virtualbox – Jupiter Broadcasting

Arm is Here | LINUX Unplugged 347

Wes Payne — Tue, 31 Mar 2020 17:30:00 +0000

Show Notes: linuxunplugged.com/347

The post Arm is Here | LINUX Unplugged 347 first appeared on Jupiter Broadcasting.

Kickin’ Harder Than a Sensei | Ask Noah 20

chris — Mon, 07 Aug 2017 21:16:18 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Kickin' Harder Than a Sensei | Ask Noah 20 first appeared on Jupiter Broadcasting.

Switching London to Linux | Ask Noah 18

chris — Mon, 24 Jul 2017 18:07:06 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Switching London to Linux | Ask Noah 18 first appeared on Jupiter Broadcasting.

Virtualization Revelation | LAS 418

chris — Sun, 22 May 2016 17:39:19 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We share our early experiences with virtualization, then show you how Linux’s built-in enterprise grade virtualization curb stomps some commercial options. The discussion wraps up with examples of awesome hardware passthrough, and the major shift Linux has made possible.

PLUS: Chromebooks outsell Macs, the sad story of an important project fading away, the big choice facing Fedora & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Virtualization

Eddie Asks

libvirt

Libvirt is collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management. These software pieces include a long term stable C API, a daemon (libvirtd), and a command line utility (virsh). A primary goal of libvirt is to provide a single way to manage multiple different virtualization providers/hypervisors, such as the KVM/QEMU, Xen, LXC, OpenVZ or VirtualBox hypervisors

Virtual Machine Manager Home

The virt-manager application is a desktop user interface for managing virtual machines through libvirt. It primarily targets KVM VMs, but also manages Xen and LXC (linux containers). It presents a summary view of running domains, their live performance & resource utilization statistics. Wizards enable the creation of new domains, and configuration & adjustment of a domain’s resource allocation & virtual hardware. An embedded VNC and SPICE client viewer presents a full graphical console to the guest domain.

Boxes – GNOME Wiki!

UEFI in Virutal Machines, Meet OVMF

OVMF is an EDK II based project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU and KVM.

Using CPU host-passthrough with virt-manager

Since host-passthrough is the only reliably way to expose the full capabilities of the host CPU to the VM, users regularly want to enable it.

Qemu OVMF PCI Passthrough stopped booting after most recent update / Applications & Desktop Environments

unraid – Virtualization Host

7 Gamers, 1 CPU – Ultimate Virtualized Gaming Build Log – YouTube

In our case, we created 7 discrete gaming systems capable of running concurrently and completely independently of each other – all running in a single tower.

8 (or is it 10?) Gamers, 1 CPU – Taking it to the Next Level! – YouTube

Another $30,000 worth of computer hardware.. But can it power TEN gaming rigs this time??

Proxmox – Powerful Open Source Server Solutions

Storage: ZFS – Proxmox

How To

Server

yum install kvm qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools
chkconfig libvirtd on
service libvirtd start
yum install bridge-utils
Open Virt-Manager > click + > Bridge > br0 > Start Mode: onboot > Activate Now > Check eth0

Client

Install virt-manager

— PICKS —

Runs Linux

The NVIDIA DGX-1 Deep Learning System, Runs Linux

GTC 2016 NVIDIA DGX 1, World’s First Deep Learning Supercomputer part 7 – YouTube

Desktop App Pick

Netdata – Real-Time Performance Monitoring

netdata is a highly optimized Linux daemon providing real-time performance monitoring for Linux systems, Applications, SNMP devices, over the web !

nethogs: Linux ‘net top’ tool

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.

Spotlight

systemd GUI: systemd-manager

This application exists to allow the user to manage their systemd services via a GTK3 GUI. Not only are you able to make changes to the enablement and running status of each of the units, but you will also be able to view and modify their unit files, check the journal logs. In addition, systemd analyze support is available to display the time it takes for systemd to boot the system.

Patrons watch the full live version of LAS

LAS 418 FULL LIVE STREAM

— NEWS —

Chromebooks outsold Macs for the first time in the US

Google’s low-cost Chromebooks outsold Apple’s range of Macs for the first time in the US recently. While IDC doesn’t typically break out Windows vs. Chromebook sales, IDC analyst Linn Huang confirmed the milestone to The Verge. “Chrome OS overtook Mac OS in the US in terms of shipments for the first time in 1Q16,” says Huang. “Chromebooks are still largely a US K-12 story.”

lykwydchykyn comments echo Chris’ thoughts perfectly

Fedora just missed rebasing on the goodness that is Linux 4.6

Fedora 24 ships June 14, 2016

And because of that, it looks like Linux kernel 4.6 will not be the default for the Fedora 24 operating system, which will ship in less than a month, on June 14, 2016, with the latest maintenance release of the Linux 4.5 kernel series. However, the chances are that Linux kernel 4.6 will be shortly released to the stable channels for users to upgrade their current kernel after Fedora 24’s official release.

Linux kernel 4.6 was announced by Linus Torvalds on May 15, 2016. It promises to offer users a new distributed file system, OrangeFS, support for the USB 3.1 SuperSpeed Plus (SSP) protocol, Out Of Memory task killer reliability improvements, support for Intel Memory protection keys, the Kernel Connection Multiplexor, as well as 802.1AE MAC-level encryption (MACsec) support.

Moreover, Linux kernel 4.6 ships with support for the BATMAN V protocol, an online inode checker for the OCFS2 file system, dma-buf, support for cgroup namespaces, and support for the pNFS SCSI layout. The first GNU/Linux distributions to adopt the Linux 4.6 kernel branch are Gentoo, Arch Linux, and SparkyLinux, and openSUSE Tumbleweed should join them in the coming weeks.

lm-sensors project dead?

It’s been a year since the last LM-Sensors release and the project isn’t as vibrant or active as it once was while the project site has been down for a while now and it doesn’t appear to be coming back.

Mattermost continues to bring the heat to Slack

Mattermost 3.0 offers a long awaited features: multi-team accounts, Japanese language translation, and full width display, plus upgrades to apps for iOS, Android, Windows, Linux and Mac, emojis, and we have new integrations for Outlook, Ruby & Rust.

Introducing Mycroft Core – Mycroft

We are pleased to announce that Mycroft Core 0.6 Alpha is available for download today. Mycroft Core is a lightweight, portable piece of software written in Python. You can run it on anything from a Raspberry Pi to a gaming rig.

Mail Bag

https://slexy.org/view/s26VoSpJhR
Why screen lockers on X11 cannot be secure – Martin’s Blog
Circumventing Ubuntu Snap confinement
xorg – Why is X11 a security risk in servers? – Ask Ubuntu
X11 is horribly insecure, each subuser should get its own X11 server in a container. · Issue #31 · subuser-security/subuser · GitHub
The Wayland Situation: Facts About X vs. Wayland – Phoronix
https://slexy.org/view/s2kxsRnQk5

Call Box

Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

The post Virtualization Revelation | LAS 418 first appeared on Jupiter Broadcasting.

PowerSSHell | Tech Talk Today 178

chris — Wed, 03 Jun 2015 10:19:56 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Microsoft announces support for SSH built into powershell, crashing Skype with a simple text chat, Tim Cook defends user’s rights to privacy and encryption & running OS X in VirtualBox.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

The post PowerSSHell | Tech Talk Today 178 first appeared on Jupiter Broadcasting.

Venomous Floppy Legacy | TechSNAP 214

chris — Thu, 14 May 2015 18:46:30 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We explain the Venom vulnerability, what the impact is & the steps major providers are taking to protect themselves.

Plus strategies to mitigate Cyber Intrusions, a truly genius spammer, great questions, a huge round up & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

VENOM: Virtualized Environment Neglected Operations Manipulation

A flaw in the way qemu emulates floppy disks could allow an attacker to break out of a virtual machine and take over the host
“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”
This vulnerability affects qemu, KVM, VirtualBox, and some types of Xen, because they all share the same qemu floppy emulation code
Unaffected hypervisors include: VMWare, Hyper-V, Bochs, and bhyve
The issue has been assigned the identifier CVE-2015-3456
“Since the VENOM vulnerability exists in the hypervisor’s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, FreeBSD, etc.).”
“It needs to be noted that even if a guest does not explicitly have a virtual floppy disk configured and attached, this issue is exploitable. The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.”
“The guest operating system communicates with the FDC by sending commands such as seek, read, write, format, etc. to the FDC’s input/output port. QEMU’s virtual FDC uses a fixed-size buffer for storing these commands and their associated data parameters. The FDC keeps track of how much data to expect for each command and, after all expected data for a given command is received from the guest system, the FDC executes the command and clears the buffer for the next command. This buffer reset is performed immediately at the completion of processing for all FDC commands, except for two of the defined commands. An attacker can send these commands and specially crafted parameter data from the guest system to the FDC to overflow the data buffer and execute arbitrary code in the context of the host’s hypervisor process.”
“The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase.”
“After verifying the vulnerability, CrowdStrike responsibly disclosed VENOM to the QEMU Security Contact List, Xen Security mailing list, Oracle security mailing list, and the Operating System Distribution Security mailing list on April 30, 2015.
After a patch was developed CrowdStrike publicly disclosed VENOM on May 13, 2015. Since the availability of the patch, CrowdStrike has continued to work with major users of these vulnerable hypervisors to make sure that the vulnerability is patched as quickly as possible.”
CrowdStrike blog about the disclosure
“While it seems obvious that infrastructure providers could be impacted, there are many other less obvious technologies that depend on virtualization. For example, security appliances that perform virtual detonation of malware often run these untrusted files with administrative privileges, potentially allowing an adversary to use the VENOM vulnerability to bypass, crash or gain code execution on the very device designed to detect malware.”
“CrowdStrike would also like to publicly recognize Dan Kaminsky, Chief Scientist at White Ops, who is a renowned researcher with extensive experience discovering and disclosing major vulnerabilities. Dan provided invaluable advice to us throughout this process on how best to coordinate the release of open source patches across the numerous vendors and users of these technologies.”
Xen Advisory
Amazon Statement
Digital Ocean statement
Redhat Advisory
Working PoC exploit
This has refocused attention on some older work to exploit qemu/KVM, like this from DEFCON / BlackHat 2011
Or this paper from a Google researcher from 2007: An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
There is also some backlash against the naming and glamorization of vulnerabilities, as seen with the recent announcement of AnalBleed

Strategies to Mitigate Targeted Cyber Intrusions – From the Australian Signals Directorate

The Australian equivalent to the NSA has published a study on the top 35 mitigation methods to protect networks for targeted cyber attacks
They say that 85% of all network intrusions could be prevented if organizations adopted just the top 4 recommendations
These 4 recommendations are:
- Use application whitelisting, to prevent malicious software from being able to run
- Install application updates (especially java, flash, PDF readers, browsers, etc)
- Install OS updates (quickly!), Do not use Windows XP
- Do not give administrator privileges to more people than absolutely required
Video: Catch, Patch, and Match
Table: The full list of 35 mitigation strategies
How to employ the top 4 mitigations in a Linux environment
The ASD even goes so far as to rank each mitigation strategy by its effectiveness, how much users will resist/complain, how much work it will be to setup, and how much work it will be to maintain.
“Once organisations have implemented the Top 4 mitigation strategies, first on the computers of users who are most likely to be targeted by cyber intrusions and then on all computers and servers, additional mitigation strategies can be selected to address security gaps until an acceptable level of residual risk is reached. “
Of these, only the application whitelisting is likely to rise the ire of the average end user
Additional Coverage – SecureList
The list of 35 mitigation methods can be roughly divided into 4 categories:
Administrative — Training, physical security
Networking — These measures are easier to implement at a network hardware level
System administration — The OS contains everything needed for implementation
Specialized security solutions — Specialized security software is applicable
Kaspersky SecureList has broken its analysis of the ASD publication down into 4 parts in its Security Encyclopedia:
Part 1. How to mitigate APTs. Applied theory
Part 2. Top-4 mitigation strategies which address 85% of threats
Part 3. Strategies outside the Top-4. For real bulletproof defense
Part 4. Forewarned is Forearmed: the Detection Strategy against Advanced Persistent Threats (APTs)
Gartner: Best Practices for Mitigating Advanced Persistent Threats

Mumblehard — Muttering spam from your servers

“Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam”
The virus consisted of perl code packed into an ELF binary
During a 7 month monitoring period, Eset researchers saw 8,867 IP addresses connect to one of the command and control servers
“The Mumblehard malware is the brainchild of experienced and highly skilled programmers. It includes a backdoor and a spam daemon, which is a behind-the-scenes process that sends large batches of junk mail.”
“These two main components are written in Perl and they’re obfuscated inside a custom “packer” that’s written in assembly, a low-level programming language that closely corresponds to the native machine code of the computer hardware it runs on. Some of the Perl script contains a separate executable with the same assembly-based packer that’s arranged in the fashion of a Russian nesting doll. The result is a very stealthy infection that causes production servers to send spam and may serve other nefarious purposes.”
“Malware targeting Linux and BSD servers is becoming more and more complex,” researchers from Eset wrote. “The fact that the authors used a custom packer to hide the Perl source code is somewhat sophisticated. However, it is definitely not as complex as the Windigo Operation we documented in 2014. Nonetheless, it is worrying that the Mumblehard operators have been active for many years without disruption.”
The way the malware was architected, it polled a list of Command and Control servers, accepting commands from any of them
The list included some legitimate sites, to throw researchers off
“A version of the Mumblehard spam component was uploaded to the VirusTotal online malware checking service in 2009, an indication that the spammer program has existed for more than five years. The researchers were able to monitor the botnet by registering one of the domain names that Mumblehard-infected machines query every 15 minutes.”
At some point, one of the domains on the command and control list became available, so the researchers registered it and directed all of the infected machines to talk to their own command and control server
The communications with the C&C servers was cleverly hidden in what look like PHP Session cookies, and in the fake browser user-agent strings
One of the giveaways is the fact that the base browser user-agent string is for Firefox 7.0.1 on Windows 7
Part of the version string would be replaced with the command id, http status, and number of bytes downloaded by the infected machine
“The Eset researchers still aren’t certain how Mumblehard is installed. Based on their analysis of the infected server, they suspect the malware may take hold by exploiting vulnerabilities in the Joomla and WordPress content management systems. Their other theory is that the infections are the result of installing pirated versions of the DirecMailer program.”
Eset research PDF

Feedback:

Round-Up:

The post Venomous Floppy Legacy | TechSNAP 214 first appeared on Jupiter Broadcasting.

Venomous Snakeoil | Tech Talk Today 170

chris — Wed, 13 May 2015 11:18:17 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Venom is claimed to be the new Heartbleed threatening datacenters around the world but is it legit?

The new 4k Blu-Ray spec is revealed & the YotaPhone 2 with an E-ink display back is coming to a country near you!

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

‘Venom’ Security Vulnerability Threatens Most Datacenters

A new vulnerability found in open source virtualization software QEMU, which is run on hardware in datacenters around the world (CVE-2015-3456). “The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines — including those owned by other people or companies.” The vulnerable code is used in Xen, KVM, and VirtualBox, while VMware, Hyper-V, and Bochs are unaffected. “Dan Kaminsky, a veteran security expert and researcher, said in an email that the bug went unnoticed for more than a decade because almost nobody looked at the legacy disk drive system, which happens to be in almost every virtualization software.” The vulnerability has been dubbed “Venom,” for “Virtualized Environment Neglected Operations Manipulation.”

VENOM Vulnerability

Ultra HD Blu-ray specification now complete, logo unveiled – CNET

The Blu-ray Disc Association (BDA) has announced the Ultra HD Blu-ray (4K) specification is now complete and has also revealed the next-gen format’s official logo.

The BDA says the format incorporates a 3,840×2,160-pixel resolution, expanded color range support, high dynamic range (HDR) and high frame rate content (read 60fps). As well as the promise of up-to-date video, UHD Blu-ray will also support “next-generation immersive, object-based sound formats.”

YotaPhone 2 adds white color option to AMOLED + E-ink display hardware, Lollipop update rolling out

YotaPhone 2 sports a completely functional 4.7-inch E-ink display with always-on capabilities on its back.

As for the planned North American debut of the unique YotaPhone 2, the company says its Indiegogo campaign to help bring it to the US will kick off on May 19th with early bird pricing for the first backers ahead of its summer release.

ASUS confirms next-gen Android Wear ZenWatch coming early Q3, improved 4-day battery life

ASUS reportedly confirmed that the device will feature improved battery life, up from 2 days on the first-gen ZenWatch to 4 days on the upcoming version. That still falls short of the company’s goal to offer 7-days battery life, according to the report.

The company added that it expects to sell less than a million units of its smartwatch this year.

The post Venomous Snakeoil | Tech Talk Today 170 first appeared on Jupiter Broadcasting.

VirtualBox on the Ropes | Tech Talk Today 125

chris — Fri, 30 Jan 2015 11:14:45 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Special guest Noah is in studio & We look at Android’s huge 2014, and recent Bitcoin volatility. Then, as long time VirtualBox users, we discuss the future of the project.

Direct Download:

RSS Feeds:

Become a supporter on Patreon

Show Notes:

Android Shipped 1 Billion Smartphones Worldwide in 2014

According to the latest research from our WSS (Smartphones) service, global smartphone shipments grew 30 percent annually to reach a record 1.3 billion units in 2014. Android accounted for 81 percent of all smartphones last year and shipped over 1 billion units worldwide for the first time ever.

Microsoft to Invest in Rogue Android Startup Cyanogen – Digits – WSJ

People familiar with the matter say Microsoft is putting money into Cyanogen, which is building a version of the Android mobile-operating system outside of Google’s auspices.

Microsoft would be a minority investor in a roughly $70 million round of equity financing that values Cyanogen in the high hundreds of millions, one of the people said. The person said the financing round could grow with other strategic investors that have expressed interest in Cyanogen because they’re also eager to diminish Google’s control over Android. The identity of the other potential investors couldn’t be learned.

Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht’s Laptop

In Ulbricht’s trial Thursday, former FBI special agent Ilhwan Yum described how he traced 3,760 bitcoin transactions over 12 months ending in late August 2013 from servers seized in the Silk Road investigation to Ross Ulbricht’s Samsung 700z laptop, which the FBI seized at the time of his arrest in October of that year. In all, he followed more than 700,000 bitcoins along the public ledger of bitcoin transactions, known as the blockchain, from the marketplace to what seemed to be Ulbricht’s personal wallets. Based on exchange rates at the time of each transaction, Yum calculated that the transferred coins were worth a total of $13.4 million.

Does VirtualBox VM Have Much A Future Left? – Phoronix

It’s been a long time since last hearing of any major innovations or improvements to VirtualBox, the VM software managed by Oracle since their acquisition of Sun Microsystems. Is there any hope left for a revitalized VirtualBox?

The post VirtualBox on the Ropes | Tech Talk Today 125 first appeared on Jupiter Broadcasting.

Not Neutrality | TechSNAP 161

chris — Thu, 08 May 2014 15:13:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Adobe’s latest flaw has being exploited by an advanced persistent threat, we’ve got the details, Heartbleed follow ups, and getting started with Virtualization.

Plus our thoughts on the fate of net neutrality, your questions, our answers, and much much more!

On this week’s episode of TechSNAP!

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Adobe releases patch for critical Flash flaw affecting all OSs

A new exploit has been discovered that works against all versions of Adobe Flash Player
This is a zero-day exploit, meaning that even a fully patched computer can be exploited
Adobe has since released the fix, and users are encouraged to apply the patch as soon as possible
The attack used two different exploits, one general exploit against Flash and the other exploiting a flaw in Internet Explorer
One of the malware files was detected by Kaspersky using a heuristic signature, but the other was new
The exploits slightly alter the attack methodology if Windows 8 or newer is detected, to work around mitigations provided by the OS
The first bit of malware (movie.swf) was generic, downloading more malware from a URL and running it
The second bit of malware (include.swf) was very specific, targeting “Cisco MeetingPlace Express Add-In version 5”
“This add-in is used by web-conference participants to view documents and images from presenter\’s screen. It should be noted that the exploit will not work if the required versions of Adobe Flash Player ActiveX and Cisco MPE are not present on the system”
This suggests that the malware was written with a very specific target in mind, rather than designed to target the general Internet
The malware was hosted on an official Syrian government website, although it appears that the site may have been compromised to store the files there
Kaspersky was not able to examine the payload of the second exploit because the files had already been taken down from the website, and there is evidence to suggest there was a 3rd payload (stream.swf)
“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”
“It\’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this.”
CVE-2015-0515
Adobe Security Bulletin
Additional Coverage – ARS Technica
Additional Coverage – Krebs on Security
Since IE uses a separate version of Flash from other browsers (Firefox, Chrome, Opera, etc), Windows users will need to apply the patch twice, one to their browser and once to IE, which is used as a component in many other applications including Skype and Steam

Exploit used in the wild against all versions of Internet Explorer 6 through 11

As part of the same attack from the previous story, an exploit for all versions of Internet Explorer was found
The exploit was used as part of a watering hole attack
CVE-2014-1776
This was to be the first of many 0day exploits that will not be fixed on Windows XP, however Microsoft issued a statement and released the update for Windows XP , inspite of the fact that it is no longer supported

[Heartbleed Followups]

The heartbleed bug was used to attack and compromise a number of blackhat and underground forums – Many sites were compromised, upgraded OpenSSL but did not revoke SSL certificates or reset passwords
US-CERT issues advisory warning business and users to update their Apple AirPort devices that are vulnerable to Heartbleed
CERT has issued an advisory about the NetSSL library failing to properly validate wildcard certificates
Whitehouse comments, says they did not know about Heartbleed before hand
Even heartbleed can’t convince people to change their passwords and stop reusing passwords
Android 4.1.1 has not received OpenSSL patches yet

Feedback:

Round-Up:

The post Not Neutrality | TechSNAP 161 first appeared on Jupiter Broadcasting.

System76 Leopard Extreme Review | LAS s30e01

chris — Sun, 15 Dec 2013 14:42:09 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

SteamOS and the Leopard Extreme are in studio, and we’ve got a lot to say. We start with a tour under the hood of SteamOS, and then we put Leopard Extreme from System76 to the ultimate performance test.

Plus: Lessons learned in switching new users to Linux, a look at OwnCloud 6…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

System 76 Leopard Extreme Review:

Leopard Extreme
CPU: i7–4930K ( 3.40GHz – 12MB cache – 6 Cores with Hyperthreading )
Memory: 64GB Quad Channel DDR3 @ 1866 MHz
Disk: 240GB SSD Paired with 4 1TB 7200RPM in RAID0 (Chris Config)
Video: 2 GB nVidia GeForce GTX 760 Superclocked with 1152 CUDA Cores
As configured: $3,312.00

– Picks –

Git yours hands all over our STUFF:

— NEWS —

fs0:\EFI\steamos\grubx64.efi

– Feedback: –

Brought to you by: System76

Check out System76 on G+

— Chris’ Stash —

Crazy holiday schedule
Double Coder Radio, double LINUX Unplugged, double TechSNAP

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— What’s Matt Doin? —

Check out LINUX Unplugged

— Find us on Google+ —

— Find us on Twitter —Hang

— Follow the network on Facebook: —

Jupiter Broadcasting on Facebook

— Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC: —

The post System76 Leopard Extreme Review | LAS s30e01 first appeared on Jupiter Broadcasting.

Phishin’ Hole | TechSNAP 113

chris — Thu, 06 Jun 2013 16:23:54 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’ll go inside some clever bank malware, a dedicated server provider our very own Allan uses discovers a backdoor…

Plus: Picking the right virtual machine storage, a big batch of your questions, and much much more!

Thanks to:

GoDaddy.com

Use our code tech249 to score .COM for $2.49!

32% off your ENTIRE first order just use our code go32off3 until the end of the month!

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Fill out my Wufoo form!

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Inside the Malware

Security researcher Sherri Davidoff profiles the Blackhole exploit kit
Walking us step by step through what the malware does once your computer is infected
It starts with a simple phishing email, in this example just a plain email that says “Hi, as promised your photos.” with a link
The unsuspecting user follows the link, and nothing much seems to happen and they continue about their day
In actuality, their computer has not been infected with the Blackhole exploit kit
A few days later, while visiting the website of their bank, the user is prompted by the page to verify their identity. Over a short period of time, the attack, using a man-in-the-browser attack, was able to gain:
- The victim’s name
- Phone number
- Answers to security questions
- RSA token
The attacker then used this information to wire themselves $49,500 out of the victim’s bank account
However, because this was a large corporate account, the bank requires a second person to authorize such a transfer
The attacker used the MITB attack to ask the victim for the name of that second person, which the user entered
The attacker then asked for the email address of the second person, however the user got suspicious, called the bank and the account was quickly frozen
Once the blackhole exploit kit is installed on a computer, it loads updates and then continues to phone home once every 20 minutes, using a simple HTTP POST request
The researcher also managed to capture a Man-In-The-Browser attack on video, when attempting to login to the BankofAmerica site, the infected computer injects a page after the user submits the login form, but before the information is actually sent to the bank
The injected page claims that the bank does “not recognize” your computer and asks you for a number of details, including your debit card number, social security number, date of birth and mother’s maiden name
These details are not sent to the bank, but rather to the attacker, who can use them later to drain your account
In more sophisticated attacks using this technique, the attacker is actually communicating with your system live, in order to take advantage of the information as you enter it, such as passing on to the victim the secret questions they are prompted for when trying to send a wire transfer
This also allows the attackers, in the situation where they are actively monitoring your computer when you are attempting to access your account, to take advantage of temporary information such as the output of your RSA security token

Dedicated server provider Hetzner finds backdoor

Administrators at Hetzner discovered a backdoor on their nagios monitoring server
After further investigation, they discovered that their web interface for managing dedicated servers (called the Hetzner Robot) had also been infected
This means some personal details of customers, including name, email address, phone number, hashed password, last 3 digits of credit card number, credit card type and expiration date
The actual card number is never stored by Hetzner, it is passed directly to the payment processor who returns a unique token that is used to reference that card in the future
However, customers using direct debit (debit note) from their bank account, may have been compromised. While the information is stored encrypted in the Hetzner database, the key may have been compromised
Passwords were SHA256 hashed with a salt, but it does not sound like they used sha256crypt
“The malicious code used in the “backdoor” exclusively infects the RAM. First
analysis suggests that the malicious code directly infiltrates running Apache
and sshd processes. Here, the infection neither modifies the binaries of the
service which has been compromised, nor does it restart the service which has
been affected.”
Hetzner has hired an external security company to do a more indepth investigation
English FAQ

Feedback:

BSDCan 2013 Videos:

Round Up:

The post Phishin' Hole | TechSNAP 113 first appeared on Jupiter Broadcasting.

Android on Your PC | In Depth Look

chris — Fri, 02 Mar 2012 18:54:42 +0000

Find out how easy it is to install Ice Cream Sandwich on your PC, why you might want to do it, and what you can do with it! Plus an easy way to run Android in VirtualBox, and how to get Ethernet support under Android.

Plus in the show notes, Chris\’ shares his three easy steps to getting started!

Direct Download:

HD Download | Mobile Download | MP3 Download | Ogg Download | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | Ogg Feed | iTunes HD Feed

How to get started?

These are the officially supported devices, but Android-x86 should work on others too. An old list of supported devices / hardware can be found HERE.

Android-x86 4.0 has been tested / it should work on MSI 110W, Asus EeePC or some Asus laptops/tablets and Tegav2.

Download UNetbootin to flash the ISO image to a thumb drive. Or you can burn the ISO image to a CDROM.
Boot and enjoy! If you like it, reboot and select the install option.

A couple Android-x86 4.0 (ICS) tips:

*When using it in VirtualBox, make sure you select \”Disable Mouse Integration\”
*Disable screen autorotate from the Android-x86 settings, or else some application might rotate it for you (and that\’s quite annoying if your device doesn\’t support it)

Answers for Everyone | TechSNAP 42

chris — Thu, 26 Jan 2012 20:40:12 +0000

We’ve got the answer to life the universe and everything, plus why you need to get upset about ACTA, and patch your Linux Kernel!

All that and more, in this Q&A PACKED edition of TechSNAP!

Thanks to:
GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

Subscribe via RSS and iTunes:

Show Notes:

Dreamhost gets hacked, resets all customers’ passwords, has scale issues

On January 19th, Dreamhost.com detected unauthorized activity in one of their databases
It is unclear which databases were compromised, if they were dreamhost databases of customer data, or customer site databases
Dreamhost uses separate passwords for their main web control panel, and individual user SSH and FTP accounts
Dreamhost ran in to scale issues, where their centralized web control panel could not handle the volume of users logging in and attempting to change their shell passwords
The fast forced password reset by DreamHost appears to have promptly ended the malicious activity
Based on the urgency of the reset, there seem to be indications that DreamHost stores users’ passwords in plain text in one or more databases
This assertion is further supported by the fact that they print passwords to confirmation screens and in emails
Dreamhost also reset the passwords for all of their VPS customers

Linux root exploit – when the fix makes it worse

Linux kernel versions newer than 2.6.39 are susceptible to a root exploit that allowed writing to protected memory
Prior to version 2.6.39 write access was prevent by an #ifdef, however this was deemed to be to weak, and was replaced by newer code
The new security code that was to ensure that writes were only possible with the correct permissions, turned out to be inadequate and easily fooled
Ubuntu has confirmed that an update for 11.10 has been released, users are advised to upgrade
This issue does not effect Redhat Enterprise Linux 4 or 5, because this change was not backported. A new kernel package for RHEL 6 is now available
Analysis
Proof of Concept
Proof of Concept for Android

Feedback

Q: Tzvi asks how to best Monitor employee Internet usage?

A: There are a number of ways to monitor and restrict Internet access through a connection you control. A common suggestion is the use of a proxy server. The issue with this is that it requires configuration on each client machine and sometimes even each client application. This is a lot of work, and is not 100% successful. However, there is an option know as a ‘transparent proxy’. This is where the router/firewall, or some other machine that all traffic to the internet must pass through analyzes the traffic, and routes connections outbound for port 80 or 443 (HTTP and HTTPS respectively, and optional additional ports) through the proxy server, without any configuration required on the individual clients. Then, you can use the firewall to deny all traffic outbound that is not via the proxy.

This is relatively easy to setup, so much so that as part of the final exam in my Unix Security class, students had 2 hours to setup their machine as follows:

Configure TCP/IP stack
Download GPG and Class GPG Key
Decrypt Exam Instructions
Install Lynx w/ SSL support
Install a class self-signed SSL certificate and the root certificate bundle to be trusted
Install and configure Squid to block facebook with a custom error page
Configure Lynx to use Squid
Create a default deny firewall that only allows HTTP via squid and FTP to the class FTP server
Access the college website and facebook (or rather the custom error page when attempting to access facebook)

While they had a little practice, and didn’t have to configure a transparent proxy, it is still are fairly straight forward procedure.

Instead of rolling your own, you can just drop in pfSense and follow these directions

Q: Brett asks, what do you do after a compromise?

A: The very first thing you do after a compromise, is take a forensic image of the drive. A bit by bit copy, without ever writing or changing the disk in any way. You then pull that disk out and put it away for safe keeping. Do all of your analysis and forensics on copies of that first image (but no not modify it either, you don’t want to have to do another copy from the original). This way as you work on it, and things get modified or trashed, you do not disturb the original copy. You may need the original unmodified copy for legal proceedings, as the evidentiary value is lost if it is modified or tampered with in any way.

So your best bet, is to boot off of a live cd (not just any live cd, many try to be helpful and auto-mount every partition they find, use a forensics live cd that will not take any auction without you requesting it). Then use a tool like dd to image the drive to a file or another drive. You can then work off copies of that. This can also work for damaged disks, using command switches for dd such as conv=noerror,sync . Also using a blocksize of 1mb or so will speed up the process greatly.

You asked about tripwire and the like, the problem with TripWire is that you need to have been running it since before the incident, so it has a fingerprint database of what the files should look like, so it can detect what has changed. If you did not have tripwire setup and running before, while it may be possible to create a fingerprint database from a backup, it is not that useful.
The freebsd-update command includes an ‘IDS’ command, that compares all of the system files against the central fingerprint database used to update the OS, and provides quick and powerful protection against the modification of the system files, but it does not check any files installed my users or packages. The advantage to the freebsd-update IDS over tripwire is that it uses the FreeBSD Security Officers fingerprint database, rather than a locally maintained one that may have been modified as part of the system compromise. In college I wrote a paper on using Bacula as a network IDS, I’ll see if I can find it and post it on my blog at appfail.com.

Q: Jono asks, VirtualBox vs. Bare to the metal VMs?

Xen, KVM and VirtualBox are not bare metal, they requires a full linux host
XenServer is similar to VMWare ESXi, in that it is bare metal. It uses a very stripped down version of CentOS and therefore far fewer resources than a full host. However XenServer is a commercial product (though there is a free version)
+The advantage to XenServer over VMWare ESXi (both are commercial but free), is XenServer is supported by more open source management tools, such as OpenStack

Q:Gene asks, IT Control is out of control, what can we users do?

Q: Crshbndct asks, Remote SSH for Mum

Roundup

The post Answers for Everyone | TechSNAP 42 first appeared on Jupiter Broadcasting.

Thankful for Open Source

chris — Sun, 27 Nov 2011 14:09:42 +0000

The Linux Action Show! s19e07: We stand on the shoulders of giants of open source every single day. One episode out of the year we give thanks to those certain project and developers who’ve made a big impact on us!

Plus: Linux Mint 12 is released tune in to find out what’s new, open source gaming got a massive shot in the arm this week, we’ll give you the details, and biggest little Linux distribution in the world!

And so much more!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Special GoDaddy Offer: LINUX11

$1.99 per month Economy Hosting for 3 months!

Direct Episode Download Links:

Fill out my Wufoo form!

-SHOW NOTES-

Runs Linux:

The GameGadget, Runs Linux

Android Pick:

ezPDF Reader big thanks to jasonjohnwells
Android Picks so far thanks to Madjo in the IRC Chat room!

Universal Pick:

ZevenOS

Picks so far. Thanks to Madjo!

Linux Action Show Subreddit

Linux Action Show Subreddit

Jupiter Broadcasting Swag!

Jupiter Broadcasting Gear

NEWS:

Open Source Projects, We’re Thankful For:

Chris:

Linux Mint related: Linux Mint Tops Popularity Charts
KNOPPIX – Live Linux Filesystem On CD
Samba
squid : Optimising Web Delivery
BackupPC: Open Source Backup to disk
VLC – VideoLAN
WordPress › Blog Tool and Publishing Platform
Linus Torvalds and the Linux Kernel
Dennis Ritchie
Chris’ Google+ Thread with viewer’s choices

Allan:

Randall:

Wine – allows UNIX/Linux to run Microsoft Windows API calls to rum most windows applications as close to native as you can get for running windows applications on other OSs.
OpenSSH Just pure awesome no words can explain how awesome this is.
GNOME – A opensource Window Manager/Desktop for UNIX/Linux OS’s
SDL – Simple DirectMedia Layer is a cross-platform multimedia library designed to provide low level access to audio, keyboard, mouse, joystick, 3D hardware via OpenGL
VirtualBox – VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product
Samba Samba is CIFS/SMB File/Print server that can be used cross platform.

Support Jupiter Broadcasting!

Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Purchase anything at Think Geek using this link

Find us on Google+

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Jupiter Broadcasting Forum:

Jupiter Colony

Catch the show LIVE Sunday 10am PDT:

The post Thankful for Open Source first appeared on Jupiter Broadcasting.

Feedback & Errata #1 | LAS | s19e02

chris — Sun, 23 Oct 2011 14:06:41 +0000

The big show covers a lot of epic ground, this week, we fire up our ACTION camp stoves and pitch a tent! Powered by your feedback, we cover your ideas, suggestions and correct a few mistakes!

Plus: The DoD thinks Open Source is ready for duty, we look back at Ubuntu’s 7 years, and fire the ACTION cannon at ZDNet’s latest Linux link bait!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

20% off WebSite Tonight plans (12 months or longer)

Code: linux12

By: Nov 15, 2011

Direct Episode Download Links:

[ad#shownotes]

Show Notes:

Runs Linux:

2012 Cadillacs, Run Linux

Android Pick:

Marvel Comics
Android Picks so far thanks to Madjo in the IRC Chat room!

Universal Pick:

Picks so far. Thanks to Madjo!

Check out the new SciByte:

SciByte: Episode 17

Linux Action Show Subreddit

Linux Action Show Subreddit

News:

David Gewirtz

He worked on a project called Frontier Kernel, he added sqlite and mysql support to it. So he is a “kernel” developer, but in the larger context of OS kernel development.

Errata & Feedback:

Felix Albrecht – Just saw your review and liked it a lot (more action like back in the days ;P), but you complained about two points which are not correct (or I misunderstood)
if you configure backup, there is an option ready to backup directly to your UbuntuOne storage
in the Ubuntu Software Center, there is an option under File -> “Sync between computers” to sync your installed applications between your computers using UbuntuOne
Jupiter Colony is a steaming pile of dog crap! Looking for someone to run it for us and make it more respectable!
From where i can find really old LAS podcasts?
Make ubuntu gnome3 look more like gnome2 (erroneously said allowed gnome2)
7 Best GNOME Shell Extensions, Install in Ubuntu 11.10 Oneiric via PPA
VirtualBox: There are no longer a open source and proprietary version. There is only the GPL version which can be extended by an optional proprietary plugin. See https://www.virtualbox.org/wik…
VirtualBox correction In short: You can use the version from your distro repo and just download the extension file if you need the extra features.

Find us on Google+

Chris
Allan

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am PDT:

The post Feedback & Errata #1 | LAS | s19e02 first appeared on Jupiter Broadcasting.

VirtualBox: Pros and Beginners | LAS | s18e10

chris — Sat, 08 Oct 2011 21:09:42 +0000

VirtualBox is a power house Virtualization wizard! We’ll show you how to get off the ground, and how to pull tricks so fancy you’ll be the hit of the party!

PLUS – Big news updates from HTC, Kernel.org, Red Hat and more!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

[ad#shownotes]

Episode Show Notes:

Runs Linux:

Juniper’s Junosphere Lab, Runs Linux

Android Pick:

1980s TV Trivia
Android Picks so far thanks to Madjo in the IRC Chat room!

Universal Pick:

Should LAS go Season less? RESULTS:

Yes! 49.43%
No! 35.63%
Flip a coin! 14.94%

Linux Action Show Subreddit

Linux Action Show Subreddit

News:

VirtualBox

Can you run virtualbox headless?
VBoxHeadless
USB device to virtualbox?
VirtualBox/USB – Community Ubuntu Documentation
How to enable USB support in Virtualbox
Virtual adapters and bridges.
Remote desktop feature of Virtual box. Is there a client?
Can VBox run off a physical device instead of a vhd

Find us on Google+

Chris
Allan

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Catch the show LIVE Sunday 10am PDT:

The post VirtualBox: Pros and Beginners | LAS | s18e10 first appeared on Jupiter Broadcasting.

Ubuntu 11.10 Preview | LAS | s18e06

chris — Sun, 11 Sep 2011 15:15:31 +0000

The security breach that rocked Linux to it’s core has expanded, and we cover the breaking details.

Then – It’s our preview look at Ubuntu 11.10. Are they are on the right course? Or is this release turning into another disaster? We find out!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

[ad#shownotes]

Episode Show Notes:

Runs Linux:

Marcos Garcia software enables entire Industries, to Run Linux!

Android Pick:

Linux Commands
Android Picks so far thanks to Madjo in the IRC Chat room!

Linux Pick:

BSD Pick:

Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desirable to exorcise these evil spirits, and replace them with a nice, friendly daemon
More to the point, there are a number of dedicated server hosting companies which only offer Linux; being able to remotely replace Linux with FreeBSD makes the offerings from these companies available to those who want to run FreeBSD.

News:

Ubuntu 11.10 Preview:

Find us on Google+

Chris
Allan

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on Facebook

Catch the show LIVE at 10am on Sunday:

https://jblive.tv

The post Ubuntu 11.10 Preview | LAS | s18e06 first appeared on Jupiter Broadcasting.

Media Centers PT1 | LAS | s17e09

chris — Sun, 24 Jul 2011 13:33:57 +0000

You’ve requested and we deliver! We kick of an ACTION round-up of Linux’s best Media Center projects!

AND Find out Oracle’s latest greedy moves, and the funny surprise Chris found inside the new Linux 3.0 Kernel!

Plus so much more!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

[ad#shownotes]

Episode Show Notes:

Runs Linux:

Roku’s Latest boxes, run Linux!

Android Pick:

Switch
Switch Review
Android Picks so far thanks to Madjo in the IRC Chat room!

News:

XBMC

Find us on Twitter:

Follow the network on Facebook:

Jupiter Broadcasting on FaceBook

Catch the show LIVE at 10am on Sunday:

https://jblive.tv

The post Media Centers PT1 | LAS | s17e09 first appeared on Jupiter Broadcasting.

AROS Broadway | LAS | s17e07

chris — Sat, 09 Jul 2011 20:02:17 +0000

When the Linux Action Show thinks outside the box, we think WAAAY OUT! Find out about a complete open source implementation of AmigaOS!

PLUS why Toyota is betting on Linux, and Microsoft’s new Chrome OS tax strategy!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

[ad#shownotes]

Episode Show Notes:

Runs Linux:
Motorola Xoom, runs Linux‬‏ – Debian!

Android Pick:
Paint Commander
Android Picks so far, thanks to Madjo in the IRC Chat room
https://bit.ly/LASAndroidPicks

Linux Pick:
VirtualBox
Linux App Picks so far. Thanks to Madjo!

NEWS:
Toyota Joins Linux Foundation
Microsoft now pursuing Chrome OS patent license deals
Microsoft seeking royalties from Samsung potentially worth $200 million a year
Introducing Update Packs in Linux Mint Debian
Novacut Pro Video Editor by Novacut Team — Kickstarter
Could You Do Linus’ Job?
Illumination Software Creator adds WebOS, HTML5

AROS Broadway:
Goal: create an open source OS as compatible as possible to AmigaOS 3.1, but which can be ported to various CPUs: x86, 68k; PowerPC, Alpha, SPARC, MIPS.

AROS Broadway homepage
AROS Blog
AROS Research Operating System – Wikipedia

Find us on Twitter:
twitter.com/BryanLunduke
twitter.com/ChrisLAS

Follow the network on Facebook:
facebook.com/jupiterbroadcasting

Catch the show LIVE at 10am on Sunday:
https://jblive.tv