Show Notes/Links: https://www.bsdnow.tv/349

The post Entropy Overhaul | BSD Now 349 first appeared on Jupiter Broadcasting.

Bitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out & what we really know.

Then, ‘In Patches We Trust: Why Security Updates have to get better’, a great batch of questions, a huge round up & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

WIRED thinks they found Bitcoin’s Creator Satoshi Nakamoto

• Since that pseudonymous figure first released bitcoin’s code on January 9th, 2009, Nakamoto’s ingenious digital currency has grown from a nerd novelty to a kind of economic miracle. As it’s been adopted for everything from international money transfers to online narcotrafficking, the total value of all bitcoins has grown to nearly $5 billion.
• Nakamoto himself, whoever he is, appears to control a stash of bitcoins easily worth a nine-figure fortune (it rose to more than a billion at the cryptocurrency’s peak exchange rate in 2014).
• In the last weeks, WIRED has obtained the strongest evidence yet of Satoshi Nakamoto’s true identity. The signs point to Craig Steven Wright.
• Gizmodo thinks it was actually two people
• A monthlong Gizmodo investigation has uncovered compelling and perplexing new evidence in the search for Satoshi Nakamoto, the pseudonymous creator of Bitcoin.

• According to a cache of documents provided to Gizmodo which were corroborated in interviews, Craig Steven Wright, an Australian businessman based in Sydney, and Dave Kleiman, an American computer forensics expert who died in 2013, were involved in the development of the digital currency.

• Wired’s “Evidence”

• An August 2008 post on Wright’s blog, months before the November 2008 introduction of the bitcoin whitepaper on a cryptography mailing list. It mentions his intention to release a “cryptocurrency paper,” and references “triple entry accounting,” the title of a 2005 paper by financial cryptographer Ian Grigg that outlines several bitcoin-like ideas.

• A post on the same blog from November, 2008 includes a request that readers who want to get in touch encrypt their messages to him using a PGP public key apparently linked to Satoshi Nakamoto. This key, when checked against the database of the MIT server where it was stored, is associated with the email address satoshin@vistomail.com, an email address very similar to the satoshi@vistomail.com address Nakamoto used to send the whitepaper introducing bitcoin to a cryptography mailing list.
• An archived copy of a now-deleted blog post from Wright dated January 10, 2009, which reads: “The Beta of Bitcoin is live tomorrow. This is decentralized… We try until it works.” (The post was dated January 10, 2009, a day after Bitcoin’s official launch on January 9th of that year. But if Wright, living in Eastern Australia, posted it after midnight his time on the night of the 9th, that would have still been before bitcoin’s launch at 3pm EST on the 9th.) That post was later replaced with the rather cryptic text “Bitcoin — AKA bloody nosey you be…It does always surprise me how at times the best place to hide [is] right in the open.” Sometime after October of this year, it was deleted entirely.
• In addition to those three blog posts, they received a cache of leaked emails, transcripts, and accounting forms that corroborate the link.

• Another clue as to Wright’s bitcoin fortune wasn’t leaked to WIRED but instead remains hosted on the website of the corporate advisory firm McGrathNicol: a liquidation report on one of several companies Wright founded known as Hotwire, an attempt to create a bitcoin-based bank. It shows that the startup was backed in June 2013 by $23 million in bitcoins owned by Wright. That sum would be worth more than $60 million today.

• Reported bitcoin ‘founder’ Craig Wright’s home raided by Australian police

• On Wednesday afternoon, police gained entry to a home belonging to Craig Wright, who had hours earlier been identified in investigations by Gizmodo and Wired,

• People who say they knew Wright have expressed strong doubts about his alleged role, with some saying privately they believe the publications have been the victims of an elaborate hoax.
• More than 10 police personnel arrived at the house in the Sydney suburb of Gordon at about 1.30pm. Two police staff wearing white gloves could be seen from the street searching the cupboards and surfaces of the garage. At least three more were seen from the front door.
• The Australian Federal police said in a statement that the raids were not related to the bitcoin claims. “The AFP can confirm it has conducted search warrants to assist the Australian Taxation Office at a residence in Gordon and a business premises in Ryde, Sydney. This matter is unrelated to recent media reporting regarding the digital currency bitcoin.”
• The documents published by Gizmodo appear to show records of an interview with the Australian Tax Office surrounding his tax affairs in which his bitcoin holdings are discussed at length.
• During the interview, the person the transcript names as Wright says: “I did my best to try and hide the fact that I’ve been running bitcoin since 2009 but I think it’s getting – most – most – by the end of this half the world is going to bloody know.”
• Guardian Australia has been unable to independently verify the authenticity of the transcripts published by Gizmodo, or whether the transcript is an accurate reflection of the audio if the interview took place. It is also not clear whether the phrase “running” refers merely to the process of mining bitcoin using a computer.
• The purported admission in the transcript does not state that Wright is a founder of the currency, but other emails that Gizmodo claim are from Wright suggest further involvement he may have had in the development of bitcoin.
• The emails published by Gizmodo cannot been verified. Comment has been sought from Sinodinos on whether he was contacted by Wright – or his lawyer – in relation to bitcoin and its regulatory and taxation status in Australia.
• A third email published by Gizmodo from 2008 attributes to Wright a comment where he said: “I have been working on a new form of electronic money. Bit cash, bit coin …”
• WikiLeaks on Twitter: “We assess that Craig S Wright is unlikely to be the principal coder behind Bitcoin.” https://t.co/nRnftKPjm9”
• Additional Coverage: Freedom Hacker

In Patches We Trust: Why Security Updates have to get better

• “How long do you put off restarting your computer, phone, or tablet for the sake of a security update or software patch? All too often, it’s far too long”
• Why do we delay?
• I am in the middle of something
• The update might break something
• I can’t waste a bunch of time dealing with fixing it if it doesn’t work
• I hate it when they move buttons around on me
• Installing the update makes the device unusable for 20+ minutes
• “Patches are good for you. According to Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented by applying a security patch”
• “The problem is that far too many have experienced a case when a patch has gone disastrously wrong. That’s not just a problem for the device owner short term, but it’s a lasting trust issue with software giants and device makers.”
• We have all seen examples of bad patches
• “Apple’s iOS 8.0.1 update was meant to fix initial problems with Apple’s new eight generation mobile operating system, but killed cell service on affected phones — leaving millions stranded until a fix was issued a day later. Google had to patch the so-called Stagefright flaw, which affected every Android device, for a second time after the first fix failed to do the job. Meanwhile, Microsoft has seen more patch recalls in the past two years than in the past decade.”
• “Microsoft, for example, issued 135 security bulletins this year alone with thousands of separate vulnerabilities patched. All it takes is one or two patches to fail or break something — which has happened — to account for a 1 percent failure rate.”
• Users get “update fatigue”, If every time they go to use the computer, there is a new update for one or more of: Java, Flash, Chrome, Skype, Windows, etc.
• Worse, many drivers and other programs now add their own utilities, “update managers” and so on. Lenovo and Dell have both recently had to patch their “update managers” because they actually make your system more vulnerable
• Having a slew of different programs constantly nagging the user about updating just causes the user to stop updating everything, or to put the updates off for longer and longer
• “At the heart of any software update is a trust relationship between the user and the company. When things go wrong, it can affect thousands or millions of users. Just ignoring the issue and pulling patches can undermine a user’s trust, which can damage the future patching process.”
• “Customers don’t always expect vendors to be 100 percent perfect 100 percent of the time, or at least they shouldn’t,” said Childs. “However, if vendors are upfront and honest about the situation and provide actionable guidance, it goes a long way to reestablishing the trust that has been lost over the years.”

New APT group identified, known as Sofacy, or Fancy Bear

• “Sofacy (also known as “Fancy Bear”, “Sednit”, “STRONTIUM” and “APT28”) is an advanced threat group that has been active since around 2008, targeting mostly military and government entities worldwide, with a focus on NATO countries. More recently, we have also seen an increase in activity targeting Ukraine.”
• “Back in 2011-2012, the group used a relatively tiny implant (known as “Sofacy” or SOURFACE) as its first stage malware. The implant shared certain similarities with the old Miniduke implants. This led us to believe the two groups were connected, at least to begin with, although it appears they parted ways in 2014, with the original Miniduke group switching to the CosmicDuke implant.”
• “In the months leading up to August, the Sofacy group launched several waves of attacks relying on zero-day exploits in Microsoft Office, Oracle Sun Java, Adobe Flash Player and Windows itself. For instance, its JHUHUGIT implant was delivered through a Flash zero-day and used a Windows EoP exploit to break out of the sandbox. The JHUHUGIT implant became a relatively popular first stage for the Sofacy attacks and was used again with a Java zero-day (CVE-2015-2590) in July 2015.
  While the JHUHUGIT (and more recently, “JKEYSKW”) implant used in most of the Sofacy attacks, high profile victims are being targeted with another first level implant, representing the latest evolution of their AZZYTrojan.”
• This shows how APT attackers constantly evolve, and reserve their best exploits for use against high profile targets, using lesser quality exploits on lesser targets, to avoid the better exploits being discovered and mitigated
• “The first versions of the new AZZY implant appeared in August of this year. During a high profile incident we investigated, our products successfully detected and blocked a “standard” Sofacy “AZZY” sample that was used to target a range of defense contractors.”
• “Interestingly, the fact that the attack was blocked didn’t appear to stop the Sofacy team. Just an hour and a half later they had compiled and delivered another AZZY x64 backdoor. This was no longer detectable with static signatures by our product. However, it was detected dynamically by the host intrusion prevention subsystem when it appeared in the system and was executed.”
• “This recurring, blindingly-fast Sofacy attack attracted our attention as neither sample was delivered through a zero-day vulnerability — instead, they appeared to be downloaded and installed by another malware. This separate malware was installed by an unknown attack as “AppData\Local\Microsoft\Windows\msdeltemp.dll””
• The attackers have multiple levels of malware, and can cycle through them until something works, then use that to drop a payload that matches the quality of the target they are attacking
• “In addition to the new AZZY backdoors with side-DLL for C&C, we observed a new set of data-theft modules deployed against victims by the Sofacy group. Among the most popular modern defense mechanisms against APTs are air-gaps — isolated network segments without Internet access, where sensitive data is stored. In the past, we’ve seen groups such as Equation and Flame use malware to steal data from air-gapped networks. The Sofacy group uses such tools as well. The first versions of these new USB stealer modules appeared around February 2015 and the latest appear to have been compiled in May 2015.”
• “This data theft module appears to have been compiled in May 2015 and is designed to watch removable drives and collect files from them, depending on a set of rules defined by the attackers. The stolen data is copied into a hidden directory as “%MYPICTURES%\%volume serial number%“, from where it can be exfiltrated by the attackers using one of the AZZY implants. More details on the new USB stealers are available in the section on technical analysis.”
• “Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena. This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day. At the beginning of August, Sofacy began a new wave of attacks, focusing on defense-related targets. As of November 2015, this wave of attacks is ongoing. The attackers deploy a rare modification of the AZZY backdoor, which is used for the initial reconnaissance. Once a foothold is established, they try to upload more backdoors, USB stealers as well as other hacking tools such as “Mimikatz” for lateral movement.”
• Lateral movement is a more generic term for Island Hopping, moving around inside the network once you get through the outer defenses
• “Two recurring characteristics of the Sofacy group that we keep seeing in its attacks are speed and the use of multi-backdoor packages for extreme resilience. In the past, the group used droppers that installed both the SPLM and AZZY backdoors on the same machine. If one of them was detected, the other one provided the attacker with continued access.”
• “As usual, the best defense against targeted attacks is a multi-layered approach. Combine traditional anti-malware technologies with patch management, host intrusion detection and, ideally, whitelisting and default-deny strategies.”

Feedback:

• Backup solution….. Help!

• Replicate to Freenas at in-laws

• ddos

• ZFS on the Desktop

Round Up:

• A journal for MD/RAID5 Fixes old Linux RAID issue?
• Adobe releases Flash patch for 79 different CVEs, 56 of which are use-after-frees. Adobe says none of the patched vulnerabilities are being exploited publicly. Adobe also patched a dozen memory corruption vulnerabilities, two heap buffer overflows, stack, integer and buffer overflow vulnerabilities, in additional to security bypass flaws and a type confusion vulnerability
• When Undercover Credit Card Buys Go Bad — Krebs on Security
• Microsoft moving Windows Server 2016 to per-core licensing (compared to current per-socket)
• Steam tightens trading security amid 77,000 monthly account hijackings
• On the CCA (in)security of MTProto, How Telegram’s crypto is not as good as standard crypto
• Adobe, Microsoft Each Plug 70+ Security Holes — Krebs on Security
• oclHashcat can now crack 8 different TrueCrypt ciphers for the price of 3
• Microsoft Patch Tuesday includes revoking *.xboxlive.com certificate after it was accidently leaked
• Interview about the ‘Crypto Wars’ with Matt Blaze, the man to killed the Clipper Chip by finding its flaws
• FBI admits it uses stingrays, zero-day exploits
• Cloud is outsourcing but it’s not outsourcing (as was)
• After UAE bank fails to pay ransom, attack dumps 10s of thousands of customers transaction histories online
• Cisco warns of one ‘Critical’, and a number of ‘High’ severity flaw in its routers and other devices
• More Than 80% of Mobile Apps Have Encryption Flaws, Study Finds
• An HTTP Status Code to Report Legal Obstacles
• Millions of embedded devices including routers, smart TVs, and cell phones, still have not patched uPNP bug from 2012, including 326 apps on the Google Apps Store, including some very popular apps
• 7 signs you’re doing devops wrong
• DN42, a massive dynamic VPN, specifically for testing and learning about routing protocols
• Funny KGB story

The post Finding Nakamoto | TechSNAP 244 first appeared on Jupiter Broadcasting.

A new trick up Fedora’s sleeve might be worth trying on your own Linux install, the new mini-pc revolution is here & the Raspberry Pi Zero brings it for $5. Adobe announces the death of Flash… Kind of. But we’ll share how to finish the job & truly banish flash from your Linux rig.

Plus open source gaming just got an upgrade, GIMP has some fancy & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• Offline Media solution for the Rover / Bandwidth challenged.

• Emby? tablet/PC?

• Plex and Plex Pass on a tablet?

• rsync and vlc on a laptop?

• Amazon.com: Kingston Digital 5-in-1 Mobile Companion, Expanded Storage, 4640 mAh Battery Charger, and more for iOS and Android devices (MLWG2): Computers & Accessories

Follow Up / Catch Up

Warsow 2.0 Released With Better Graphics, CC-Licensed Game Assets

Warsow 2.0 adds a tutorial level to help new gamers, many graphical effects were revamped, weapon parameters were tweaked, new HUDs, and many other changes.

The Warsow 2.0 renderer is reported to be 30~50% faster for overall performance, reduced vRAM footprint for textures, KTX texture format support, support for the GLSL binary cache, multi-threading to speed-up map loading, and many other interesting changes.

GIMP 2.9.2 Released

with 2.9.2, you can already benefit from certain aspects of the new engine, such as:

• 16/32bit per color channel processing
• Basic OpenEXR support
• On-canvas preview for many filters
• Experimental hardware-accelerated rendering and processing via OpenCL
• Higher-quality downscaling

Additionally, native support for PNG, TIFF, PSD, and FITS files in GIMP has been upgraded to read and write 16/32bit per color channel data.

• GIMP 2.9.2 Released, How About Features Trivia?

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

F24 System Wide Change: Default Local DNS Resolver – devel-announce – Fedora List Archives

Plain DNS protocol is insecure and therefore vulnerable from various
attacks (e.g. cache poisoning). A client can never be sure that there
is no man-in-the-middle, if it does not do the DNSSEC validation
locally.

We want to have Unbound server installed and running on localhost by
default on Fedora systems.

• Against DNSSEC — Quarrelsome

Linux Academy

• Linux Academy | Linux and AWS Online Training

The Mini PC Roundup

Raspberry Pi Zero: the $5 computer – Raspberry Pi

Today, I’m pleased to be able to announce the immediate availability of Raspberry Pi Zero, made in Wales and priced at just $5. Zero is a full-fledged member of the Raspberry Pi family, featuring:

• A Broadcom BCM2835 application processor
  • 1GHz ARM11 core (40% faster than Raspberry Pi 1)
• 512MB of LPDDR2 SDRAM
• A micro-SD card slot
• A mini-HDMI socket for 1080p60 video output
• Micro-USB sockets for data and power
• An unpopulated 40-pin GPIO header
  • Identical pinout to Model A+/B+/2B
• An unpopulated composite video header
• Our smallest ever form factor, at 65mm x 30mm x 5mm

Raspberry Pi Zero runs Raspbian and all your favourite applications, including Scratch, Minecraft and Sonic Pi. It is available today in the UK from our friends at The Pi Hut and Pimoroni, and in the US from Adafruit

Kodi on the $5 Raspberry Pi Zero

Omega – Onion

Omega is an invention platform for the Internet of Things. It comes WiFi-enabled and supports most of the popular languages such as Python and Node.JS. Omega makes hardware prototyping as easy as creating and installing software apps.

Dimensions: 28mm x 42mm
OS: OpenWRT Linux
Processor: 400MHz
RAM: 64MB DDR2
Flash: 16MB
Wireless: 802.11 b/g/n
Ports: 18 GPIO
Language: Python, Node.JS, PHP, Ruby, Lua and more…

Wireless Raspberry Pi speaker | Linux User & Developer – the Linux and FOSS mag for a GNU generation

AirPlay uses Apple technology that was reverse-engineered in 2011, which means that third-party devices can now participate in the fun. AirPlay allows any Apple device to broadcast whatever is coming out of its speakers to an AirPlay receiver (which will be our Pi in this case). There is a way to send audio from PulseAudio to AirPlay receivers

GeekBox | by geekbuying the Pioneering Versatile Open Source TV Box

The RK3368 is an Octa Core 64bit, ARM Cortex-A53 processor with PowerVR G6110 graphics chip, 28nm processing design, Support OPENGL ES 3.1. RK3368 with super video capabilities, 4K×2K, H.265 and HDMI 2.0@60Hz output support.

TING

• Ting – mobile that makes sense

Adobe kills the ‘Flash’ name after twenty years

Adobe revealed that the Flash product will be called Adobe Animate CC from January’s update of the Creative Cloud suite. There’s no explicit mention of what the browser plug-in will be called, but presumably it will mirror the change of name.

Support Jupiter Broadcasting on Patreon

The post Raspberry Pi Does What? | LINUX Unplugged 121 first appeared on Jupiter Broadcasting.

CISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster & why Google’s URLs are so crazy.

Plus some great questions, our answers, a rockin’ round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

CISA: “Cybersecurity Information (Over)Sharing Act“

• On Tuesday afternoon, the Senate voted 74 to 21 to pass a version of CISA that roughly mirrors legislation passed in the House earlier this year, paving the way for some combined version of the security bill to become law.
• CISA is designed to stem the rising tide of corporate data breaches by allowing companies to share cybersecurity threat data with the Department of Homeland Security, who could then pass it on to other agencies like the FBI and NSA.
• But privacy advocates and civil liberties groups see CISA as a free pass that allows companies to monitor users and share their information with the government without a warrant, while offering a backdoor that circumvents any laws that might protect users’ privacy.
• The version of CISA passed Tuesday, in fact, spells out that any broadly defined “cybersecurity threat” information gathered can be shared “notwithstanding any other provision of law.”
• Critics of CISA say the devil is in the details, or rather in the raft of amendments that may be added to the bill before it’s passed. The Center for Democracy & Technology (CDT), a nonprofit technology policy group based in Washington, D.C., has published a comprehensive breakdown of the proposed amendments and their potential impacts.
• CDT says despite some changes made to assuage privacy concerns, neither CISA as written nor any of its many proposed amendments address the fundamental weaknesses of the legislation. According to CDT, “the bill requires that any Internet user information volunteered by a company to the Department of Homeland Security for cybersecurity purposes be shared immediately with the National Security Agency (NSA), other elements of the Intelligence Community, with the FBI/DOJ, and many other Federal agencies – a requirement that will discourage company participation in the voluntary information sharing scheme envisioned in the bill.”
• On the surface, efforts to increase information sharing about the latest cyber threats seem like a no-brainer.
• If only there were an easier way, we are told, for companies to share so-called “indicators of compromise”
• In practice, however, there are already plenty of efforts — some public, some subscription-based — to collect and disseminate this threat data.
• How Krebs’ Sees it: the biggest impediment to detecting and responding to breaches in a more timely manner comes from a fundamental lack of appreciation.
• The most frustrating aspect of a legislative approach to fixing this problem is that it may be virtually impossible to measure whether a bill like CISA will in fact lead to more information sharing that helps companies prevent or quash data breaches.
• Rather than encouraging companies to increase their own cybersecurity standards, the professors wrote, “CISA ignores that goal and offloads responsibility to a generalized public-private secret information sharing network.”
• CISA Security Bill Passes Senate With Privacy Flaws Unfixed
• Additional Coverage: ThreatPost

Australian PLAID Crypto, ISO Conspiracies, and German Tanks

• PLAID (Protocol for Lightweight Authentication of ID), the Australian ‘unbreakable’ smart card identification protocol has been recently analyzed in this scientific paper
• Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on ‘home’ hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and… German tanks. See this entry on Matt Green’s crypto blog for a pleasant-to-read explanation.
• PDF: Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
• “when a reader queries the card, the reader initially transmits a set of capabilities that it will support (e.g., ‘hospital’, ‘bank’, ‘social security center’). If the PLAID card has been provisioned with a matching public key, it goes ahead and uses it. If no matching key is found, however, the card does not send an error — since this would reveal user-specific information. Instead, it fakes a response by encrypting junk under a special ‘dummy’ RSA public key (called a ‘shill key’) that’s stored within the card. And herein lies the problem.”
• “You see, the ‘shill key’ is unique to each card, which presents a completely new avenue for tracking individual cards. If an attacker can induce an error and subsequently fingerprint the resulting RSA ciphertext — that is, figure out which shill key was used to encipher it — they can potentially identify your card the next time they encounter you.”
• “To distinguish the RSA moduli of two different cards, the researchers employed of an old solution to a problem called the German Tank Problem. As the name implies, this is a real statistical problem that the allies ran up against during WWII. The problem can be described as follows: Imagine that a factory is producing tanks, where each tank is printed with a sequential serial number in the ordered sequence 1, 2, …, N. Through battlefield captures you then obtain a small and (presumably) random subset of k tanks. From the recovered serial numbers, your job is to estimate N, the total number of tanks produced by the factory.”
• But the story behind PLAID’s standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called “fast track” procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored.
• The author of the post contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID’s project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.
• The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a “cryptography” product can be approved at ISO without undergoing any real security scrutiny.
• A Few Thoughts on Cryptographic Engineering: Attack of the Week: Unpicking PLAID
• Bruce Schneier: Amateurs Produce Amateur Cryptography
  

Unguessable URLs for security and privacy

• This post on Bruce Schneier’s blog talks about how Google uses unguessable URLs to protect the photos you post
• Additional Coverage — The Verge: Google secures photos using public but unguessable URLs
• If you look at some of your private photos in “Google Photos”, you can right click on a photo, and copy the source URL
• That is a public URL, that anyone can access, if you share it
• The photos are available to anyone who types in the right string of characters
• The key is that that string of characters, is very long
• “So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 1070 different combinations to get the right one, a problem on an astronomical scale.”
• “There are enough combinations that it’s considered unguessable, It’s much harder to guess than your password”
• The same applies to facebook photos. If I have access to someone else’s photo, but the person I want to share it with does not (even have a facebook account), I can copy the source URL, rather than the facebook viewer URL, and share it with them
• Because traffic to and from Google Photos, and Facebook, is encrypted with HTTPS, someone cannot get the URLs of those photos by sniffing your traffic
• They could get the data from your browser history, or in other ways if your machine was compromised, but in those cases they’d have access to the photos anyway
• The only real problem here is that it can be hard to ‘revoke’ access to a photo. If you give this unguessable but public URL to someone, they can share it as much as they want, completely outside of your control
• Also, because CDNs and caches are used, even if you delete a photo, it might still be accessible by that URL, if someone already knows it
• Schneier notes: “It’s a perfectly valid security measure, although unsettling to some”

Feedback:

• Complicate FreeNAS box or Combine with Linux?

• Encrypting Windows Workstations. Want to use Bitlocker, but some machines don’t have a TPM chip.

• Connecting 2 FreeNAS over the internet

• PHP-FPM 100% CPU Load

• Book Review: “FreeBSD Mastery: ZFS”

• Buy your copy at: https://www.zfsbook.com/

Round up:

• Number of VPN servers at risk due to weak DH keys may be fewer than originally thought
• British Gas leak sees 2,400 customer passwords posted online
• Updates on the VMWare GPL violation law suite
• Top German official infected by highly advanced spy trojan with NSA ties
• Attackers are compromising MySQL servers with the Chikdos malware to force them to conduct DDoS attacks
• Rockwell patches PLCs that could be exploited via a malicious URL
• The impact of Netflix’s open source software development
• CEO Pride may get in the way of Cyber Security. TalkTalk as an example: “Our cybersecurity is head and shoulders above the competition” followed by “we have no legal obligation to encrypt customer bank details”
• New technology can steal your face
• Are Russians tapping undersea cables?
• TrueCrypt has critical vulnerability. Allows privilege escalation. While not a problem with the crypto, this could allow an attacker to take over your machine and gain access to the decrypted data
• US DoD and Military still using deprecated SHA-1 in TLS certificates

The post PLAID Falls Out of Fashion | TechSNAP 239 first appeared on Jupiter Broadcasting.

Google’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

After years of wondering, we can finally find out about Google’s Data Center Secrets

• “Google has long been a pioneer in distributed computing and data processing, from Google File System to MapReduce to Bigtable and to Borg. From the beginning, we’ve known that great computing infrastructure like this requires great datacenter networking technology.”
• “For the past decade, we have been building our own network hardware and software to connect all of the servers in our datacenters together, powering our distributed computing and storage systems. Now, we have opened up this powerful and transformative infrastructure for use by external developers through Google Cloud Platform.”
• ““We could not buy, for any price, a data-center network that would meet the requirements of our distributed systems,” Vahdat said. Managing 1,000 individual network boxes made Google’s operations more complex, and replacing a whole data center’s network was too disruptive. So the company started building its own networks using generic hardware, centrally controlled by software. It used a so-called Clos topology, a mesh architecture with multiple paths between devices, and equipment built with merchant silicon, the kinds of chips that generic white-box vendors use. The software stack that controls it is Google’s own but works through the open-source OpenFlow protocol.“
• “At the 2015 Open Network Summit, we are revealing for the first time the details of five generations of our in-house network technology.”
• “Our current generation — Jupiter fabrics — can deliver more than 1 Petabit/sec of total bisection bandwidth. To put this in perspective, such capacity would be enough for 100,000 servers to exchange information at 10Gb/s each, enough to read the entire scanned contents of the Library of Congress in less than 1/10th of a second.”
• “We use a centralized software control stack to manage thousands of switches within the data center, making them effectively act as one large fabric, arranged in a Clos topology”
• “We build our own software and hardware using silicon from vendors, relying less on standard Internet protocols and more on custom protocols tailored to the data center”
• “Putting all of this together, our datacenter networks deliver unprecedented speed at the scale of entire buildings. They are built for modularity, constantly upgraded to meet the insatiable bandwidth demands of the latest generation of our servers. They are managed for availability, meeting the uptime requirements of some of the most demanding Internet services and customers. Most importantly, our datacenter networks are shared infrastructure. This means that the same networks that power all of Google’s internal infrastructure and services also power Google Cloud Platform. We are most excited about opening this capability up to developers across the world so that the next great Internet service or platform can leverage world-class network infrastructure without having to invent it.”
• ““The amount of bandwidth that we have to deliver to our servers is outpacing even Moore’s Law,” Vahdat said. Over the past six years, it’s grown by a factor of 50. In addition to keeping up with computing power, the networks will need ever higher performance to take advantage of fast storage technologies using flash and non-volatile memory, he said.”
• “For full details you’ll have to wait for a paper we’ll publish at SIGCOMM 2015 in August”
• Official Google Cloud Platform Blog Post

The US Government is in no position to teach anyone about Cyber Security

• “Why should anyone trust what the US government says on cybersecurity when they can’t secure the systems they have full control over?”
• “IRS employees can use ‘password’ as a password? No wonder they get hacked”
• As I have long said, you have to assume the worst until you can prove otherwise: “The effects of the massive hack of the Office of Personnel Management (OPM) continue to ripple through Washington DC, as it seems every day we get more information about how the theft of millions of government workers’ most private information is somehow worse than it seemed the day before. (New rule: if you read about a hack of a government or corporate database that sounds pretty bad, you can guarantee it be followed shortly thereafter by another story detailing how the same hack was actually much, much “worse than previously admitted.”)”
• “It’d be one thing if this incompetence was exclusively an OPM problem, but despite the government trying to scare private citizens with warnings of a “cyber-Armageddon” or “cyber-Pearl Harbor” for years, they failed to take even the most basic steps to prevent massive data loss on their own systems. As OTI’s Robyn Greene writes, 80-90% of cyber-attacks could be prevented or mitigated with basic steps like “encrypting data, updating software and setting strong passwords.””
• Of course, using Multi-Factor Authentication would help a lot too
• “The agency that has been singled out for some of the worst criticism in recent years is the Department of Homeland Security, the agency that is supposedly in charge of securing all other government systems. The New York Times reported this weekend that the IRS’s systems still allow users to set their passwords to “password,” along with other hilariously terrible mistakes. “
• “Instead of addressing their own problems and writing a bill that would force the government to upgrade all its legacy systems, implement stronger encryption across federal agencies and implement basic cybersecurity best practices immediately, members of both parties have been pushing dangerous “info-sharing” legislation that will end with much more of citizens’ private data in the hands of the government. And the FBI wants tech companies to install “backdoors” that would give the government access to all encrypted communications – thereby leaving everyone more vulnerable to hackers, not less. Two “solutions” that won’t fix any of the glaring problems staring them in the face, and which may make things a lot worse for ordinary people.”
• There are plenty of examples of large networks that are fairly well secured, so it isn’t impossible to secure a large network. However, the number of insecure government and corporate networks suggests that more needs to be done.
• The solution isn’t something sold by a vendor, it is the same stuff security experts have been preaching for decades:
  • Need to know — Only those who actually need data should have access to it. Lets not just store everything in a giant shared network drive with everyone having read/write access to it
  • Patching — Software has flaws. These flaws get fixed and then become public (sometimes the other way around, the dreaded Zero-Day flaw). If you do not patch your software quickly, you increase the chance of the flaw being used against you
  • Strong Authentication — Password complexity requirements can be annoying, because they are often too vague. Requiring a number, a lower case letter, an upper case letter, and a symbol isn’t necessarily as secure as a passphrase which is longer. Worse, many systems do not securely store the passwords, making them less secure
  • Multi-Factor Authentication — Requiring more than one factor, to ensure that if an attacker does shoulder surf, key log, phish, or otherwise gain access to someones password, that they cannot access the secure data
  • Encryption — This one is hard, as many solutions turn out to not be good enough. “The harddrive on my laptop is encrypted”, this is fine, except if the attacker gets access while your machine is powered on and logged in. Sensitive data should be offlined when it is not in use, rather than being readily accessible in its decrypted form
  • Logging — Knowing who accessed what, and when is useful after-the-fact. Having an intelligence system that looks for anomalies in this data can help you detect a breach sooner, and maybe stop it before the baddies make off with your data
  • Auditing — A security appliance like the FUDO to only allow access to secure systems when such access is recorded. This way the actions of all contractors and administrators are recorded on video, and there is no way to access the protected systems except through the FUDO.
• As we discussed before in TechSNAP 214, there are other techniques that can be used to help safeguard systems, including whitelisting software, and only allowing approved applications on sensitive systems. The key is deciding which protections to use where, while generating the least amount of ‘user resistance’

Google Project Zero researcher discloses 15 new vulnerabilities

• Researcher Mateusz Jurczyk has disclosed 15 new remote code execution vulnerabilities
• The most interesting of these including a flaw in Adobe Reader and Windows that appears to get past all known exploit defenses.
• “The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”
• “Any of the 15 vulnerabilities Jurczyk pulled from this old but seemingly unexplored area could trigger remote code execution or privilege escalation in Adobe Reader or the Windows kernel.”
• Researcher Blog
• Video of Exploit
• PDF of Slides
• Project Zero has also published some other interesting vulnerabilities recently
• Owning Internet Printing — A Case Study in Modern Software Exploitation
• Microsoft’s MemoryProtector feature actually counters Microsoft’s new extended ASLR protections
• “It is possible to use a timing attack on MemoryProtector to reveal the offset used by High-Entropy Bottom-Up Randomization, thus completely bypassing it.”
• Analysis and Exploitation of an ESET Vulnerability — Do we understand the risk vs. benefit trade-offs of security software?
  
• In-Console-Able — Developing a sandbox escape chain for Chrome

Feedback:

• Somewhat nervous: how to mitigate Samsung SSD firmware + Linux major corruption risk?

• To delta sync or not to delta sync

• Changing domain registrars and want to maximize email up-time

• Keys

Round Up:

• Samsung deliberately disabling Windows Update
• Adobe issues out-of-band patch for Flash Player after zero-day exploit is discovered being used in the wild
• Google reveals that it was forced to hand over journalist’s data during wikileaks grand jury investigation
• As many as 1 in 3 servers in data centers are powered on but not doing anything
• Chinese may have had access to US Security Clearance data for over a year
• Bruce Schneier: China and Russia Almost Definitely Have the Snowden Docs
• Default Authorized SSH key found in many Cisco security appliances
• Richard Bejtlich: If you can’t keep hackers out, find and remove them faster
• Snowden leak shows NSA and GCHQ attacked security software vendors
• Stealing your GPG private key using a cell phone and an AM radio
• Secunia will block access to vulnerabilities less than 9 months old for non-members after they “frequently encounter organizations engaged in wrongful use of Secunia Advisories”
• Great tool for building regular expressions, better than most in that it supports lookbehind, which most basic javascript implementations do not
• Many Android apps do HTTPS wrong, or not at all
• US Navy Warfare Systems command paid $9.1 million to get security updates for 100,000 Windows XP and 2003 computers. Contract could be worth up to $30 million and extend to 2017
• Sony has killed off the Aibo robots, making replacement parts hard to come by. This raises questions about the next generation of robots. Softbank is soon to release a “Child” robot called Pepper. What will people do when spare parts for their child can only be gotten by cannibalizing other children?
• Google, Mozilla, Webkit, and Microsoft team up to launch ‘Webassembly’ a new binary format for web applications
• HP’s Adventures with the Zero-Day Initiative and bug bounties
• 5 intrusion vectors that cannot be spotted by going offline
• Cryptography jokes

The post Homeland Insecurity | TechSNAP 220 first appeared on Jupiter Broadcasting.

We look into the near future with two trendsetting stories that impact technology in cars & 4K TV’s big successor. Then we peek into the near past with one promising technology that failed & the first author to hunt a hacker.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Ford Ditches Microsoft Partnership On Sync, Goes With QNX

Ford’s in-car infotainment system known as Sync will soon evolve to add a capacitive touch screen, better integration with smartphone apps and, eventually, support for Android Auto and Apple CarPlay in version 3, thanks to a switch of operating systems. After years of teaming with Microsoft, the automobile giant has switched to BlackBerry’s QNX, a real time operating system renowned for stability.

LG To Show Off New 55-Inch 8K Display at CES

One of the most in-your-face buzzwords of the past year has been “4K,” and there’s little doubt that the forthcoming CES show in early January will bring it back in full force. As it stands today, 4K really isn’t that rare, or expensive. You can even get 4K PC monitors for an attractive price. There does remain one issue, however; a lack of 4K content. We’re beginning to see things improve, but it’s still slow going. Given that, you might imagine that display vendors would hold off on trying to push that resolution envelope further — but you just can’t stop hardware vendors from pushing the envelope. Earlier this year, both Apple and Dell unveiled “5K” displays that nearly doubled the number of pixels of 4K displays. 4K already brutalizes top-end graphics cards and lacks widely available video content, and yet here we are looking at the prospect of 5K. Many jaws dropped when 4K was first announced, and likewise with 5K. Now? Well, yes, 8K is on its way. We have LG to thank for that. At CES, the company will be showing-off a 55-inch display that boasts a staggering 33 million pixels — derived from a resolution of 7680×4320. It might not be immediately clear, but that’s far more pixels than 4K, which suggests this whole “K” system of measuring resolutions is a little odd. On paper, you might imagine that 8K has twice the pixels of 4K, but instead, it’s 4x.

The Cuckoo’s Egg

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBL).

• Amazon.com: CUCKOO’S EGG eBook: Clifford Stoll: Kindle Store

The post 4K is So Yesterday | Tech Talk Today 105 first appeared on Jupiter Broadcasting.

Is the need to save money & time by developers forcing end users into less than acceptable application experiences? Have we all been oversold on HTML5?

Plus getting into QA, a cloud based IDE, some great feedback & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Feedback / Follow Up:

• Show Format Feedback

• Format

• I am finding a hard time finding a way into QA

• ionic

Dev Hoopla:

• I Need Some Answers…

• Swift Set Free

• Objective-C at first glance seems like the most weird and awful language I’ve ever used

• Cloud IDEs?

• Endorsement By Chris?

• chriskempson/tomorrow-theme · GitHub

• Koding | Say goodbye to your localhost and code in the cloud.

• Cloud9 – Your development environment, in the cloud

The post HTML5: Back To The Future | CR 126 first appeared on Jupiter Broadcasting.

Dropbox receives a major storage and functionally update, is this enough to overlook the services glaring issues? Twitch.tv is now bigger than CNN & Red Hat sees a major executive abruptly leave.

Plus the new improvements to BitTorrent Sync & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Dropbox Beefs Up Its Pro Feature Set, Now Offering 1TB Of Storage For $10/Month

Many Dropbox users start out as Basic users, but the company increasingly has been trying to get customers to upgrade and pay for storage. In 2011, the company launched Dropbox for Business, which has seen a fair amount of success in the years since. Dropbox says that it’s used within 4 million companies and 97 percent of Fortune 500 businesses, although not all of those companies are paying customers.

Until today, those so-called “prosumers” were paying $10 a month for 100 GB of storage, but they had a feature set that was pretty similar to the company’s Basic offering.

Dropbox is looking to offer Pro users a lot more storage and a lot more features than their Basic brethren, which it hopes will give a lot more people a reason to upgrade.

Dropbox Pro now offers 10x the storage that users previously got, boosting available capacity for each of its users to 1 TB for $10 a month. By doing so, Dropbox is matching pricing for Google Drive, which lowered its prices for a TB of storage earlier in the spring.

Another feature that is now available to Pro users is the ability to remotely wipe files from your Dropbox folder if your laptop happens to get lost or stolen. By doing so, any Dropbox files or folders that were connected to that device will no longer be accessible the next time that the computer, phone, or other device comes online. And if the device is recovered, users can easily reconnect it to their account.

Dropbox previously offered 200 GB for $20 a month and 500 GB for $50 a month, but with the increase in storage to 1 TB, it’s decided to drop those tiers. As a result, in the short term it could make slightly less money from users who paid a premium for their storage plans.

However, the company could easily make up the difference by increasing the number of Pro users who sign up.

BitTorrent Sync Gets New Interface, Links for Sharing

Version 1.4 is designed to fundamentally change the way users interact with the app by simplifying the sharing process. In that vein, Sync for Windows and OS X have a redesigned user interface to make it easier for sharing via a new workflow and customizable folder list for folders.

You can now right-click on a folder, select “Share with BitTorrent Sync” and then choose either Email (a preformatted message will show up and you’ll need to input the email addresses), Copy (the link will be put in your clipboard), or QR code (for mobile scanning).

The sender can set a given link to expire after a number of days or after a certain number of times it is used, and can also require confirmation to ensure that only the receiver can sync the data in question (this is on by default but can be turned off for less important transfers). If the receiver doesn’t have Sync version 1.4, the webpage will prompt them to install it.

Twitch is now bigger than CNN, MSNBC, and MTV during prime time | The Verge

The New York Times had a great data-driven article this morning about just how big Twitch has become. One year ago the video game live-streaming platform wasn’t even equal to HLN in size. Fast-forward to this summer and Twitch is bigger during prime-time hours than CNN, E!, or MSNBC, with occasional spikes that put it above MTV as well.

Right now Twitch has about 715,000 concurrent viewers during prime time, but will quickly eclipse that if its growth continues apace.

Samsung’s Gear S smartwatch doesn’t need a phone to get online or make calls

The Gear S (not Solo) has a twist: there’s a 3G modem inside.

That means that even when outside the range of a Bluetooth-connected phone or WiFi, it can still send and receive messages or make calls.

It has a 2-inch AMOLED screen plus a dual-core 1GHz CPU inside along with GPS, heart rate and motion sensors, all powered by a 300mAh battery Samsung says can last up to two days.

It runs Tizen instead of Android Wear.

In the run up to IFA next week Samsung is also introducing the Gear Circle headset.

The Gear Circle has a magnetic clasp so it fits around your neck while not in use, a touch sensor and battery with up to 11 hours of talk time.

Pairs with a phone over Bluetooth, letting users hear notifications, use voice commands or listen to music through the earbuds.

Both devices will go on sale in October, although there’s no word on a price for either.

Red Hat CTO unexpectedly quits, amid rumors of executive ‘friction’

No-one among the rank and file at Red Hat seem to have seen this coming. In a move the Linux giant’s staffers said was “shocking” and a “punch in the gut,” long-time Red Hat chief technology officer Brian Stevens has resigned.

In a short press release, the company announced: “Brian Stevens will step down as CTO.”

Stevens, whose Red Hat page was taken down minutes after the news was released, had been with Red Hat since 2001. Before that he had been the CTO at Mission Critical Linux, and a senior architect at Digital Equipment Company (DEC), where he worked on Digital’s Unix operating system, Digital Unix. Today it lives on as HP’s Tru64. In technical circles, he’s perhaps best known for his work on the X Window System

Some Red Hat employees speculated that Stevens may have left because friction between Stevens and Cormier.

Paul Cormier is Red Hat’s president of products and technologies.

They observed that CTO office had been moved out from underneath Cormier’s control some time back. However, no one said that was any kind of current feud that might have lead to this move.

Others suggested that perhaps Steven wanted to move up to a CEO slot and that would never happen within the company.

Movies ● GOG.com

The post Dropbox, the Cheap Date | Tech Talk Today 50 first appeared on Jupiter Broadcasting.

The founder of ownCloud joins us to discuss their latest release, future plans and challenges. And we’ll ask a batch of the tough questions you sent in.

Then we take a look at CRUX, a legendary Linux distribution with an amazing history. Plus an app pick that will instantly tickle your retro bone, a cautious tale…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

CRUX Linux Review:

Brought to you by: System76

• Today we’re kicking off our most substantial Ubuntu computer sale of the year.…

About: Crux

CRUX is a lightweight Linux distribution for the x86-64 architecture targeted at experienced Linux users. The primary focus of this distribution is keep it simple, which is reflected in a straightforward tar.gz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages. The secondary focus is utilization of new Linux features and recent tools and libraries. CRUX also has a ports system which makes it easy to install and upgrade applications.

In short, CRUX might suit you very well if you are:

• A somewhat experienced Linux user who wants a clean and solid Linux distribution as the foundation of your installation.
• A person who prefers editing configuration files with an editor to using a GUI.
• Someone who does not hesitate to download and compile programs from the source.

History of CRUX

• Started May 2000
• No public releases made during this time
• A strong community by 2002, and was responsible for working together and adding important package management features to the distro.

• CRUX was built from scratch and has never been based on any other Linux distribution.

• Tracked by Distrowatch since 2002-01-14

CRUX vs Arch

• Before creating Arch, Judd Vinet admired and used CRUX; a minimalist distribution created by Per Lidén. Originally inspired by ideas in common with CRUX and BSD, Arch was built from scratch, and pacman was then coded in C.
• Arch and CRUX share some guiding principles: for instance, both are architecture-optimized, minimalist and K.I.S.S.-oriented.
• Both ship with ports-like systems, and, like *BSD, both provide a minimal base environment to build upon.
• Arch features pacman, which handles binary system package management and works seamlessly with the Arch Build System. CRUX uses a community contributed system called prt-get, which, in combination with its own ports system, handles dependency resolution, but builds all packages from source (though the CRUX base installation is binary).
• Arch officially supports x86_64 and i686 only, whereas CRUX officially offers only x86_64.
• Arch uses a rolling-release system and features a large array of binary package repositories as well as the Arch User Repository. CRUX provides a more slimmed-down officially supported ports system in addition to a comparatively modest community repository.

CRUX 3.1 Released July 17th 2014

Toolchain updates

CRUX 3.1 comes with a multilib toolchain which includes glibc 2.19.0, gcc 4.8.3 and binutils 2.24

Kernel

Linux 3.12.24

Xorg

CRUX 3.1 ships with Xorg 7.7 and xorg-server 1.15.1.

CRUX Install:

• Very Manual.

Packages in CRUX

The package system (pkgutils) is made with simplicity in mind, where all packages are plain tar.gz files (i.e. without any kind of meta data).

When a package is installed using pkgadd a new record is added to the package database (stored in /var/lib/pkg/db). The basic package system does not have any kind of dependency checking, thus it will not warn you if you install a package that requires other packages to be installed. The included prt-get tool, however, does support dependencies.

Since the package file itself does not contain any meta data. Instead, the package manager uses the package filename to determine the package name and version.
Thus, when installing a package file named bash#2.05-1.pkg.tar.gz, the package manager will interpret this as a package named bash at version 2.05-1.

If pkgadd is unable to interpret the filename (e.g. # is missing or the filename does not end with .pkg.tar.gz) an error message will be printed and pkgadd will abort without installing the package.

Package management frontend: prt-get

To address the different requirements towards package management in CRUX, a number of users started discussion about an advanced package management frontend to pkgutils, with dependency handling and support for large install transactions. The result of this community effort is prt-get, a tool which provides a number of features on top of pkgutils while keeping pkgutils’ original character and power. Its main features are

• Dependency handling
• Build logging
• Powerful search and query functionality

Nowadays prt-get is an official project and tool of the CRUX project.

The Ports System

The term Ports System refers to a remote repository containing ports and a client program capable of downloading ports from that repository. CRUX users use the ports(8) utility to download ports from the repository and place them in /usr/ports/. The ports utility uses rsync(1) or httpup(1) to do the actual downloading/synchronization.

A port is a directory containing the files needed for building a package using pkgmk. This means that this directory at least has the files Pkgfile (which is the package build description) and .footprint (which is used for regression testing and contains a list of files this package is expected to contain once it is built). Further, a port directory can contain patches and/or other files needed for building the package. It is important to understand that the actual source code for the package is not necessarily present in port directory. Instead the Pkgfile contains an URL which points to a location where the source can be downloaded.

Have a Question about CRUX? Ask one of the Devs!

— PICKS —

Runs Linux

The Future of Desktop Computing? – Computerphile – YouTube

Tablets are taking over from desktop computing but what if we merge the two? This prototype demonstrates something new, that builds upon something centuries old – working with paper on your desk.

• How To Install and Configure Syncthing to Synchronize Directories on Ubuntu 14.04 | DigitalOcean

Desktop App Pick

cool-old-term

• ‘cool-old-term’: This retro styled Terminal Emulator could be the coolest we’ve seen yet! | Tech Drive-in

Developed by Swordfish’s Labs, cool-old-term is a terminal emulator which tries to mimic the look and feel of the old cathode tube screens. It has been designed to be eye-candy, customizable, and reasonably lightweight.

Weekly Spotlight

Toxic

Toxic is a Tox-based instant messaging client which formerly resided in the Tox core repository, and is now available as a standalone application.

.

qTox

Powerful Tox client that tries to follow the Tox UI mockup while running on all major systems.
This GUI uses code from @nurupo’tos ProjectTox-Qt-GUI, in particular the “Core” Toxcore wrapper.
However, it is not a fork.

Features

• One to one chat with friends
• Group chats
• File transfers, with previewing of images
• Audio calls
• Video calls (alpha)
• Tox DNS
• Translations in various languages

Missed any of our OSCON 2014 Interviews? Here’s each interview broken out and added to an OSCON Playlist

— NEWS —

OpenSUSE Factory Turns Into Rolling Release Distribution

OpenSUSE Factory will still serve where openSUSE development takes place, but it’s also going to aim for being a distribution on its own as a “tested and stable fresh-daily bleeding-edge distribution.”

Fedora security team is announced

== What are we doing? ==

The Security Team’s mission is to assist packagers in closing security vulnerabilities. Once alerted to a
vulnerability on a package, the security team can help work with upstream to obtain a patch or a new release
of a package. Once we have a patch or a new release we attach it to the vulnerability bug and work with
packagers to get the fix pushed.

== How bad is the problem now? ==

As of a few days ago we had 566 open vulnerability tickets that cover both Fedora and EPEL. The breakdown of
those bugs by severity looks like this:

• Critical: 3
• Important: 69
• Moderate: 366

• Low: 128

• Answering questions regarding the Fedora Security Team | Sparks’ Open Source and Security Journal

Fedora 21 Has Been Delayed By Three Weeks

At Wednesday’s Fedora Engineering and Steering Committee it was agreed upon to push back the entire release process by three weeks. This three weeks is to give additional time to finish outstanding work prior to the changes freeze and for also then working around Fedora’s “Flock” contributor conference.

Fedora 21 will not be officially released now until at least 4 November while the alpha release is at 26 August, beta release on 30 September, and the final change deadline on 21 October. The updated Fedora 21 schedule can be found via this Fedora Wiki page.

OMG! Fedora is just getting a security team? Does this mean Fedora has been insecure this entire time?!?

Umm, no, it doesn’t mean that Fedora has been insecure this entire time. In all actuality Fedora is in pretty good shape overall. There is always room for improvement and so we’re organizing a team to help facilitate that improvement.

XBMC Is Getting a New Name – Introducing Kodi 14

We are excited to announce that the media center software we’ve all loved for so many years will have a new name, starting with version 14. Instead of XBMC 14, we’d like to introduce you to Kodi 14.

ownCloud 7 Released With more Sharing And Control | ownCloud.org

ownCloud 7 Community Edition has significant feature improvements for users, administrators and developers.

• ownCloud 7 Released With more Sharing And Control | ownCloud.org

Questions for Frank:

• What brought about Server-to-Server syncing, and how close to real time is that syncing?

• Sleepee asks: Any plans for better auditing on who shared filed. He’s working in an Enterprise, and the management would like some records.

• Seal20 asks: I could not find anyway to replace the last closed and evil tool: evernote. I hate it but I couldn’t switch to any other free alternative. Do you plan do include an evernote alternative somewhere down the road?

• Seal20 also asks: What about an “owncloud phone” you could rip off an android os from all google or even better start from a firefox os and include all owncloud related apps: cal/carddav sync, owncloud news, sync apps, etc! I and i am sure others will surely pay a premium for this!

• pierre4l asks: I wonder whether the focus of OwnCloud is going to be home users wanting to set up their personal cloud servers, or whether it is veering more to the enterprise deployments. Or is it trying to be a solution for all?

• OwnCloud apps seems to be really growing. Where do you see OwnCloud apps going? Even casual games on apps.ownCloud.com

• autodidactos: I know there are two email client apps available (roundcube and rainloop) but neither seem to be as integrated as an official client would be. Are there any plans for an official OwnCloud email client?

— FEEDBACK —

• More info about the soccer robots

• Can Arch Be used as a Workstation?

• Alt to Attic – Sam

• The All New Oculus Rift Development Kit 2 (DK2) Virtual Reality Headset

— CHRIS’ STASH —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— MATT’S STASH —

• Check out LINUX Unplugged
• Matt’s Articles
• Geek And The Gamer

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post ownCloud 7 Interview | LAS 324 first appeared on Jupiter Broadcasting.

We come clean on our struggle with loving every Linux desktop, until we start up the hate. Plus we discuss the huge news for CoreOS and take a closer look at OwnCloud 7’s server-to-server syncing.

Plus troubleshooting KDE sound problems and a new community initiative!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU:

• I feel Chris and Matt’s pain about Phonon and audio in general on KDE. Is there anything close to a solution?

• My Linux Mint 17 KDE desktop – as mentioned on Linux Unplugged 47

• Mark sends in an update about CoreOS:

CoreOS gets $8 million to bring a specialized Linux OS for server deployments to the mainstream

CoreOS, the company that makes a scalable version of Linux custom tailored for servers, has raised $8 million in a Series A funding round and is now offering support services for companies that might need help getting their server operating systems off the ground. The new commercial-help service is called CoreOS Managed Linux, which the company describes as being an “OS-as-a-service” offering that provides organizations with constant patches and updates in case they don’t want the responsibility for having to deal with that type of admin work themselves.

The monthly charges for the service can range anywhere from $1,000 to $100,000, depending on the number of servers one has, said Polvi.

When asked about current competitors in the field, Polvi named a few, noting that Red Hat’s Project Atomic is “a direct response to CoreOS.” Red Hat is also a member of the Docker governance board.

Krita: open source digital painting | Accelerate Development by Krita Foundation

ownCloud 7 Sneak Peek: Improved Sharing

ownCloud 7 introduces server to server sharing — allowing you to mount a share from another ownCloud instance and seamlessly collaborate on and share files from within your own ownCloud — essentially combining private clouds into a public cloud. You can even have the folder locally synced through the client. No need to create user accounts on your or the other instance — just, once, add the shared folder into your ownCloud.

Community Distribution Review:

• The Jupiter Colony Review Draft

New Shows : Tech Talk Today (Mon – Thur) HowTo Linux (Fridays)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

The post Desktopaholics Anonymous | LINUX Unplugged 47 first appeared on Jupiter Broadcasting.

Chase makes the decision to switch to Linux and Chris helps him get started. Learn how to install Linux from a thumb drive using Windows.

Plus we answer some basic fundamental differences between Windows and Linux.

Thanks to:

Direct Download:

HD Video | Video | HD Torrent | MP3 Audio | OGG Audio | YouTube

RSS Feeds:

HD Video Feed | HD Torrent Feed | MP3 Feed | OGG Feed

Become a HowTo Linux supporter on Patreon:

Show Notes:

Links:

Rufus – Create bootable USB drives the easy way

Rufus is an utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc.

• It can be especially useful for cases where:

• you need to create USB installation media from bootable ISOs (Windows, Linux, UEFI, etc.)

• you need to work on a system that doesn\’t have an OS installed
• you need to flash a BIOS or other firmware from DOS
• you want to run a low-level utility

Support HowTo Linux on Patreon

The post Switching to Linux | HowTo Linux 1 first appeared on Jupiter Broadcasting.

Liam from Gaming on Linux joins us to discuss the Witcher 2 port fiasco, and why Linux’s reputation as a gaming platform could be on the line.

Plus a heated Manjaro discussion, your feedback, and a BIG announcement!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU:

• OpenShot Video Editor | Blog: May Development Update: Video + Interview + More!

• Manjaro Xfce

• About Arch, Manjaro, and Wi-Fi

• Question for the Virtual LUG

• GitHub does dotfiles – dotfiles.github.io

• Straw Poll: What’s your DE?

The Witcher 2 Drama:

Guest: Liam Dawe (upurtweet) on Twitter

Full time dad, owner of @gamingonlinux and writer for @linuxvoice !

• The Witcher 2 Just Made A Bunch Of Linux Gamers Very, Very Angry

eON is a middle ground idea between what WINE does, and a native port. It is tuned and customised to each game we port — we do not simply slap a Windows binary into it and ship the game. For example, we often customise the D3D9->GL code path in various ways to cater for the title. Shaders are often rewritten to native GLSL, etc.

• GamingOnLinux – Why We Shouldn\’t Accept Bad Linux Ports

_The problem is if we keep accepting ports at a sub-par quality then Linux will gain a reputation for having low quality games. Think about that big picture for a moment, seriously.

_

New Show: Tech Talk Today (Mon – Thur)

9am Pacific / 12pm Eastern / 7pm GMT

• A daily, low key tech talk show. Covering the entire industry.

• A rotating cast of friends will join me, sometimes I’ll be solo.

• A unique perspective and insights, from outside the valley bubble. Outside the grasp of Google or Apple influence. A perspective from the open source community considering the important topics of the day.

• The state of technology coverage has bothered me for a long time, and specifically as many LUP listeners know the coverage of the Linux and open source communities.

• The show will try and be a daily taste maker of interesting topics and discussion.

• The daily format will allow for a large range of topics, and active live participation via Mumble, etc for talk back.

• Could be a little on the risky side, very blunt and honest opinions. Calling it like we see it.

• Patreon funded, with some limited sponsor opportunities available.

• Willing to consider discounted community spots.

• The Patreon fund is basically a fund JB’s growth campaign, and you get a daily show as a thank you.

• The revenue raised via Tech Talk Today’s Patreon funding will finance studio upgrades from facilities, to equipment, and even living conditions.

• Long term plans include funding a road show, and other big things we could only pull off with a stable platform of funding for us to stand on.

• This is a grand experiment. I’ve wanted to do a daily show again for a while, but its also some of the hardest workout there. It’s a lifestyle. Can I keep it up? Can we fund future JB growth? I’m not sure, but I am damn excited to find out!

The post Fine Wine or Sour Ports | LINUX Unplugged 42 first appeared on Jupiter Broadcasting.

The pfSense project has a new release, we’ll run down some of our favorite features and how we use them. Plus Valve’s Gabe Newell says Linux is the future of gaming, and we’ll break down exactly why he feels that way.

Then: CyanogenMod’s got some big plans, but are they stepping on the community open source developers to get there? Plus a LinuxCon 2013 wrap up, the big Steam rumors…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

— Show Notes: —

Making pfSense in a Linux World!

Brought to you by: System76

Check out System76 on G+

• pfSense 2.1-RELEASE now available!

This release brings many new features, with the biggest change being IPv6 support in most every portion of the system. There are also a number of bug fixes, and touch ups in general.

• BSD Now talks a bit about the new PBI package support

• Chris’ pfSense hardware from ebay

• pfSense Digest » Blog Archive » pfSense Gold Subscription Now Available!

pfSense Gold is our $99 per year premium membership subscription program, designed to provide special benefits to our members while supporting ongoing development of the Open Source pfSense project.

• pfSense Open Source Firewall Distribution – Recommended Hardware Vendors

The following companies sell the hardware the developers use. This means purchasing from these vendors ensures
the device is thoroughly tested, and if compatibility problems come up in future releases they will likely be quickly
found and fixed more.

Other Nice Features:

• NTP Server for your LAN, can even pull from a serial attached GPS

• Wake on LAN. Add a MAC address from a PC on your LAN, then wake it from the firewall as needed.

• Easy to manage uPNP for balanced security and convenience.

• High Availability Sync

pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.

---

– Picks –

Runs Linux:

• The Peachy Printer – The First $100 3D Printer & Scanner!

Weekly Spotlight Pick:

• Twelve keynote videos from LinuxCon 2013 · LinuxGizmos.com

The Linux Foundation held its LinuxCon North America conference in New Orleans this week, and has once again published keynote session videos. The videos feature Linux luminaries including Google’s Chris DiBona, Valve’s Gabe Newell, Raspberry Pi’s Eben Upton, Intel’s Dirk Hohndel, and a panel with Tejun Heo, Greg Kroah-Hartman, Sarah Sharp, and Linus Torvalds

Desktop App Pick:

• Flowblade Video Editor

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• LinuxCon & CloudOpen North America 2013 – Linux & Gaming – Gabe Newell, Valve – YouTube

From LinuxCon & CloudOpen North America in New Orleans, LA. Join Gabe Newell as he shares his insights on the future of Linux gaming.

• Gabe Talks about Why Valve Got Intrested in Linux – 8:16

• Gabe belives locking down the PC Indstury is partially repsonbile for its decline, but that decline has not hit gamming as hard because the PC is open and allows for innovation – 11:22

• Valve has seen with their own games, that app stores by their very nature add friction which delays things and limits who can be a publisher. But their own data shows user generated content is exploding and it’s their job to enable it – 19:06

• The Steam Universe is Expanding in 2014

• Valve making three Steam-related announcements next week

• Canonical Confirms Launch Date for Ubuntu Touch 1.0: October 17

• Cyanogen raises $7 million to build a better version of Android

• I remained silent about the whole Focal relicensing…

• Focal

• It Looks Like Oppo Is Cyanogen’s First Hardware Partner – Cyanogen Will Be At The N1 Announcement On September 23rd

• Announcement – OpenZFS

• Who writes Linux? Almost 10,000 developers

– Feedback: –

• Git-Annex and Git-Annex-Assistant

• Whither Plasma Active?

• Plasma Active 4 for Nexus 7 (2012) and Archos G9

• Can you take time to recognize a LUG that’s been around for 20 years??

• Bellingham Linux Users Group for 15 Years

• Everett Linux Users Group

• NAS running costs

Bitmessage:

BM-GuJRSMgViBNXnafzuRQL3tpHHFSJQ5Wm

— Chris’ Stash —

• New updates to the Chrome and Firefox extensions!

• Engineering and Powder Kegs | BSD Now 2

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Matt’s Birthday – Chopper Video
• Linux Commands: Video of Time-Saving Commands

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —Hang

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post pfSense Makes Sense | LAS s28e09 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/42727/spideroak-vs-bittorrent-sync-las-s28e07/ Sun, 08 Sep 2013 15:51:03 +0000 https://original.jupiterbroadcasting.net/?p=42727 Can two of the hottest sync systems live in harmony? We’ll compare SpiderOak and Bittorrent Sync, and see if we can use each for it’s specific strengths.

The post SpiderOak vs Bittorrent Sync | LAS s28e07 first appeared on Jupiter Broadcasting.

]]>

Can two of the hottest sync systems live in harmony? We’ll compare SpiderOak and Bittorrent Sync, and see if we can use each for it’s specific strengths.

Plus: Intel and XMir drama, developers plea for the end of DirectX, your emails…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

SpiderOak vs Bittorrent Sync:

Brought to you by: System76

New from the System76 team: BeansBooks

– SpiderOak –

• SpiderOak

SpiderOak is a zero-knowledge encrypted data backup, share, sync, access and storage service. Online and multi-platform with 2GB of storage free for life.

• SpiderOak Twitter

• SpiderOak for Mobile

• SpiderOak – openSUSE

• How do I install SpiderOak on a headless Linux server?

We have many customers who use SpiderOak on headless servers. The initial
setup requires a simple workaround, and from there you can use the command line
options to implement all other tasks.

• Why isn’t SpiderOak open source yet? When will it be?

We are steadily releasing many of the tools and libraries that we created while
building SpiderOak as independent, generalized components. These can be found
under the code section.

– Bittorrent Sync –

• BitTorrent Sync

• BitTorrent on Twitter

Private and Secure. File transfers are encrypted. Your information is never stored on a server in the cloud and your data is protected by private keys.

• BitTorrent® Sync – Android

• BitTorrent Sync for iPhone, iPod touch, and iPad

• How to backup your phone’s camera roll without limits

• Sync Hacks: Raspberry Pi + BitTorrent Sync to Sync Without Data Loss

---

– Picks –

Runs Linux:

• SolidRun Cube, Runs Linux

Android Pick:

• Evomail – Modern Mobile Email

Desktop App Pick:

• BSD games – LQWiki

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• Dell To Expand Ubuntu Retail Presence in China

• Plasma Active 4 – ready when you are

• Intel Remove XMir Support From Xorg Drive

• Seems XMir won’t have a future on Intel drivers.

• Google To Bring New Packaged Chrome Apps To Linux

• Google Chrome Blog: A new breed of Chrome Apps

• Game Developers Talk Up OpenGL At PAX Prime 2013

• Mailpile hits a (hopefully short term) roadblock with PayPal : LinuxActionShow

• Support 0 A.D., an Open-Source Strategy Game

---

– Feedback: –

Show will be LIVE on Friday

• Private video calls using VPN

• Poor GVFS performance

• Natural selection 2 Almost Fixed!

• New app: MovieThumbs

• Great Little Radio Player

BM-GuJRSMgViBNXnafzuRQL3tpHHFSJQ5Wm

— Chris’ Stash —

• New updates to the Chrome and Firefox extensions!

• Interview with Docker Dev on Coder Radio tomorrow in episode 66

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Matt’s Amazon Birthday Wishlist
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post SpiderOak vs Bittorrent Sync | LAS s28e07 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/39707/reader-replacements-for-linux-las-s27e07/ Sun, 30 Jun 2013 15:13:52 +0000 https://original.jupiterbroadcasting.net/?p=39707 Build your own Google Reader replacement, or check out one of the hosted options. Will run down the list of the candidates for Linux.

The post Reader Replacements for Linux | LAS s27e07 first appeared on Jupiter Broadcasting.

]]>

Build your own Google Reader replacement, or check out one of the hosted options. Will run down the list of the candidates we think have the best potential to replace Google Reader on Linux.

Then: The week’s Mir headlines have brought out the trolls, we’ll tackle one of the Linux community’s biggest problems: the community.

Plus a HUGE batch of your desktop submissions, new games for Linux…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux249 to score .COM for just $2.49! 32% off your ENTIRE first order just use our code 32off2 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

Google Reader Replacments for Linux:

Brought to you by: System76

Self Hosted RSS Readers:

• WikiStart – Tiny Tiny RSS

Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible.

• Tiny Tiny RSS Ubuntu PPA

Tiny Tiny RSS version to a PPA, which should make it a lot easier to install in Ubuntu 13.04, 12.10 or 12.04

• TT-RSS – ArchWiki

Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible.

• UpdatingFeeds – Tiny Tiny RSS

You have to setup one of this methods before you can start using tt-rss properly, otherwise your feeds won’t be updated.

Run update daemon if you are allowed to run background processes on your tt-rss machine. Otherwise, use one of the other methods. On Debian, official packages have cronjob-based updating setup out of the box.

• selfoss

The new multipurpose rss reader, live stream, mashup, aggregation web application

Remote Hosted:

• How to Build Your Own Syncing RSS Reader with Tiny Tiny RSS and Kick Google Reader to the Curb

• go read

Go Read is a web-based RSS reader. It is designed to be as useful as Google Reader.

• NewsBlur

NewsBlur is free on the web, iPad, iPhone, and Android. By subscribing to a
premium account, you support a growing service and unlock a few restrictions.

---

– Picks –

Runs Linux:

• MintBox 2 Runs Linux

Android Pick:

• Tiny Tiny RSS

• Best of Pick: AirDroid

Desktop App Pick:

• Bitmessage

Send a Bitmessage to LAS:

BM-GuJRSMgViBNXnafzuRQL3tpHHFSJQ5Wm

• Picks so far
• Madjo

Search our past picks:

• LASAppPicks

This tumblr contains the Linux app picks from the Linux Action Show. Both the Linux apps and the Android apps

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• Half-Life 2 has been released for Linux

• Portal Game Now Officially Supported On Linux, Exits Beta [Steam]

You can click this link to install Portal if you have Steam installed

• Mir To Ship As Default Display Server in Ubuntu 13.10
  
  • When will we see Qt Unity in testing? 14.04?

• The First Benchmarks Of Unity On XMir: There’s A Performance Hit

• XWayland 2D Performance Appears Better Than XMir

• Unity On XMir Performance For Nouveau Gallium3D

• The FSF Has A New High Priority Project

— /etc: Your Desktops!—

Brought to you by: Untangle

• LASScreenshots’s albums – Imgur

– Feedback: –

• I spent 6 months programming this web app alternative to Adobe Illustrator. I’d love some feedback!

• Send to XBMC Firefox Add On, its awesome

• Richard Stallman inducted into the 2013 Internet Hall of Fame

— Chris’ Stash —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Mandriva Linux: Which Fork Is Right for You?
• Writing about Linux, sometimes, even asking tough questions
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Reader Replacements for Linux | LAS s27e07 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/39217/android-report-fauxshow-144/ Thu, 20 Jun 2013 19:37:05 +0000 https://original.jupiterbroadcasting.net/?p=39217 Angela and Chris go over the one week challenge of switching from iPhone to Android! Which apps helped the transition, and what turned out to be a big challenge

The post Android Report | FauxShow 144 first appeared on Jupiter Broadcasting.

]]>

Angela and Chris go over the one week challenge of switching from iPhone to Android! Which apps helped the transition, and what turned out to be a big challenge.

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

   

Show Notes:

• Dropbox
• Airdroid
• Bloatware
• Battery
• Scrapbooking App
• Hangouts
• Gmail
• Widgets
• Sounds

Phone Qualities

• Camera
• Too big

Chris’s STUFF:

• Stock Android
• Root

[asa]B00BGGDVOO[/asa]

Mail Sack:

FauxShower: https://www.amazon.com/registry/baby/1S1T10DP8CIKT

• Josef writes:

Just wanted to congratulate you on the new addition to the family and say thank you for the network. You should be expecting a package from Amazon for the FauxShower as a token of my appreciation.

I\’ve been a viewer for a couple years now though am always too lazy to make a handel in the IRC and usually just pound on the keyboard ending up as jb_viewer4311 or something. Chris does a great job with the network and it\’s great that Angela is so supportive of his unique job / hobby.

Keep up the great work with Jupiter broadcasting!

• Matt writes:

Hi Chris! I am a recent owner of a Roku box. I would LOVE to watch JupiterBroadcasting shows via my Roku. Is this possible now? If not, have you considered it? I watch LAS, Techsnap and Faux Show pretty regularly.

Find FauxShow!

LIVE: https://jblive.tv – 8pm Pacifc – 11pm Eastern – 3am UTC
Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info
Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate
Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Android Report | FauxShow 144 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/37056/bittorrent-sync-vs-aerofs-las-s26e10/ Sun, 12 May 2013 14:29:34 +0000 https://original.jupiterbroadcasting.net/?p=37056 Bittorrent Sync is out, and it promises to enable p2p Dropbox style filesharing, for free, with no limits. But has AeroFS already beat them to the punch?

The post Bittorrent Sync vs AeroFS | LAS s26e10 first appeared on Jupiter Broadcasting.

]]>

Bittorrent Sync is out, and it promises to enable p2p Dropbox style file sharing, for free, with no limits. But has AeroFS already beat them to the punch? We put these two Dropbox killers head to head.

Plus: The systemic issues facing Microsoft that have lead to open source code remaining the benchmark of quality, Gabe prepares to address the Linux faithful, Gnome upsets users, Ubuntu has a new package format, a double picks blowout…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux249 to score .COM for just $2.49! 32% off your ENTIRE order just use our code go32off2 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

Bittorrent Sync for Linux:

Brought to you by: System76

• Go with the supported system – LESSON LEARNED!

• 12char

• Debian and Ubuntu Packages for BitTorrent Sync Available – BitTorrent Sync – BitTorrent Forums

• Security Now 402: BitTorrent Sync

---

– Picks –

Runs Linux:

• Paris Metro traffic info system runs Linux
• International Space Station making laptop migration from Windows XP to Debian 6

Android Pick:

• Schemes – Scheduled Networking

• AntennaPod

• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• Iotop’s homepage

• Atoptool.nl

• Picks so far

• Madjo

Search our past picks:

• Linux Action Show Lookup
• Thanks to sakuramboo!

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• Linux still “benchmark of quality” in this year’s Coverity Scan

• “I Contribute to the Windows Kernel. We Are Slower Than Other Operating Systems. Here Is Why.”

• Leaders from Raspberry Pi and Valve Top Keynote Speaker Line Up for LinuxCon

• Ubuntu Might Get A New Simplified Packaging Format And App Installer

• Ubuntu Touch developers announced the successful “first run of Unity on top of MIR”

• Gnome team continues failed strategy of removing features and ignoring users. Story hits top of HN. What will it take for them to listen?

  — /etc: AeroFS —

Brought to you by: Untangle

• AeroFS

– Feedback: –

• Reasons for using Firefox instead of Chromium : LinuxActionShow

• Proxmox Rox!

• The developer of ServeStream

• A distro to learn from the inside out?

— Chris’ Stash —

• Check out Plan B

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Ubuntu Software
• Writing about Linux, sometimes, even asking tough questions
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Bittorrent Sync vs AeroFS | LAS s26e10 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/34426/owncloud-5-review-las-s26e04/ Sat, 30 Mar 2013 17:41:48 +0000 https://original.jupiterbroadcasting.net/?p=34426 Can OwnCloud solve your Dropbox problem? The free software that promises to reduce or even replace Google, Dropbox, and more in your life. But does it work?

The post ownCloud 5 Review | LAS | s26e04 first appeared on Jupiter Broadcasting.

]]>

Can OwnCloud solve your Dropbox problem? The free web based software that promises to reduce or even replace Google, Dropbox, and much more in your life. But has the project bitten off more then it can chew? Tune in to find out!

And: Our overview of OwnCloud’s desktop syncing system, and the innovative way OwnCloud is deployed to Linux distributions.

Plus: The FUD storm heading towards Linux gamers, a quick look at Gnome 3.8, Microsoft gets slapped down, a surprise gadget unboxing….

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux295 to score .COM for just $2.95! 35% off your ENTIRE order just use our code go35off3 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

— Show Notes: —

OwnCloud 5 Review:

Brought to you by: System76

• Install ownCloud

• Starting in Gnome 3.8’s GNOME Online Accounts has OwnCloud intergration

• GNOME meets ownCloud

• ownCloud 5 Released, open competitor to Dropbox

• Google Reader’s sunset is the dawn of ownCloud News

---

– Picks –

Runs Linux:

• International Space Station Runs Linux

Android Pick:

• Caffeine

• Android Picks so far thanks to Madjo in the IRC Chat room!

Desktop App Pick:

• Geany : Home Page

• Thanks to @joeydoeslife on Twitter

• Picks so far

• Madjo

Search our past picks:

• Linux Action Show Lookup
• Thanks to sakuramboo!

Git yours hands all over our STUFF:

• Jupiter Broadcasting Affiliate Extensions
• Callisto-app – Google Project Hosting
• Quick Update to the Jupiter Broadcasting Android App

---

— NEWS —

• GNOME 3.8 Released!

• GNOME 3.8 brings polish and new Classic Mode

• GTK+ 3.8 Released With Support For Wayland

• Google announces open source patent pledge, won’t sue ‘unless first attacked’

• Microsoft accused of locking out Linux in EU antitrust complaint

• Exclusive: Linux users file EU complaint against Microsoft

• Steam March Survey Stats: Linux Usage Has Decreased

• Steams March user survey is out, Linux goes down!

• Valve Releases Several New Linux Game Ports

• ZFS on Linux is “ready for wide scale deployment”

• Lightworks’ Linux Beta Gets April Release Date

• Important Update About Lightworks

• OpenShot Video Editor for Windows, Mac, and Linux by Jonathan Thomas

— FEEDBACK —

• Some good news from GDC

• German MakerFaire, coming up soon 20th/21st April in Munich.

• Maker Messe in München › Make Munich

• How do you manage your desktop habit?

• ISP’s throttling Youtube CDN, here’s the command to make it load faster (GNU/Linux and Windows)

• Epic uptime achievement unlocked. Can you beat 16 years?

• q5sys Sent in His RP to Play With

— Chris’ Stash —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• OpenSUSE 12.3 vs. Ubuntu 13.04
• Writing about Linux, sometimes, even asking tough questions
• Hell froze over, Matt’s on Facebook

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post ownCloud 5 Review | LAS | s26e04 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/34346/time-to-git-zfs-techsnap-103/ Thu, 28 Mar 2013 16:38:51 +0000 https://original.jupiterbroadcasting.net/?p=34346 How the KDE project avoided a git disaster, the root problem with Java, and the researcher who found many S3 buckets exposed to the public.

The post Time to Git ZFS | TechSNAP 103 first appeared on Jupiter Broadcasting.

]]>

Is your bucket exposed to the public? A security researcher has recently discovered many S3 buckets are publicly available, we’ll share the details.

Plus how the KDE project avoided a git disaster, the root problem with Java, a big batch of your questions, and much much more!

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Direct Download: HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

 

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

   

Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Amazon S3 buckets unknowingly exposed?

• Security researcher Digininja was watching an old Hak5 episode about Amazon S3 and decided to give the free trial from Amazon a try
• All S3 buckets are accessed as: bucketname.s3-region.amazonaws.com
• An S3 bucket can be marked as Public or Private
• If you access the root of a Public bucket, you are given a list of the files inside that bucket
• Public S3 buckets can contain files that are marked as either Public, or Private
• Attempting to access a file marked private without an access key will return a HTTP 403 error
• While experimenting, he found that if you try to access a bucket that is assigned to a different region, amazon gives you a helpful redirect message
• Based on this, Digininja decided to try a wordlist against the Amazon S3 subdomain, and see what he could find in other peoples’ buckets
• Digininja was surprised to find that many buckets were marked public, rather than private
• While scraping through the results, he found a number of documents that should have been marked private but were not, including a Ministry of Defence training requisition form (containing personal information including SSN), a spreadsheet containing the accounts of a company, and many personal photos and videos
• It seems a lot of people are unknowingly making the contents of the S3 buckets public
• A number of people also appear to be trying to use S3 as a CDN, using it to host the images for their website (S3 is not a CDN, it can be rather slow, Amazon has a separate service to serve the contents of S3 via a CDN, called CloudFront)
• Researcher’s Blog Post
• Researcher’s Findings Post

---

The narrowly avoided Great KDE Disaster of 2013

• On March 22nd, the server that hosts git.kde.org was shut down for security updates, when it restarted there was evidence of file system corruption
• The original cause of the problem was not determined
• The real problem came, when the anongit mirrors of the 1500 KDE repositories mirrored the corrupt data, and there were no uncorrupt mirrors left
• The problem stems from the fact that in the replication strategy, git.kde.org was always considered to be correct
• The system they had in placed relied on the ability to sync an anongit mirror back upstream if there was a problem with the master
• It seems that git –mirror just copies data from the master, without the usual verification and safety measures that happen in git clone
• Luckily, KDE was in the process of replacing the projects.kde.org server, and it happened to have a mirror of the git repo from before the corruption, and they were able to restore git.kde.org from that
• The article goes on to discuss a number of the steps they are taking to make their system more robust in the future
• Update with more information to responses to common comments
• The update addresses the sysops 101 adage “mirrors are not backups”
• It talks about the problems they have with traditional backup systems
• tar: how do you take a tar archive of a live system? keeping .tar files going back 30+ days would take too much space (or cost to much to use S3 etc)
• rsync: same problem with a live system and rsync creates a mirror, which is not a backup
• Any answer? ZFS
• ZFS RAID Z, and ZFS snapshots are STILL not a backup
• But a ZFS snapshot can allow you to take a tar archive of a consistent version of the repo (no files will change with the tar is being made, since snapshots are read only
• Or better yet, you could store the actual ZFS snapshots (via ZFS send), so that you are basically getting ‘incremental’ backups, only the changed blocks are stored in each snapshot (requires that you keep and initial full snapshot and all incremental snapshots since then). Managing this can be difficult
• Backup software such as Bacula, running off the snapshots, would be the best solution

---

The root of the Java problem

• According to research by Websense, 93.77% of all installs of Java that were surveyed are vulnerable to at least one known exploit
• 75% of devices run a version that is at least 6 months old, 50% more than 2 years old
• 79% of devices are using some version of Java 6, which has now reached its End-Of-Live

---

Feedback:

• How can I go about telling my university that it has a vulnerability?

• pfSense question

• Getting started with KDE on FreeBSD?

• Nginx best-practice user setup

• Dump of username attempts for SSH login

• How I feel, as a Linux user, when Allan mentions ZFS.

---

Round Up:

• Apple finally enabled Two-Factor authentication for My Apple ID
• Mastercard hits PayPal and other Intermediaries with new higher per-transaction fee this June, because they do not disclose what you bought
• DHS to start scanning more internet traffic, moving from just Defense Contractors to ‘Infrastructure’ including banks and some transportation companies
• FBI’s top priority in 2013? Real-time spying on Gmail, Dropbox and Skype
• Server Room Cabling Hell: 15 of the Worst Server Wiring Jobs Ever!
• Paypal To Drop VMware From 80,000 Servers and Replace It With OpenStack
• “Perfect storm” pushes Bitcoin to $1b Market Cap Closer Toward the $100 per-coin mark
• Canadian Supreme Court rules that police need a warrent to read your text messages
• Egyptian navy arrests 3 attempting to sabotage undersea internet cable

---

The post Time to Git ZFS | TechSNAP 103 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/19307/cinnamon-desktop-review-las-s21e08/ Sun, 06 May 2012 13:59:42 +0000 https://original.jupiterbroadcasting.net/?p=19307 Cinnamon Desktop has swooped in to save us from these new-fangled fancy-schmancy desktops, but are we wearing Kryptonite underwear? Tune in to find out!

The post Cinnamon Desktop Review | LAS | s21e08 first appeared on Jupiter Broadcasting.

]]>



Cinnamon Desktop has swooped in to save us from these new-fangled fancy-schmancy desktops, but are we wearing Kryptonite underwear? Tune in to find out!

PLUS: Why is Microsoft modifying the Skype network to run Linux?

Then – Syncing your iPod with Linux has never been easier, and so much more!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com
Limited time offer:
New customers 25% off your entire order, code: 25MAY8
Expires: May 31, 2012
Want to save money on your entire order? Use our code LINUX and save 10%!
Direct Download:
HD Video | Mobile Video | Ogg Video | MP3 Audio | Ogg Audio | YouTube | Torrent File
RSS Feeds:
HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed
Support the Show:
Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!
Show Notes:
Runs Linux:
• fiftyfoldchris’ Local Library Runs Linux
Android Pick:
• The Avengers-Iron Man Mark VII for Android
• Android Picks so far thanks to Madjo in the IRC Chat room!
Universal Pick:
• UFO: Alien Invasion
• Picks so far. Thanks to Madjo!
Random Distro Of The Day
• VortexBox
Linux Action Show Subreddit
• Linux Action Show Subreddit
News:
• XFCE 4.10 released
• Skype replaces P2P supernodes with Linux boxes hosted by Microsoft
• GIMP 2.8 Released
• Microsoft invests $300 million in Barnes & Noble’s Nook
• Tizen project hits 1.0, source code and SDK released
• ownCloud Android App Available For Download
Cinnamon Desktop:
• Another DE option for Mint 12 – Cinnamon
• Cinnamon Website
• Cinnamon (on Wikipedia
• Cinnamon – ArchWiki
• Install Linux Mint’s New Cinnamon Desktop on Ubuntu
Matt’s Howto:
Despite valiant attempts in making the iPhone music compatible with distros such as Ubuntu (or Linux distros in general), libimobiledevice has met with limited success in music syncing. Worse yet, Ubuntu One music sync isn’t quite stable enough to use on a regular basis yet. Therefore during the segment I made two very different recommendations – either buy an Android phone (best). Of if you’re in a contract like I am, consider buying a great MP3 player such as one from iRiver or Sandisk. If however, you want an MP3 player that is in fact, using Apple tech. Then I’d suggest you head over to eBay and look for this query: “ipod a1199”. Buy it at auction, you can get this for a great price.
So how does one make this work? If you remember from the segment, I recommend using Gparted to make sure the iPod is completely wiped. But follow these directions to make sure you don’t delete something needed, like a hidden partition.
gp
1) Plugin the iPod to your computer, close any software or dialogs that appear.
2) Assuming you have gparted already installed, run the program.
3) Don’t worry about deleting your active partitions, as they will be locked. But if you run a dual-boot PC, be mindful before deleting anything.
4) Look to the upper right, select the /dev/ pull down menu. You will be selecting the dev device with the least amount of space. In my case, it was 1.89 GiB.
5) You will see either two or three partitions available, one of them is FAT32. Ignoring the others, select the FAT32 partition.
6) With the FAT32 partition right clicked and selected, choose unmount. This frees up the partition for changes.
7) Right click the partition again, and select format to> FAT32.
8) Click the apply button - aka the green checkmark at the top of the menu. Then click apply.
9) Disconnect the iPod, then allow the iPod to reboot itself. When completed, it will appear with a dialog asking you to choose your default language.
10) Now plug the iPod back into the PC.
11) Choose to open the iPod with Banshee.
12) On the bottom left, you will see the device has appeared. As per the segment, you can right click it and give it a better name if you like.
13) Left clicking on the device, the main screen dialog presents you with the option of setting up how the sync preferences work. 
I recommend keeping things set to manual. This simply means the checkbox for Sync when first plugged in, remains unchecked.
14) Select the music sync preference, then choose one of the following:
Sync from entire library – if you want all songs synced. This most likely, will not include existing playlists.
or
Sync from “some playlist name” – this will include only the music from the selected playlist.
With the option selected, look to the upper right, then click on Sync. During this process, don’t disconnect.
Problem solving:
“Wow Matt, that was awesome! I just hosed my iPod and it’s not disconnecting! It’s frozen at 23%. ”
Answer:
Don’t worry, just unplug it and use Gparted to reset the iPod as described above. No harm no foul.
Remember, I recommend using a Linux friendly device like an Android phone or even better, one of the Sandisk/iRiver devices above. They offer less frustration with Apple specific databases. But using an older iPod nano like this is a cheaper alternative.
What’s Bryan Doin?
• Linux Tycoon
• Linux Fest Northwest
• Illumination Software Creator now permanently “Pay What You Want”
Chris’ Stash:
• New Show: Unfilter
Find us on Google+
• Chris
• Bryan
• Jupiter Broadcasting’s Page
Find us on Twitter:
• Chris – ChrisLAS
• Bryan – BryanLunduke
Follow the network on Facebook:
• Jupiter Broadcasting on Facebook
Jupiter Broadcasting Forum:
• Jupiter Colony
Catch the show LIVE Sunday 10am Pacific / 5pm UTC:
• https://jblive.tv
• Network Calendar
The post Cinnamon Desktop Review | LAS | s21e08 first appeared on Jupiter Broadcasting.
]]>