike get some new threads
• XBox When?

Books for Learning Programming

• The thread that got me thinking
• Are books too slow?
• Have Code School and similar services made programming books obsolete?
• Did they ever really make a whole lot of sense?

Book of the Week

[asa]0385474547[/asa]
[asa]1451654960[/asa]

• Who Owns the Future Audio Book

Follow the hosts and the show:

• FingertipTech on Twitter

• Email the show

• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post The Big Xbone | CR 77 first appeared on Jupiter Broadcasting.

This week we\’ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\’s future plans and much more. After that, if you\’ve ever wondered what all this SSH stuff is about, today\’s tutorial has got you covered. We\’ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\’s presentation video
• Most of us never get to see the dev summit talks since they\’re only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an \”OpenBSD for Linux users\” talk at a Michigan Unix Users Group.
• He says \”Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\”
• Really informative presentation, pretty long, answers some common questions at the end

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer\’s room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It\’ll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!

FreeBSD foundation\’s year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year

Interview – Amitai Schlair – schmonz@netbsd.org / @schmonz

• The NetBSD Foundation, pkgsrc, future plans
• Can you start off by telling us a little bit about who you are and how you got involved with BSD in general?
• What are all your roles with the NetBSD project? What \”hats\” do you wear?
• What kind of tasks are assigned to the foundation? What does being on the board entail?
• Since you\’re also very involved with pkgsrc, could you give us a brief overview of what pkgsrc is, and how it compares to something like ports?
• What\’s planned for the next big release of NetBSD, and when can we expect it?
• In what ways do you personally use NetBSD? Desktops, servers, toasters? All of the above?
• If some of our listeners want to get involved with NetBSD and pkgsrc, where would you recommend they go to help out?
• How can people find you? Anything else you\’d like to mention?
• https://twitter.com/schmonz

Tutorial

A guide to SSH and tmux

• OpenSSH and tmux, a match made in heaven
• This guide shows how to do basic tasks with SSH
• Persistent sessions with tmux increase productivity

News Roundup

PS4 released

• Sony\’s Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they\’re using
• Always good to see BSD being so widespread

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes

pbulk builds made easy

• NetBSD\’s pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM

Feedback/Questions

• Peter writes in: https://slexy.org/view/s21oh3vP7t
• Kjell-Aleksander writes in: https://slexy.org/view/s21zfqcWMP
• Jordan writes in: https://slexy.org/view/s2ZmW77Odb
• Christian writes in: https://slexy.org/view/s2BZq7xiyo
• entransic writes in: https://slexy.org/view/s21xrk0M4k

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Collecting SSHells | BSD Now 12 first appeared on Jupiter Broadcasting.

Stinging from a Build conference hangover, the guys focus on their current disappoints with Microsoft.

Then Mike gets a new OYUA box and has a few surprises, plus your emails, and more!

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• Mikes email: Three step plan
• Nehemiah asks what impact DDR5 RAM will have on the PS4

Xbox One < WinRT?

• This week at Microsoft: Build, Windows 8.1, and a new plan for startups – The Next Web

The key gist is simple: this week, Microsoft made its pitch to developers to build for its two key, and connected, platforms, Windows and Windows Phone. The shared Windows core of each was an obviously important topic both in keynotes, and sessions.

• Microsoft Build 2013 event wrap-up

In a nutshell, this was our experience covering Microsoft Build 2013 this week at the Moscone Center.

• News: Microsoft exec explains \’meaningless PS4 specs\’ comment – ComputerAndVideoGames.com

\”I\’m not diminishing Sony\’s performance claims and I wasn\’t trying to be arrogant or dismissive,\” Penello wrote in a NeoGAF thread which reacted to his initial comment: \”The problem is that Sony decided to go out and publish a bunch of numbers, which are in some ways meaningless\”.

Retake: OYUA

[asa]B0050SZD18[/asa]

• Ouya Reviews: Android-Based Ouya Gaming Console | BostInno

On paper, the specs of the next-gen Android console seem formidable enough. The Ouya runs on a vidia Tegra 3 Quad-core 1.7GHz CPI and is accompanied by a 520MHz Nvidia GeForce ULP GPU, offers 1GB DDR3 memory and 8GB of internal flash memory storage, operates on Android 4.1 Jelly Bean with a custom Oyua user interface, and features a wireless controller.

[asa]B00BGGDVOO[/asa]

Pick of the Week:

• Sublime Blog » Sublime Text 3 Public Beta

The post Microsoft’s in a Funk | CR 56 first appeared on Jupiter Broadcasting.

Mike and Chris discuss the tough choices that have to be made when the hardware or software you depend on, is killed by the creator.

Plus a few more thoughts on the OUYA, the PS4 impresses but Mike’s cautious, your emails, and much more!

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• Bill from episode 10 asks:

Afraid attaching myself too much into one language maybe isn\’t the best thing for a newbie
programmer. And if i learned many things from a language i despised (java), i imagine it\’s in my best interested to try a new language as well.

Start more projects in C or try some ruby / python / go? (if i go to a new language, i\’m leaning at GO)”

• Kyle asks about the Go language for desktop apps
• Daniel asks “what happened with the Ouya”

Hoopla:

Revisiting the OUYA

• OUYA releases new E3 Firmware Update – Haverzine

OUYA has just released a brand new firmware update in time for E3 (yes, E3 madness continues) that brings about some much needed new features and improvements.

Indie Devs Hope for PS4 Love

• News: Indie dev snubs Xbox One for PS4 – ComputerAndVideoGames.com

Indie publisher and developer Curve has issued an official press release to declare its \’focus on PS4 development\’ following \”the lack of independent support currently announced from Microsoft and the Xbox One.\”

• E3 2013: Indie Developers Continue to Choose PlayStation – PlayStation.Blog

We also reaffirmed our dedication to independent developers and their ability to self-publish on PlayStation. We\’ve increased our efforts in a huge way to bring unique gaming experiences to PlayStation platforms, and as we just revealed, we have an excellent lineup of games coming to the PlayStation 4 from the indie development community.

Oops! I’ve built my business around an abandoned platform!

• The Mac that Thunderbolt built: The newly compact Mac Pro | Apple – CNET News

High-speed ports mean that Apple is moving expansion outside the chassis for its high-end machines. It\’s a departure for the Mac Pro, but it\’s in line with decades of Apple thinking.

• Apple Mac Pro: Does Expandability Really Matter? | News & Opinion | PCMag.com

Yes, you can connect USB 3.0 drives, Thunderbolt hard drives, and PCIe to Thunderbolt expansion boxes to the new Mac Pro. Expansion boxes like the ones from Sonnet and OWC let you pull the video input or graphics output card to your Thunderbolt Mac. They can also let you connect multiple eSATA drives to a Thunderbolt Mac if your company has standardized on eSATA drives.

• E3 2013: Sony shows impressive indie line-up on PS4 | Game Development | News by Develop

Sony has demonstrated a convincing commitment to indie at its E3 press conference, calling numerous independent developers to the stage as it insisted that small studios and self publishing are vital to the PlayStation 4.

The post Pining for Tux | CR 54 first appeared on Jupiter Broadcasting.

Things get real this episode as the guys look at the market pressures that are creating the conditions for a console like the Ouya, and it’s discounted software titles. Plus Mike’s results from playing the “free” game.

Plus observations from the shuttering of LucasArts, and the drama of an always on future, your questions, and much more!

Thanks to:

GoDaddy.com Use our code coder295 to get a .COM for $2.95.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes —

Feedback

• Khali asks if we think Jolla will take off
• Brandon’s email: Culture Clash

• Nehemiah shares some QML buttons

• Ashish writes:

Now, onto the Ouya. I am not the biggest fan of The Verge, they really like to go down on Apple\’s \’little Apple\’. But they did bring up one good point: because all the games need a free version, most games are plauged by nagging for DLC and freemium content with ads. That\’s a huge loss and would drive anybody insane, and would discredit the Ouya as a \’serious\’ gaming platform. Another thing is I don\’t think Ouya\’s upgrade frequency will help them, the way that processors are exponentially getting faster, people will start expecting better and better graphics. And devs would find it hard to keep both ends of the spectrum, high graphics and compatibility with old versions of the console, in balance.

Also, I don\’t think that you have the demographic that will buy the Ouya correct. Gamers will still buy consoles and PCs, but the WalMart crowd that buys cheapo tablets and smartphones would love the Ouya and all of it\’s free games.)

• Chrome / Blink feedback

• Join the Coder Radio Sbureddit

Mike’s Grand Experiment:

• mdominick.com – Thank You!

Code Journal has done extremely well on the Mac App Store recently. It reached as high as number 31 for free apps overall and number 2 in its category. Needless to say I was shocked by the sheer number of users downloading the app

LucasArts Shutdown:

• Disney Shuts Down LucasArts, Cancels Star Wars 1313 And Star Wars: First Assault

\”After evaluating our position in the games market, we\’ve decided to shift LucasArts from an internal development to a licensing model, minimizing the company\’s risk while achieving a broader portfolio of quality Star Wars games,\” LucasArts parent company LucasFilm said in a statement. \”

Always Online:

• Microsoft Xbox 720 – An always online model could lead to always offline business – Capital Technologies

But recent reports indicate that the idea behind the working of the Microsoft Xbox 720 could cause big problems to the company in terms of sales, popularity and revenue. Recent reports indicate that the Microsoft Xbox 720 will always have to be connected to the internet in order to use the gaming console. So even if you are playing alone at home, you will still need an internet connection to keep the console running.

• Adam “Always Online” Orth no longer employed at Microsoft | Ars Technica

With a public Twitter account comes great responsibility—a good rule of thumb is that you shouldn\’t tweet anything your mother or your boss would object to seeing. According to GameInformer, Microsoft Creative Director Adam Orth\’s tone-deaf comments regarding his inability to understand why rumors of an always-connected Xbox were causing some customers angst have led to his becoming former Microsoft Creative Director Adam Orth.

Follow the show

• Email the show
• Join the Coder Radio Sbureddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Great App Recession | CR 45 first appeared on Jupiter Broadcasting.

Yahoo disappoints Mike and Chris with their high-profile announcement that all remote workers must return to their cubes. We’ll get into why this encourages a culture of “B-Players”, and serves as a disservice to the entire industry.

Plus the awkward gadget habit our jobs can force us to have, the possibilities Sony’s PS4 could present indie game devs, an honest look at the Chrome Pixel, and much more!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes —

Feedback

• Oliver is moving away from Rails to Play
• I confused Dave re the OracleJDK and OpenJDK
• Re my iPhone 5

Dev World Hoopla

• No more remote work at Yahoo by David of 37signals
• Xamarin Studio
• Indie devs flock to PS4 to self-publish, how The Witness became PS4 exclusive
• Chrome Pixel
• Chromebook Pixel review

Tool of the Week

• TM Theme Editor

Pick of the week

• TechSNAP 100 Shirt

Follow the show

• Email the show
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Office Hours | CR 38 first appeared on Jupiter Broadcasting.