Show Notes: linuxunplugged.com/451

The post The NixOS Challenge | LINUX Unplugged 451 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/440

The post Saving Podcasting from Centralization | LINUX Unplugged 440 first appeared on Jupiter Broadcasting.

Craig Wright claims he’s Satoshi Nakamoto, the creator of Bitcoin & while the Internet doubts his claims, a few key Bitcoin personalities believe him. We’ll get you up to speed on this fascinating story.

Plus the long term negative impact of self driving cars, the Rock’s got a clock & Windows 95 like you’ve never seen it before!

Then our Kickstarter of the week & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Dwayne ‘The Rock’ Johnson just released a motivational alarm clock app
• Hulu is working on a live TV service for cord-cutters
• Warren Buffett says that self-driving cars will be bad for insurance companies | The Verge
• Someone got Windows 95 running on an Apple Watch
• Satoshi Nakamoto – Bitcoin Creator Revealed – YouTube
• Australian Craig Wright comes out as Bitcoin creator – YouTube
• Craig Wright is not Satoshi Nakamoto
• Shutthefuckup by theogoodman
• Andresen Denies Hacking as GitHub Access Limited – Bitcoin News
• Craig Wright Will Move Satoshi’s Bitcoins “Soon” – The Merkle

Kickstarter of the Weeeeeeeek

• OPLØFT – Make your desk height-adjustable by OPLØFT — Kickstarter

The post Bitcoin, I am Your Father | TTT 242 first appeared on Jupiter Broadcasting.

Bitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out & what we really know.

Then, ‘In Patches We Trust: Why Security Updates have to get better’, a great batch of questions, a huge round up & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

WIRED thinks they found Bitcoin’s Creator Satoshi Nakamoto

• Since that pseudonymous figure first released bitcoin’s code on January 9th, 2009, Nakamoto’s ingenious digital currency has grown from a nerd novelty to a kind of economic miracle. As it’s been adopted for everything from international money transfers to online narcotrafficking, the total value of all bitcoins has grown to nearly $5 billion.
• Nakamoto himself, whoever he is, appears to control a stash of bitcoins easily worth a nine-figure fortune (it rose to more than a billion at the cryptocurrency’s peak exchange rate in 2014).
• In the last weeks, WIRED has obtained the strongest evidence yet of Satoshi Nakamoto’s true identity. The signs point to Craig Steven Wright.
• Gizmodo thinks it was actually two people
• A monthlong Gizmodo investigation has uncovered compelling and perplexing new evidence in the search for Satoshi Nakamoto, the pseudonymous creator of Bitcoin.

• According to a cache of documents provided to Gizmodo which were corroborated in interviews, Craig Steven Wright, an Australian businessman based in Sydney, and Dave Kleiman, an American computer forensics expert who died in 2013, were involved in the development of the digital currency.

• Wired’s “Evidence”

• An August 2008 post on Wright’s blog, months before the November 2008 introduction of the bitcoin whitepaper on a cryptography mailing list. It mentions his intention to release a “cryptocurrency paper,” and references “triple entry accounting,” the title of a 2005 paper by financial cryptographer Ian Grigg that outlines several bitcoin-like ideas.

• A post on the same blog from November, 2008 includes a request that readers who want to get in touch encrypt their messages to him using a PGP public key apparently linked to Satoshi Nakamoto. This key, when checked against the database of the MIT server where it was stored, is associated with the email address satoshin@vistomail.com, an email address very similar to the satoshi@vistomail.com address Nakamoto used to send the whitepaper introducing bitcoin to a cryptography mailing list.
• An archived copy of a now-deleted blog post from Wright dated January 10, 2009, which reads: “The Beta of Bitcoin is live tomorrow. This is decentralized… We try until it works.” (The post was dated January 10, 2009, a day after Bitcoin’s official launch on January 9th of that year. But if Wright, living in Eastern Australia, posted it after midnight his time on the night of the 9th, that would have still been before bitcoin’s launch at 3pm EST on the 9th.) That post was later replaced with the rather cryptic text “Bitcoin — AKA bloody nosey you be…It does always surprise me how at times the best place to hide [is] right in the open.” Sometime after October of this year, it was deleted entirely.
• In addition to those three blog posts, they received a cache of leaked emails, transcripts, and accounting forms that corroborate the link.

• Another clue as to Wright’s bitcoin fortune wasn’t leaked to WIRED but instead remains hosted on the website of the corporate advisory firm McGrathNicol: a liquidation report on one of several companies Wright founded known as Hotwire, an attempt to create a bitcoin-based bank. It shows that the startup was backed in June 2013 by $23 million in bitcoins owned by Wright. That sum would be worth more than $60 million today.

• Reported bitcoin ‘founder’ Craig Wright’s home raided by Australian police

• On Wednesday afternoon, police gained entry to a home belonging to Craig Wright, who had hours earlier been identified in investigations by Gizmodo and Wired,

• People who say they knew Wright have expressed strong doubts about his alleged role, with some saying privately they believe the publications have been the victims of an elaborate hoax.
• More than 10 police personnel arrived at the house in the Sydney suburb of Gordon at about 1.30pm. Two police staff wearing white gloves could be seen from the street searching the cupboards and surfaces of the garage. At least three more were seen from the front door.
• The Australian Federal police said in a statement that the raids were not related to the bitcoin claims. “The AFP can confirm it has conducted search warrants to assist the Australian Taxation Office at a residence in Gordon and a business premises in Ryde, Sydney. This matter is unrelated to recent media reporting regarding the digital currency bitcoin.”
• The documents published by Gizmodo appear to show records of an interview with the Australian Tax Office surrounding his tax affairs in which his bitcoin holdings are discussed at length.
• During the interview, the person the transcript names as Wright says: “I did my best to try and hide the fact that I’ve been running bitcoin since 2009 but I think it’s getting – most – most – by the end of this half the world is going to bloody know.”
• Guardian Australia has been unable to independently verify the authenticity of the transcripts published by Gizmodo, or whether the transcript is an accurate reflection of the audio if the interview took place. It is also not clear whether the phrase “running” refers merely to the process of mining bitcoin using a computer.
• The purported admission in the transcript does not state that Wright is a founder of the currency, but other emails that Gizmodo claim are from Wright suggest further involvement he may have had in the development of bitcoin.
• The emails published by Gizmodo cannot been verified. Comment has been sought from Sinodinos on whether he was contacted by Wright – or his lawyer – in relation to bitcoin and its regulatory and taxation status in Australia.
• A third email published by Gizmodo from 2008 attributes to Wright a comment where he said: “I have been working on a new form of electronic money. Bit cash, bit coin …”
• WikiLeaks on Twitter: “We assess that Craig S Wright is unlikely to be the principal coder behind Bitcoin.” https://t.co/nRnftKPjm9”
• Additional Coverage: Freedom Hacker

In Patches We Trust: Why Security Updates have to get better

• “How long do you put off restarting your computer, phone, or tablet for the sake of a security update or software patch? All too often, it’s far too long”
• Why do we delay?
• I am in the middle of something
• The update might break something
• I can’t waste a bunch of time dealing with fixing it if it doesn’t work
• I hate it when they move buttons around on me
• Installing the update makes the device unusable for 20+ minutes
• “Patches are good for you. According to Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented by applying a security patch”
• “The problem is that far too many have experienced a case when a patch has gone disastrously wrong. That’s not just a problem for the device owner short term, but it’s a lasting trust issue with software giants and device makers.”
• We have all seen examples of bad patches
• “Apple’s iOS 8.0.1 update was meant to fix initial problems with Apple’s new eight generation mobile operating system, but killed cell service on affected phones — leaving millions stranded until a fix was issued a day later. Google had to patch the so-called Stagefright flaw, which affected every Android device, for a second time after the first fix failed to do the job. Meanwhile, Microsoft has seen more patch recalls in the past two years than in the past decade.”
• “Microsoft, for example, issued 135 security bulletins this year alone with thousands of separate vulnerabilities patched. All it takes is one or two patches to fail or break something — which has happened — to account for a 1 percent failure rate.”
• Users get “update fatigue”, If every time they go to use the computer, there is a new update for one or more of: Java, Flash, Chrome, Skype, Windows, etc.
• Worse, many drivers and other programs now add their own utilities, “update managers” and so on. Lenovo and Dell have both recently had to patch their “update managers” because they actually make your system more vulnerable
• Having a slew of different programs constantly nagging the user about updating just causes the user to stop updating everything, or to put the updates off for longer and longer
• “At the heart of any software update is a trust relationship between the user and the company. When things go wrong, it can affect thousands or millions of users. Just ignoring the issue and pulling patches can undermine a user’s trust, which can damage the future patching process.”
• “Customers don’t always expect vendors to be 100 percent perfect 100 percent of the time, or at least they shouldn’t,” said Childs. “However, if vendors are upfront and honest about the situation and provide actionable guidance, it goes a long way to reestablishing the trust that has been lost over the years.”

New APT group identified, known as Sofacy, or Fancy Bear

• “Sofacy (also known as “Fancy Bear”, “Sednit”, “STRONTIUM” and “APT28”) is an advanced threat group that has been active since around 2008, targeting mostly military and government entities worldwide, with a focus on NATO countries. More recently, we have also seen an increase in activity targeting Ukraine.”
• “Back in 2011-2012, the group used a relatively tiny implant (known as “Sofacy” or SOURFACE) as its first stage malware. The implant shared certain similarities with the old Miniduke implants. This led us to believe the two groups were connected, at least to begin with, although it appears they parted ways in 2014, with the original Miniduke group switching to the CosmicDuke implant.”
• “In the months leading up to August, the Sofacy group launched several waves of attacks relying on zero-day exploits in Microsoft Office, Oracle Sun Java, Adobe Flash Player and Windows itself. For instance, its JHUHUGIT implant was delivered through a Flash zero-day and used a Windows EoP exploit to break out of the sandbox. The JHUHUGIT implant became a relatively popular first stage for the Sofacy attacks and was used again with a Java zero-day (CVE-2015-2590) in July 2015.
  While the JHUHUGIT (and more recently, “JKEYSKW”) implant used in most of the Sofacy attacks, high profile victims are being targeted with another first level implant, representing the latest evolution of their AZZYTrojan.”
• This shows how APT attackers constantly evolve, and reserve their best exploits for use against high profile targets, using lesser quality exploits on lesser targets, to avoid the better exploits being discovered and mitigated
• “The first versions of the new AZZY implant appeared in August of this year. During a high profile incident we investigated, our products successfully detected and blocked a “standard” Sofacy “AZZY” sample that was used to target a range of defense contractors.”
• “Interestingly, the fact that the attack was blocked didn’t appear to stop the Sofacy team. Just an hour and a half later they had compiled and delivered another AZZY x64 backdoor. This was no longer detectable with static signatures by our product. However, it was detected dynamically by the host intrusion prevention subsystem when it appeared in the system and was executed.”
• “This recurring, blindingly-fast Sofacy attack attracted our attention as neither sample was delivered through a zero-day vulnerability — instead, they appeared to be downloaded and installed by another malware. This separate malware was installed by an unknown attack as “AppData\Local\Microsoft\Windows\msdeltemp.dll””
• The attackers have multiple levels of malware, and can cycle through them until something works, then use that to drop a payload that matches the quality of the target they are attacking
• “In addition to the new AZZY backdoors with side-DLL for C&C, we observed a new set of data-theft modules deployed against victims by the Sofacy group. Among the most popular modern defense mechanisms against APTs are air-gaps — isolated network segments without Internet access, where sensitive data is stored. In the past, we’ve seen groups such as Equation and Flame use malware to steal data from air-gapped networks. The Sofacy group uses such tools as well. The first versions of these new USB stealer modules appeared around February 2015 and the latest appear to have been compiled in May 2015.”
• “This data theft module appears to have been compiled in May 2015 and is designed to watch removable drives and collect files from them, depending on a set of rules defined by the attackers. The stolen data is copied into a hidden directory as “%MYPICTURES%\%volume serial number%“, from where it can be exfiltrated by the attackers using one of the AZZY implants. More details on the new USB stealers are available in the section on technical analysis.”
• “Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena. This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day. At the beginning of August, Sofacy began a new wave of attacks, focusing on defense-related targets. As of November 2015, this wave of attacks is ongoing. The attackers deploy a rare modification of the AZZY backdoor, which is used for the initial reconnaissance. Once a foothold is established, they try to upload more backdoors, USB stealers as well as other hacking tools such as “Mimikatz” for lateral movement.”
• Lateral movement is a more generic term for Island Hopping, moving around inside the network once you get through the outer defenses
• “Two recurring characteristics of the Sofacy group that we keep seeing in its attacks are speed and the use of multi-backdoor packages for extreme resilience. In the past, the group used droppers that installed both the SPLM and AZZY backdoors on the same machine. If one of them was detected, the other one provided the attacker with continued access.”
• “As usual, the best defense against targeted attacks is a multi-layered approach. Combine traditional anti-malware technologies with patch management, host intrusion detection and, ideally, whitelisting and default-deny strategies.”

Feedback:

• Backup solution….. Help!

• Replicate to Freenas at in-laws

• ddos

• ZFS on the Desktop

Round Up:

• A journal for MD/RAID5 Fixes old Linux RAID issue?
• Adobe releases Flash patch for 79 different CVEs, 56 of which are use-after-frees. Adobe says none of the patched vulnerabilities are being exploited publicly. Adobe also patched a dozen memory corruption vulnerabilities, two heap buffer overflows, stack, integer and buffer overflow vulnerabilities, in additional to security bypass flaws and a type confusion vulnerability
• When Undercover Credit Card Buys Go Bad — Krebs on Security
• Microsoft moving Windows Server 2016 to per-core licensing (compared to current per-socket)
• Steam tightens trading security amid 77,000 monthly account hijackings
• On the CCA (in)security of MTProto, How Telegram’s crypto is not as good as standard crypto
• Adobe, Microsoft Each Plug 70+ Security Holes — Krebs on Security
• oclHashcat can now crack 8 different TrueCrypt ciphers for the price of 3
• Microsoft Patch Tuesday includes revoking *.xboxlive.com certificate after it was accidently leaked
• Interview about the ‘Crypto Wars’ with Matt Blaze, the man to killed the Clipper Chip by finding its flaws
• FBI admits it uses stingrays, zero-day exploits
• Cloud is outsourcing but it’s not outsourcing (as was)
• After UAE bank fails to pay ransom, attack dumps 10s of thousands of customers transaction histories online
• Cisco warns of one ‘Critical’, and a number of ‘High’ severity flaw in its routers and other devices
• More Than 80% of Mobile Apps Have Encryption Flaws, Study Finds
• An HTTP Status Code to Report Legal Obstacles
• Millions of embedded devices including routers, smart TVs, and cell phones, still have not patched uPNP bug from 2012, including 326 apps on the Google Apps Store, including some very popular apps
• 7 signs you’re doing devops wrong
• DN42, a massive dynamic VPN, specifically for testing and learning about routing protocols
• Funny KGB story

The post Finding Nakamoto | TechSNAP 244 first appeared on Jupiter Broadcasting.

We chat with Jesse Heaslip one of the team members from Bex.io, they aim to provide a end-to-end solution to setup your own Bitcoin exchange. Is the solution to the Gox problem hundreds, or even thousands of small Bitcoin exchanges?

Plus Avalon customers suspect the company of pre-mining with their hardware for weeks, a new and stronger theory on Satoshi Nakamoto’s true identity, the good news for Litecoin, and more!

Downloads:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

— Support the Show —

If you enjoyed this episode, found value or information from it, please consider contributing using Bitcoin. Each episode gets its own unique Bitcoin address so by tipping you\’re not only making our continued efforts possible but telling us what you liked. Our episode specific address is listed at the bottom of the show notes.

— Feedback —

• ASICs and a 51% attack?

• USB ASICs

• Coinstar Kiosks and Bitcoin

• Namcoin – Building on Bitcoin

• What are Namecoins and .bit domains?

It is based on exactly the same code as Bitcoin. In fact, the two currencies are almost identical. However, in the same way that Bitcoin is a decentralised currency that cannot be shut down; Namecoin is the basis for a decentralised domain name system (DNS), i.e. web URLs, which could put a stop to Internet censorship.

• What have we done with our LTC?

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

• Bex.io || Own your own Bitcoin Exchange

We do the tech. You do the rest. Bex removes all the technical complexity of running a Bitcoin Exchange.

• Erik Voorhees – The Role of Bitcoin as Money – Bitcoin 2013 Conference

Erik is a well-known member of the Bitcoin community forum (screen name- evoorhees), and is CEO of Coinapult, based in Panama City. Furthermore, Erik is also a partner in a couple top-secret super-subversive Bitcoin-based projects and coordinates the Free State Bitcoin Consortium group among liberty activists in New Hampshire.

• Erik Voorhees (ErikVoorhees) on Twitter

• Kenya Primed For Wide-Scale Bitcoin Adoption – Thx to Todd for Sending.

One locale stands out as particularly primed for widespread adoption: Kenya. Africa today has one of the fastest growing mobile phone markets in the world with 20% annual growth and 93% of Kenyan households owning mobile phones. What makes Kenya a particularly unique case for bitcoin is that it is also a world leader in mobile payment usage.

• NSA paper, 1996: \”How To Make A Mint: The Cryptography of Anonymous Electronic Cash\”. One referenced crypto expert is named Tatsuaki Okamoto. : Bitcoin

• Comment Thread Has Indications It Could be Satoshi .

Okamoto worked with Adi Shamir (co-creator of RSA) and is proficient in C++.

• Running on Karma–P2P Reputation and Currency Systems – Committee Chair: Tatsuaki Okamoto

• Avalon is officially mining with customers\’ ASICS before delivering them.

• Is Avalon mining with customer hardware? Answer is here.

Today I finally received my units from Feb. 2 order. One unit was almost clean, while other one is moderate dusty. After checking all connections and desoldering F1 fuse, I started to configure units. First unit has been tuned to ozco.in and that is not surprise, cos same config was on my unit from batch one. Second unit has more interesting config:
https://puu.sh/3hrak.png
As you can see, first pool is eligius.st and most important is address: https://blockchain.info/address/1AYdAw8CcrQ2wx55LTbFHRn5bxgNZhaRLW?offset=0&filter=0
716.40851602 BTC was mined from April 22 by various units. And only gods know, how much was mined on ozco.in.
So, regardles what said Yifu, the answer is: YES, Team Avalon is mining with customer units.

Litecoin Update:

• Litecoin Core Development Fundraising Meets Goal

A big sponsor who wishes to be anonymous is willing to support the Litecoin Development Team. They are offering a challenge grant where if we receive an additional 5,000 LTC in community donations by June 18th noon GMT, the anonymous sponsor will match with an additional 5,000 LTC. These combined funds will go a long way toward enabling long-term development of the Litecoin software and related vendor integration tools.

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

The post Be Your Own Bitcoin Exchange | Plan B 11 first appeared on Jupiter Broadcasting.