Show Notes: linuxactionnews.com/145

The post Linux Action News 145 first appeared on Jupiter Broadcasting.

Show Notes: chooselinux.show/25

The post Tails + Virtualization | Choose Linux 25 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/333

The post Linux Wayback Machine | LINUX Unplugged 333 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

• Tails 3.0 Security Distro

• Tails 3.0 is out

• Tails Version 3.0 Features

• Steam is Now on Flatpak

• Telegram Approached by US Intelligence

— Noobs Corner —

Check out the Ask Noah Dashboard

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Tails of Privacy | Ask Noah 13 first appeared on Jupiter Broadcasting.

Why Linux Mint’s X-Apps are a bigger shakeup then you might realize, bricking your laptop with a Linux command & Dell’s new Linux distro.

Plus we celebrate 15 years of VLC, a quick look at Tails 2.0 & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• Shout — The self-hosted web IRC client

The self-hosted web IRC client

Follow Up / Catch Up

15 years of VLC and VideoLAN

Pacman-5.0 Released | Allan McRae

As is becoming tradition, I need to make a blog post to accompany a pacman release! This is a big release with a long awaited feature so it needed a major version bump (and, most importantly, we now are back ahead of the Linux kernel in version numbers).

• Here’s What’s New in Arch Linux’s Pacman 5.0 Package Manager

Tails – Tails 2.0 is out

We are especially proud to present you Tails 2.0, the first version of Tails
based on:

• GNOME Shell, with lots of changes in the desktop environment.

• Debian 8 (Jessie), which upgrades most included software and improves
  many things under the hood.

TING

• Ting – mobile that makes sense

Your laptop could be bricked with a single Linux command

The directory that destroyed the system, which is at __/sys/firmware/efi/efivars/__stores information and scripts that the computer uses to boot using the more _modern EFI standard, which is a replacement for the decades-old BIOS._

Canonical Is Looking for Participants to a “Ubuntu Apps in Unity 8” Research Study

The research study is lead by Ting-Ray Chang, a user experience researcher at Canonical, and it is targeted mainly at Ubuntu or Fedora user in the London (United Kingdom) area. Why Fedora? That we don’t know!

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

X-Apps… The Hell?

• Has Mint gone crazy with success?

• Linux Mint Is Getting Its Own Apps Starting with the 18.x Branch

“X-Apps will be a collection of generic GTK3 applications using traditional interfaces which can be used as default desktop components in Cinnamon, MATE and Xfce. In Mint 18, the ‘X apps’ will allow us to maintain a native look and a good level of integration because they will be used in replacement of GNOME applications which now look foreign (using headerbars and a distinctive layout),” Clement Lefebvre, the leader or the Linux Mint project explained.

• The Linux Mint Blog » Blog Archive » Monthly News – January 2016

Linux Academy

• Linux Academy | Linux and AWS Online Training

Dell serves up its own disaggregated OS

OS10 is based on a native, “unmodified” Linux kernel that can support a broad range of applications and services from the Linux ecosystem, Dell officials say. Dell claims this differentiates it from Cumulus Networks’ Cumulus Linux and HP’s OpenSwitch effort for disaggregated and “open” network operating systems.

• Dell to ship XPS 13 Developer Edition Linux laptop with Skylake | Computerworld

The next XPS 13 Developer Edition is “closer” to shipping and so discounts are being offered on older models, George Barton, a senior technologist at Dell, said in a Google+ post. Older models are powered by Broadwell chips, which preceded Skylake.

Support Jupiter Broadcasting on Patreon

Post Show

• What would you do if GitHub shut down tomorrow? | InfoWorld

what would you do if GitHub shut down tomorrow?

The post The Six Rings of Ubuntu | LINUX Unplugged 130 first appeared on Jupiter Broadcasting.

Coming up this time on the show, we’ll be talking to Sean Bruno. He’s been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We’ve also got answers to viewer-submitted questions and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

AsiaBSDCon 2015 schedule

• Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up
• This year’s conference will be between 12-15 March at the Tokyo University of Science in Japan
• The first and second days are for tutorials, as well as the developer summit and vendor summit
• Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again
• Not counting the ones that have yet to be revealed (as of the day we’re recording this), there will be thirty-six different talks in all – four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD
• Summaries of all the presentations are on the timetable page if you scroll down a bit

FreeBSD foundation updates and more

• The FreeBSD foundation has posted a number of things this week, the first of which is their February 2015 status update
• It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform
• There’s a FOSDEM recap and another update of their fundraising goal for 2015
• They also have two new blog posts: a trip report from SCALE13x and a featured “FreeBSD in the trenches” article about how a small typo caused a lot of ZFS chaos in the cluster
• “Then panic ensued. The machine didn’t panic — I did.”

OpenBSD improves browser security

• No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser
• Ted Unangst writes in to the OpenBSD misc list to introduce a new project he’s working on, simply titled “improving browser security”
• He gives some background on the W^X memory protection in the base system, but also mentions that some applications in ports don’t adhere to it
• For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT engine) needs to be fixed to use it
• “A system that is ‘all W^X except where it’s not’ is the same as a system that’s not W^X. We’ve worked hard to provide a secure foundation for programs; we’d like to see them take advantage of it.”
• The work is being supported by the OpenBSD foundation, and we’ll keep you updated on this undertaking as more news about it is released
• There’s also some discussion on Hacker News and Undeadly about it

NetBSD at Open Source Conference 2015 Tokyo

• The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo
• There’s even a spreadsheet of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)

• If you just can’t get enough strange devices running BSD, check the mailing list post for lots of pictures

• Their next target is, as you might guess, AsiaBSDCon 2015 – maybe we’ll run into them

Interview – Sean Bruno – sbruno@freebsd.org / @franknbeans

Cross-compiling packages with poudriere and QEMU

News Roundup

The Crypto Bone

• The Crypto Bone is a new device that’s aimed at making encryption and secure communications easier and more accessible
• Under the hood, it’s actually just a Beaglebone board, running stock OpenBSD with a few extra packages
• It includes a web interface for configuring keys and secure tunnels
• The source code is freely available for anyone interested in hacking on it (or auditing the crypto), and there’s a technical overview of how everything works on their site
• If you don’t want to teach your mom how to use PGP, buy her one of these(?)

BSD in the 2015 Google Summer of Code

• For those who don’t know, GSoC is a way for students to get paid to work on a coding project for an open source organization
• Good news: both FreeBSD and OpenBSD were accepted for the 2015 event
• FreeBSD has a wiki page of ideas for people to work on
• OpenBSD also has an ideas page where you can see some of the initial things that might be interesting
• If you’re a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it
• Who knows, you may even end up on the show if you work on a cool project
• GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you’d like to hack on

pfSense 2.3 roadmap

• The pfSense team has posted a new blog entry, detailing some of their plans for future versions
• PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions
• PBIs are scheduled to be replaced with native pkgng packages
• Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely
• 3.0 will focus on having a REST API, and separating the GUI from the actual implementation of the configuration
• The ultimate goal is to have pfSense be a package you can just install on top of a regular FreeBSD Install

PCBSD 10.1.2 security features

• PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post
• A new “personacrypt” utility is introduced, which allows for easy encryption and management of external drives for your home directory
• Going along with this, it also has a “stealth mode” that allows for one-time temporary home directories (but it doesn’t self-destruct, don’t worry)
• The LibreSSL integration also continues, and now packages will be built with it by default
• If you’re using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update
• They’ve also been working on introducing some new options to enable tunneling your traffic through Tor
• There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week
• A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity
• Look forward to Kris wearing a Tor shirt in future episodes

Feedback/Questions

• Antonio writes in
• Chris writes in
• Van writes in
• Stu writes in

Mailing List Gold

• H
• Pay up, mister Free
• Heritage protected
• Blind leading the blind
• What are the chances

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Next week’s episode will be prerecorded since we’ll be at AsiaBSDCon in Tokyo
• Be sure to say hello if you’re at the event – we’ve got at least two interviews confirmed already

The post Just Add QEMU | BSD Now 79 first appeared on Jupiter Broadcasting.

We’re back from OSCON 2014 with some great interviews with Christian Heilmann from the Mozilla Developer Evangelist, Karen Sandler from the Software Freedom Conservancy, and Chris DiBona the director of open source at Google.

Plus the UK Government adopts ODF, CoreOS gets a huge boost and a new release, making your Linux installers faster and easier than ever….

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

OSCON 2014:

Brought to you by: System76

About: OSCON 2014 – O’Reilly Conferences, July 20 – 24, 2014, Portland, OR

Now in its 16th year:

OSCON is where all of the pieces come together: developers, innovators, businesspeople, and investors. In the early days, this trailblazing O’Reilly event was focused on changing mainstream business thinking and practices; today OSCON is about real-world practices and how to successfully implement open source in your workflow or projects. While the open source community has always been viewed as building the future—that future is here, and it’s everywhere you look.

Christian Heilmann (codepo8) on Twitter

Mozilla Developer Evangelist – all things open web, HTML5, writing and working together. #nofilter

• Christian Heilmann

Karen Sandler – Software Freedom Conservancy

Karen M. Sandler is Executive Director of Conservancy. She was previously the Executive Director of the GNOME Foundation. In partnership with the GNOME Foundation, Karen co-organizes the award winning Outreach Program for
Women. Prior to taking up this position, Karen was General Counsel of the Software Freedom Law Center (SFLC). She continues to do pro bono legal work with SFLC, the GNOME Foundation and QuestionCopyright.Org.

Donations – Software Freedom Conservancy

Chris DiBona (cdibona) on Twitter

Chris DiBona is the director of open source at Google. His team oversees license compliance and supports the open source developer community through programs such as the Google Summer of Code and through the release of open source software projects and patches on Google Code. In his former work on Google’s public sector software, he looked after Google Moderator and the polling locations API and election results.

Before joining Google, he was an editor at Slashdot and co-founded Damage Studios. DiBona has a B.S. in computer science from George Mason University and a M.S. in software engineering from Carnegie Mellon University. He also co-edited Open Sources: Voices from the Open Source Revolution and Open Sources 2.0.

— PICKS —

Runs Linux

Robot soccer team Tech United Eindhoven, runs Linux

• P1030003 | Flickr – Photo Sharing!

• RoboCup 2014 – Highlights soccer day 1 – YouTube

Desktop Ap Pick

Attic – Deduplicating Archiver

• Attic: Deduplicating archiver that can mount your offsite encrypted backups over ssh

Submitted by kleptoz in the LAS Subreddit

Attic is a secure backup program for Linux, FreeBSD and Mac OS X. Attic is designed for efficient data storage where only new or modified data is stored.
Features

Space efficient storage Variable block size deduplication is used to reduce the number of bytes stored by detecting redundant data. Each file is split into a number of variable length chunks and only chunks that have never been seen before are compressed and added to the repository.

Optional data encryption All data can be protected using 256-bit AES encryption and data integrity and authenticity is verified using HMAC-SHA256. Off-site backups Attic can store data on any remote host accessible over SSH as long as Attic is installed. Backups mountable as filesystems Backup archives are mountable as userspace filesystems for easy backup verification and restores.

Weekly Spotlight

ZM-VE300-B

VE300 supports Virtual ODD which can be used as CD-ROM, DVD, and Blu-ray Drive for convenient booting.

• Zalman ZM-VE300-B Black External Enclosure – Newegg.com
• Amazon.com: ZM-VE300-B 2.5″ SATA USB 3.0 External HDD Enclosure

— NEWS —

GOG.com Now Supports Linux!

So, one of the most popular site feature requests on our community wishlist is granted today: Linux support has officially arrived on GOG.com!

The first 50+ titles we’ve have in store for you come from all the corners of our DRM-Free catalog. Note that we’ve got many classic titles coming officially to Linux for the very first time, thanks to the custom builds prepared by our dedicated team of penguin tamers. That’s over twenty fan-favorite GOG.com classics, like FlatOut&Flatout 2, , Darklands, or Realms of the Haunting we’ve personally ushered one by one into the welcoming embrace of Linux gamers. That’s already quite a nice chunk of our back-catalog, and you can expect more from our dedicated Linux team soon

“OK, but how will Linux support actually work on GOG.com” – you might ask. For both native Linux versions, as well as special builds prepared by our team, GOG.com will provide distro-independent tar.gz archives and support convenient DEB installers for the two most popular Linux distributions: Ubuntu and Mint, in their current and future LTS editions. Helpful and responsive customer support has always been an important part of the GOG.com gaming experience. We wouldn’t have it any other way when it comes to Linux, and starting today our helpdesk offers support for our official Linux releases on Ubuntu and Mint systems.

Major win for open document format in the UK

The UK government declared that all official office suites must support Open Document Format (ODF).

• UK makes ODF its official documents format standard | ZDNet

The world’s most secure OS may have a serious problem

The Tails operating system is one of the most trusted platforms in cryptography, favored by Edward Snowden and booted up more than 11,000 times per day in May. But according to the security firm Exodus Intelligence, the program may not be as secure as many thought. The company says they’ve discovered an undisclosed vulnerability that will let attackers deanonymize Tails computers and even execute code remotely, potentially exposing users to malware attacks. Exodus is currently working with Tails to patch the bug, and expects to hand over a full report on the exploit next week.

We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective. #tails #tor

— Exodus Intelligence (@ExodusIntel) July 21, 2014

CoreOS Stable Release

CoreOS 367.1.0, our first version on the stable channel, includes the following:

• Linux 3.15.2
• Docker 1.0.1
• Support on all major cloud providers, including Rackspace Cloud, Amazon EC2 (including HVM), and Google Compute Engine
• Commercial support via CoreOS Managed Linux

The CoreOS developers have announced the release of version 367.1.0 of the CoreOS distribution; this is the first version deemed to be stable and ready for production. “Please note: The stable release is not including etcd and fleet as stable, this release is only targeted at the base OS and Docker 1.0. etcd/fleet stable support will be in subsequent releases.”

ownCloud 7 Released With more Sharing And Control | ownCloud.org

ownCloud 7 Community Edition has significant feature improvements for users, administrators and developers.

• ownCloud 7 Released With more Sharing And Control | ownCloud.org

— FEEDBACK —

• A Workflow Question/Suggestion

• Its a 1st 3d animated trailer made in India entirely using Open Source softwares

• Todo.txt – GNOME Shell Extensions

• Ottawa Linux Symposium | Indiegogo

— CHRIS’ STASH —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— MATT’S STASH —

• Check out LINUX Unplugged
• Best Linux Browsers
• Super Meat Boy – Part 2 | Geek And The Gamer

Find us on Google+

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Matt – matthartley

Follow the network on Facebook

• Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post OSCON Interview Roundup | LAS 323 first appeared on Jupiter Broadcasting.

A comprehensive study shows that you’re probably taking way too long to patch your box.

Plus research on possible iOS backdoors, TOR’s nasty bug, your questions, our answers, and much much more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Qualys releases “The Laws of Vulnerabilities 2.0”

• Qualys, known for the SSL Labs site where you can test the encryption capabilities of your browser and web server, has released the new version of their “laws”
• Qualys sells an “on demand vulnerability management solution” which does continuous perimeter monitoring of a network and scans servers for vulnerable versions of software and services
• Using the data they have collected they did statistical analysis and came up with some basic laws that cover the “vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services.”
• The average system remains vulnerable for 30 days. Service sector usually patched within 21 days, whereas Manufacturing usually took 51 days
• The most popular vulnerabilities are regularly replaced, leaving some systems almost continuously vulnerable
• “the lifespan of most, if not all vulnerabilities is unlimited and a large percentage of vulnerabilities are never fully fixed.”
• “Eighty percent of vulnerability exploits are now available within single digit days after the vulnerabilities public release. In 2008, Qualys Labs logged 56 vulnerabilities with zero-day exploits, including the RPC vulnerability that produced Conficker. In 2009, the first vulnerability released by Microsoft, MS09-001 had an exploit available within seven days. Microsoft’s April Patch Tuesday included known exploits for over 47 percent of the published vulnerabilities. This law had the most drastic change from the Laws 1.0 in 2004, which provided a comfortable 60 days as guidance”
• Compared to in the past, installing updates in a timely fashion is even more important. The old 60 day window is gone

Payment Card Data Theft: Tips For Small Business

• An article at DarkReading.com by Chris Nutt, Director of Incident Response and Malware at Mandiant, on steps small businesses can take to avoid being the next credit card breach
• Things to consider when processing credit cards via a computer:
• Does the company browse the Internet or read email on the computer used for credit card processing?
• Is unencrypted card data transmitted through any exposed cables or over the internal network?
• Is the card-processing software configured correctly and up-to-date?
• Has the computer’s operating system up to date? has it been hardened?
• Is the computer running antivirus and is it up-to-date?
• Does the company outsource IT management and is there a remote management port open to the Internet?
• Small business often have an advantage in this area, it is easier to upgrade software when there is only a single system involved, not a complex back office system with multiple servers
• Some Recommendations
  • Use a dedicated LAN (or VLAN) or use a cellular connection instead of running the payment system on the same LAN or WiFi that is used for regular business and/or used by customers
• “Do not maintain a Payment Card Industry (PCI) environment or maintain the smallest PCI environment possible”
  • Instead, use a PCI compliant reader like Stripe or Square, data should be encrypted and sent directly to the payment processor, never stored on a device
  • Never store credit card details, a service like Stripe will give you a unique token that can be used for rebilling, refunds etc, without requiring you store the original card details
  • “Do not outsource the maintenance of POS devices to a company that will directly access remote management ports over the Internet.”
  • “Protect the physical security of all systems that store, process, or transmit cardholder information. All security is lost if an attacker can alter or replace your equipment”
  • “Do not allow systems in you PCI environment to connect to the Internet, aside from the connections required to process card transactions or patch the system”
  • “Do not allow systems in your PCI environment to connect to any systems on your network that are not necessary for processing card transactions or patching”
• Some possibly bad advice from the article: Use a mobile device or a tablet, they are more secure than a desktop
• Where possible, offload the processing to a provider, it might be slightly more expensive, but it moves most of the risk to the provider, rather than you

Government Accountability Office report shows shortcomings in incident response procedures

• GAO Report: Agencies Need to Improve Cyber Incident Response Practices
• “Based on a statistical sample of cyber incidents reported in fiscal year 2012, GAO projects that these agencies did not completely document actions taken in response to detected incidents in about 65 percent of cases”
• “For example, agencies identified the scope of an incident in the majority of cases, but frequently did not demonstrate that they had determined the impact of an incident. In addition, agencies did not consistently demonstrate how they had handled other key activities, such as whether preventive actions to prevent the reoccurrence of an incident were taken.”
• “agencies had recorded actions to halt the spread of, or otherwise limit, the damage caused by an incident in about 75 percent of incidents government-wide. However, agencies did not demonstrate such actions for about 25 percent of incidents government-wide.”
• “for about 77 percent of incidents government-wide, the agencies had identified and eliminated the remaining elements of the incident. However, agencies did not demonstrate that they had effectively eradicated incidents in about 23 percent of incidents”
• “agencies returned their systems to an operationally ready state for about 81 percent of incidents government-wide. However, they had not consistently documented remedial actions on whether they had taken steps to prevent an incident from reoccurring. Specifically, agencies did not demonstrate that they had acted to prevent an incident from reoccurring in about 49 percent of incidents government-wide.”
• “In another incident, an agency received a report from US-CERT indicating that login credentials at two of the agency’s components may have been compromised. When contacting the impacted components, agency incident handlers mistyped the potentially compromised credentials for one component and did not respond to an e-mail from the component requesting clarification, and failed to follow up with the second component when it did not respond to the initial alert. Despite these errors, the incident handlers closed the incident without taking further action.”
• “In a malware incident, sensors on an agency’s network recorded an agency computer contacting an external domain known to host malicious files, and downloading a suspicious file. Incident handlers closed the ticket without recording any actions taken to contain or otherwise remediate the potential malware infection”
• The GAO used NIST Special Publication 800-61: Computer Security Incident Handling Guide as a reference
• FireEye, makes of an enterprise security real-time threat protection platform, had some reactions to these findings:
• “Anything less than 100% containment is essentially 0% containment”. “If a government agency fails to completely contain an intrusion, any gaps leave the adversary freedom of maneuver. He can exploit the containment failure to proliferate to other systems and remain in control of an organization’s systems.“
• “If an adversary retains access to even one system, he can rebuild his position and retake control of the victim”
• “If a victim fails to make the environment tougher for the adversary, the intruder will likely return using the same techniques that he utilized to first gain access.” Victims need to learn from intrusions and implement remediation
• It is not clear from the report, but if a machine is compromised, it should be reformatted, rather than merely ‘cleaned’. In light of recent reports about persistent malware, the BIOS should also be flashed before the fresh OS is reinstalled.

Feedback:

• IPSec vs OpenVPN

• Canvas Fingerprinting – A New Threat To Privacy

• Meet the Online Tracking Device That is Virtually Impossible to Block

• ksoftirqd – High Network Throughput

• Why is ksoftirqd/0 process using all of my CPU?

• In the kernel command line (/etc/grub.conf), add “nohz=off” CentOS Forum

• multiple vm’s with 1 ip

• What is a true backup?

Round Up:

• Tails live OS affected by critical zero-day vulnerabilities
• European Central Bank hacked, only founds out after attacker demands ransom. Stolen: database of 20,000 email addresses of people who had registered for ECB conferences, visits and other events
• WSJ website hacked, data offered for sale for 1 bitcoin
• Google announces project zero, “hunt down security vulnerabilities in every popular piece of software that touches the internet”
• Tor Project working to fix weakness that can unmask anonymous users
• New IE vulnerabilities up over 100% since 2013
• How Hackers Hid a Money-Mining Botnet in Amazon’s Cloud
• Researcher finds hidden way to access plaint-text version of encrypted data on iOS devices
• Chromium Switching to BoringSSL.
• Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices
• The Open Source Responsible Disclosure Framework
• How your profile picture can be used against you
• Posh-SSH – Open Source PowerShell module for SSH, SFTP, SCP
• What the feds really know about you
• Australian deals website waits 3 years to tell customers and privacy commissioner. Told police, banks and credit card companies immediately. Only told customers now because “technological advances” mean the old hashes are now easier to crack
• NY Metro Card Terminal still runs Windows NT 4.03
• Sony to pay up to $17.75 million in 2011 PSN hacking settlemen

The post 9 Days to Patch | TechSNAP 172 first appeared on Jupiter Broadcasting.

What happens when btrfs goes bad? After rescuing our system from a massive crash, we’ll share what went wrong, how you can prevent problems, reclaim gigabytes of space, and optimize your Linux box for an SSD drive.

Plus a quick look at Ubuntu MATE Remix, the NSA targets Linux users, solving the distro hopping bug….

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

How I saved myself from a btrfs nightmare:

Brought to you by: System76

We asked: Do you trust btrfs?

• Do you trust critical data to btrfs?

It really started about three weeks ago, when I was doing a big package upgrade. The upgrade installs started to fail reporting out of space.

df reported more than 30GBs free on / partition. Despite df’s optimized summarization of my situation I cleared my package cache, deleted some unneeded VMs , and about 20 Steam games that I had stashed in /opt.

Fast forward to this Friday and my system won’t boot. I knew it was a risk, but I was desperate. I decided to compress all the things. Based on my quick reading of a few wiki pages, I could compress files on demand but necessarily compress the entire file system all the time. IE compress a lot of crap small libraries, reduce the amount of blocks they take up, and free up some space.

btrfs has built in support for doing this. I have ran compression on my /home file system since day one of this install. I opt for LZO compression. The ration of compression is lower than other options, but the performance is fantastic. I set off compressing the messy areas of my / (like /var /usr/lib).

But after a sanity check reboot, and many errors about failing to find a file, it was clear my understanding was wrong, and the mount options in my /etc/fstab needed to be updated.

I dd’ed the latest Antergos ISO onto a USB 3.0 thumb drive and booted the Bonobo into the live environment, fired up gparted to remind my self which physical device my rootfs was on (hey it’s been over a year!) and then promptly created a mount point for it under /mnt/fix.

I jumped into my /mnt/fix folder and immediately was back at home on my Bonobo’s root file system. A quick nano (YES) of my /mnt/fix/etc/fstab file and I added the compress flag to my root file system’s mount options.

Unmounted and rebooted the Bonobo, and the 1+ year Arch install fired right up.

I then set off to figure out how to better use btrfs on my system, and specifically tune the file system for my SSD drives.

Why btrfs?

“a new copy on write (CoW) filesystem for Linux aimed at implementing advanced features while focusing on fault tolerance, repair and easy administration.”

• Early days still, but its getting a lot closer and I wanted to have some real time under my belt with it.
• The features it brings to Linux are going to be seen as minimum requirements in the future. CoW, snapshot, checksum, volume management.
• SSD (Flash storage) awareness (TRIM/Discard for reporting free blocks for reuse) and optimizations.
• Background scrub process for finding and fixing errors on files with redundant copies.
• Online file system defragmentation.

• **Compression **with modern hardware (like SSDs, multi-core CPUs) is a serious solution. It not only offers more value out of your SSD drive, but because the disk has to read less data overall, and the CPU is generally just waiting for I/O you can actually see an improvement on transfer speeds.

• btrfs Stability Status

The filesystem disk format is no longer unstable, and it’s not expected to change unless there are strong reasons to do so. If there is a format change, file systems with a unchanged format will continue to be mountable and usable by newer kernels.

It kept telling me my device was full, but I had 30GB free. btrfs balance to the rescue.

• Package updates would fail, reporting no space left on device.
• Checking my system with df -h clearly reported 30GB free on my /
• Checking with btrfs filesystem df showed a different story.
• I used ncdu to sniff out the biggest files I could delete or move to give me some emergency wiggle room.

Why the different DF?

• General linux userspace tools such as df will inaccurately report free space on a Btrfs partition.

• df does not take into account space allocated for and used by the metadata. It is recommended to use /usr/bin/btrfs to query a btrfs partition.

• Run the btrfs command to get a sense of what it can do. You want to perform a filesystem function and show stats about a device.

btrfs filesystem df /

• Also:

btrfs filesystem show /dev/sda3

• Why is free space so complicated?

So, in general, it is impossible to give an accurate estimate of the amount of free space on any btrfs filesystem. Yes, this sucks. If you have a really good idea for how to make it simple for users to understand how much space they’ve got left, please do let us know, but also please be aware that the finest minds in btrfs development have been thinking about this problem for at least a couple of years, and we haven’t found a simple solution yet.

Step 1: Rebalance, it’s not just for RAID arrays anymore!

• Balance does a defragmentation, but not on a file level rather on the block group level. It can move data from less used block groups to the remaining ones, eg. using the usage balance filter.

btrfs balance start / -v

• This will take a while. You can use your system while this happens.

• Do I need to run a balance regularly?

In general usage, no. A full unfiltered balance typically takes a long time, and will rewrite huge amounts of data unnecessarily. You may wish to run a balance on metadata only (see Balance_Filters) if you find you have very large amounts of metadata space allocated but unused, but this should be a last resort. At some point, this kind of clean-up will be made an automatic background process.

Step 2: Defragment that disk

btrfs filesystem defragment -r -v /

• Optional if you’re really hard pressed for space consider defragmenting the metadata too:

find / -xdev -type d -print -exec btrfs filesystem defragment ‘{}’ \;

Step 3: Compress that disk’s file system.

What are the differences between compression methods?

There’s a speed/ratio trade-off:

• ZLIB — slower, higher compression ratio (uses zlib level 3 setting, you can see the zlib level difference between 1 and 6 https://code.google.com/p/lz4/ here).
• LZO — faster compression and decompression than zlib, worse compression ratio, designed to be fast

The differences depend on the actual data set and cannot be expressed by a single number or recommendation. Do your own benchmarks. LZO seems to give satisfying results for general use.

• This is running another defragmentation pass. Yes this means two defragmentation runs. But if you’re really tight on space, you need to free some up first before you can compress. The system will need some temporary space while it writes compressed versions of the files.

btrfs filesystem defragment -r -v -clzo /

• Important: Update your /etc/fstab to include compress=lzo. For example:

LABEL=rootfs / btrfs defaults,compress=lzo 0 1

Step 4: Optimize for SSD

• Best results with Linux 3.14 and up
• I have added these flags to my fstab mount for both my / and my /home

noatime,compress=lzo,ssd,discard,space_cache,autodefrag,inode_cache

Example:

LABEL=homefs /home btrfs defaults,compress=lzo,ssd,discard,space_cache,autodefrag,inode_cache 0 1

btrfs gotchas?

• Gotchas – btrfs Wiki

This page lists problems one might face when trying btrfs, some of these are not really bugs, but rather inconveniences about things not yet implemented, or yet undocumented design decisions.

— Picks —

Runs Linux

This GSM Base Station Powered by the BeagleBone Black, Runs Linux

• Debian Wheezy 7
• Upgraded to the 3.15.2 Linux Kernel
• USRP B200 ($675 USD) The USRP B200 provides a fully integrated, single board, Universal Software Radio Peripheral platform with continuous frequency coverage from 70 MHz –6 GHz. Designed for low-cost experimentation, it combines a fully integrated direct conversion transceiver providing up to 56MHz of real-time bandwidth, an open and reprogrammable Spartan6 FPGA, and fast and convenient bus-powered.
• OpenBTS is the software that provides us with the software part of a cellular station.
• sipauthserve, for cellular subscriber registration

Desktop App Pick

New Linux Podcast App ‘Vocal’

The project’s developer, Nathan Dyer, has made beta builds — still unstable and not feature complete — available for testing through a dedicated PPA for Ubuntu 14.04 LTS and 14.10.

• Code : Vocal

Weekly Spotlight

Tails – Privacy for anyone anywhere

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity

• HTTPS Everywhere | Electronic Frontier Foundation

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today.

— NEWS —

NSA targets the privacy-conscious | Das Erste – Panorama – Meldungen

The investigation discloses the following:

• Two servers in Germany – in Berlin and Nuremberg – are under surveillance by the NSA.
• Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
• Among the NSA’s targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
• The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called “the Linux Journal – the Original Magazine of the Linux Community”, and calls it an “extremist forum”.

If you read Boing Boing, the NSA considers you a target for deep surveillance

Tor and Tails have been part of the mainstream discussion of online security, surveillance and privacy for years. It’s nothing short of bizarre to place people under suspicion for searching for these terms.

One expert suggested that the NSA’s intention here was to separate the sheep from the goats — to split the entire population of the Internet into “people who have the technical know-how to be private” and “people who don’t” and then capture all the communications from the first group.

Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials.

Schneier on Security: NSA Targets the Privacy-Conscious for Surveillance

Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users — and people who just visit the websites of — Tor, Tails, and other sites. This isn’t just metadata; this is “full take” content that’s stored forever.

Dear NSA, Privacy is a Fundamental Right, Not Reasonable Suspicion | Electronic Frontier Foundation

Even the U.S. Foreign Intelligence Surveillance Court recognizes this, as the FISA prohibits targeting people or conducting investigations based solely on activities protected by the First Amendment. Regardless of whether the NSA is relying on FISA to authorize this activity or conducting the spying overseas, it is deeply problematic.

NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance | Linux Journal

The Ultra-Simple App That Lets Anyone Encrypt Anything | Threat Level | WIRED

Wired reports that Nadim Kobeissi will release a bet aversion of an all-purpose file encyrption browser plugin called miniLock at the HOPE hacker conference in New York. The free and open source plugin is meant to make it easy to drag and drop files to encrypt so that no one but the intended recipient can unscramble them.

Wayland in Fedora Update

So the summary is that while we expect to have a version of Wayland in Fedora Workstation 21 that will be able to run a fully functional desktop, there are some missing pieces we now know that will not make it. Which means that since we want to ship at least one Fedora release with a feature complete Wayland as an option before making it default, that means that Fedora Workstation 23 is the earliest Wayland can be the default.

The KDE Improv Project Has Announced Its End

Carl Symons on the behalf of Aaron Seigo and the rest of the Improv crew have sent out an email to the backers saying the project is over, they will issue partial refunds, etc. It’s only a partial refund right now as they had already invested some money into buying long lead times with their Chinese manufacturer.

There were also credit card processing fees, etc, but they’re working out a path for full reimbursement. It’s also said Aaron invested $200k USD into the project.

There was simply not enough support to make the project work, despite having fully functional, production ready devices and a strong commitment to succeed. The Free software community does not seem ready at this point to make a concerted stand on the pressing issue of hardware freedom

• KDE team pulls the plug on the Vivaldi tablet, Improv board projects

The group of folks behind the KDE desktop environment have been trying for a few years to deliver a tablet with wouldn’t rely on proprietary software. More recently they unveiled the Improv Board, a small, cheap computer module designed to ship with Mer Linux.

At this point, all the team is promising are partial refunds since part of the money has already been spent. But the goal is to eventually provide full refunds to folks who have put their faith (and money) into the project.

In a statement, the team suggests “the Free software community does not seem ready at this point to make a concerted stand on the pressing issue of hardware freedom,”
the Improv board was expected to sell for around $75

Ubuntu MATE Remix

Objectives

The Ubuntu MATE Remix has the following primary goal:

• Use Ubuntu to create a solid foundation on which to build a pure MATE desktop.

Ubuntu MATE Remix has some secondary objectives:

• Increase both Ubuntu and MATE user adoption.
• Restore the halcyon days of Ubuntu before indicators, Unity and scopes were introduced.
• Be the go to Ubuntu alternative for computers that aren’t powerful enough to run a composited desktop, as well as those that are.
• Make use of existing Ubuntu themes and artwork wherever possible so Ubuntu MATE Remix is immediately familiar.
• When ever possible submit new or revised packages to Debian so both the Debian and Ubuntu communities benefit.
• Package selection will favour functionality and stability over lightness and whimsy.
• Provide a refuge for Linux users who prefer a traditional desktop experience.
• Get adopted as an official Ubuntu “flavour”.

Feedback:

• SeaGL Seattle GNU/Linux Conference October 24-25, 2014

• Ohio LinuxFest 2014 – The Future of Free | Free and Open Software Conference and Expo – Columbus, Ohio – October 24-26, 2014

• Question and software tip

• Fisil.com – Lync Online

• Stop my distro hopping ways.

— Chris’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged
• Why XFCE is the Best Linux Desktop
• Rogue Legacy – Part 1 | Geek And The Gamer

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Preventing a btrfs Nightmare | LAS 320 first appeared on Jupiter Broadcasting.

Chris and Matt showcase some fun games for casual or hardcore gamers. From space shooters to fun puzzles, if you’ve been holding off on gaming for Linux we’ll change your mind!

Plus: Is Ubuntu for Android dead? Linus receives another award, the big update to Edward Snowden’s favorite Linux distribution…

AND SO MUCH MORE!

All this week on, the Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Linux Game Night:

Brought to you by: System76

Games for shooting us in the face this Sunday:

• Team Fortress 2

Nine distinct classes provide a broad range of tactical abilities and personalities. Constantly updated with new game modes, maps, equipment and, most importantly, hats!

• Star Conflict

Star Conflict is an action-packed, massively multiplayer space simulation game that puts players in the role of elite pilots engaging in a widespread interplanetary skirmish. Three thousand years have passed since the first colonists left Earth. Now the galaxy is divided between the militant star empires and independent mercenary groups.

Counter-Strike: Source blends Counter-Strike\’s award-winning teamplay action with the advanced technology of Source technology. Featuring state of the art graphics, all new sounds, and introducing physics, Counter-Strike: Source is a must-have for every action gamer.

• Robot Roller-Derby Disco Dodgeball

The dodgeball FPS you\’ve always wanted! Race around a skate park in jet-powered roller-skate robots and nail each other with ridiculous mid-air trick shots.

Chris’ Game Bag

• Star Conflict

Star Conflict is an action-packed, massively multiplayer space simulation game that puts players in the role of elite pilots engaging in a widespread interplanetary skirmish. Three thousand years have passed since the first colonists left Earth. Now the galaxy is divided between the militant star empires and independent mercenary groups.

• Electronic Super Joy

Electronic Super Joy is a brutally hard platformer set in a world of pulse-pounding electronic music.

• Life Goes On

Life Goes On is a comically-morbid platformer where you brutally sacrifice knights and use their dead bodies to solve puzzles. With death as your only means to progress, journey through trap-ridden worlds to find the Cup of Life.

Matt’s Game Bag:

• Robot Roller-Derby Disco Dodgeball

The dodgeball FPS you\’ve always wanted! Race around a skate park in jet-powered roller-skate robots and nail each other with ridiculous mid-air trick shots.

• FEZ

Gomez is a 2D creature living in a 2D world. Or is he? When the existence of a mysterious 3rd dimension is revealed to him, Gomez is sent out on a journey that will take him to the very end of time and space. Use your ability to navigate 3D structures from 4 distinct classic 2D perspectives.

• Star Conflict

Star Conflict is an action-packed, massively multiplayer space simulation game that puts players in the role of elite pilots engaging in a widespread interplanetary skirmish.

jmac217 ran down his favorite emulators

• AdvanceMAME
• DOSBox
• ScummVM (Download Beneath A Steel Sky, it’s sequel coming out!)
  • Stella – Atari 2600
  • zSNES or SNES9x
  • Gens – Sega consoles
  • Mupen64plus – N64
  • VisualBoy Advance – GB/C/A
  • DeSmuME – DS
  • ePSXe – PS1
  • PCSX2 – PS2
  • Dolphin – GC

Epic thread: Sunday\’s LAS: Game Day. Lets brainstorm!

— Picks —

Runs Linux

This K-9 doppelganger Runs Linux

Desktop App Pick

Speedometer

Measure and display the rate of data across a network connection or data being stored in a file.

• slurm picture
• Slurm – Command line bandwidth monitoring tool for linux

Weekly Spotlight

mooOS

mooOS is an enlightenment 19 and/or unity 14.04/compiz(gnome 3.12) and/or Steam and/or XBMC based desktop out of the box, libre focused, privacy aware, livecd and basic installer aimed at experienced linux users or aspiring developers such as myself. mooOS is based upon Arch Linux and uses the Arch repos and AUR exactly the same as Arch Linux.

— NEWS —

Ubuntu for Android Is No Longer In Active Development

Canonical\’s Matthew Paul Thomas states in a bug report lodged on Launchpad, the issue tracker for Ubuntu the project, including its websites:

\”[The website] describes Ubuntu for Android as \”the must-have feature for late-2012 high-end Android phones. Ubuntu for Android is no longer in development, so this page should be retired, along with [the features section].\”

Tails reaches 1.0 – LWN

Version 1.0 of the privacy-centric Tails distribution was released on April 29. As the release announcement notes, the 1.0 release is an important milestone, but in the case of Tails, this milestone primarily designates the distribution\’s stability and increased adoption, rather than a significant new set of features

Linus Torvalds wins IEEE Computer Society\’s Computer Pioneer Award

Linus has been named the 2014 recipient of the IEEE Computer Society’s Computer Pioneer Award “for pioneering development of the Linux kernel using the open-source approach”.

The Computer Pioneer Award was established in 1981 by the IEEE Computer Society Board of Governors to recognize and honor the vision of those whose efforts resulted in the creation and continued vitality of the computer industry. The award is presented to outstanding individuals whose main contribution to the concepts and development of the computer field was made at least 15 years earlier. The recognition is engraved on a bronze medal.

— Feedback: —

• Unity Drawers

• The Ubuntu Unity Launcher gets a facelift with Unity Drawers

• Btrfs partitioning question

• Arch + Server

— Chris\’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged

• Why I Switched to GNOME

• Mobile Suit Gundam Wing – Subscribe Today!

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Linux Gaming for Everyone | LAS 311 first appeared on Jupiter Broadcasting.

Turns out FreeBSD is still a thing you can think about download! We take a look at version 9.0! And marvel at its new anti-crash-usb-thumb-drive removal technology!

Plus Red hat’s big release that require it’s customers to use Microsoft Windows.. A little LESS, kinda!

And so much more!

All this week on, The Linux Action Show!

Thanks to

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20%

$7.99 .COM Offer Code: linuxcom

Direct Download:

HD Video | Large Video | Mobile Video | Ogg Video | MP3 Audio | Ogg Audio | YouTube

RSS Feeds:

Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds

Show Notes: