Show Notes: error.show/69

The post Partner Password Policy | User Error 69 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Feed | iTunes Feed

Become a supporter on Patreon:

Episode Links

• Google collected location data from Android users who didn’t know — In a nutshell, the whereabouts of every active Android phone and tablet in the world were tracked even with location services disabled and no carrier SIM card inserted.
• Ubuntu want community input on Mir — However we’re also at the place where we need to reach out to the community and ask what are the aspects of your desktop that you value most, to help us figure out a direction for Mir.
• New magazine from the Raspberry Pi Foundation – Hackspace — The first issue of HackSpace magazine is here! Join us as we explore thinking machines, build a trebuchet, learn how Arduino changed the world, see how far we can overclock a Raspberry Pi using liquid nitrogen, and much more…
• Linus gets heated about kernel security — Linux Lord fires up over proposal to secure Linux by shutting down wonky processes
• Then calmly explains his position — His long post on the matter suggested to security practitioners that “‘Do no harm’ should be your mantra for any new hardening work.”
• Others act like children — So on the day of Kees’ presentation, where he tried to drop a useless 0day on me and talk up how many upstream developers reviewed his code that did the same limitation *right*, I wrote an exploit of my own.
• Vulnerability in Intel Management Engine — Remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015.

The post Linux Action News 29 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

House Passes Long-Sought Email Privacy Bill

• The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails.

• This is a very short piece of legislation. You can read it quickly, but it is an amendment. Basically, it’s copy/cut/pasting into the existing act, so you have to read it in context of the OLD act.

• Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.

• Based on a 1986 law created in the days when cell phones did not contain email. Back then, the standard was store and forward, not the central storage so common today. There was no cloud.

• EFF’s Surveillance Self-Defense guide.

• This is very important. What is also important is protecting privacy when crossing borders. Your rights must be preserved when crossing borders. Trouble is, it seems we have no rights when doing so.

Here’s What Transport for London Learned From Tracking Your Phone On the Tube

• Advertising? I can see how this is useful for more than just advertising. Traffic flow. Knowing about time from A to B. Mention EZPass and monitoring of badges to determine flow.

• Signs announced trial, opt out by disabling wifi.

• The documents also seem to suggest that if TfL switched on tracking full time it could offer real time crowding information to passengers – so we could see a CityMapper of the not-too-distant future telling us which stations to avoid.

• That sounds simlar to how Waze and Google Maps collect real-time data on traffic congestion.

• Collecting information is one thing. Controlling access to that information is vital. As we’ve seen so many times in the past, it is the use of that data for unintended purposes which is of most concern.

• Rainbow tables

GitLab Postmortem of database outage of January 31

• This came from Shawn. We covered this incident in eposide 305.

• I want to make it clear from the start, we are not mocking GitLab. There is no joy to be taken here.

• On January 31st 2017, we experienced a major service outage for one of our products, the online service GitLab.com. The outage was caused by an accidental removal of data from our primary database server.

• What a horrible feeling that engineer then had. Imagine, for a moment. Production has just been wiped out… OMG.

• Backups could not be found, nor could they be used. It was all gone.

• I can imagine lots and lots of waiting for stuff to finish. Very stressful. Much hope, but very stressful.

• Wow, could not access their own projects. Ouch. Almost want their own repo offline, but then accusations of not dog fooding, etc.

• Prometheus monitorin

• Some places take the approach of making staging the hot backup for production. Exactly the same. Move production onto staging hardware if required.

• “I don’t remember where I saw it (probably hackernews), but someone proposed to constantly recreate staging from production’s backup. This way we would have an up-to-date staging version and frequently tested backup recovery process.”

Feedback:

• Should I convert to FreeNAS

• Follow Up Bacula

• possible malware distributor

Round Up:

• No more ransom – from Alejandro

• Semi-Critical Intel Atom C2000 SoC Flaw Discovered, Hardware Fix Required – from Shawn

• Ticketbleed – from Shawn

• Yahoo, MSN Struck by Advanced Malvertising Campaign

• Factory That Made Exploding Galaxy Note 7 Batteries Catches Fire

• US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI

• Vizio settles with FTC, will pay $2.2 million and delete user data

• WordPress Kept Users And Hackers In The Dark While Secretly Fixing Critical Zero-Day

• Diehard Coders Just Rescued NASA’s Earth Science Data

• University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices

• Bored with ho-hum cloud backups? Use Usenet (yes, Usenet!) instead

• Unpacking the rack-mount chassis – YouTube

• Moving tower system into rack mount chassis – YouTube

• Yes, an APC AR3100 rack can fit into a Subaru Outback

• APC AR3100 rack assembly – YouTube

• Moving the rack into place – YouTube

The post Metadata Matters | TechSNAP 306 first appeared on Jupiter Broadcasting.

After we get through a slew of great open source project achievements, we discuss the slippery slope that online services represent to Linux users.

Plus we get all big picture, what can be learned from ownCloud’s recent troubles, what we conclude by reading between the lines & more!

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show

• Muhammad Ali & IBM sought to “shake up the world” with Linux | Network World

Follow Up / Catch Up

The new Control Center Shell

A demonstration of the new Control Center UI being developed

Arc Is a Gorgeous GTK Theme for Linux Desktops

It has been a veritable eon since we last highlighted a GTK theme here on this site.

• Arc Icon Theme Released Based on Moka, Here’s How to Install on Your Linux OS

• You Can Now Have All the Ubuntu 16.04 LTS Live DVDs into a Single ISO Image

Yes, the moment you’ve been waiting for is here, and you can now have all the essential Ubuntu 16.04 LTS (Xenial Xerus) Live CD editions into a single ISO image. Linux AIO Ubuntu 16.04 includes Ubuntu 16.04 LTS, Ubuntu MATE 16.04 LTS, Kubuntu 16.04 LTS, Xubuntu 16.04 LTS, Lubuntu 16.04 LTS, and Ubuntu GNOME 16.04 LTS.

• Linux AIO

TING

• Ting – mobile that makes sense

Trisquel is about ethics not technology or innovation

So, please, stop thinking about snappy packages and begin enjoying your LIBERTAD (FREEDOM).

Firefox 47.0

Embedded YouTube videos now play with HTML5 video if Flash is not installed.

• Firefox 47 widens HTML5 video support to include DRM-protected streams

Support for Google’s Widevine CDM — which is currently limited to Windows and OS X — was first introduced to the Nightly build of Firefox two months ago, and has made a seamless transition to the stable build.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

What we can learn from ownCloud’s collapse

Another factor in ownCloud’s undoing could be venture capitalists. Jos Poortvliet, the ownCloud community manager who now works at Nextcloud told me that a lot of ownCloud features were held back because developers had to convince investors in 30 seconds. And every such conversation led to a comparison with Dropbox. Investors would refuse features on the basis that Dropbox doesn’t do that.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Slipping Into Google

• How I Quit Google | TIME

• Google Now Launcher – Android Apps on Google Play

Upgrade the launcher on your Android device for a fast, clean home screen that puts Google Now just a swipe away.

• Google now

• Google VR – Daydream

• Google Chrome continues to be my go to browser for work. Makes switching to Linux easier.

• Google stuff tends to have a Linux solution

Support Jupiter Broadcasting on Patreon

The post Mind on my Cloud & Cloud on my Mind | LINUX Unplugged 148 first appeared on Jupiter Broadcasting.

We start from a town that has no internet and reflect on how quickly the last 8 years of progress feel very distant, then discuss the recent extreme examples of companies challenging Net Neutrality. Ballmer says Windows Phones should run Android apps & maybe he’s right?

Google’s Chromebooks make up half of US classroom devices. As parents, are we comfortable with Google having a lifetime of history on our kids?

Plus some follow up on a previous Kickstarter of the week with a special guest, the likely conclusion to a five year old tech story & the inside scoop on the Jupiter Broadcasting SWAG for the Holidays giveaway!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Town that has no cell phone service loses its primary Internet provider | Ars Technica
• AT&T vs. FCC, net neutrality: AT&T says it’s had to kill ideas | BGR
• Comcast Tests Net Neutrality By Letting Its Own Streaming Service Bypass Usage Caps | Techdirt
• Windows Server 2016 moving to per core, not per socket, licensing | Ars Technica
• Ballmer: Microsoft Mobile Should Focus On Android Apps Not Universal Apps – Slashdot
• Google’s Chromebooks make up half of US classroom devices
• Sticky disc makes any watch a smartwatch – BBC News
• Samsung finally agrees to pay Apple $548 million, with a few caveats | The Verge
• PopcornTimeCE/desktop · GitHub

The post Children of the Chromebook | TTT 225 first appeared on Jupiter Broadcasting.

Hit the road with our favorite apps for offline nav, finding a free place to sleep, taking care of basic RV tasks & the best way to capture the trip.

Direct Download:

HD Video | Mobile Video | MP3 Audio | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feed

— Show Notes —

Prep for the Road

RV Checklist on the App Store

RV Check List is a tool that provides various checklists for the RV owner. These task lists cover various phases of the RV adventure. I am a fellow RV owner who decided there should be a better way then multiple hand written checklists or trying to depend on your memory wrote this application.

• Road Trip Checklist on Pinterest

Finding a Place to Stay:

CoPilot App – GPS Navigation & Traffic

• Offline navigation: street maps stored on-board your iPhone/iPad
• Clear voice-guided, turn-by-turn directions with text-to-speech technology
• Driver-friendly 3D guidance display shows you the way at every turn
• Lane indicator arrows, highway exit sign post information and realistic ClearTurn(tm) view to help you at complex junctions
• Real-time ActiveTraffic(tm) and predictive time-of-day routing helps you avoid delays, so you’ll arrive on-time and stress-free, every time
• Automatic routing and fast recalculation if you miss a turn
• Safety camera alerts with free database updates (not available in North America, France or Switzerland)
• Unique directions only view and motion lock for safer driving
• CommuteMe(tm) automatically learns your favourite route to and from work, and checks it for traffic every day
• Speed limit warnings and speedometer
• Accurate ETAs so you know when you’ll arrive
• And much, much more…

• CoPilot GPS – Car Navigation, Offline Maps and Traffic on the App Store
• CoPilot GPS – Navigation App – Android Apps on Google Play

Allstays | Campgrounds | RV Parks

Over 29,000 Campgrounds: Independent, KOA, National/State Forest, State Parks, Public Lands, Army Corps, National Park, Military, County and City Parks, casinos.

Independent Truck Stops, Flying Js, Pilot Travel Centers, Loves Travel Stops, Petro Centers, TA Travel Centers, Petro Canada. Includes info on fuel lanes, dump stations, propane, restaurants, internet, laundry, showers, tire care, travel stores, ATMs, Western Union, UPS, FedEx and more. Are they RV friendly.

• Camp and RV – Campgrounds Plus – Android Apps on Google Play
• Camp & RV – Tent Camping to RV Parks on the App Store

Mileage Keeper (gas mileage / fuel economy tracker) on the App Store

Mileage Keeper tracks your vehicle’s fuel economy, which helps you save money!

• Automatic: Connect Your Car to Your Digital Life

The Automatic adapter plugs into the standard diagnostics port hidden under the dash in most cars since 1996.

Checking for Signal

FieldTester on the App Store

Field Tester can be used to quickly evaluate the strength of your phone signal, and the quality of your data/WiFi network.

• OpenSignal 3G 4G WiFi Maps & Speed Test

With OpenSignal you can map cellular coverage, find Wi-Fi hotspots, test and improve your reception & get faster data.

• Wifi Analyzer – Android Apps on Google Play

Dumping… Your Tanks

Sanidumps: RV Dumps, Sani Station, Dump Points comprehensive directory

A comprehensive directory helping RVers find RV dump station locations to empty their gray water and black holding tanks, When RVs have to go…

• Sanidumps RV Dump Station Locator on the App Store
• Sanidumps RV Dump Station – Android Apps on Google Play

Capture the Road

Hyperlapse from Instagram on the App Store

Create amazing time lapse videos with Hyperlapse. Using Instagram’s in-house stabilization, Hyperlapse shoots polished time lapse videos that were previously impossible without bulky tripods and expensive equipment.

• Cornbread
• Technology For Connection | WTR 43 | Jupiter Broadcasting
• Dark Sky for iPhone and iPad

The post Top Road Trip Apps | FauxShow 224 first appeared on Jupiter Broadcasting.

Verizon’s super cookie just got nastier, Facebook has plans for free Internet from space & Google launches AMP, Accelerated Mobile Pages Project for a faster, open mobile web.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• FAA Proposes $1.9 Million Fine For Unauthorized Drone Use
• Verizon’s Zombie Cookie Gets New Life
• Official Google Blog: Introducing the Accelerated Mobile Pages Project, for a faster, open mobile web
• Accelerated Mobile Pages Project, Backed By Google, Promises Faster Pages
• Carriers are Making More From Mobile Ads than Publishers Are — Medium
• Facebook to beam free internet to Africa with satellites
• Elon Musk’s satellite Internet project takes another step forward

The post Creeper Cookies | TTT 215 first appeared on Jupiter Broadcasting.

A Google leak suggests a new Chromecast & two new Nexus devices are just around the corner. Facebook is turning up the tracking & the big statement Microsoft is making with their $75 million donation.

Plus an illuminating Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Exclusive: This is the 2nd gen. Chromecast w/ backdrop feeds, better WiFi, ‘Fast Play,’ more | 9to5Google
• Exclusive: Google and Spotify launching Chromecast support later this month | 9to5Google
• Facebook’s Like Buttons Will Soon Track Your Web Browsing to Target Ads | MIT Technology Review
• Microsoft to spend $75 mln to boost computer science in schools
• Google Glass now “Project Aura,” ex-Amazon Fire Phone employees hired | Ars Technica

Kickstarter of the week:

• Zyntony Torch: Baddest Light on the Planet! by Zyntony — Kickstarter
• Zyntony | Where will your Torch take you?

The post Dislike the Like Button | TTT 213 first appeared on Jupiter Broadcasting.

Updates on the Ashley Madison story after another massive data dump, JKF Airport starts tracking your cell phone to measure wait times & we debate the various uses for this technology. Firefox has big changes coming to addons & Google’s plan to reduce Android bloat!

Plus Pearbuds… Our Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Hackers Dump More Ashley Madison Data | Motherboard
• Ashley Madison: Sally’s Song (The Infidelity Ad) – YouTube
• Wow, Spotify’s New Privacy Policy is Atrocious [Updated]
• Your new phone will have less Google bloatware, and that’s awesome | Android Central
• JFK Displays Actual Wait Times Using Beacons That Monitor Mobile Phones – Blip Systems : Blip Systems
• GitHub’s top coding languages show open source is everywhere | Ars Technica
• The Future of Developing Firefox Add-ons | Mozilla Add-ons Blog

• Pearbuds – The World’s Smallest Stereo Cordless Earbuds by Pearbuds — Kickstarter

• Moto Hint – Motorola

• Amazon.com: LG Electronics Tone Pro Bluetooth Stereo Headset – Black HBS-750: Cell Phones & Accessories

• Amazon.com: LG Electronics TONE INFINIM Bluetooth Stereo Headset – Retail Packaging – Silver: Cell Phones & Accessories

The post Unfaithful Privacy Policies | TTT 206 first appeared on Jupiter Broadcasting.

Windows 10 is released to the public, but the devil is in the details. Microsoft’s new small print – how your personal data is (ab)used, we share the details.

Plus how the mainstream is reacting to the new release, the sliding market share of the iPad & the teleportation breakthrough scientists are reporting.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Windows 10 Free Upgrade Available in 190 Countries Today | Blogging Windows

• Windows 10 Is Revealed – YouTube

• Windows 10 review | The Verge

• Review: Windows 10 is the best version yet—once the bugs get fixed | Ars Technica

• Microsoft’s new small print – how your personal data is (ab)used

• iPad Market Share Falls Below 25% as Tablet Market Continues to Decline – Mac Rumors

• Beam Me Up? Teleporting Is Real, Even If Trekkie Transport Isn’t

The post Get Tracked with Windows 10 | TTT 198 first appeared on Jupiter Broadcasting.

Angela and Chris compare their smart watches and wear. They go through their motivation for wearing watches in the first place, which features are important, and the pros and cons of each.

Direct Download:

HD Video | Mobile Video | MP3 Audio | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feed

— Show Notes —

q5sys’s watch:

• https://i.imgur.com/3lI29A1.jpg
• https://pocketcalculatorshow.com/nerdwatch/seiko-computer-watch-fun/

Radek Writes:

Just a quick though – consider adding a full list of referral links on donate/contact page (with maybe a list of shows/codes to support)… For those that don’t listen/watch a particular show but still would like to support JB.

David Writes:

I’m thinking it would be courteous if there were a check-box item on your contact form to copy submissions to JB back to the poster.

Seems, fair, no? You’ve got our e-mail addy.

Robyn Writes:

So, I stumbled on your show about 4 days ago and I haven’t been able to stop listening. It just so happens I’m in transition and looking to find a job that I can do out of my home. I have no idea if I could be good at this but I’m interested to find out. I was wondering if you could give me a few pointers on how to get started.

And by the way, your show ROCKS! Love hearing the guest speakers and all of you are very inspirational.

Thanks,

WTR

• Check out Women’s Tech Radio – Episode 25
• Follow WTR on twitter: www.twitter.com/heywtr
• Email WTR: wtr@jupiterbroadcasting.com

Follow Jupiter Broadcasting

• See more pics: https://instagram.com/jupiterbroadcasting#
• Sign up for Jupiter Signal: www.bit.ly/jupitersignal
• Unfilter is on Patreon! https://www.patreon.com/unfilter
• Tech Talk Today is on Patreon! https://www.patreon.com/jupitersignal

JB SWAG

• Jupiter Logo Shirt

— Find the FauxShow! —

• Facebook: https://www.facebook.com/thefauxshow
• Twitter: https://www.twitter.com/angerz
• G+: https://www.gplus.to/fauxshow
• Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
• Jupiter Radio: https://jblive.info
• Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
• Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
• Donations: https://original.jupiterbroadcasting.net/donate
• Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Apple Watch vs Android Wear | FauxShow 213 first appeared on Jupiter Broadcasting.

Apple is reportedly attempting to kill free streaming music but the story stinks of a hit piece. GOG launches their steam competitor to the public & CoreOS ups the container game.

Plus Chris reviews Hello’s Sense sleep tracking device. Can it unlock the secrets of a good sleep?

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Single Verizon IP Address Used For Hundreds of Windows 7 Activations

A presumed pirate with an unusually large appetite for activating Windows 7 has incurred the wrath of Microsoft. In a lawsuit filed in a Washington court, Microsoft said that it logged hundreds of suspicious product activations from a single Verizon IP address and is now seeking damages. Who he, she or they are behind address 74.111.202.30 is unknown at this point, but according to Microsoft they’re responsible for some serious Windows pirating. “As part of its cyberforensic methods, Microsoft analyzes product key activation data voluntarily provided by users when they activate Microsoft software, including the IP address from which a given product key is activated,” the lawsuit reads. The company says that its forensic tools allow the company to analyze billions of activations of software and identify patterns “that make it more likely than not” that an IP address associated with activations is one through which pirated software is being activated.

GOG’s Take On Steam Goes Live Today

GOG Galaxy, which you can download here, is now in open beta. Like Steam, Origin, and other PC gaming clients, it’s a stand-alone program with its own achievements, friend lists, and massively restrictive DRM. Just kidding. Anyone who follows the people behind GOG—a subsidiary of _Witcher 3 _developer CD Projekt Red—knows they’re as anti-DRM as it gets.

CoreOS Gives Up Control of Non-Docker Linux Container Standard | Data Center Knowledge

Taking a major step forward in its quest to drive a Linux container standard that’s not created and controlled by Docker or any other company, CoreOS spun off management of its App Container project into a stand-alone foundation. Google, VMware, Red Hat, and Apcera have announced support for the standard.

Becoming a more formalized open source project, the App Container (appc) community now has a governance policy and has added a trio of top software engineers that work on infrastructure at Google, Twitter, and Red Hat as “community maintainers.

Apple pushing music labels to kill free Spotify streaming ahead of Beats relaunch

The Verge has learned that Apple has been pushing major music labels to force streaming services like Spotify to abandon their free tiers, which will dramatically reduce the competition for Apple’s upcoming offering. DOJ officials have already interviewed high-ranking music industry executives about Apple’s business habits, but it appears the FTC has taken the lead in recent weeks.

Hello Sense Reveiw

Sense is a simple system that tracks your sleep, monitors the environment in your bedroom and reinvents the alarm, so you can sleep better.

Sense tracks the environmental data in your bedroom and disturbances such as noise and sound. Sense combines this data with your sleep cycle information to give you a complete picture of your night.

With all this information clearly presented to you, over time you will know how to set yourself up for the best night’s sleep, every night.

• Sleep as Android – Android Apps on Google Play

Smart alarm clock with sleep cycle tracking.

• LG G Watch R – Was $299, now $249 – Google Store

The stunning full-circle P-OLED display fills the entire round 1.3″ watch face and delivers clear visibility in bright sunlight and at acute angles.¹

The post Hostile Music Takeover | Tech Talk Today 166 first appeared on Jupiter Broadcasting.

Transitions in life comes in many forms, work, relationships, gadgets. How we deal with the process of transition is key & why we shouldn’t be anxious about a transition, even if it’s a difficult one.

Plus a bit about GitHub’s ongoing DDoS, switching from PHP to Ruby & a new contender for the perfect Linux dev rig.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Feedback

• Listening to Show 146

• New Job New Language

• Devops Html5 Cloud Application

Dev World Hoopla

GitHub suffers ‘largest DDoS’ attack in site’s history

GitHub is suffering a DDoS attack deemed the largest in the website’s history and believed to originate from China.

The coding website is a popular repository for projects from game engines to security applications and web app frameworks, and is used by programmers and tech firms to develop and share tools. Since Thursday, the website has been under fire in a DDoS attack of a scale which has forced GitHub staff to rally and attempt to mitigate access problems.

In a blog post last week, GitHub said the distributed denial of service (DDoS) attack is the largest in github.com’s history. Beginning on March 26, at the time of writing the onslaught is yet to end.

GitHub says the attack “involves a wide combination of attack vectors,” which “includes every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub says.

The “specific class” of content may be related to China. As reported by the Wall Street Journal, GitHub’s traffic surge is based on visits intended for China’s largest search engine, Baidu. Security experts told the p

Transitions

• The process or a period of changing from one state or condition to another.

• Undergo or cause to undergo a process or period of transition.

• Transition can be a lot of things… You view on a technology, the status of a relationship, or a job.

• We should not resist the process of transition. Without it, we can’t eventually fix whatever needs fixing, move forward, and arrive at our destination.

The post The Sonic Philosophy | CR 147 first appeared on Jupiter Broadcasting.

Microsoft goes all in on Android & we breakdown the big questions behind the apps. Intel announces wireless docking at the chipset level & Canada’s covert operation of tracking downloads and uploads all over the world is revealed.

Plus a few tangents & the biggest “disruption” of the year!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Microsoft Launches Outlook For iOS And Android Based On Its Acompli Acquisition

Microsoft today launched Outlook for Android and iOS phones and tablets, based on the application it acquired when it bought Acomplilast December. These new applications will go live in their respective app stores over the course of the next few hours.

• Microsoft Office now available for Android tablets – Liliputing

Microsoft says its mobile Office apps should run on devices with Android 4.4 or later, 1GB of RAM or more, and ARM-based processors. Support for Intel chips is in the works and Microsoft says it plans to add support for Intel-based tablets within the next few months.

Peeing My Way Around New York City With Airpnp, The App For Bathroom Emergencies – BuzzFeed News

Airpnp is the worst-designed app I’ve ever used. It’s also the most profound.

• Vacation Rentals, Homes, Apartments & Rooms for Rent – Airbnb

AnandTech | Intel Announces Broadwell vPro Processors: Wireless Docking and More

ntel Wireless Docking could be the most exciting new feature. Using four channels of 802.11ad at 60 GHz radio frequency, Intel claims a total bandwidth of 7 Gbps. All data passed between the dock and device is protected with 128-bit AES hardware encryption, and two monitors plus USB 3.0 are supported. Intel has not yet provided information yet about supported resolutions, however they do provide an impressive video demonstrating a video file streaming from a USB stick to a laptop from the wireless dock, then back to the wireless dock for display.

This docking implementation is particularly interesting as it is implemented at the chipset level instead of the OS level. Intel’s low level control of peripherals allows them to enable no-brainer functionality such as closing the laptop lid and not entering sleep mode after establishing the dock connection.

Canada Casts Global Surveillance Dragnet Over File Downloads – The Intercept

The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files.

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated – Slashdot

A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its “Phantom” series that will prohibit flight within 25 kilometers of the capital.

The post Canadian On Tap | Tech Talk Today 124 first appeared on Jupiter Broadcasting.

We recap Uber’s really bad week & their recent changes in response. Thanks to the Apple Watch SDK we now have an idea of what using one will be like & it’s limitations become more clear.

Plus Viber takes chats public & we ponder why, the Stingray mystery & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

“God View”: Uber Investigates Its Top New York Executive For Privacy Violations

Uber said Tuesday that it is investigating its top New York executive for tracking a BuzzFeed News reporter without her permission in violation of what the transit giant says has long been its privacy policy. The company also published its privacy policy for the first time on Tuesday, though it said the policy had always been in effect.

Uber took both actions in the wake of a BuzzFeed News story that revealed that the reporter’s ride had been tracked without her permission and that another Uber executive had suggested the company might smear journalists who wrote critically of Uber. The executive who suggested digging into the private lives of journalists, Emil Michael, said his comments were “wrong” and that he regrets them.

Tracking customers is easy using an internal company tool called “God View,” two former Uber employees told BuzzFeed News. They said God View, which shows the location of Uber vehicles and customers who have requested a car, was widely available to corporate employees. Drivers, who operate as contractors, do not have access to God View.

Early this November, one of the reporters of this story, Johana Bhuiyan, arrived to Uber’s New York headquarters in Long Island City for an interview with Josh Mohrer, the general manager of Uber New York. Stepping out of her vehicle — an Uber car — she found Mohrer waiting for her. “There you are,” he said, holding his iPhone and gesturing at it. “I was tracking you.”

Mohrer never asked for permission to track her.

11 things we just learned about how the Apple Watch works | The Verge

An iPhone is required — at (almost) all times. In Apple’s own words, Watch apps extend iOS apps. “You begin your Watch app development with your existing iOS app, which must support iPhone.”

Native apps are coming next year. Important footnote from the press release: “Starting later next year, developers will be able to create fully native apps for Apple Watch.”

There could be more Watch sizes later. “Unlike iOS, where you place views at a coordinate on the screen,” Apple says, “with WatchKit, objects automatically flow downward from the top left corner of the screen, filling the available space.”

There are two types of Apple Watch notifications. The “Short Look” is only seen briefly when you raise your wrist — it’s an app icon, an app name, and some brief information. If the wearer keeps their wrist raised long enough — “after a moment,” according to Apple — the screen changes to a “Long Look” notification, which provides more information and is more customizable. For Long Looks, the app icon and name move to the top of the screen, and wearers can scroll down through the interface to use custom actions (such as “comment” or “favorite”) or dismiss the notification.

Glances. We already knew some of this, but now it’s well documented. In addition to the app itself and the notification, developers can make “Glances” for quick view of information (e.g. time, weather, tasks left). All the information must fit on a single screen and is read-only, but you’ll be able to tap it to enter the corresponding app.

No custom gestures. The interface is more or less locked to what Apple wants: vertical swipes scrolls through the screen, horizontal swipes go between pages, taps indicate selection, “force touch” opens up a context menu, and that digital crown scrolls through pages way faster. Additionally an edge swipe left goes back or up a page (“back to the parent interface controller,” if we’re being technical), and an edge swipe up opens the “Glance” view.

Messaging App Viber Takes A Step Into Social Networking With New Public Chats Feature | TechCrunch

Today Viber, the messaging app with 209 million users, is taking a different approach: it is launching Public Chats, giving users a way of using its direct messaging and voice services app to broadcast to the world at large.

Public Chats will see the introduction of live conversation streams — from celebrities, or as CEO Talmon Marco told me, other interesting people “like taxi drivers!” — that will be open for any follower to see, but not necessarily participate in. Users will only be able to jump in and talk in Public Chats if the account in question is in their contacts.

Baltimore Police balk when pressed by judge on phone tracking capabilities – Baltimore Sun

Baltimore prosecutors withdrew key evidence in a robbery case Monday rather than reveal details of the cellphone tracking technology police used to gather it.

The surprise turn in Baltimore Circuit Court came after a defense attorney pressed a city police detective to reveal how officers had tracked his client.

City police Det. John L. Haley, a member of a specialized phone tracking unit, said officers did not use the controversial device known as a stingray. But when pressed on how phones are tracked, he cited what he called a “nondisclosure agreement” with the FBI.

Defense attorney Joshua Insley still believes that police used a stingray to find Taylor. He cited a letter in which prosecutors said they were prohibited by the Department of Justice from disclosing information about methods used in their investigation.

The portable device was developed for the military to help zero in on cellphones. It mimics a cellphone tower to force nearby phones to connect to it.

Records shows that the Baltimore Police Department purchased a stingray for $133,000 in 2009.

The post Uber's God Complex | Tech Talk Today 95 first appeared on Jupiter Broadcasting.

The perfect crime, that’s Cloud enabled. The NSA gets caught with Google\’s cookies, and a new breed of corrupt Internet police.

Plus a fantastic batch of your questions, our answers, and much much more!

Thanks to:

Flaw in Microsoft Office 365 allows ‘perfect crime’

• The researchers who discovered the attack are calling it the ‘Ice Dagger’, because it left behind almost no evidence and it took months of effort by researchers and Microsoft’s Security Response Team to discover what had happened
• in April 2013, a customer’s nodes analyzed an HTTP request that triggered a “high risk” heuristics alert
• The request was for an MS Word document hosted on a TOR Hidden Service node (onion.to address)
• In this case, the request to the TOR service was not made by the user, but by MS Word it self, this elevated the incident to extremely suspicious
• “Upon reviewing the metadata of the request, we noticed that its response had a WWW-Authenticate header with RootDomain=”sharepoint.com”, even though the request obviously wasn’t for a sharepoint.com domain. At this point we started assessing the situation and treating it as a potential data theft”
• The end user had received an email specifically addressed to them containing a link to an MS Word document hosted on the TOR Hidden service, a very specific spear phishing attack
• When the user opened the link, it fired off the MS Office365 URL handler, ms-word:// and MS Word opened the document
• Due to a bug in MS Word, when the malicious web server sent the same WWW-Authenticate header that Office365 would have sent, MS Word sent the user’s private SharePoint access token back to the malicious web server, even though it should only ever send that token to sharepoint.com
• With this token, an attacker can access every document in the Office365 environment, including SharePoint and SkyDrive, completely undetected
• The attacker can copy all of the documents and then delete them, or make subtle modifications that could prove disastrous
• The attack comes down to a few simple steps:
• You get a mail asking you to review a document or visit a webpage. Some ideas: Maybe a document with coupons? Someone’s CV? A price quote? A contract? Obviously at least one employee out of hundreds will read the document.
• You click on the link. The web page asks you to open the document in Word, just like SharePoint Online asks you (shown in step 2 above). Because this dialog is so common when using SharePoint Online, it’s really hard to believe anyone will refuse the request.
• Word is now requesting the document from the malicious webpage. The malicious webpage asks Word for its Office 365 token and Word willingly gives it. The malicious webpage gives Word a legitimate-looking document in return.
• The attacker now has your Office 365 token. You have a document which you will shrug off as meaningless and go on with your day.
• The researchers provided their completed research to Microsoft on May 29th, 2013
• The patch has finally been released as part of the December Patch Tuesday MS13-104 fixes CVE-2013-5054
• Conclusions: This was A Perfect Crime. “There was no malware payload to reverse-engineer. No file hash we can trace through time. No IP address to locate and investigate. No servers to confiscate. The attacker simply gets away with your Office 365 token. For good. This is important in the context of understanding the limitations of your existing endpoint and perimeter defenses in the context of SaaS applications and cloud services.”
• Microsoft also patched a WinVerifyTrust signature validation vulnerability in Windows that can be used to disguise malicious applications as trustworthy, signed executables. \”Exploits targeting this vulnerability have been seen in the wild, so deploy this patch as soon as possible\”
• Additional Coverage: BetaNews
• Additional Coverage: Network World
• Additional Coverage: Information Week
• Additional Coverage: SC Magazine
• Additional Coverage: Softpedia

• iXsystems Gear

NSA using Google cookies to pinpoint targets for attack

• The agency\’s internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government
• The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.
• According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or \”cookies\” that advertising networks place on computers to identify people browsing the Internet.
• The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie.
• These cookies typically don\’t contain personal information, such as someone\’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person\’s browser.
• This cookie allows NSA to single out an individual\’s communications among the sea of Internet data in order to send out software that can hack that person\’s computer. The slides say the cookies are used to \”enable remote exploitation,\”
• Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show.
• These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.
• Google assigns a unique PREF cookie anytime someone\’s browser makes a connection to any of the company\’s Web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit Web sites that contain embedded \”widgets\” for the company\’s social media platform Google Plus. That cookie contains a code that allows Google to uniquely track users to \”personalize ads\” and measure how they use other Google products.
• Another slide indicates that the NSA is collecting location data transmitted by mobile apps to support ad-targeting efforts in bulk. The NSA program, code-named HAPPYFOOT, helps the NSA to map Internet addresses to physical locations more precisely than is possible with traditional Internet geolocation services.

British “Police Intellectual Property Crime Unit” attempts to censor the global Internet

• We have covered a bit of this story in the past, but it seems to be getting worse, and we have a lot more detail now
• “Today, a special police unit can decide that a certain website needs to disappear from the Internet, and threaten its domain name registrar into revoking the address “until further notice”, without any legal basis whatsoever.”
• The PIPCU is claiming success in it’s Operation Creative, a three month campaign where they improperly seized the 40 domains they accused of copyright infringement. Some of the sites were shut down, while some simply moved to a different domain
• The owners of the 40 domains, nor their registrars or web hosts were ever served with a court order
• How the PIPCU works:
• Investigators who work at notorious copyright trolls such as BPI (British Phonographic Industry) and FACT (Federation Against Copyright Theft) scour the Internet, looking for websites that share copyrighted content
• They then forward this ‘intelligence’ to the PIPCU, which then decides whether or not it will attempt to take down the site.
• The PIPCU will ask a network of over 60 advertisers to stop placing banners and bankrolling a pirate resource
• Finally, after a certain period of time, the PIPCU will send a letter to the site’s registrar, asking it to suspend the domain name. Instead of a court order, this peculiar document refers to an outdated section of ICANN’s Registrar Accreditation Agreement, which states that such accreditation can be terminated if the organisation is found to have ‘permitted illegal activity in the registration or use of domain names’.
• This scare tactic causes many registrars to suspend the domains, rather than risking their entire business by losing their ability to register new domains
• One registrar has decided to stick up for its users, and the rest of the internet
• EasyDNS posted the notice on their blog
• Specifically “We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court”
• Registrars are not ALLOWED to seize a domain without a legal basis. Registrars that complied with the shakedown may actually be in violation of ICANN policies
• One customer who had their domain seized at another registrar then attempted to move to EasyDNS, however the ‘losing’ registrar, in violation of ICANN policy’, refused to release the domain
• So EasyDNS requested that Verisign, the operators of the .com and .net registries, make a ruling and release the domain. However Verisign rendered a decision of ‘no decision’
• Verisign’s reason for no decision? The losing registrar did not provide the requested documentation
• EasyDNS has appealed the decision with ICANN and we are watching for further developments

Feedback:

• Basic advice to protect against ongoing DDoS attack

  • Slides from Allan’s Talk

• FreeNAS redundancy on two computers

• Replication Tasks – Freenas

• Location based dns question

  • Slides
  • Video
  • blblack/gdnsd · GitHub

• Possibility of \”hashing\” documents holding personal information?

• Jupiter Broadcasting 2014 Limited Shirt

3 days 4 hours left to buy

Round Up:

• CertiVox confirms it withdrew PrivateSky after GCHQ issued warrant
• Microsoft calls the US Government an ‘Advanced Persistent Threat’
• Andreessen Horowitz Invests $25 Million in Bitcoin Wallet Coinbase
• NetBSD machine finally bites the dust after 8 years 122 days uptime
• “We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say
• Researchers develop proof of concept for undetectable trojan that can be added to Intel Ivy Bridge CPUs
• YouTube Fails In Explaining Flood Of Takedowns For Let\’s Play Videos
• Researchers find flaw in Disqus commenting system, de-anonymize posts by brute forcing the MD5 of email addresses, tabloid uses research to out politicians commenting on hate speech sites
• Problem with telephone system delays UK flights for hours
• IDC study suggests that by 2017 45% of all new server hardware will be bought by cloud providers
• Zettabytes for Days | BSD Now 14 | Jupiter Broadcasting

The post Corrupt Internet Police | TechSNAP 140 first appeared on Jupiter Broadcasting.

We answer the question: What to do when your email server gets blocked, and why it keeps happening.

PLUS: GSM phones are vulnerable to a simple tracking attack, all you need is some open source software and some spare hardware, we’ll share the details! And we introduce the TechSNAP “Hall of Shame”.

All that more, on this week’s TechSNAP!

Thanks to:

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes: