Show Notes: coder.show/354

The post A Life of Learning | Coder Radio 354 first appeared on Jupiter Broadcasting.

On this weeks episode we cover a UEFI firmware bug that is affecting computers including ThinkPads, tell you how your windows box can be totally pwned even if it’s fully encrypted & talk about the shortcomings of the MD5 checksum. Plus the feedback, the roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

ThinkPwn, Lenovo and possible other vendors vulnerable to UEFI bug

• “This code exploits 0day privileges escalation vulnerability (or backdoor?) in SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware. Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the neweset one is T450s (with latest firmware versions available at this moment). Running of arbitrary System Management Mode code allows attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do others evil things.”
• an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode
• “Vulnerable code of SystemSmmRuntimeRt UEFI driver was copy-pasted by Lenovo from Intel reference code for 8-series chipsets.”
• “Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code”
• Lenovo Advisory
• The vulnerable code has also been found in HP Pavilion Laptops, some Gigabyte Motherboards (Z68, Z77, Z87, Z97), Fujitsu, and Dell.
• Exploring and exploiting Lenovo firmware secrets
• ThinkPWN, proof of concept exploit

From zero to SYSTEM on a fully encrypted Windows machine

• “Whether you want to protect the operating system components or your personal files, a Full Disk Encryption (FDE) solution allows you to keep track of the confidentiality and integrity. One of the most commonly used FDE solutions is Microsoft Bitlocker®, which due to its integration with the Trusted Platform Module (TPM) as well as the Active Directory environment makes it both user-friendly and manageable in a corporate environment.
  When the system is protected with a FDE solution, without a pre-boot password, the login or lock screen makes sure attackers with physical access are not able to gain access to the system.”
• “In this post we will explain how an attacker with physical access to an active directory integrated system (e.g. through stealing) is able to bypass the login or lock screen, obtain a clear-text version of the user’s password and elevate his privileges to that of a local administrator or SYSTEM. This can be accomplished via two security vulnerabilities which affects all Windows versions (from Vista to 10) and abusing a standard “security” feature.”
• “These two vulnerabilities, discovered with the help of my colleague Tom Gilis were reported to Microsoft however only one vulnerability is patched at the time of writing CVE-2016-0049 / MS16-014.
• “The other one, which allows you to elevate your privileges to that of a local administrator or SYSTEM is still under investigation by Microsoft and is not yet disclosed here.”
• Acknowledgement by Microsoft
• Since the time of this post, the patch has been released. It turns out, it is MS16-072
• You might remember MS16-072 from TechSNAP #272 as the Windows Update that broke Group Policies!
• “Step 1 – Hibernation – Your friendly neighbourhood password dumper”
• “Speaking for myself, and probably a lot of other users, shutting down a laptop has become a thing of the past. In order to be able to rapidly start using your system when travelling from one place to another, we put it into sleep (or hibernation) mode, essentially putting all processes on hold to be easily resumed when needed. Although in order to resume your session after sleep or hibernation, you’ll have to enter your password on the lock screen (or at least I hope so), the system has your password stored somewhere in memory in order to resume the different processes. We want the system to dump the contents of the memory on disk so we can recover it later. Hibernation is there to the rescue, but we need to be able to force the system into hibernation, creating the HIBERFIL.SYS.”
• “Luckily, the default configuration of a laptop running Windows depicts going into hibernation if the battery hits a critical low. This feature, by default at set 5%, ensures you don’t lose any unsaved documents when your battery dies. Once we force the laptop into hibernation mode we reboot it and move to the next step”
• “Step 2 – Bypassing the login or lock screen”
• “If the computer is a member of an AD Domain, and the user has logged in on this machine before, so their password is cached locally, all an attacker needed to do is create a rogue Kerberos server with the targets user account’s password set to a value of choice and indicated as expired. Upon login attempt, Windows would then prompt the user to change the password before continuing”
• “Once the password change procedure is completed, the cached credentials on the machine are updated with the new password set by the attacker. Because the system is not able to establish a secure connection, the password is not updated on the Kerberos server but still allows the attacker to login when the system no longer has an active network connection (using the cached credentials)”
• So, since the attacker set the new password on the Domain Controller (not really, but the computer things they did), they know this password, and when they attempt to login with it, and windows cannot reach the domain controller, it uses this locally cached password, and allows them to login
• “Although the authentication has been bypassed, we still only have the (limited) privileges of the victim’s account (taking into consideration this is not an local administrator). This is where the next step comes in, in which we explain how you can obtain full local administrative privileges just by using standard Windows functionalities and thus not relying on any vulnerable installed software.”
• “Step 3 – Privilege escalation to SYSTEM”
• “We know that the trust between the client and Domain Controller (DC) is not always properly validated, we have a working Active Directory set-up and we have a working rogue DC. The question is are there any other Windows functionality that is failing to properly validate the trust?”
• “How about Group Policies? It works on all supported Windows versions. There is no need for any additional (vulnerable) software. No specific configuration requirements”
• “There are 2 types of Group Policy Objects (GPO), Computer Configuration and User Configuration Policies.”
• “Computer Configuration Policies are applied before logon, the machine account is used to authenticated to the DC in order to retrieve the policies and finally all policies are executed with SYSTEM privileges. Since we don’t know the machine account password using Computer Configuration Policies is not an option.”
• “User Configuration Policies are applied after a user is logged in, user’s account is used to authenticated to the DC to retrieved the User Configuration Policies and the policies are either executed as the current logged-on user or as SYSTEM.”
• “Now this last type of Policy is interesting because we know the password of the user as we reset it to our likings.”
• “Let’s create a Scheduled Task GPO that will execute NetCat as SYSTEM and finally will connect to the listening NetCat service as a the current user.”
• On Windows 7, Immediately game over, you own the system
• “Windows 7 fails to validate if the DC from where the Group Policies are being applied is indeed a trusted DC. It is assumed that the user credentials are sufficient to acknowledge the trust relationship. In this attack all encrypted traffic remains intact and doesn’t require any modification whatsoever.”
• On Windows 10, it didn’t work right out of the box
• It turns out, the Rouge DC needs to have a user object matching the SID of the user that is logging in. Luckily, with Mimikatz, you can edit the SID of the user on the Rouge DC to make it match
• Additional Coverage: Part 2
• Slides
• So, Microsoft has patched both of these vulnerabilities, and we are all safe again, right?
• “Bypassing patch MS16-014: Yes, you’ve read it right! There is still a way to bypass the Windows Login screen and bypass Authentication More details will be released soon!”
• The author has not released the details yet, as they are waiting on Microsoft to release another patch

The MD5 collision is here

• “A while ago a lot of people visited my site (~ 90,000 ) with a post about how easy it is to make two images with same MD5 by using a chosen prefix collision. I used Marc Steven’s HashClash on AWS and estimated the the cost of around $0.65 per collision.”
• “Given the level of interest I expected to see cool MD5 collisions popping up all over the place. Possibly it was enough for most people to know it can be done quite easily and cheaply but also I may have missed out enough details in my original post”
• A 2014 blog post showed how to create two php scripts with the same MD5
• An early 2015 blog post showed two JPGs with the same MD5
• So, this version of the tools was able to make two different .jpg images, that had the same MD5 checksum, but different contents, while still being perfectly valid JPG images
• The post included instructions and an Amazon AWS images to do the number crunching
• That a later follow up post on how to do the same thing with executable files
• Same Binaries Blog Post
• This example shows a C binary that prints an Angel if a condition is true, and a Devil if it is false
• It contains a bunch of filler that can be changed to make the hashes the same in a second version of the file, where the condition is false. The end result is a pair of binaries, with the same MD5 hash, but different output
• Using this same technique, Casey Smith (@subtee) managed to make an Angel.exe that is a copy if mimikatz, a windows password dumping utility, and a devil.exe that just says ‘nothing to see here’
• Demo of the attack
• This means all I need to do is run this tool against my malware, and say, regedit.exe that is on the whitelist in Windows, and now I have a malware binary that will be trusted

Feedback:

• Pete asks about Owncloud

• John tries to troll Noah

• Matt is having ZFS problems

Round Up:

• New Edge Switch
• Reverse engineering the default WPA2 password on UPC UBEE routers
• ViewSonic ThinClient
• Post intrusion, most attackers use the same everyday admin tools that you do
• TP Link Forgets to Renew Domain
• What Air conditioning Tech can teach us about innovation and laziness
• 10 Million Android Phones Rooted
• Your SmartWatch can steal your ATM pin
• Microsoft’s attempt to recruit interns is a barrel of cringe
• Password sharing ruled a crime under the terrible CFAA (Computer Fraud and Abuse Act)
• Avast Acquired AVG for $1.3 billion, now has 400 million endpoints
• Wendy’s POS malware disclosure page, pwned with XSS
• Passthoughts, a new type of password?
• The definition of a sophishticated attack
• Frontier and AT&T to Block Google Fiber
• This cyber security guide from “The Guardian”, is full of AWEFUL advice, don’t do it
• Man builds $53,000 computer that plays Tetris, to visualize the internals

The post Windows Exploit Edition | TechSNAP 274 first appeared on Jupiter Broadcasting.

We take a look at possible evidence of Martian life, 3D printing a heart, Tetris, spacecraft updates, Curiosity news, and as always take a peek back into history and up in the sky this week.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes

Show Notes:

Evidence of Martian Life?

• A team of scientists has found evidence of past water movement throughout a Martian meteorite, reviving debate in the scientific community over life on Mars.
• The team reports that newly discovered different structures and compositional features within the larger Yamato meteorite suggest biological processes might have been at work on Mars hundreds of millions of years ago.
• Mars On Earth?
• Martian meteoritic material is distinguished from other meteorites and materials from Earth and the moon by the composition of the oxygen atoms within the silicate minerals and trapped Martian atmospheric gases
  • Robotic missions to Mars continue to shed light on the planet\’s history, the only samples from Mars available for study on Earth are Martian meteorites
• On Earth, we can utilize multiple analytical techniques to take a more in-depth look into meteorites
• In 1996, a group of scientists published an article in Science announcing the discovery of biogenic evidence in the Allan Hills 84001(ALH84001) meteorite.
• The History of as Yamato 000593 (Y000593).
• Scientists are now focused on structures deep within a 30-pound (13.7-kilogram) Martian meteorite known as Yamato 000593 (Y000593).
• Analyses found that the rock was formed about 1.3 billion years ago from a lava flow on Mars
• Around 12 million years ago, an impact occurred on Mars which ejected the meteorite from the surface of Mars.
• The meteorite traveled through space until it fell in Antarctica about 50,000 years ago.
• The rock was found on the Yamato Glacier in Antarctica by the Japanese Antarctic Research Expedition in 2000
• Scientists are now focused on two distinctive sets of features associated with Martian-derived clay
• Tunnel and Micro-Tunnel Structures
• Tunnel and micro-tunnel structures that thread their way throughout Yamato 000593
• The observed micro-tunnels display curved, undulating shapes consistent with bio-alteration textures observed in terrestrial basaltic glasses
• These type of structures have previously been reported by researchers who study interactions of bacteria with basaltic materials on Earth
• Nanometer- to-Micrometer-Sized Spherules
• The second set of features consists of nanometer- to-micrometer-sized spherules
• Similar spherical features have been previously seen in the Martian meteorite Nakhla that fell in 1911 in Egypt.
• Composition measurements of the Y000593 spherules show that they are significantly enriched in carbon compared to the nearby surrounding iddingsite layers.
• What This Might Mean
• These two sets of features in Y000593, recovered from Antarctica after about 50,000 years residence time, are similar to features found in Nakhla, an observed fall collected shortly after landing.
• Scientists cannot exclude the possibility that the carbon-rich regions in both sets of features may be the product of abiotic mechanisms
• Textural and compositional similarities to features in terrestrial samples, which have been interpreted as biogenic, imply the intriguing possibility that the Martian features were formed by biotic activity.
  +The features are evidence of aqueous alterations as seen in the clay minerals, and the presence of carbonaceous matter associated with the clay phases which show that Mars has been a very active body in its past
• It also reveals the presence of an active water reservoir that may also have a significant carbon component.
• The nature and distribution of Martian carbon is one of the major goals of the Mars Exploration Program
• What Now?
• The small sizes of the carbonaceous features within the Yamato 000593 meteorite present major challenges to any analyses attempted by remote techniques on Mars
• While these new features are no \”smoking gun,\” they are nonetheless interesting and show that further studies of these meteorites should continue
• Further Reading / In the News
• Evidence of water in meteorite revives debate over life on Mars | Phys.org

—  NEWS BYTE —

3D Printed Model Heart Helps Save a Life

• While heart surgery on a 14 month old is not unheard of, recently a surgeon was able to map out his surgical approach using a nearly exact model of the patients heart printed on a 3D printer.
• Laying Out A Surgery Plan
• The 14 month old infant was born with four congenital heart defects, doctors had known since before he was born that his heart had problems
• Fixing them all would prove to be a challenge., when it came time to plan the surgery surgeons found each of them had different ideas on the best way to fix the heart
• The ideal approach would involve the least amount of cutting and suturing—but that can be hard to plan using only conventional scanning techniques
• 3D Printed Model
• Researchers worked with radiologists to provide heart to data that could be used with a 3D printer.
• They used CT scanning data, which seemed to a perfect match as CT scanning uses the same basic idea as 3D printing
• CT scanning takes pictures of slices and puts them together on a computer screen to form a whole, and 3D printing is achieved by laying down one layer or \”slice\” of material at a time.
• They decided to print the heart (in three pieces) at twice its normal size
• It was also used a flexible type of plastic known as \”Ninja Flex\” instead of the often used ABS (used in LEGO bricks)
• This allowed the surgeon to bend the finished heart in ways that resembled a real human heart.
• The Surgery
• Printing the heart took approximately 20 hours at a cost of roughly $600, it allowed for a single surgery and greatly reduced cutting and suturing, which ultimately led to a much quicker recovery
• The surgery happened on Feb 10, and by all accounts is now doing just fine
• Multimedia
• YouTube | Doctors prepare for heart surgery with 3D printing | News On Here
• Further Reading / In the News
• Doctor uses printed 3D heart to assist in infant heart surgery | MedicalXPress.com

— TWO-BYTE NEWS —

Controlling Cravings With Tetris

• A recent study suggests that Tetris could actually help dieters reduce cravings
• The Study
• Researchers created two study groups: One that played Tetris for three minutes while the other group was told that the game was loading but they never received the chance to play
• Participants were then asked to rate their cravings for cigarettes, food and alcohol based on the vividness, intrusiveness and strength of those cravings.
• The Tetris group showed a 24 percent reduction in cravings following their activity with the game
• The other group who did not get to play Tetris did not experience any craving reductions.
• The Power of Tetris
• \”Feeling in control is an important part of staying motivated, and playing Tetris can potentially help the individual to stay in control when cravings strike\” | Professors Jackie Andrade | University\’s Cognition Institute
• Tetris is something a person can quickly access, and can replace the feeling of stress caused by the craving, and could be used while at work or home
• Scientists are constantly looking for things to help fight against such cravings through healthy activities, like exercise
• They label Tetris as a neutral activity that has a positive impact so it is a good alternative for now
• Further Reading / In the News
• Could the Video-Game Tetris Curb Cravings for Food, Cigarettes and Alcohol? | ScienceWorldReport.com

—  VIEWER FEEDBACK —

Withdrawing 120 Nonsense Science Papers

• Martin (lowfatty)
• The publishers Springer and IEEE are removing more than 120 papers from their subscription services after a French researcher discovered that the works were computer-generated nonsense.
• Publishers withdraw more than 120 gibberish papers : Nature News & Comment | Nature.com
• Computer-Generated Papers
• Over the past two years computer-generated papers have made it into more than 30 published conference proceedings between 2008 and 2013
• Sixteen appeared in publications by Springer and more than 100 were published by the Institute of Electrical and Electronic Engineers (IEEE),
• Among the works a paper published as a proceeding from the 2013 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering, held in Chengdu, China.
• Most of the conferences took place in China, and most of the fake papers have authors with Chinese affiliations.
• The authors of the paper, entitled ‘TIC: a methodology for the construction of e-commerce’, in the abstract that they “concentrate our efforts on disproving that spreadsheets can be made knowledge-based, empathic, and compact”.
• One of the named authors replied that he does not know why he was a listed co-author on the paper and first learned of the article when conference organizers notified his university in December 2013
• SCIgen
• One way to automatically detect manuscripts composed by a piece of software called SCIgen, which randomly combines strings of words to produce fake computer-science papers
• SCIgen was invented in 2005 by researchers to prove that conferences would accept meaningless papers — and, as they put it, “to maximize amusement”
• A related program generates random physics manuscript titles on the satirical website arXiv vs. snarXiv.
• SCIgen is free to download and use, and it is unclear how many people have done so, or for what purposes
• SCIgen’s output has occasionally popped up at conferences, when researchers have submitted nonsense papers and then revealed the trick.
• The papers are quite easy to spot,” says Labbé, who has built a website where users can test whether papers have been created using SCIgen.
• Automatically identifying these papers involves searching for characteristic vocabulary generated by SCIgen
• **History of Fake Papers
• In April 2010, someone used SCIgen to generate 102 fake papers by a fictional author called Ike Antkare to show how easy it was to add these fake papers to the Google Scholar database
• There is a long history of journalists and researchers getting spoof papers accepted in conferences or by journals to reveal weaknesses in academic quality controls

— SPACECRAFT UPDATE—

China\’s Yutu Lunar Rover

• Last Time on SciByte …
• sciByte 111 | Yutu Launch | Memories & International Spacecraft | December 3, 2013
• SciByte 113 | Yutu Landing | Aquifers & Brain Plasticity | December 17, 2013
• SciByte 115 | Yutu Wakes Up on Second Lunar Day | Sleep Apnea & Heart Defect Treatments | January 14, 2014
• SciByte 120 | Canadian Fossils & Yutu Rover | February 18, 2014
• Control Circuit Malfunction
• “Yutu suffered a control circuit malfunction in its driving unit,” according to a newly published report on March 1 by the state owned Xinhua news agency.
• A functioning control circuit is required to lower the rovers mast so the malfunction prevented Yutu from entering the second dormancy as planned
• The panel driving unit also helps maneuver the panels into position to efficiently point to the sun to maximize the electrical output
• They must be folded down into a warmed electronics box to shield them from the damaging effects of the Moon’s nightfall when temperatures plunge dramatically to below minus 180 Celsius, or minus 292 degrees Fahrenheit.
• Lunar Day 3
• The 140 kilogram rover was unable to move during Lunar Day 3 due to the mechanical glitches so only carried out fixed point observations during its third lunar day
• It was able to complete some limited scientific observations. And fortunately the ground penetrating radar, panoramic and infrared imaging equipment all functioned normally.
• Chinese space engineers engaged in troubleshooting to try and identify and rectify the technical problems in a race against time to find a solution before the start of Lunar Night 3.
• Lunar Night 3 and the Future
• The issue with the control circuit malfunction in its driving unit remains unresolved and a still threatens the outlook for Yutu’s future exploration.
• Yutu and the companion Chang’e-3 lander have again gone into sleep mode during Lunar Night 3 on Feb. 22 and Feb 23 respectively, local Beijing time.
• Yutu is now nearing its planned 3 month long life expectancy
• Further Reading / In the News
• China\’s Yutu Moon Rover Unable to Properly Maneuver Solar Panels | UniverseToday.com

Kepler Data Continues to Show New Exo-Planets

• More Planets
• The Kepler Space Telescope has been inactive since May of 2013, but the probe\’s data has led astronomers to discover 715 new planets
• The 715 new planets are said to be distributed among 305 different star systems bringing the number of known planets beyond our solar system has increased to almost 1,700
• The number of Earth-sized planets has increased by 400% and four of the newly discovered planets are about 2.5 times wider than Earth
• Another four [Kepler 174d, Kepler 296f, Kepler 298d, and Kepler 309c] are also said to be located in a habitable zone where water may exist in liquid form
• Further Reading / In the News
• NASA Nearly Doubles Discovery of Known Planets Without Active Kepler Space Telescope | ScienceWorldReport.com

— CURIOSITY UPDATE —

• NASA\’s Curiosity Mars rover has reached an area where orbital images had piqued researchers\’ interest in patches of ground with striations all oriented in a similar direction
• The six wheeled rover paused during the planned Feb. 19 drive of 328 feet (100 meters) to capture the imagery, on Feb. 20 (Sol 549), she also completed her second 100 meter drive in reverse.
• The foreground rocks are in an outcrop called \”Junda,\” which the rover passed during a drive of 328 feet (100 meters) on Feb. 19.
• Engineers will now occasionally commanding Curiosity to drive backwards in a newly tested bid to minimize serious damage to the six 20 inch diameter wheels
• Curiosity is well on the way to her next near term goal, which is a science waypoint, named Kimberly (formerly called KMS-9), which lies about half a mile ahead.
• \”Kimberley,\” features ground with striations and is where researchers plan to suspend driving for a period of science investigations
• Multimedia
• Image Galleries at JPL and Curiosity Mulimedia
• Social Media
• Curiosity Rover @MarsCuriosity
• Further Reading / In the News
• Curiosity Rover pauses mid-drive and captures Spectacular Martian Mountain Snapshot | UniverseToday.com
• Mars Science Laboratory: NASA\’s Curiosity Mars Rover Views Striated Ground | mars.jpl.naga.gov

SCIENCE CALENDAR

Looking back

• March 06, 1950 : 64 years ago : Silly Putty : Silly Putty was introduced as a toy by Peter Hodgson, a marketing consultant, who packaged one-ounce portions of the rubber-like material in plastic eggs. It could be stretched, rolled into a bouncing ball, or used to transfer colored ink from newsprint. The original discovery was made in 1943 by James Wright who combined silicone oil and boric acid at the laboratories of General Electric. He was researching methods of making synthetic rubber, but at the time no significant application existed for the material. However, it was passed around as a curiosity. Hodgson saw a sample and realized its potential simply for entertainment and coined its name for marketing it as a toy. Its popularity made him a millionaire

Looking up this week

• Keep an eye out for …
• Thurs, March 6 | ~hour after sunset | Aldebaran, an orange giant star, is to the upper left of the Moon and the Pleiades star cluster is to the Moon\’s upper right
• Fri, Mar 7 | Tonight Aldebaran is below the Moon
• Sat, Mar 8 | Dusk | The first-quarter Moon stands above Orion high in the south, with Jupiter to the upper left of the Moon
• Planets
• Venus | \”Morning Star\” | Before and during dawn Venus is in the SE
• Mars | 10pm | Rises in the SE, with Spica 6* to its right. The two are their highest point around 3-4am with Spica now to the lower right
• Jupiter | Is the only planet visible right now in the evenings and is high in the SE, it crosses nearly overhead (for skywatchers at mid-northern latitudes) around 8 or 9 p.m. and sets in the West before dawn
• Saturn | 11pm-Midnight | Rises around 11 or and is highest in the south at the beginning of dawn. By then it\’s far to the left of Mars and Spica

DAYLIGHT SAVINGS TIME – Sunday, March 9

• “SPRING” AHEAD

• “Losing” 1 Hour

• Further Reading and Resources

• Sky&Telescope
• SpaceWeather.com
• StarDate.org
• For the Southern hemisphere: SpaceInfo.com.au
• Constellations of the Southern Hemisphere : astronomyonline.org
• Royal Astronomical Society of New Zealand : rasnz.org.nz
• AstronomyNow
• HeavensAbove

The post Martian Life & Tetris | SciByte 122 first appeared on Jupiter Broadcasting.

This week we\’ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\’s future plans and much more. After that, if you\’ve ever wondered what all this SSH stuff is about, today\’s tutorial has got you covered. We\’ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\’s presentation video
• Most of us never get to see the dev summit talks since they\’re only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an \”OpenBSD for Linux users\” talk at a Michigan Unix Users Group.
• He says \”Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\”
• Really informative presentation, pretty long, answers some common questions at the end

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer\’s room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It\’ll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!

FreeBSD foundation\’s year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year

Interview – Amitai Schlair – schmonz@netbsd.org / @schmonz

• The NetBSD Foundation, pkgsrc, future plans
• Can you start off by telling us a little bit about who you are and how you got involved with BSD in general?
• What are all your roles with the NetBSD project? What \”hats\” do you wear?
• What kind of tasks are assigned to the foundation? What does being on the board entail?
• Since you\’re also very involved with pkgsrc, could you give us a brief overview of what pkgsrc is, and how it compares to something like ports?
• What\’s planned for the next big release of NetBSD, and when can we expect it?
• In what ways do you personally use NetBSD? Desktops, servers, toasters? All of the above?
• If some of our listeners want to get involved with NetBSD and pkgsrc, where would you recommend they go to help out?
• How can people find you? Anything else you\’d like to mention?
• https://twitter.com/schmonz

Tutorial

A guide to SSH and tmux

• OpenSSH and tmux, a match made in heaven
• This guide shows how to do basic tasks with SSH
• Persistent sessions with tmux increase productivity

News Roundup

PS4 released

• Sony\’s Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they\’re using
• Always good to see BSD being so widespread

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes

pbulk builds made easy

• NetBSD\’s pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM

Feedback/Questions

• Peter writes in: https://slexy.org/view/s21oh3vP7t
• Kjell-Aleksander writes in: https://slexy.org/view/s21zfqcWMP
• Jordan writes in: https://slexy.org/view/s2ZmW77Odb
• Christian writes in: https://slexy.org/view/s2BZq7xiyo
• entransic writes in: https://slexy.org/view/s21xrk0M4k

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Collecting SSHells | BSD Now 12 first appeared on Jupiter Broadcasting.