D-Link publishes its private code signing keys, exploiting Windows Symbolic Links & why encryption is not sufficient protection.

Plus some great questions, our answers, a rockin roundup & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

D-Link accidentally publishes its private code signing keys

• As part of its GPL license complain, D-Link makes its firmware source code available for many of its devices
• “He had purchased the DCS-5020L-surveillance camera from D-Link and wanted to download the firmware. D-Link firmware source code of many open source under a GPL license available.”
• “When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link”
• “In fact, in some batch files were the commands and pass phrases that were needed.”
• The certificates have already been revoked
• Fox-IT confirms: “The code signing certificate is indeed in the firmware packages, firmware version 1.00b03 released February 27 of this year, was released this certificate was therefore issued for expired, a big mistake.”
• We’ll have to cover this in more detail once more information is available, in English

“Investigating the Computer Security Practices and Needs of Journalists”

• A survey found that 50% of journalists do not use any security tools
• Those that do, may not realize that the tools they are using are ineffective, or that the way they are using them hurts their security
• “Observation: The computer security community builds a lot of tools that might be useful for journalists, but we don’t deeply understand the journalistic process!”
• “I report on unauthorized immigrants a great deal and have concerns about how to communicate with them without putting them at risk. That said, asking them to use encrypted methods of communication I think would create a greater sense of threat about talking to me and make it more difficult to report. Many are also not extremely computer-savvy. This is something I struggle with a great deal”
• “Objective: Conduct in-depth interviews with full-time journalists at recognized media organizations operating across a range of media, including print, digital, broadcast and wire services”
• Figure out the typical workflow for a journalist, model security tools that work with them, instead of forcing them to a workflow dictated by the tools
• Findings:
  • “Audio recording and digital note-taking were primary forms of interview documentation.”
  • “Many participants use third-party cloud services, but few voiced concern about possible security risks”
  • Long-term sources are common
• Sources like Snowden, a big one-time data dump, are rare
• Security Concerns:
• Negative effects on source
• Loss of credibility if source information was exposed
• Government identification of sources
• Disciplinary actions (e.g., losing job)
• Loss of competitive advantage
• Potential financial consequences
• The project found that in most cases of a journalist using security tools, it was because the source requested it, or because the journalist had had specific security training
• “A lot of services out there say they’re secure, but having to know which ones are actually audited and approved by security professionals — it takes a lot of work to find that out.”
• “There were different kinds of litigation software that I was familiar with as a lawyer, where, let’s say, you have a massive case, where you have a document dump that has 15,000 documents. […] There are programs that help you consolidate and put them into a secure database. So it’s searchable [and provides a secure place where you can see everything related to a story at once]. I don’t know of anything like that for journalism.”
• It will be interesting to see what comes out of this research

Exploiting Windows Symbolic Links

• “For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context.”
• “Symbolic links in themselves are not vulnerabilities, instead they’re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use.”
• A time-of-check time-of-use vulnerability works like this:
  • You setup a symlink to a file you are allowed to access
  • You try to access a resource
  • The software checks that you are allowed to access the resource, you are
  • You quickly re-target the symlink to something else
  • You try to access the resource, and the software allows you, since it has already checked that you are allowed
  • You now have access to a resource you should not
• “This blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in MS15-090) as far back as Windows Vista which changes who can use certain types of symbolic links. There’s not been many mitigations of this type which get back ported to so many older versions of Windows. Therefore I feel this is a good example of a vendor developing mitigations in response to increased attacks using certain techniques which wouldn’t have traditionally been considered before for mitigations.”
• Almost everything in the Windows file system is a symbolic link. Even C: is actually a symbolic link to \Device\HarddiskVolume4 (since NT 3.1)
• Microsoft has released three new mitigations:
• “Registry Key Symbolic Link Mitigation (CVE-2015-2429) — The simplest mitigation implementation is for registry keys. Effectively a sandboxed process is not allowed to ever create a registry key symbolic link. This is implemented by calling RtlIsSandboxToken function when creating a new key (you need to specific a special flag when creating a key symbolic link). It’s also called when setting the SymbolicLinkValue value which contains the link target. This second check is necessary to prevent modifying existing symbolic links, although it would be unlikely to be something found on a real system.”
• “Object Manager Symbolic Link Mitigation (CVE-2015-2428) — If an application tries to create an object manager symbolic link from a sandbox process it will still seem to work, however if you look at where the check is called you’ll find it doing something interesting. When the symbolic link is created the RtlIsSandboxToken function is called but the kernel doesn’t immediately return an error. Instead it uses it to set a flag inside the symbolic link kernel object which indicates to the object manager a sandboxed process has created this link. This flag is then used in the ObpParseSymbolicLink function which is called when the object manager is resolving the target of a symbolic link. The RtlIsSandboxToken is called again, if the current caller is not in a sandbox but the creator was in a sandbox then the kernel will return an error and not resolve the symbolic link, effective making the link useless for a sandboxed to unsandboxed elevation.”
• “NTFS Mount Point Mitigation (CVE-2015-2430) — The final mitigation is for NTFS mount points. In early technical previews of Windows 10 (I first spotted the change in 10130) the check was in the NTFS driver itself and explicitly blocked the creation of mount points from a sandboxed process. Again for presumably application compatibility reasons this restriction has been relaxed in the final release and the back ported mitigations. Instead of completely blocking creation the kernel function IopXxxControlFile has been modified so whenever it sees the FSCTL_SET_REPARSE_POINT file system control code being passed to a driver with a mount point reparse tag it tries to verify if the sandboxed caller has write access to the target directory. If access is not granted, or the directory doesn’t exist then setting the mount point fails. This ensures that in the the majority of situations the sandboxed application couldn’t elevate privileges, as it could already write to the directory already. There’s obviously a theoretical issue in that the target could later be deleted and replaced by something important for a higher privileged process but that’s not very likely to occur in a practical, reliable exploit.”
• “These targeted mitigations gives a clear indication that bug hunting and disclosing the details of how to exploit certain types of vulnerabilities can lead into mitigation development, even if they’re not traditional memory corruption bugs. While I didn’t have a hand in the actual development of the mitigation It’s likely my research was partially responsible for Microsoft acting to develop them. It’s very interesting that 3 different approaches ended up being taken, reflecting the potential application compatibility issues which might arise.”
• “Excluding any bypasses which might come to light these should make entire classes of resource planting bugs unexploitable from a compromised sandboxed process and would make things like time-of-check time-of-use harder to exploit. Also it shows the level of effort that implementing mitigations without breaking backwards compatibility requires. The fact that these only target sandboxes and not system level escalation is particularly telling in this regard.”

Encryption as Protection? Maybe Not

• We often see as part of the coverage of a data breach how the data was not “encrypted”
• As it turns out, having data encrypted on the disk, doesn’t necessarily help, if the data is still “live” on the system
• If your laptop hard drive is encrypted, but you leave it unlocked at the coffee shop and visit the restroom, anyone can access the files on your computer. Having them encrypted did nothing for you
• The way hard drive encryption works, it only protects you if you lock or shutdown the computer, and require a strong passphrase to decrypt the disk to mount it again
• The same applies to a file server or database at a company. Encryption is only useful if access to the data is still strictly controlled
• “A recent espionage prosecution in West Palm Beach, Florida demonstrates that encryption may not be the panacea that organizations think it is. So rather than relying on encryption alone, companies need to adopt and maintain strategies that continue to provide layered security.”
• “After every data breach, we hear the same mantra, “If only the data were encrypted!” As if encryption of data is the answer to data breaches.”
• The case centers in this article centers on Christopher Glenn, a 35-year-old former defense contractor living in his mother’s retirement community
• He worked for the US Government in Honduras
• “He was convicted of stealing and retaining classified documents he obtained which related to U.S. policy in the Middle East”
• “In preparation for his theft, Glenn, a “computer specialist” with a U.S. defense contractor, read up on data security in general and encryption in particular. He apparently read articles about TrueCrypt, a popular freeware encryption product used for On-The-Fly Encryption (OTFE), noting in particular an October 2011 article entitled, “FBI Hackers Fail to Crack TrueCrypt”. Glenn figured that he could create an encrypted partition (called 2012 Middle East) on his drive. He created a 30-character passphrase, thinking that the data would be secured. Indeed, he estimated that it would take the FBI “billions of years” to crack the crypto through brute force.”
• “He was wrong. And he was sentenced to 10 years in jail.”
• “According to case reports, the FBI’s counter-intelligence agents were able to decrypt the encrypted files on Glenn’s computer, which became evidence in his case. Given that this is 2015, they did so in substantially less than the “billions of years” that Glenn anticipated.”
• There is no information on how exactly the FBI decrypted the data, but it was likely an attack against the passphrase, or the machine Glenn had used to encrypt the data
• “Companies need to evaluate not only WHETHER they encrypt data, but when and how they encrypt data. For example, RAM scrapers capture credit card numbers and other personal information, which is encrypted, before the data is encrypted.”
• “All of this must be part of a comprehensive data security program which includes access control, data management, ingress and egress reporting, data loss prevention processes, intrusion detection and prevention, managed and monitored firewalls and other services, threat intelligence, and comprehensive incident response. There are no shortcuts here. Oh yes, and encryption, the right encryption.”
• Encryption of “data at rest” in servers

Feedback

• Will the ZFS port to Linux make BSD less attractive?

• ZFS and low memory machines

• Any drawbacks to hosting multiple domains on one nginx instance?

• LVM?

Round Up:

• LeCie and Seagate wireless external hard drives contain multiple vulnerabilities
• APT malactors using poorly secured satellite links to hide their identity, and the location of their C&C operations
• Apple mitigates but doesn’t fully fix critical iOS Airdrop vulnerability
• Intel says: “OpenSSL – When you come to a fork in the road, take the well-worn path”
• GM stealth patches 5 year old OnStar vulnerability
• Microsoft researcher breaks the security of CryptDB, responds to their dismissal of his research
• How to complain about being spied upon by the government
• 70 year old programmer trying to preserve ancient programming language, on github
• In the Internet of Things, uptime is important
• WSJ: We Need the Right to Repair Our Gadgets
• Woz: “Steve Jobs Played No Role In My Designs For the Apple I & II”
• Symantec/GeoTrust have revoked all SSL certificates issues under the .pw top level domain
• The US State Dept’s email server is named after Henry Stimson, who famously said “Gentlemen do not read each other’s mail”

The post Key Flaw With GPL | TechSNAP 234 first appeared on Jupiter Broadcasting.

Like a magic pony with one more trick, Comcast announces it will magically turn on 2Gbps Internet Service to some areas that recently had Google Fiber installed. Does Comcast’s sudden ability to deliver this service perfectly demonstrate how real competition is all thats needed to save the net?

Plus TrueCrypt’s audit wraps up, Ford is chasing a dream & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Comcast leapfrogs Google Fiber with new 2Gbps internet service | The Verge

One way to answer critics and competitors alike is to simply do better, and for once Comcast is doing exactly that. The US cable giant is today announcing a new 2Gbps broadband service, which it will start rolling out in Atlanta from next month. There’s no price yet, but Comcast says it will be symmetrical — meaning you’ll upload just as quickly as you can download — and it won’t be limited “just to certain neighborhoods.”

Ford Is Chasing Tesla And Uber Into The Future – BuzzFeed News

Ford CEO Mark Fields says the legacy car manufacturer is trying to think like a startup.

U.S. Smartphone Use in 2015 | Pew Research Center’s Internet & American Life Project

10% of Americans own a smartphone but do not have broadband at home, and 15% own a smartphone but say that they have a limited number of options for going online other than their cell phone. Those with relatively low income and educational attainment levels, younger adults, and non-whites are especially likely to be “smartphone-dependent.”

A Few Thoughts on Cryptographic Engineering: Truecrypt report

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

Microsoft will adopt open document standards following government battle | ITProPortal.com

Microsoft has confirmed it will start supporting the Open Documents Format (ODF) in the next update to Office 365, following a lengthy battle against the UK government.

Jupiter Broadcasting Meetup

Jupiter Broadcasting is interested in semi-frequent listener meetups, events in your area, and more. We’ll use this group to organize events.

The post Magical 2Gbit Internet | Tech Talk Today 152 first appeared on Jupiter Broadcasting.

We look back at this year in TechSNAP. Allan shares his war stories, TrueCrypt shuts down, Heartbleed happens & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Episode List

• Episode 5 – Allan Goes to War
• Episode 176 – Heartbleed Hospital
• Episode 164 – Tales from the TrueCrypt
• Episode 191 – Celebrity Bugs
• Episode 166 – Demilitarized Tone
• Episode 149 – Island Hopping Explained
• Episode 100 – 100% Uptime

The post Best Of TechSNAP 2014 | TechSNAP 194 first appeared on Jupiter Broadcasting.

We discuss how one software center for all distributions would work & which existing solutions are the closest.

Plus looking forward to some new Ubuntu apps & how Linux bit Lightworks right in the memory manager.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• VeraCrypt Is the New TrueCrypt — and It’s Better – Slashdot

FU:

• A different take on Netflix and DRM, please discuss…

• Software Store? // Slexy 2.0

• What is the bash helper you use

• systemd hate

Ubuntu Next Gen apps on Ubuntu 14.10 – YouTube

A Lightworks developer talks about the kind of issue you meet when coding for an NLE on Linux

In recent weeks, some of Lightworks’ Linux users started to report reduced performance in both new and old versions of the software. After some investigation, it appeared that the slow-down was only affecting systems with a Linux kernel newer than 3.13. In tests, kernel performance in 3.14 did seem to be slightly worse than earlier versions, but nothing that could explain the symptoms being experienced by users. So what could possibly explain the sudden change in behaviour?

• Seattle GNU/Linux Conference

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

The post Unifying Linux Software | LINUX Unplugged 62 first appeared on Jupiter Broadcasting.

An exploit that leaves Docker containers leaky, who really owns your email account and one hash algorithm to rule them all.

Then it’s a great batch of your questions and much, much more!

Thanks to:

— Show Notes: —

Docker Linux containers spring a security leak

• A security exploit has surfaced that can allow rogue programs to break out of Docker containers and access files on their host OS.
• The flaw has been solved in the latest version of the tech.
• The flaw \”Demonstrates that any given Docker image someone is asking you to run in your Docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker container is on\”
• \”The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, the inode of the / (root) filesystem is 2. With this information and the kernel capability it is possible to walk the host’s filesystem tree until you find the object you wish to open and then extract sensitive information like passwords,\” Docker explained in a blog post published after the flaw came out.
• \”In earlier Docker Engine releases (pre-Docker Engine 0.12) we dropped a specific list of kernel capabilities, ( a list which did not include this capability), and all other kernel capabilities were available to Docker containers. In Docker Engine 0.12 (and continuing in Docker Engine 1.0) we drop all kernel capabilities by default. Essentially, this changes our use of kernel capabilities from a blacklist to a whitelist.\”
• \”Please remember, however, that at this time we don\’t claim that Docker Engine out-of-the-box is suitable for containing untrusted programs with root privileges,\”
• Proof of Concept exploit prints /etc/shadow from the host from within Docker

Generalized Secure Hashing Algorithm

• Ted Unangst (one of the lead developers of LibreSSL, as well as OpenBSDs secure signing infrastructure and many other things) posted a thought experiment to his blog
• How would you design an uncrackable password hashing algorithm?
• Ted’s idea: create a very large number of unique hashing algorithms, or rather, a generalized hashing algorithm that takes a ‘tweaking’ parameters that changes how the hash is generated
• “Consider a hash function GSHA512, very similar to SHA512, but with slight variations on each of its constants. You could use GSHA512 #42, or GSHA512 #98765, or even GSHA512 #658743092112345678890 if there were enough variants available. 2^512 variants should be enough for anyone.”
• Now, instead of having to spend a few million on specialized SHA512 cracking hardware, an attacker (the NSA) would have to build 2^512 different specialized cracking chips
• The results?
• “Safe to say we’ve defeated custom silicon. Nobody has a fab that can trace out millions of distinct custom circuits per second.”
• “FPGA is finished too. Assuming you don’t melt it trying, you can’t reprogram an FPGA fast enough.”
• “GPUs are harder. Without having tried it, my gut tells me you won’t be able to copy out the GSHA code to the GPU fast enough to make it worthwhile.”
  • “An attacker with lots of CPUs can still crack our password, but CPUs are very expensive. What if somebody could fab their own very cheap, very limited CPUs? Like a 100000 core CPU with only just enough cache to implement GSHA? Now we may be in trouble. The transistor count for GSHA is quite low, but they need to be the special high speed general purpose kind of transistor circuit. The scrypt paper notes that a CPU could be cheaper than RAM if stripped of all its extra functionality, but in practice it’s hard to calculate all the tradeoffs.”
  • “This part isn’t very practical The idea is that a cracker would look less like a SHA512 cracker, capable only of performing one hash, and more like a typical CPU, capable of performing many hashes. Requiring the attacker to be adaptable in this way brings their costs in line with our costs. Maybe. Waves hands.”
• Of course, to defeat custom CPUs, one could just use GSHA512 as the core to something like scrypt, which tries to defeat customer hardware by requiring a lot of memory instead
• Example Implementation
• “Don’t use these functions for anything but password hashing. (Don’t use them at all is even sounder advice.)”

Who owns your email account?

• A user had their Yahoo email account terminated by Yahoo for violation of its terms of service
• The violation was apparently for flaming another user in the comments thread under Yahoo news articles
• Since the email address is part of the overall ‘Yahoo Account’, it was terminated
• Eric Goldman, law professor at Santa Clara University says: \”A cloud service can lock off your assets,\” he adds. \”They may still be your assets from a matter of legal ownership, but if you have no access to them, who cares?\” (Possession is 9/10th of the law?)
• Microsoft and Google have similar terms, although Google adds: \”If we discontinue a Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service\”
• This is why it is probably best to always use your own domain, that you own it
• Even if you use gmail or some other service to actually host the mail, if your gmail account gets terminated, you can move your hosting elsewhere and most importantly, your email address does not change
• There is also the option to host your own email, with a hosting account, VPS or dedicated server
• In these cases, especially when you do not have multiple servers to provide backup MX, I recommend a service such as: DNSMadeEasy Backup Email Service

Feedback:

• Rolling out disk-level encryption on a domain (healthcare, gasp)

• mail archiving help

• Question: Unix machines (Linux or BSD) In an office setting

• DNS fuckery from my ISP

• Why not SSH as root?

• Canada’s Anti-Spam Legislation

Round Up:

• Hackers Claim to Leak 1.2 Million Origin Accounts and Passwords; Electronic Arts Finds No Evidence

• Hackers attempt to ransom 600,000 Domino’s Pizza customer records from France and Belgium. Demand 30,000 EUR, $40,000, USD or they will release the data. Data said to include full names, addresses, phone numbers, email addresses, passwords, delivery instructions, and favourite toppings. Dominos says no credit card or financial information was compromised, and they will not pay the ransom

• In 2007 (when half of all smart phones were made by Nokia), Nokia paid a random of millions of euros to an attacker who managed to steal the encryption/signing keys used for Symbian. If the keys had been leaked or used, Nokia would not have had a way to ensure that phones only accepted updated from Nokia, and not malware. The money was left in a bag in a parking lot at a nearby amusement park. The blackmailer took the bag. Police, however, lost track of the blackmailer and the money was gone. Finnish authorities have had no luck solving the case.

• The SSD Endurance Experiment: Casualties on the way to a petabyte
• Intel introduces new Xeons with embedded FPGAs, compatible with existing sockets/motherboards (may require BIOS update), can greatly accelerately specific tasks
• Hacker Hijacks Storage Devices, Mines $620,000 in Dogecoin
• FOIA request releases FBIs translations of ‘twitter shorthand’
• TW Telecom (provider of business internet connections, was spun off from Time Warner Cable years ago) has been purchased by Level3 Communications (major internet backbone) for 5.7 billion USD
• After admitting it has no idea how attackers compromised its payment processing system, PF Changs restaurants switch back to old fashion analog ‘imprint’ machines for credit card processing
• Auditor asks one TrueCrypt author about forking the project, anonymous author says “I am sorry, but I think what you\’re asking for here is impossible. I don\’t feel that forking truecrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn\’t require much more work than actually learning and understanding all of truecrypts current codebase. I have no problem with the source code being used as reference.”

The post Docker Shocker | TechSNAP 167 first appeared on Jupiter Broadcasting.

Special guest Alan Pope and I kick off episode 1 of Tech Talk Today. Topics include the fall of TrueCrypt, Chris digging for Ubuntu phone info, what the heck is Tech Talk Today all about and more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

Headlines

• Google Invests in Satellites to Spread Internet Access – WSJ

• Facebook will trial Btrfs Linux file system in its data centres- The Inquirer

• Towerfall lets arrows sail on Mac, Linux | Joystiq

• BBC News – Samsung launches first Tizen phone

TrueCrypt

True Goodbye: ‘Using TrueCrypt Is Not Secure’ — Krebs on Security

The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.

Tales from the TrueCrypt | TechSNAP 164

The TrueCrypt project has shut down, and we\’ll run down what we think is the most likely answer to this sudden mystery is.

GRC\’s | TrueCrypt, the final release, archive

• And then the TrueCrypt developers were heard from

• Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from \”David.\”

• The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):

• TrueCrypt Developer \”David\”: \”We were happy with the audit, it didn\’t spark anything. We worked hard on this for 10 years, nothing lasts forever.\”

• Steven Barnhart (Paraphrasing): Developer \”personally\” feels that fork is harmful: \”The source is still available as a reference though.\”
• Steven Barnhart: \”I asked and it was clear from the reply that \”he\” believes forking\’s harmful because only they are really familiar w/code.\”
• Steven Barnhart: \”Also said no government contact except one time inquiring about a \’support contract.\’ \”
• TrueCrypt Developer \”David\” said: \”Bitlocker is \’good enough\’ and Windows was original \’goal of the project.\’ \”
• Quoting TrueCrypt Developer David: \”There is no longer interest.\”

Ubuntu Phone

This evening I will mostly be going to the pub with an #Ubuntu phone and a notebook. My pub friends always find bugs I don't.

— Alan Pope ㋛ (@popey) May 30, 2014

Reviews and ratings now work in Ubuntu phone. pic.twitter.com/kJ9G2lWLe5

— Alan Pope ㋛ (@popey) May 12, 2014

Hosts:

Guest:

• Alan Pope ㋛ (popey) on Twitter

Alan Pope works with the Ubuntu community to deliver beautiful apps on the phone, tablet, desktop, fridge…

https://podcast.ubuntu-uk.org/

Chris:

• Twitter ChrisLAS
• Google+ +ChrisFisher

The post Google Deploys Skynet | Tech Talk Today 1 first appeared on Jupiter Broadcasting.

The CTO of CoreOS joins us to go into detail about how CoreOS deploys applications in Docker Containers, allows for automatic server updates, and might just finally fix security on the web.

Plus: We’ll wrap up the TrueCrypt upset, and discuss our prefered Linux TrueCrypt replacements, a quick look at Mint 17…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

CoreOS:

Brought to you by: System76

Guest: Brandon Philips is CTO at CoreOS.

• Brandon Philips (BrandonPhilips) on Twitter

CTO @ CoreOS. Worked on Luvit and Cloud Monitoring at Rackspace and was a Linux Kernel Guy at SUSE.

• Worked at SUSE: June 2007 – June 2011 (4 years 1 month).

• Brandon Philips Personal Site

CoreOS Details:

— Recent Events —

Google Cloud Platform Blog: Official CoreOS images are now available on Google Compute Engine

CoreOS integrates easily with Google load balancers and replica pools to easily scale your applications across regions and zones. Using replica groups with CoreOS is easy; configure the project-level metadata to include a discovery URL and add as many machines as you need. CoreOS will automatically cluster new machines and fleet will begin utilizing them. If a single machine requires more specific configuration, additional cloud-config parameters can be specified during boot.

The Companies That Support Linux: CoreOS | Linux.com

On May 19, CoreOS joined the Linux Foundation as a corporate member

• Run Services with Docker

• Service Discovery with etcd

• Cluster Management with fleet

CoreOS Interview:

• Q: I would really like to hear about the motivation behind that project (maybe a little story how and why it was started).

• Q: I’ve read “based on ChromeOS” quite a bit. We assume that means its a fork, could you give us the details?

• Q: How Does CoreOS differ from a traditional “Linux distro”?

• Q: systemd in CoreOS? How critical is it, and can you give us some examples?

• Example: Fleet presents the cluster as a distributed init system by aggregating systemd running on each machine.

• Q: Can you go into more detail about how applications are deployed in Docker?

• Ex: I want to install nginx, would that process be similar to installing a package via apt, but the software is deployed inside a Docker Container?

• Q: Can you talk about etcd is used for distributed config managment?

• Q: If a node fails, how does another node pick up the work if the data is stored in a container? Is central shared storage an important component to a full CoreOS deployment?

• Q: It seems likely that the web would be a lot safer if we all used CoreOS. Do you personally believe that’s true? And why?

• Q: You recently wrote about btrfs features that could benefit servers, and specifically Docker containers. Could you talk a bit about that?

• • Q: MANY More! Catch this week’s episode for answers and more questions!

Find out more about CoreOS:

• Inaugural CoreOS Meetup – San Francisco CoreOS Meetup (San Francisco, CA)

First CoreOS meetup in San Francisco on Tuesday, June 3, 2014 6:30 PM to 8:30 PM. RSVP!

• CoreOS Linux (coreoslinux) on Twitter

— Picks —

Runs Linux

Jimmy Research Humanoid Robot, Runs Linux

• Intel NUC D54250WYK, which features an Intel Core i5-4250U 4th Generation Haswell
• 4GB of DDR3 RAM (up to 16gb expansion)
• 32GB SSD for internal storage.
• Wifi 802.11AC, and Bluetooth.
• 4x USB 3.0 & 2x USB 2.0 ports
• HDMI & Display Port video output
• Gigabit Ethernet
• SATA port

• Up to 8-channel audio.

• The robot is offered in two flavors of Linux- Ubuntu 14.04 LTS for developers who wish to take advantage of a full-featured desktop OS, or Yocto Project Poky distribution OpenEmbedded Linux which has a custom 21C Robots layer to allow for unified support across many different CPU configurations and hardware.

Sent by Jimmy TheRobot.

Desktop App Pick

Gnome Encfs Manager

The Gnome Encfs Manager (or short GEncfsM) is an easy to use manager and mounter for encfs stashes featuring per-stash configuration, Gnome Keyring support, a tray menu inspired by Cryptkeeper and lots of unique features. Whether you want to let it do things as simple as mounting a stash at startup, which is often used in conjunction with cloud-synced folders on services like Dropbox & Co., or whether you want to let it automatically mount and unmount your stashes on removeable drives such as USB-disks, SD-cards or even network-resources, GEncfsM is designed to do all the work for you.

• AUR (en) – gnome-encfs-manager

Linux Mint 15 Review: Arch’s Nemesis?

• What\’s your TrueCrypt replacement?

Weekly Spotlight

Mozilla Labs : TogetherJS

TogetherJS is a free, open source JavaScript library by Mozilla that adds collaboration features and tools to your website. By adding TogetherJS to your site, your users can help each other out on a website in real time!

— NEWS —

TrueCrypt Must Not Die – organizing a future

This is not a fork (yet), we just coordinate, a fork will probably have a new name. Combining efforts is most important for now.

• First priority: Making the product available again.
• Second priority: finding interested and capable persons volunteering to help. Identify and solve legal issues. Identify Security Threats.
• Additionally: we will wait for the result of the Open Crypto Audit
• Third priority: Fork the project and solve security threats. Found a support association for continued development.

4000+ Downloads in the first 24 hours: There is still demand for a product like TrueCrypt!

• Tales from the TrueCrypt | TechSNAP 164

The TrueCrypt project has shut down, and we\’ll run down what we think is the most likely answer to this sudden mystery is.

#TrueCrypt users on Arch https://t.co/CJpDYSHT3H and Gentoo https://t.co/1dsk1rRnpQ your #TrueCrypt has not been updated yet. Keep an eye out

— Chris Fisher (@ChrisLAS) May 28, 2014

Linux Mint 17 Released!

Linux Mint 17 is a long term support release which will be supported until 2019. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

• New features in Linux Mint 17 Cinnamon

The Update Manager was hugely improved.

It shows more information, it looks better, it feels faster, and it gets less in your way. It no longer needs to reload itself in root mode when you click on it. It no longer checks for an Internet connection or waits for the network manager and it no longer locks the APT cache at session startup.

The UI was improved, the icons were modified a bit and the changelog retrieval is now much faster and more reliable.

A new \”type\” column was added to differentiate between traditional updates, security updates, backports and romeo updates.

Security updates can now bypass safety levels and two new options were added for you to decide if they should always be visible and if they should be selected. By default these options are respectively set to True and to False.

• Linux Mint 17 “Qiana” MATE released!

Linus Torvalds Reads Mean Tweets

Taking a page from Jimmy Kimmel\’s Mean Tweets series, The Linux Foundation asked Linux creator Linus Torvalds to read some of the community\’s more colorful tweets. Of course, Linus adds his very own commentary.

• Linus Torvalds Reads Your Mean Tweets – YouTube

Leadwerks Game Engine: Indie Edition on Steam

The company today announced that its engine tools have launched on the Ubuntu Software Center — and Leadwerks now plans to focus on Ubunty as its primary supported platform, even over its Windows engine.

— Feedback —

• Happy ArchDay!

• Tech Talk Today launches Monday!

• Support Tech Talk Today and JB on Patreon

• The Jolla – Imgur

— Chris\’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged

• Datamation.com

• BattleBlock Theater – Part 2 | Geek And The Gamer

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post CoreOS: Future of Servers | LAS 315 first appeared on Jupiter Broadcasting.

The TrueCrypt project has shut down, and we’ll run down what we think is the most likely answer to this sudden mystery is.

Plus the good news for openSSL, the top 10 Windows configuration mistakes, and big batch of your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

TrueCrypt shuts down unexpectedly

• TrueCrypt is a cross-platform image or whole disk encryption system
• The website for TrueCrypt changed yesterday, stating that “it may contain unfixed security issues”
• The page states now that Windows XP is EOL and all supported versions of Windows support ‘BitLocker’ disk encryption, TrueCrypt is no longer necessary
• The website provides information about transitioning data from TrueCrypt to the OS disk encryption system for various different OSs
• The website has been updated with version 7.2 of TrueCrypt, which only allows the user to decrypt their files, not encrypt any new files
• This was originally thought to be a hack of the site, or a hoax
• The new binary is signed with the correct key, the same as previous versions of TrueCrypt, suggesting that this post is legitimate
• While the code is available, the license is restrictive
• The developers of TrueCrypt are anonymous
• GIST tracking various bits of information and speculating about possible causes
• ThreatPost coverage
• One of the suspicious things about the announcement is the recommendation to use BitLocker, the authors of TrueCrypt had previously expressed concerns about how BitLocker stores the secret keys in the TPM (Trusted Platform Module), which may also allow the NSA to access the secret key
• There is some speculation that this could be a ‘warrant canary’, the authors’ way to telling the public that they were forced to do something to TrueCrypt, or divulge something about TrueCrypt
• However, it is more likely that the developers just no longer have an interest in maintaining TrueCrypt
• The last major version release was 3 years ago, and the most recent release before the announcement was over a year ago. An actively developed project would likely have had at least some maintenance releases in that time
• The code for TrueCrypt was being audited after a crowdfunding effort. The first phase of the audit found no obvious backdoors, but the actual cryptography had not been analyzed yet.
• Additional Coverage – Krebs On Security

Core Infrastructure Initiative provides OpenSSL with 2 full time developers and funds a security audit

• The CII has announced its Advisory board and the list of projects it is going to support
• Advisory Board members include:
• longtime Linux kernel developer and open source advocate Alan Cox
• Matt Green of Open Crypto Audit Project
• Dan Meredith of the Radio Free Asia’s Open Technology Fund
• Eben Moglen of Software Freedom Law Center
• Bruce Schneier of the Berkman Center for Internet & Society at Harvard Law School
• Eric Sears of the MacArthur Foundation
• Ted T’so of Google and the Linux kernel community
• Projects identified as core infrastructure:
• Network Time Protocol
• OpenSSH
• OpenSSL
• Open Crypto Audit Project to conduct security audit of OpenSSL
• The security audit will be difficult due to the lack of a consistent style in the code and the maze of ifdef and ifndef segments
• the OCAP (Open Crypto Audit Project) team, which includes Johns Hopkins professor and cryptographer Matthew Green and Kenn White, will now have the money to fund an audit of OpenSSL
• OCAP was originally created by a crowdfunded project to audit TrueCrypt

The top 10 windows server security misconfigurations

• NCCGroup does what it calls ‘Build Surveys’, where they check production environments to ensure they are configured properly
• The following is the result of an analysis of their last 50 such surveys:
  • Missing Microsoft Patches: 82%
  • Insufficient Auditing: 50%
  • Third-Party Software Updates: 48%
  • Weak Password Policy: 38%
  • UAC Disabled for Administrator Account: 34%
  • Disabled Host-Based Firewall: 34%
  • Clear Text Passwords and Other Sensitive Information: 24%
  • Account Lockout Disabled: 20%
  • Out-of-Date Virus Definitions: 18%
  • No Antivirus Installed: 12%
• Conclusions: Everyone makes the same mistakes, over and over
• Most of these problems are trivial to fix
• Part of the problem is this culture of ‘patch averseness’, partly this is the fault of software vendors often issuing patches that break more things than they fix, but in general Microsoft has actually done a good job of ensuring their patches apply smoothly and do not break things
• Part of this is the fact that they only issue updates once a month, and only once they have been tested
• In the study, most of the machines that were missing patches, were missing patches that were more than a year old, so it isn’t just conservatism, but just a complete lack of proper patch management

Feedback:

• FreeBSD Developers Summit

• BSDCan 2014 videos

• Replacing failed disk in Freenas

• Am I too old?

• Bacula Retention and Storage Guidance

• VLAN Tag You\’re It

• Virtualisation as a Work LAN Solution

• devops is specialization

• DevOps – Wikipedia, the free encyclopedia

• Can you please talk about load balancing?

• Update on me not getting a job.

Round-Up:

• DISH Teams Up with Coinbase to Become Largest Company to Accept Bitcoin
• Post Mortem at Joyent — Opps, I accidently rebooted every server in the data center at once
• Official Google Blog: Getting to work on diversity at Google
• PeakScale’s list of PostMortems from all around the web
• YouTube starts rating U.S. ISPs, puts its weight behind settlement-free peering
• Why you don’t want to use AES-XTS encryption for anything except FDE
• Apple Forgets to Renew SSL Certificate, Breaking OS X Software Update [Fixed]
• Security concerns about HTTP/2.0 — rushing to finish and cutting corners
• Separate from the recent eBay hack, an XSS vulnerability that has not been fixed
• Last night on IRC to topic changes to VGA, and Peter Wemm dug out his old dual cpu Pentium 90mhz running FreeBSD
• Windows XP hack to get updates — Not a great idea

The post Tales from the TrueCrypt | TechSNAP 164 first appeared on Jupiter Broadcasting.

Edward Snowden has once again captured the attention of the media. False claims, and ridiculous rhetoric are in full force, and we’ll cut through the crap.

Plus: What we suspect is going on with TrueCrypt, Greenwald claims he’s ready to disclose names of the NSA’s targets, the big changes in Afghanistan, and why the director of FBI wants to hire pot smokers.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter supporter on Patreon:

— Show Notes —

NSA is Crazy

TrueCrypt Hacked?

• The binary on the website is capable only to decode encrypted data, not encode, and may contain trojan (although I didn\’t find any, but don\’t believe me). The binary is signed with the valid (usual) key. All old versions are wiped, the repository is wiped too.

Assumption #1 The website is presumed hacked, the keys are presumed compromised. Please do not download or run it. And please don\’t switch to bitlocker.

Latest working version is 7.1a. Version 7.2 is a hoax

• On the SourceForge, the keys were changed before any TrueCrypt files uploaded, but now they are deleted and the old keys got reverted back.

Why I think so: strange key change, DNS record changed, why bitlocker?

Assumption #2 Something bad happened to TrueCrypt developers (i.e. take down or death) or to TrueCrypt itself (i.e. found the worst vulnerability ever) which made them do such a thing. So this version is legit

Why I think so: all files are with valid signatures, all the releases are available (Windows; Linux x86, x86_64, console versions, Mac OS, sources), the binaries seems like was built on the usual developer PC (there are some paths like c:\\truecrypt-7.2\\driver\\obj_driver_release\\i386\\truecrypt.pdb, which were the same for 7.1a).

• SourceForge sent emails on 22 May, they said they changed password algorithms and everybody should change their passwords.

• TrueCrypt developers are unknown and currently there is no way to know who is who and who should we listen to.

• From wikileaks twitter https://twitter.com/wikileaks/status/471769936038461440:

(1/4) Truecrypt has released an update saying that it is insecure and development has been terminated https://truecrypt.sf.net

(2/4) the style of the announcement is very odd; however we believe it is likely to be legitimate and not a simple defacement

(3/4) the new executable contains the same message and is cryptographically signed. We believe that there is either a power conflict..

(4/4) in the dev team or psychological issues, coersion of some form, or a hacker with access to site and keys.

• From Matthew Green (one of TrueCrypt auditor) twitter https://twitter.com/matthew_d_green/status/471752508147519488:

@SteveBellovin @mattblaze @0xdaeda1a I think this is legit.

• That One Time I Threw A CryptoParty With Edward Snowden

After wrapping up my presentation, Snowden connected his laptop to the projector and began talking about using the TrueCrypt software for encrypting hard drives and USB sticks on Macs, Linux and Windows. He pointed out that while the only known name associated with TrueCrypt is someone in the Czech Republic, TrueCrypt is one of the best open-source solutions available.

Snowden continued with TrueCrypt\’s _\”hidden volumes\”, a feature that divides your encrypted storage into separate \”volumes\” with separate passwords. If you are coerced by authorities into revealing the password for your \”encrypted storage\” you need only reveal the password for the volume with the least incriminating content — one containing pictures of cats, maybe?_

The Lies Mike Rogers Told Congress About The USA Freedom Act

One of the most obvious ways that you knew the USA Freedom Act that passed out of the House yesterday was clearly not real NSA reform was the simple fact that the NSA #1 defender in chief, Rep. Mike Rogers, not only voted for it, but spoke strongly in favor of it on the House floor.

• NSA leaker Edward Snowden \’was trained as a spy,\’ he tells NBC

\”I was trained as a spy in sort of the traditional sense of the word — in that I lived and worked undercover, overseas, pretending to work in a job that I\’m not — and even being assigned a name that was not mine,\” Snowden said.

Kerry: Snowden a \”Coward\” and \”Traitor\” ](https://www.nbcnews.com/politics/first-read/kerry-snowden-coward-traitor-n116366)

“Edward Snowden is a coward, he is a traitor and he has betrayed his country,” Kerry said in an interview on MSNBC’s “The Daily Rundown” with Chuck Todd. “And if he wants to come home tomorrow to face the music, he can do so.”

\”If this man is a patriot, he should stay in the United States and make his case,\” he said. \”Patriots don\’t go to Russia, they don\’t seek asylum in Cuba, they don\’t seek asylum in Venezuela, they fight their cause here.\”

cryptome.org counting total Snowden doc releases: 42 Years for Snowden Docs Release, Free All Now

— Thanks for Supporting Unfilter —

Become an Unfilter supporter on Patreon

• Thanks to our 188 patrons, we gained 62 since last week!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience. ‘

• Supporter perk: Exclusive BitTorrent Sync share of our production and non-production clips, notes, and more since the NSA scandal broke in episode 54. The ultimate Unfiltered experience, just got more ultimate.

• Supporter Perk: Past 5 supporters shows, in a dedicated bittorrent sync folder.

Afghanistan Late Pullout

White House mistakenly identifies CIA chief in Afghanistan

The CIA\’s top officer in Kabul was exposed Saturday by the White House when his name was inadvertently included on a list provided to news organizations of senior U.S. officials participating in President Obama\’s surprise visit with U.S. troops.

The Post is withholding the name of the CIA officer at the request of Obama administration officials who warned that the officer and his family could be at risk if the name were published. The CIA and the White House declined to comment.

White House: U.S. will have 9,800 troops in Afghanistan after 2014

The U.S. will leave 9,800 troops in the country in 2015 with two narrow missions, according to the White House: continue supporting Afghan forces, who took the lead ins securing the country last year, and continuing to support counter terrorism operations against the remnants of al Qaeda.

Weed Wackers:

Comey: FBI ‘Grappling’ With Hiring Policy Concerning Marijuana

Congress has authorized the FBI to add 2,000 personnel to its rolls this year, and many of those new recruits will be assigned to tackle cyber crimes, a growing priority for the agency. And that\’s a problem, Mr. Comey told the White Collar Crime Institute, an annual conference held at the New York City Bar Association in Manhattan. A lot of the nation\’s top computer programmers and hacking gurus are also fond of marijuana.

\”I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,\” Mr. Comey said.

Mr. Comey said that the agency was \”grappling with the question right now\” of how to amend the agency\’s marijuana policies, which excludes from consideration anyone who has smoked marijuana in the previous three years, according to the FBI\’s Web site. One conference goer asked Mr. Comey about a friend who had shied away from applying because of the policy. \”He should go ahead and apply,\” despite the marijuana use, Mr. Comey said.

The FBI Says It Can\’t Find Hackers to Hire Because They All Smoke Pot

After being chastised for his comments about marijuana by Senator Jeff Sessions (R-Ala.), FBI director Comey told those in attendance at a senate hearing on the bureau\’s oversight that he was just kidding.

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase on Twitter

The post Snowdens Story | Unfilter 99 first appeared on Jupiter Broadcasting.

It’s our review of Ubuntu 14.04 Trusty Tahr LTS. It’s Canonical’s latest and greatest, with five years of support. But are there storm clouds on the horizon for this major distribution?

We discuss what’s great about Ubuntu 14.04, what needs some serious work, and why we’re excited about what comes next.

Plus: TrueCrypt audit wraps up, Docker stands out at Red Hat summit…

AND SO MUCH MORE!

All this week on, the Linux Action Show!

Thanks to:

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Ubuntu 14.04 Trusty Tahr

Brought to you by: System76

• TrustyTahr/ReleaseNotes – Ubuntu Wiki

Ubuntu 14.04 LTS will be supported for 5 years for Ubuntu Desktop, Ubuntu Server, Ubuntu Core, Kubuntu, Edubuntu, and Ubuntu Kylin. All other flavours will be supported for 3 years.

New Features in Ubuntu 14.04 LTS Desktop:

• Linux kernel updated to version 3.13
• Ability to change application menu position
• Ability To click-to-minimise Application from the Launcher
• Borderless windows
• A wider range of launcher icons – from 16 to 64 pixels
• Appearance improvements for very high-resolution displays
• New language status icon in the top menu bar
• Harmonised appearance for the lock screen
• System Settings (GNOME Control Centre) replaced by Unity Control Center
• Multi-task filtering by text input
• Opening a guest session triggers a ‘changes are temporary’ warning
• Since Ubuntu One is to close in June, 2014, this 14.04 will not support Ubuntu One File Services
• First time for Ubuntu community flavours (Edbuntu, Kubuntu etc) to also be approved for LTS status
• New Upstart — its last outing before Ubuntu switches to systemd

First Tweaks:

• Settings > Appearance > Behavior [x] Enable Work Spaces and Show Menus in the Windows title bar.

• 10 Things To Do After Installing Ubuntu 14.04 Trusty Tahr To Get A Near Perfect Desktop

Here\’s a list of 10 useful things to do to get a near perfect desktop.

Ubuntu Software Center Disappoints…. Still.

• Steam is not well exposed or featured.
• Installing Steam requires I “buy” Steam.
• “Buying” Steam requires I have an Ubuntu One account.
• I thought Ubuntu One was shut down?
• Confusing messaging throughout the process. A bad onboarding for new XP switchers.

Chris’ Final Take

• Ubuntu still impresses, I’d expected my time in ARCH to have made me jaded.

• You can feel the reach of the platform when looking up guides/software/info. This can’t be understated for new users or folks short on time.

• The theme feels claustrophobically dated now. I quickly added the Numix PPA and installed the full suite.

• Ubuntu 14.04 feels fairly modern, with signs of age.

• The top bar looks very old, as does the system menu.

• In contrast to the Unity dashboard these stand out even more.

• New KDE Plasma Desktop 5, the design teams new work, Gnome 3.x getting better and better are legitimate competition to the Unity desktop which does feel like it’s standing a bit a slow.. Or is at least casually walking the marathon.

• On the “cloud” side this is is potentially a great, maybe the greatest LTS.

• Built in Docker.
• Built in btrfs

• Kernel 3.13 (legitimately recent for a Enterprise distro)

• Ubuntu 14.04 is standing on the edge, and we don’t know what comes next.

• The developers are just discussing the start of coverages between the desktop and mobile apps. Questions are being asked as to which classic applications we’ve come to live will be replaced with in-house Qt solutions.

Do any of you plan to switch from other distributions to Ubuntu LTS 14.04

donniezazen writes :

I am thinking about switching from Fedora 20 KDE to Kubuntu and stick with it for a long time.

Doing more with your Unity8 preview session in Ubuntu 14.04

The Unity 8/Desktop preview primarily is not a resurrection of Windows 8 – what you are looking at is the Ubuntu for Mobile UI running on your Desktop/Laptop. Changes to the user experience to move this UI to a Desktop/Laptop environment are coming in the next cycles.

It also is not at a quality level you’d expect from a LTS (hence it’s living in Universe), although it works fairly well on my 2 test machines. Due to limitations discussed in a previous post you might not be able to bring up Unity 8 on NVidia or ATI GPUs. We have not spent a lot of time on Hardware compatibility testing for this release and will focus on that as we march towards Ubuntu 14.10.

Download: Ubuntu 14.04

• 32 bit Desktop CD Image
• 64 bit Desktop CD Image
• 64 bit Desktop CD Image for Apple Macbook/MacPro/MacMini
• 32 bit Server CD Image
• 64 bit Server CD Image
• 64 bit Server CD image for Apple computers

— Picks —

Runs Linux

Linux-Based Autonomous Sub Leads Malaysia Airlines Flight Search

It could take 60 more days for the Bluefin-21 to completely search the area \”lawnmower\” style. On one of its first dives to the floor of the Indian Ocean, the unmanned submarine reached the limit of its 2.8-mile depth range

Desktop App Pick

Variety

Weekly Spotlight

Are PPA\’s safe to add to my system and what are some \”red flags\” to watch out for?

— NEWS —

TrueCrypt audit finds “no evidence of backdoors” or malicious code

On Monday, after seven months of discussion and planning, the first phase of a two-part audit of TrueCrypt was released.

The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

While the team did find some minor vulnerabilities in the code itself, iSEC labeled them as appearing to be “unintentional, introduced as the result of bugs rather than malice.”

Matthew Green, a Johns Hopkins cryptography professor who has been one of the people leading this effort, told Ars. “I think the code quality is not as high as it should be, but on the other hand, nothing terrible is in there, so that\’s reassuring.”

Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth.

The team also found a potential weakness in the Volume Header integrity checks.
“It did not seem extremely important, but I think it\’s good to know about,” Green noted. “But I think it\’s good that we didn\’t find anything super critical.”

Cinnamon 2.2 Released With System Settings Improvements, HiDPI support And Mor

With Cinnamon 2.2, the System Settings UI was refined, making it look more consistent and also, the settings are better categorized, this allowing the Cinnamon developers to remove the switch between normal and advanced settings modules.

Another interesting improvement added with Cinnamon 2.2 is the way applets work: each applet is now able to register \”roles\” which tell Cinnamon which functionality they provide and this is used to allow Cinnamon to automatically hide systay icons for which the functionality is already present in an applet.

Here\’s an example from the Cinnamon 2.2 release announcement: \”Say you remove the network applet, well… you’ll see the Network Manager GTK systray icon appear. Say you put the network applet back in the panel, the Network Manager systray icon will then disappear.\”

Better systemd/logind support;

• New Gnome style CSD seems a bit odd:

• Same problem with XFCE, more of a CSD issue:

Red Hat Summit’s 10th Year: Docker Shines

April 14th-17th 2014

• Docker Featured in Red Hat’s summit highlights

• Red Hat contributed code to Docker to support openstack

• YouTube Channel for Red Hat Summit with lots of videos

• Docker becomes de facto Linux standard

A lot of the buzz is around containerization in general and Docker in particular. Docker is set to ship with the latest version of RHEL (RHEL 7.0). Also, Docker will integrate with Red Hat\’s Open Shift PaaS. This is in addition to the earlier announcement that Red Hat is launching certification of applications delivered in the Docker container format.

Besides Red Hat, Docker already ran on the Amazon AWS version of Linux, as well as several other Linux distros. Also, sources tell me that we can expect to see more announcements in the weeks ahead about Docker being included by default in several other of the major Linux distros.

Docker is becoming synonymous with containers in Linux. By the time any other project or competitor look up they will have this one sewn up.

• Docker in Ubuntu, Ubuntu in Docker

— Feedback: —

• Why doesn\’t LAS review AMD hardware?

• LAS in VR: FireBox3D \”Release 21\” – the \”demoscene\” update! – YouTube

— Chris\’ Stash —

• jupiterbroadcasting on Instagram

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

• Check out LINUX Unplugged

• Why I Switched to GNOME

• Broforce – Part 1 — Subscribe Today!

— Find us on Google+ —

• Chris
• Matt Hartley
• Jupiter Broadcasting’s Page

— Find us on Twitter —

• Chris – ChrisLAS
• Matt – matthartley

— Follow the network on Facebook: —

• Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

• https://jblive.tv
• Network Calendar

The post Ubuntu 14.04 Review | LAS s31e09 (309) first appeared on Jupiter Broadcasting.

We’ve got a bunch of options to protect your privacy online, things to consider before you self host.

Plus: With a little planning ahead, you can protect yourself from compelled disclosure, we’ll share the details. Then your questions our answers, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! 35% off your ENTIRE first order just use our code 35off3 until the end of the month!
Ang Goes Android Catch episode 143 where Angela takes the Android challenge!

Support the Show: