‘UCC’ – Jupiter Broadcasting

Fedora 22 Review | LAS 367

chris — Sun, 31 May 2015 21:00:25 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Fedora 22 builds on top of the great Fedora 21 release. With big changes like the new DNF package manager, Gnome 3.16, and more there is a lot to talk about and a few bumps. We’ll share our experience with Fedora’s latest and greatest!

Plus why Mandriva shutdown, SourceForge messes with GIMP, the Kubuntu drama we don’t want to talk about, great feedback, some helpful app picks & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Fedora’s FedUp Upgrade Utility to be Redesigned for Fedora 23

Steam Repo for Fedora 22

This repository contains the latest steam package for connecting to the Steam network from Valve. This package cannot be included in the main Fedora repository as it’s not free and is not shipped in source form. Since the Steam license allows package redistribution with a specific note for repacking in Linux distributions; the package is now available in RPMFusion.

— PICKS —

Runs Linux

Project Soli, Runs Linux

Project Soli is developing a new interaction sensor using radar technology. The sensor can track sub-millimeter motions at high speed and accuracy. It fits onto a chip, can be produced at scale and built into small devices and everyday objects.

Desktop App Pick

fallocate

fallocate allows the caller to directly manipulate the allocated disk space for the file referred to by fd for the byte range starting at offset and continuing for len bytes.

Weekly Spotlight

Yubico Yubikey

One key. Two form factors. The Standard and Nano deliver a one-time passcode (OTP) with a simple touch of a button. No SMS-like passcodes to retype from one device to another. Our most basic YubiKey identifies itself as an external keyboard, which eliminates the need for client software or drivers. The nearly indestructible key holds tight onto its secrets, and its design ensures it will never be a vector for viruses or malware, just like the rest of our YubiKeys.

Jupiter Broadcasting Meetup

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

CEO: Employee lawsuits killed Mandriva

The company had generated a mere €553,000 in revenue in 2013 (at today’s exchange rate, that’s about $607,000), with revenue falling for years, according to a notice posted by the company. Croset confirmed that to Business Insider. That wasn’t enough revenue, so he had to dismiss some people, particularly sales staff.

In 2014 revenues were climbing again, up by 40%, he told us. Costs were down by 60%. The company wasn’t yet profitable, but it had just broken even. Croset — who is Swiss, not French — blames the legal system in France for Mandriva’s demise.

That’s because the laid-off workers sued the company and won just, he says, as Mandriva was breaking even. (The details of the suits, including names of employees involved, are confidential, he told us, and he declined to offer details.)

The company was ordered to pay these employees hundreds of thousands of euros and ordered to pay “provisory execution,” meaning immediately, even though the appeals process was not complete, Croset tells us.

SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware

The GIMP project is not officially distributed through SourceForge—approved releases are only posted on the GIMP project’s own Web page. But Jernej Simončič, the developer who has been responsible for building Windows versions of GIMP for some time, has maintained an account on SourceForge to act as a distribution mirror. That is, he had until today, when he discovered he was locked out of the Gimp-Win account, and the project’s ownership “byline” had been changed to “sf-editor1″—a SourceForge staff account. Additionally, the site now provided Gimp in an executable installer that has in-installer advertising enabled.

In a blog post issued shortly after this story posted, an unidentified member of SourceForge’s community team wrote that, in fact, “this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current.” That runs counter to claims by members of the GIMP development community.

Goodbye, Sourceforge!

Kubuntu Project Lead Asked To Step Down by Ubuntu Community Council

In a spat that reads more like a plot from Game of Thrones, Jonathan Riddell has been told that his leadership of the Kubuntu community is ‘no longer recognised’ by the council — a decision that has left the Kubuntu community up in arms.

Mark Shuttleworth does back the decision, saying that the “UCC is entitled to choose who they will recognise as their counterparts and representatives in sub-communities like Kubuntu”.

A stalemate between two stable mates. Where this goes next remains to be seen.

Announcing GitTorrent: A Decentralized GitHub

At his blog, Chris Ball announces “GitTorrent,” his new project designed to let developers host Git repositories on BitTorrent. The system takes advantage of Git’s ability to run over arbitrary network protocols. “We ask for the commit we want and connect to a node with BitTorrent, but once connected we conduct this Smart Protocol negotiation in an overlay connection on top of the BitTorrent wire protocol, in what’s called a BitTorrent Extension. Then the remote node makes us a packfile and tells us the hash of that packfile, and then we start downloading that packfile from it and any other nodes who are seeding it using Standard BitTorrent. We can authenticate the packfile we receive, because after we uncompress it we know which Git commit our graph is supposed to end up at; if we don’t end up there, the other node lied to us, and we should try talking to someone else instead.” The project is, obviously, a new one that still has important ground to cover—such as dealing with comments or pull requests—but there are interesting ideas to consider already.

— FEEDBACK —

https://slexy.org/view/s20x0y1BCZ

https://slexy.org/view/s2J3AIvDcy
https://slexy.org/view/s20jIiwiEi
https://slexy.org/view/s21JbyiNZx

Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Fedora 22 Review | LAS 367 first appeared on Jupiter Broadcasting.

Don’t Copy That Floppy | TechSNAP 79

chris — Thu, 11 Oct 2012 16:04:46 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

How a Russian Spy ring used floppies to pass sensitive information, how Backblaze made it through the great hard drive shortage, and why the US congress is saying no to Chinese Telco manufactures.

Plus a big batch of your questions, and our answers.

All that and much more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

Expires 10/31/12

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Fill out my Wufoo form!

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

How Backblaze dealt with the hard drive shortage

During the hard drive shortage that started a year ago, Backblaze found itself in a rather tight spot, in order to continue offering unlimited storage for $5/month, they needed more drives
The price of a 3TB internal drive shot up from $129 to $349 overnight
However external drives, were prices around $169, at least $100 cheaper than their internal counterparts (mostly because HP, Dell and Apple had bought up most of the supply of internal drives)
BackBlaze fills about 50TB worth of drives per day, so they need a continuous supply of new drives
Between November 2011 and February 2012, Backblaze farmed 5.5 Petabytes worth of hard drives from retailers, mostly consisting of external drives that needed to be removed from their enclosures
The external drives incurred other costs, shucking the drives out of the enclosures, and recycling the leftover shells afterwards
Many stores had ‘limit 2 per customer’ (I remember this well with my own drive buying), and BackBlaze employees employed many devious tactics to try to squeeze more out of each store, including pretending to be a grandmother buying drives for each of her grandchildren for Christmas
Backblaze employees were banned from a number of CostCo and BestBuy stores, or asked to leave empty handed
On Christmas Eve, the CEO of BackBlaze stopped at a friend’s house to pick up 80x 3TB drives his friend had acquired from an online site that forgot to limit the quantity he could order. It had taken the FedEx driver more than 30 minutes to unload all of the drives into the apartment. While loading them into his car, the BackBlaze CEO reflected that the drives he was loading into his car, were worth more than the car
Backblaze still buys external drives when the price is right, ~$30 cheaper than internal drives, to cover the additional cost of preparing the drives
The ‘shucked’ drives can usually not be returned for warranty replacement
Additional Coverage
Additional Coverage
The backblaze storage pod 2.0

Russian spy ring relied on notepad and floppy disks

Sub-Lt. Jeffrey Delisle pled guilty today on charges of breach of trust and two counts of communicating safeguarded information to a foreign entity
The maximum sentence for ‘communicating safeguarded information to a foreign entity’ is life in prison
Delisle was an Analyst at HMCS Trinity, an intelligence facility that tracks vessels entering and exiting Canadian waters via satellites, drones and underwater devices, it is located at the naval base in Halifax, Nova Scotia
He would search for and copy sensitive materials from a secure computer at the base
Copy/pasting the data into notepad, it would then save it to a floppy disk
The floppy was then moved to a regular non-secure computer, where the data was transferred to a USB drive
After taking the USB home, he would access a webmail account, and draft an email, but never send it
His Russian handlers had the username and password to the email account, and would access it, and retrieve the stolen intelligence
The emails were never sent, lessening the chance that they might be intercepted
Delisle walked into the Russian Embassy in Ottawa in 2007 and asked to speak to someone from the GRU (Russian Military Intelligence), offering to sell the secrets he had access to
He was paid $3000/month in prepaid credit cards
the RCMP (Royal Canadian Mounted Police, Equivalent to the FBI in Canada) started investigating him after CBSA (Canada Border Services Acency) Officers alerted the Military when Delisle returned from a short trip to Brazil with a large amount of cash
Additional CBC Coverage

SEC hands out first ever fine for ‘failure to protect customer data’

In the spring of 2005, network traffic at the Florida officers of GunnAllen Financial had slowed to a crawl
The company had outsourced its entire IT department to The Revere Group
GunnAllen’s acting CIO, a partner at Revere Group, asked the manager of the IT team to investigate
A senior network engineer had disabled the WatchGuard firewalls and routed all of the broker-dealer’s IP traffic–including trades and VoIP calls–through his home cable modem
As a result, none of the company’s trades, emails, or phone calls were being archived, in violation of Securities and Exchange Commission regulation
However, this did not appear in the final report from the SEC about the settlement with GunnAllen Financial, which was actually about other breaches of security and policy
Some of the data that was routed through the engineering some connection include: bank routing information, account balances, account numbers, social security numbers, customers’ home addresses and driver’s license numbers
“He’d purposefully break things, then come in in the morning and be the hero, I ended up key-logging all the servers, and I logged him logging in from home at 2:30 in the morning, logging on to BlackBerry servers and breaking them."
Although required by the SEC to keep copies of all emails for 7 years, “There was a point in time for probably two months where no one’s email was logged. I brought it up in a meeting once and was told to shut up [by the acting CIO]”
In 2008 FINRA (Financial Industry Regulatory Authority) fined GunnAllen $750,000 for a “trade allocation scheme” conducted by former head trader, in which profitable stock trades were allocated to his wife’s personal account instead of to the accounts of firm customers
Employees at The Revere Group were afraid to report issues because other employees had been fired

Bug in facebook mobile app could expose your phone number

A feature of the facebook mobile app allows you to compare your mobile contacts list against facebook, and find any people you have in your phone, but not on facebook
A researcher exploited this feature by adding random phone numbers to his phone’s contact list and was able to determine many users’ mobile phone numbers, despite their privacy settings
Facebook originally denied that this was an issue when he reported it to them, they claimed that rate limiting and privacy settings prevented the exploit
The researcher posted proof , in the form of 100s of phone numbers (random digits blocked out to protect the innocent) with the corresponding person’s name
Facebook has since tightened up the rate limiting
TheNextWeb has an article on how to protect your phone number on facebook

TechSNAP viewer discovers IE flaw

IE8 and IE9 in compatibility mode will sometimes mistakenly render plain text content as HTML
This means that the ‘raw’ view of a pastebin of some javascript source code, could cause the browser to execute it, rather than display it
A proof of concept is providers for you to test your browser

US congressional report says Huawei and ZTE are a security threat

A draft of a report by the House Intelligence Committee said Huawei and another Chinese telecom, ZTE, “cannot be trusted” to be free of influence from Beijing and could be used to undermine US security
The report recommends that the chinese hardware manufacturers should be barred from US contracts and acquisitions, due to the security implications of chinese controlled devices in sensitive US installations
US set to reject UN ITU proposals for changes to Global Telecom systems, citing danger of increased foreign espionage
The US fears nations like China and Russia will gain too much control and impose tracking and monitoring, and assert control over content and user information
US says that ITU regulations are “not an appropriate or useful venue to address cybersecurity,”

Feedback

More Info on digi-pass
- PDF with more info
Could provide some insight to GPG Keys?
- Packages are signed by the GPG key of the person or group who created them
- Your package manager maintains a list of the GPG keys you trust (the default is usually to trust official packages from your distro)
- If you use 3rd party packages, you will get a warning
- You must decide if you trust the 3rd party that signed the package, not to include an exploit in the package
- If you trust the 3rd party, you can add their key to your allow list, and you will not receive the warning
- It is unsafe to ignore the warning if you do not trust the source of the packages, especially if you are trying to install an official package
Switching to Publicly Signed SSL?
- Wildcard SSL certificates cover *.domain.com (something.domain.com, otherthing.domain.com)
- This does not include *.something.domain.com
- Covers future sub domains that you might create
- There are also ‘UCC’ (Unified Communications Certificates) certificates, that allow you to enumerate many domains to be covered by a single certificate. Adding or removing a domain to the certificate requires it to be reissued
- UCC certificates are expensive, but are popular for Exchange servers that must cover multiple domains
Securing Cookies
Darwin writes in with a note that in addition to limiting the length of your password, ‘Microsoft Account’ also prevents you using some special characters, including ‘space’

Round-Up

The post Don't Copy That Floppy | TechSNAP 79 first appeared on Jupiter Broadcasting.