Show Notes: selfhosted.show/11

The post Host Your Blog the Right Way | Self-Hosted 11 first appeared on Jupiter Broadcasting.

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— Join us For War Stories Night! —

• Call In 1-855-450-NOAH
• Saturday, November 18th
• Listen Live
• Watch Live

— The Cliff Notes —

• Cheap Ham Radio
• Best Ham Radio for the Money
• Automatic Packet Reporting System
• ARRL Find a Club
• ARRL November Sweepstakes Competition
• Question Pool
• SnapShooter.io
• VoxTeleSys

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

• Noah – Kernellinux
• Ask Noah Show
• Altispeed Technologies
• Jupiter Broadcasting

The post Owning Your Communications | Ask Noah 34 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Amazon Chime: Frustration-free meetings with exceptional audio and video quality – YouTube

• Amazon unveils Chime, looks to reinvent the conference call with new Skype and GoToMeeting competitor – GeekWire

Now, the Seattle tech juggernaut wants to reinvent how you conduct meetings and conference calls.

Meet The New Linux Desktop Environment Inspired by Windows 7

UKUI is developed by Ubuntu Kylin, the official Chinese-language spin of Ubuntu. It aims to provide ‘a simpler and more enjoyable experience for browsing, searching, and managing your computer’.

Effectively using Android without Google Play Services with gplayweb in Docker

There are many good reasons of using Android without Google Play Services (the Google’s proprietary part of Android operating system), mostly to protect its privacy.
Google Play Services contain background processes used by Google not only to provide services (e.g., push notifications, accurate geolocation combining GPS, Wi-Fi and GSM, application installations and updates…) but also to track the device usage (location, used applications, permanent connection to Google servers…).

Custom roms such as the popular LineageOS (community fork of CyanogenMod) propose, by default, a Google-Play-Services-free version, with optional installation of Google Play Services.

• GitHub – matlink/gplayweb: GPlayWeb: A Web interface for GPlayCli

GPlayWeb: A Web interface for GPlayCli

microG Project

A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.

LinuxFest NW 2017. Who’s going? Best Place to stay?

• Travel | LinuxFest Northwest 2017

TING

• Ting – mobile that makes sense

Motion to switch from Linux (Limux) to Windows in Munich is canceled

I am a little bit surprised, but I guess, there was enough pressure from the open-source community in Munich to cancel the motion to switch from Linux (Limux) to Windows. It was supposed to pass on Wednesday, but now, it is gone.

state of snapd support across distros | Zygoon’s Corner

The story about getting snappy into other distributions

state of snapd support across distros | Zygoon’s Corner

The story about getting snappy into other distributions

Releases, releases, releases!

So here’s an update on what’s been going on and what’s to come.

Linux Academy

• Linux Academy | Linux and AWS Online Training

takeover.sh: Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.

A script to completely take over a running Linux system remotely, allowing you
to log into an in-memory rescue environment, unmount the original root
filesystem, and do anything you want, all without rebooting. Replace one distro
with another without touching a physical console.

• StackExchange: How to shrink root filesystem without booting a livecd
• Instructions to replace a live Debian installation with Arch
  Raw

The Depenguinator, version 2.0

In December 2003, I wrote a script for remotely upgrading a linux system to FreeBSD. I gave it a catchy name (“depenguinator”, inspired by the “Antichickenator” in Baldur’s Gate), announced it on a FreeBSD mailing list and on slashdot, and before long it was famous. Unfortunately, it didn’t take long for changes in the layout of FreeBSD releases to make the depenguination script stop working; so for the past three years I have been receiving emails asking me to update it to work with newer FreeBSD releases.

A few weeks ago, Richard Bejtlich came forward with an offer to pay me to make the necessary improvements (money doesn’t solve everything, but offering money certainly helps break the “I’ll do it when I have some free time” / “I never have any free time” deadlock). In the end I asked him to arrange for a donation to the FreeBSD Foundation instead of paying me, but his offer was enough of a prompt for me to spend ten hours revising and testing the depenguinator.

The key changes from before are as follows:

• The depenguinator now works with recent FreeBSD releases.
• The makefs code borrowed from NetBSD is updated, and as a result will compile on more recent versions of Linux.
• Instead of setting a root password, the depenguinator now installs an SSH public key.
• Instead of constructing a disk image which must be written to the first 40MB of the boot drive (which would often fail if that space contained an active filesystem), the depenguinator now constructs a disk image which can be written to a swap partition (after swapping is turned off, of course) and then booted via GRUB.

Allan Jude’s Depenguinator 3

Use depenguinator 3.x to overwrite a remote linux server with a FreeBSD installer

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

WireGuard: fast, modern, secure VPN tunnel

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

• WireGuard: a new VPN tunnel [LWN.net]

Today I’m releasing WireGuard, an encrypted and authenticated
tunneling virtual interface for the kernel.

• FOSDEM 2017 – WireGuard: Next Generation Secure Kernel Network Tunnel

The presentation will be divided up into several parts. First, there will be an overview of the problems with IPsec, OpenVPN, and other popular VPNs, outlining attacks and weaknesses. Next, the WireGuard idea of the “cryptokey routing table” will be introduced, and we’ll walk through several properties derived from it. This will transition into a discussion of the timer state mechanism, and how secure protocols are necessarily stateful, but it’s possible to make them appear stateless to the user by exhaustively defining all possible state transitions. Then we’ll get into the hardcore meat of the presentation: the cryptography and various crypto innovations behind WireGuard. We will discuss the triple Diffie-Hellman, the role of combining static and ephemeral keys, the performance and DoS-potential of Curve25519 point multiplication, using a PRF chaining for rotating keys, identity hiding and remaining silent on a network, and clever usage of authenticated encryption with additional data.

• FOSDEM 2017 – Interview with Jason A. Donenfeld<br/>WireGuard: Next Generation Secure Kernel Network Tunnel. Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination

Jason A. Donenfeld will give a talk about WireGuard: Next Generation Secure Kernel Network Tunnel. Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination at FOSDEM 2017.

The post Chilling with Kylin | LINUX Unplugged 184 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researcher accidently roots Microsoft Azure’s Redhat Update Infrastructure servers

• “I was tasked with creating a machine image of Red Hat Enterprise Linux that was compliant to the Security Technical Implementation guide defined by the Department of Defense.”
• “This machine image was to be used for both Amazon Web Services and Microsoft Azure. Both of which offer marketplace images which had a metered billing pricing model. Ideally, I wanted my custom image to be billed under the same mechanism, as such the virtual machines would be able to consume software updates from a local Red Hat Enterprise Linux repository owned and managed by the cloud provider.”
• “Both Amazon Web Services and Microsoft Azure utilise a deployment of Red Hat Update Infrastructure for supplying this functionality.”
• “There is only one Red Hat Update Appliance per Red Hat Update Infrastructure installation, however, both Amazon Web Services and Microsoft Azure create one per region.”
• “Both Amazon Web Services and Microsoft Azure use SSL certificates for authentication against the repositories. However, these are the same SSL certificates for every instance.”
• “On Amazon Web Services having the SSL certificates is not enough, you must have booted your instance from an AMI that had an associated billing code. It is this billing code that ensures you pay the extra premium for running Red Hat Enterprise Linux.”
• “On Azure it remains undefined how they manage to track billing. At the time of research, it was possible to copy the SSL certificates from one instance to another and successfully authenticate. Additionally, if you duplicated a Red Hat Enterprise Linux virtual hard disk and created a new instance from it all billing association seemed to be lost but repository access was still available.”
• “On Azure to setup repository connectivity, they provide an RPM with the necessary configuration. The installation script it references comes from the following archive. If you expand this archive you will find the client configuration for each region.
• The post goes over how the hostnames for all of the Update Appliances were discovered
• “The build host is interesting rhui-monitor.cloudapp.net, at the time of research running a port scan revealed an application running on port 8080.”
• “Despite the application requiring username and password based authentication, It was possible to execute a run of their “backend log collector” on a specified content delivery server. When the collector service completed the application supplied URLs to archives which contain multiple logs and configuration files from the servers.”
• “Included within these archives was an SSL certificate that would grant full administrative access to the Red Hat Update Appliances”
• So now, the researcher could access each Update Appliance with full administrative access, create new packages, or newer versions of common packages, that include a backdoor. Every Redhat VM on the entire cloud provider would then install this “important security update”, giving the attack full access to every machine
• “Given no gpgcheck is enabled, with full administrative access to the Red Hat Enterprise Linux Appliance REST API one could have uploaded packages that would be acquired by client virtual machines on their next yum update.”
• Even if gpgcheck was enabled, it is likely that the GPG key would be exposed to the administrator of the update appliance
• “The issue was reported in accordance to the Microsoft Online Services Bug Bounty terms. Microsoft agreed it was a vulnerability in their systems. Immediate action was taken to prevent public access to rhui-monitor.cloudapp.net. Additionally, they eventually prevented public access to the Red Hat Update Appliances and they claim to have rotated all secrets.”

Newly discovered router flaw being hammered by in-the-wild attacks

• “Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.”
• “Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.”
• “SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland.”
• “The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.”
• “The attacks started shortly after researchers published attack code that exploited the exposed TR-064 service. Included as a module for the Metasploit exploitation framework, the attack code opens the port 80 Web interface that enables remote administration. From there, devices that use default or otherwise weak authentication passwords can be remotely commandeered and made to join botnets that carry out Internet-crippling denial-of-service attacks.”
• Exploit Code
• “To infect as many routers as possible, the exploits deliver three separate exploit files, two tailored to devices running different types of MIPS chips and a third that targets routers with ARM silicon. Just like the Metasploit code, the malicious payloads use the exploit to open the remote administration interface and then attempt to log in using three different default passwords. The attack then closes port 7547 to prevent other criminal enterprises from taking control of the devices”
• “The malware itself is really friendly as it closes the vulnerability once the router is infected. It performs the following commands:”
  • busybox iptables -A INPUT -p tcp –destination-port 7547 -j DROP
• busybox killall -9 telnetd
• “which should make the device “secure”… until next reboot. The first one closes port 7547 and the second one kills the telnet service, making it really hard for the ISP to update the device remotely.”
• So while exploited routers will stop being vulnerable to other attackers, they will be harder for the ISP to fix properly
• ISPs could help protect their customers, and their own command-and-control of customers’ routers, by blocking inbound port 7547 from outside of their network

Hack Windows 10 by holding down Shift+F10

• “Every Windows 10 in-place Upgrade is a SEVERE Security risk”
• During the update process, when the computer boots into the updater, holding Shift+F10 will pop a command prompt, running as SYSTEM, the highest privilege level possible on windows.
• What makes this worse, is that this happens after the volume encryption keys have been loaded, so even bitkeeper encrypted disks are vulnerable to access by unauthorized people
• “This is a big issue and it has been there for a long time. Just a month ago I finally got verification that the Microsoft Product Groups not only know about this but that they have begun working on a fix. As I want to be known as a white hat I had to wait for this to happen before I blog this.”
• “There is a small but CRAZY bug in the way the “Feature Update” (previously known as “Upgrade”) is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker. I demonstrate this in the following video.”
• “The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft’s hard disk encryption) protected machine. And of course that this doesn’t require any external hardware or additional software.”
• Additional Coverage: BleepingComputer
• “In an email conversation with Bleeping Computer, Laiho reveals that because of certain defaults in Windows 10 configurations, computers might be forced to perform an update, even if a user is not present, or has logged on for a long period of time.”
• “At some point, every computer that is not managed by WSUS/SCCM or such will force the installation of a new version of Windows. Microsoft has decided that these will be forced by default.”
• “Laiho recommends that users not leave their computers unattended during a Windows 10 update and that users remain on Windows 10 LTSB (Long Time Servicing Branch) versions for the time being.”
• “The LTSB-version of Windows 10 is not affected by this as it doesn’t automatically do upgrades”
• “Furthermore, Laiho says that Windows SCCM (System Center Configuration Manager) can block access to the command-line interface during update procedures if users add a file named DisableCMDRequest.tag to the %windir%\Setup\Scripts\ folder.”
• The Police could use this on seized laptops, just keep the machine offline until the next “feature update”, then pop a command prompt during the installation, and have unrestricted access to the encrypted disk.

Feedback:

• Chris’ MeetBSD Road Trip Videos

• MeetBSD Videos

• Two Factor authentication

• All eggs in one basket

• VMDKs on ZFS vs. ZFS on VMDKs

• ZFS Send/Receive Question

• Backblaze Hard Drive Failure Rates for Q3 of 2016

• HGST drives still the most reliable
• Seagate ST4000DM000 still the most plentiful, good reliability, great SMART data
• WD drives still hard to get in quantity
• BackBlaze continued its migration from 2TB to 8TB drives. Resulting in the first time they have ever had fewer drives than the previous quarter.
• Replacing 4400 2TB drives with 5100 8TB drives, turned 9 PB into 40 PB

Round Up:

• Ransomware creep accidentally hijacks San Francisco Muni, won’t give it back
• San Francisco Rail System Hacker Hacked
• UK’s new Snoopers’ Charter just passed an encryption backdoor law by the backdoor
• The GeoCities cagge at the Exodus data center, circa 1999
• FBI to gain expanded hacking powers as Senate effort to block fails
• Exploiting a game to create a software updater
• AWS launches Amazon Lightsail, a DigitalOcean killer offering $5 virtual private servers
• SSH using Certificates
• AWS launches Shield to protect web applications from DDoS attacks
• The Internet Archive (archive.org) is creating a complete backup of its 15 Petabytes of data in Canada, to shield it from the US government
• Plex Gets Its Own Kodi Add-On
• Schneier: The Key to IoT Security Incentives
• Slack client for Commodore 64
• ClickClickClick dot Click

The post Shift+F10 and Done | TechSNAP 295 first appeared on Jupiter Broadcasting.

This week we talk about how you can have a working web forum in 10 minutes or less & all open source! Last week we talked about team collaboration software, but what about when you need a wider approach?

In the news we talk about an open source router; Russia dumping Windows, more updates to video editing on Linux, a super special live unboxing & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Pros of Hosting Your Own Forum

Advantages:

• Not subject to rules of hosting site eg: reddit
• Completely Open Source
• Customized and branded for your community
• Complete control over your community

Discourse – Civilized Discussion

• 100% Open Source
• Incorporate Discourse into your site with complete confidence, the code belongs to everyone.
• Mobile and Tablet
• Designed for touch devices from day one. Automatic mobile and touch layouts that scale to fit your device.
• Optimized for Reading
• To keep reading, just keep scrolling. When you reach the bottom, suggested topics keep you reading.
• Single Sign On
• Seamlessly integrate Discourse with your existing site’s login system with easy, robust single sign on.
• CDN Support
• Easily plug in any CDN provider to speed up global access to your site.

Step by Step Guide

• Sign up For Digital Ocean with code lasdigital
• Sign up for an account at SparkPost.com
• The default is 1GB, but 2GB is recommended
• Choose Distro of Ubuntu 14.04 LTS
• Pick your SSH Keys
• Log INto your Droplet
• If you’re running with 1GB or less setup a swap file

Execute the Following Commands to Setup Discourse

wget -qO- https://get.docker.com/ | sh

mkdir /var/discourse

git clone https://github.com/discourse/discourse_docker.git /var/discourse

cd /var/discourse

cp samples/standalone.yml containers/app.yml

nano containers/app.yml

• Set the developer email to YOUR email
• Set the hostname to the hostname of the machine
• Set the SMTP address
• Set the SMTP Port
• Set the SMTP User
• Set the SMTP Password

./launcher bootstrap app

./launcher start app

— PICKS —

Runs Linux

My Adult Sandbox RUNS LINUX

The East Carolina Geology department takes The East Carolinian inside its building and reveals an interesting new tool that will be used to teach students more about the topography landscapes of land and water.

• After 100 years, scientists are finally closing in on Einstein’s ripples

The room Giaime had walked me into contained the hardware guts of the observatory’s active damping system. The lab’s seismic isolation sensors detect environmental vibrations ar__ound the observatory at all different frequencies, and then the compu__ter systems in this room drive servos that act to dampen those vibrations.

Desktop App Pick

• CopyQ

Sent in by Rikai

CopyQ monitors system clipboard and saves its content in customized tabs. Saved clipboard can be later copied and pasted directly into any application.

Items can be:

• edited with internal editor or with preferred text editor,
• moved to other tabs
• drag’n’dropped to applications,
• marked with tag or a note,
• passed to or changed by custom commands,
• simply removed.

Weekly Spotlight

• Stremio

Sent in by Khaotic_Linux

Stremio is an app that helps you organize and instantly watch your favorite videos, movies, TV series and TV channels.

• Click and play your favourite movies, TV Shows, videos and TV channels.
• Stremio automatically picks synced subtitles for your language.
• Cast to AppleTV, Chromecast, Smart TV (DLNA/UPnP) and mobile devices.

— NEWS —

Russia to Ban Windows from Government PCs

Another radical change that German Klimenko wants to achieve is replacing Windows on all government PCs with a Linux-based operating system developed by Russia. Klimenko also stated that there are already 22,000 municipal authorities ready to replace Windows with their own operating system.

Open Source WiFi Router with Open Source Code

Our goal is to let Geek Force Board with all popular open source systems and every one can use free open source codes, including OPENWRT, Android, Ubuntu Snappy to make their own Roboto Multimedia WiFi Router Gateway Board.

• 3 Mini PCIe Slots
• WiFi
• BLE
• LTE
• Quad Cortex A7 1.3Ghz

Geek Force Board is designed for IoT Home Multimedia and Home Automation. With powerful Quad-core ARM Cotex-A7 1.3MHz made by Mediatek MT7623, could reach below applications (including TOR, VPN functions).

We are engaged in WiFi field for long time and would like to go with IoT trend. More and more IoT devices need a powerful gateway to link together and with media content bandwidth need.

With those interfaces, you can contribute your own roboto multimedia router.

Hardware is difficult, and we also would like to provide good Open Source firmwares (OPENWRT, Android, Ubuntu Snappy core) tuned for more people to implement their own systems.

• WiTi Board | mqmaker

OpenShot 2.0 Beta Now Available

OpenShot 2.0 has a new beta build available for testing.

The update is the third full beta release of the revamped video editor but only the first to made available for public testing.

Among the features, fixes and improvements that are new in OpenShot 2.0.6: –

• Smoother animations (zooming, panning, rotation)
• Audio improvements
• Autosave engine automatically saves your project at set intervals
• Automatic project back-up and recovery
• Support for importing/exporting Openshot projects across OSes
• New Audio preview settings
• Prompt when the application needs to “restart” for an option to take effect
• Anonymous metric and error reporting enabled by default (can be disabled)
• 3 Years In The Making: OpenShot 2.0 Finally Hits Beta

It’s the first major release of the non-linear video editing tool in three years, and the first to arrive since the project successfully met its funding goal in the OpenShot Kickstarter campaign held in 2013.

We’ve seen the launch of professional-grade and pseudo-open source Lightworks video editor, huge improvements made to Qt-based Kdenlive, and even user-friendly Pitivi hasn’t been shy in pushing forward.

No one app suits everyone, and for this reason if no other it is great to see OpenShot back.

• To install OpenShot 2.0 on Ubuntu 14.04 or later run the following two commands in a new Terminal window

sudo add-apt-repository ppa:openshot.developers/libopenshot-daily

sudo apt-get update && sudo apt-get install openshot-qt

Android Phone Makers will Switch to Linux

Factory and deliver devices powered by Ubuntu.

The Linux shop has received commitments from Android smartphone and tablet makers to ship devices using its Linux with devices “later this year.”

Chief executive Jane Silber told The Register: “We are talking to them [Android OEM partners] regularly and many will be shipping Ubuntu phones. There’s a lot of interest from these folks in supporting another platform.”

The company announced the Ubuntu variant of BQ’s M10 Aquarius tablet last week. BQ, an Ubuntu partner of two years, also ships M10 on Android. BQ was already selling two handsets running Ubuntu.

Canonical is also partnering with Android partner Meizu, which is shipping the MX4.

Mozilla said last week it’s stopping production of Firefox OS for smartphones, having had enough of trying to play catch up despite having had the muscle of Telefonica to help push it. Firefox OS was a Linux-based operating system that ran HTML5. Firefox OS will now go on “things” – starting with UHD TVs from Panasonic.

She would not say which of Google’s partners, currently making and selling Android phones and tablets, that Canonical has talked to, or which of those will embrace Ubuntu. However, Samsung – the biggest single beneficiary of Android on smartphones since the Galaxy – has made repeated noises about need for an alternative.

To date, Samsung has backed Tizen, which started as LiMo and received Intel’s backing in 2011 when the project was given the Tizen rebrand.

Silber is also dismissive of the suggestion Canonical and Ubuntu haven’t exactly triumphed in their various efforts to flip Mac or Windows loyalists. The goal in 2011 was for 200 million Ubuntu users by the end of that year – but today that figure, according to Canonical, is just 30 million desktops.

“Five years ago people said, why do you need another Linux distro?”

SourceForge Acquisition and Future Plans

Our first order of business was to terminate the “DevShare” program. As of last week, the DevShare program was completely eliminated. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that.

Feedback:

Brought to you by: System76

Mail Bag

• https://stikked.luisaranguren.com/view/ad2b6826
• https://stikked.luisaranguren.com/view/31292860
• https://stikked.luisaranguren.com/view/9fe29026

Call Box

• Chris’ call out for the community to help him with his background for the Linux Action Show

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post How Not to Install Discourse | LAS 404 first appeared on Jupiter Broadcasting.

If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!

Plus we dig through the Sony hack, answer a ton of great question & a rocking roundup!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Reinventing Computers And The Internet From Scratch, For The Sake Of Security

• DARPA funded research is looking at how we might design the Internet if we had to do it over again
• Many decisions that were made 30 and 40 years ago when UNIX and TCP/IP were designed, may be done differently today
• The overall project has a number of sub-projects:
  • CRASH – Clean-Slate Design of Resilient, Adaptive, Secure Hosts
  • MRC – Mission-Oriented Resilient Clouds
  • CTSRD – Clean Slate Trustworthy Secure Research and Development (Custard)
• BERI: Bluespec Extensible RISC Implementation: a open-source hardware-software research and teaching platform: a 64-bit RISC processor implemented in the high-level Bluespec hardware description language (HDL), along with compiler, operating system, and applications
• CHERI: capability hardware enhanced RISC instructions: hardware-accelerated in-process memory protection and sandboxing model based on a hybrid capability model
• TESLA: temporally enforced security logic assertions: compiler-generated runtime instrumentation continuously validating temporal security properties
• SOAAP: security-oriented analysis of application programs: automated program analysis and transformation techniques to help software authors utilize Capsicum and CHERI features
• The goal is to design newer secure hosts and networks, without having to maintain backwards compatibility with legacy systems, the biggest problem with changing anything on the Internet
• This is why there are still things like SSLv3 (instead of just TLS 1.2+), why we have not switched to IPv6, and why spam is still such a large problem
• I for one would definitely like to replaced SMTP, but no one has yet devised a plan for a system that the world could transition to without breaking legacy email while we wait for the rest of the world to upgrade
• “Corporations are elevating security experts to senior roles and increasing their budgets. At Facebook, the former mantra “move fast and break things” has been replaced. It is now “move slowly and fix things.””
• For performance reasons, when hardware and programming languages were designed 30 and 40 years ago, it was decided that security would be left up to the programmer
• The CHERI project aim to change this, by implementing ‘Capabilities’, a sandboxing and security mechanism into the hardware, allowing the hardware rather than the software to enforce protections, preventing unauthorized access or modification of various regions of memory by malicious or compromised applications.
• CHERI, and the software side of the project, Capsicum, are based on FreeBSD, but are also being ported to Linux, where Google plans to make extensive use of it in its Chrome and Chromium browsers.
• Additional Coverage

Sony Internal Network Hacked

• No, this is not Episode 3 of TechSNAP, Sony was hacked, again
• Hackers identifying the selves as Guardians of Peace (GOP) claim to have stolen as much as 100TB of data from Sony
• One questions how they managed to exfiltrate such a huge amount of data without being noticed. A full 1 GBPS internet connection would have to run at full capacity for 10 days to move that much data. It seems a lot of the data was likely compressible, but unreleased movies etc would not be
• At this point, only about 40GB of data has been leaked, mostly internal documents
• “The data dump includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 3,500 U.S. staff. And there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.”
• When will companies learn that a spread sheet is not a secure place to store sensitive information
• In a memo to Employees Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal said “While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession,”
• Additional Coverage – CNET – 47,000 Social Security Numbers leaked, Celebrity Data included
• Additional Coverage – Sony Employees receive email threats: “your family will be in danger”
• Additional Coverage – BuzzFeed – Inside the Sony Data
• Additional Coverage – Gizmodo – Sony hack worse than thought
• Additional Coverage – Washington Post
• Additional Coverage – Edgadget
• Additional Coverage – The Verge
• George Clooney predicted the Sony Hack in December (in a now leaked email)
• Additional Coverage – BitDefender – Take Aways from the Sony Hack
• Additional Coverage – ArsTechnica – Attackers also stole certificates to sign malware

Feedback:

• Jupiter Dev Summit on Monday the 15th

• Remotely activate/disable firewall rules?

• AuthPF (works, especially remotely)

• FreeNAS/ZFS Filesystem Relationships

• Screenshot

• Naming software bugs like storms

• [ways to use as much bandwidth a possible? ](https://www.reddit.com/r/techsnap/comments/2oftzo/ways_to_use_as_much_bandwidth_a_p
  ossible/)

• Malware Authorship Language

• 31C3 – The 31st Chaos Communication Congress Who will be there?

Round Up:

• Sony hack: Studio Tries to Disrupt Downloads of its Stolen Files
• Brian Krebs interviewed on 60 Minutes
• Reset Linux Root Password
• Payment Processor “Charge Anywhere” transmitted some data in plain text, finds malware on their network stealing the data
• Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
• Fabrice Bellard (FFMPEG, QEMU, etc) introduces BPG, a replacement for JPG based on HEVC, better image quality in smaller size. Javascript based decoder means all browsers can render the images already
• Ron Wyden (D-OR) Introduces bill to prevent FBI backdoors — “The Secure Data Act would ban agencies from making manufacturers alter their products to allow easier surveillance or search”
• Man arrested for trying to sell detailed plans for next US Air Craft Carrier to Egypt
• DMCA should be altered to allow tinkering with hardware
• Flaw in Mantis bug tracker allow attackers and spammers to bypass captchas
• Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
• Why you should only trust open source for your sensitive emails

The post Signed by Sony | TechSNAP 192 first appeared on Jupiter Broadcasting.

We’ve got exclusive interviews from LinuxCon 2014, learn about Linux in big networking, what the future holds for SUSE & much more.

Feeling a bit down? Maybe it’s because Linux users are being told to shut up about Desktop Linux & move on. We’ll discuss why this an absurdly short sighted idea.

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• Choose your side on the Linux divide

FU:

• Switching to Mac controversy.

• Switching to Arch Linux, disappointed with gnome due to geoclue

• Open Source In Schools

• Kickstarter Platformer right up your alley

LinuxCon 2014

• LinuxCon North America | Linux Conferences and Linux Events | The Linux Foundation

Is Desktop Linux Dead? Everyone seems to think so.

• Can we please stop talking about the Linux desktop? – TechRepublic

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

• Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

The post LinuxCon 2014 Unplugged | LINUX Unplugged 55 first appeared on Jupiter Broadcasting.

It’s our 50th episode, and we’re going to show you how to protect your internet traffic with a BSD-based VPN. We’ll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

MeetBSD 2014 is approaching

• The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
• MeetBSD has an “unconference” format, which means there will be both planned talks and community events
• All the extra details will be on their site soon
• It also has hotels and various other bits of useful information – hopefully with more info on the talks to come
• Of course, EuroBSDCon is coming up before then

First experiences with OpenBSD

• A new blog post that leads off with “tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven’t tried before”
• The author read the famous “BSD for Linux users” series (that most of us have surely seen) and decided to give BSD a try
• He details his different OS and distro history, concluding with how he “eventually became annoyed at the poor quality of Linux userland software”
• From there, it talks about how he used the OpenBSD USB image and got a fully-working system
• He especially liked the simplicity of OpenBSD’s “hostname.if” system for network configuration
• Finally, he gets Xorg working and imports all his usual configuration files – seems to be a happy new user!

NetBSD rump kernels on bare metal (and Kansai OSC report)

• When you’re developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
• However, NetBSD’s rump kernels – a very unique concept – make this process a lot easier
• This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
• Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
• While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight

OpenSSL and LibreSSL updates

• OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
• Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
• LibreSSL released a new version to address most of the vulnerabilities, but wasn’t affected by some of them
• Whichever version of whatever SSL you use, make sure it’s patched for these issues
• DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, FreeBSD (outside of -CURRENT) and NetBSD are not

Interview – Robert Watson – rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

• If you use git (like a certain host of this show) then you’ve probably considered setting up your own server
• This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
• It even shows you how to set up multiple repos with key-based user separation and other cool things
• The author of the post is also a listener of the show, thanks for sending it in!

Backup devices for small businesses

• In this article, different methods of data storage and backup are compared
• After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
• He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
• It also goes over some of the hardware specifics in the FreeNAS Mini

A new Xenocara interview

• As a follow up to last week’s OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
• If you’re not familiar with Xenocara, it’s OpenBSD’s version of Xorg with some custom patches
• In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
• Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it’s natural for him to do a lot of the maintainership work there

Building a high performance FreeBSD samba server

• If you’ve got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what’s the best solution?
• FreeBSD, ZFS and Samba obviously!
• The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
• This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
• It doesn’t even require the newest or best hardware with the right changes, pretty cool

Feedback/Questions

• An interesting Reddit thread or two
• PB writes in
• Sean writes in
• Steve writes in
• Lachlan writes in
• Justin writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• We want to give a special thanks to our viewer Adam (aka bsdx) for writing most of today’s OpenVPN tutorial
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post VPN, My Dear Watson | BSD Now 50 first appeared on Jupiter Broadcasting.

Mike and Chris record a bonus episode of Coder Radio for you this week. We discuss the possibility of Steam selling productivity apps for Desktop Linux, how Overcast.fm could set the trend for future mobile apps, and Chris shares his thoughts about his new Oculus Rift DK2.

Plus you great feedback, some follow up and more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

Feedback / Follow Up:

• Wisdom for the N00bs

• Proper security in development

• The Ubuntu Software Center

• Bitlab?

Dev Hoopla:

ownCloud Powered Freedom

• How To Install OwnCloud and Configure OwnCloud Apps on an Ubuntu 12.04 VPS | DigitalOcean

In this guide, we will install and configure an ownCloud instance on an Ubuntu 12.04 VPS. We will then discuss how to mount the ownCloud share to another VPS using WebDAV. We will also cover some other exciting options.

• iOS – Synchronize iPhone/iPad — ownCloud User Manual 6.0 documentation

Amtrak on the App Store

Discover the convenience of traveling with Amtrak. With the Amtrak app you can you can get simple and intuitive access to all the travel information you need, whenever you need it.

• Amtrak – Android Apps o

Overcast

Smart Speed

Pick up extra speed without distortion with Smart Speed, which dynamically shortens silences in talk shows.

Conversations still sound so natural that you’ll forget it’s on — until you see how much extra time you’ve saved.

Voice Boost

Boost and normalize volume so every show is loud, clear, and at the same volume.

Listen in more places, such as noisy cars, and still hear what everyone says without cranking the volume so high for quiet people that the loud ones blow your ears out.

The All New Oculus Rift Development Kit 2 (DK2) Virtual Reality Headset | Oculus Rift – Virtual Reality Headset for 3D Gaming

DK2 is the latest development kit for the Oculus Rift that allows developers to build
amazing games and experiences for the consumer Oculus Rift.

The Oculus Rift is paired with the publicly available Oculus SDK which includes source code, documentation, and samples to help you hit the ground running. The Oculus Rift and the Oculus SDK currently support Windows, Mac OS X, and Linux.

The post Corner of Shame | CR 113 first appeared on Jupiter Broadcasting.

An exploit that leaves Docker containers leaky, who really owns your email account and one hash algorithm to rule them all.

Then it’s a great batch of your questions and much, much more!

Thanks to:

— Show Notes: —

Docker Linux containers spring a security leak

• A security exploit has surfaced that can allow rogue programs to break out of Docker containers and access files on their host OS.
• The flaw has been solved in the latest version of the tech.
• The flaw \”Demonstrates that any given Docker image someone is asking you to run in your Docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker container is on\”
• \”The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, the inode of the / (root) filesystem is 2. With this information and the kernel capability it is possible to walk the host’s filesystem tree until you find the object you wish to open and then extract sensitive information like passwords,\” Docker explained in a blog post published after the flaw came out.
• \”In earlier Docker Engine releases (pre-Docker Engine 0.12) we dropped a specific list of kernel capabilities, ( a list which did not include this capability), and all other kernel capabilities were available to Docker containers. In Docker Engine 0.12 (and continuing in Docker Engine 1.0) we drop all kernel capabilities by default. Essentially, this changes our use of kernel capabilities from a blacklist to a whitelist.\”
• \”Please remember, however, that at this time we don\’t claim that Docker Engine out-of-the-box is suitable for containing untrusted programs with root privileges,\”
• Proof of Concept exploit prints /etc/shadow from the host from within Docker

Generalized Secure Hashing Algorithm

• Ted Unangst (one of the lead developers of LibreSSL, as well as OpenBSDs secure signing infrastructure and many other things) posted a thought experiment to his blog
• How would you design an uncrackable password hashing algorithm?
• Ted’s idea: create a very large number of unique hashing algorithms, or rather, a generalized hashing algorithm that takes a ‘tweaking’ parameters that changes how the hash is generated
• “Consider a hash function GSHA512, very similar to SHA512, but with slight variations on each of its constants. You could use GSHA512 #42, or GSHA512 #98765, or even GSHA512 #658743092112345678890 if there were enough variants available. 2^512 variants should be enough for anyone.”
• Now, instead of having to spend a few million on specialized SHA512 cracking hardware, an attacker (the NSA) would have to build 2^512 different specialized cracking chips
• The results?
• “Safe to say we’ve defeated custom silicon. Nobody has a fab that can trace out millions of distinct custom circuits per second.”
• “FPGA is finished too. Assuming you don’t melt it trying, you can’t reprogram an FPGA fast enough.”
• “GPUs are harder. Without having tried it, my gut tells me you won’t be able to copy out the GSHA code to the GPU fast enough to make it worthwhile.”
  • “An attacker with lots of CPUs can still crack our password, but CPUs are very expensive. What if somebody could fab their own very cheap, very limited CPUs? Like a 100000 core CPU with only just enough cache to implement GSHA? Now we may be in trouble. The transistor count for GSHA is quite low, but they need to be the special high speed general purpose kind of transistor circuit. The scrypt paper notes that a CPU could be cheaper than RAM if stripped of all its extra functionality, but in practice it’s hard to calculate all the tradeoffs.”
  • “This part isn’t very practical The idea is that a cracker would look less like a SHA512 cracker, capable only of performing one hash, and more like a typical CPU, capable of performing many hashes. Requiring the attacker to be adaptable in this way brings their costs in line with our costs. Maybe. Waves hands.”
• Of course, to defeat custom CPUs, one could just use GSHA512 as the core to something like scrypt, which tries to defeat customer hardware by requiring a lot of memory instead
• Example Implementation
• “Don’t use these functions for anything but password hashing. (Don’t use them at all is even sounder advice.)”

Who owns your email account?

• A user had their Yahoo email account terminated by Yahoo for violation of its terms of service
• The violation was apparently for flaming another user in the comments thread under Yahoo news articles
• Since the email address is part of the overall ‘Yahoo Account’, it was terminated
• Eric Goldman, law professor at Santa Clara University says: \”A cloud service can lock off your assets,\” he adds. \”They may still be your assets from a matter of legal ownership, but if you have no access to them, who cares?\” (Possession is 9/10th of the law?)
• Microsoft and Google have similar terms, although Google adds: \”If we discontinue a Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service\”
• This is why it is probably best to always use your own domain, that you own it
• Even if you use gmail or some other service to actually host the mail, if your gmail account gets terminated, you can move your hosting elsewhere and most importantly, your email address does not change
• There is also the option to host your own email, with a hosting account, VPS or dedicated server
• In these cases, especially when you do not have multiple servers to provide backup MX, I recommend a service such as: DNSMadeEasy Backup Email Service

Feedback:

• Rolling out disk-level encryption on a domain (healthcare, gasp)

• mail archiving help

• Question: Unix machines (Linux or BSD) In an office setting

• DNS fuckery from my ISP

• Why not SSH as root?

• Canada’s Anti-Spam Legislation

Round Up:

• Hackers Claim to Leak 1.2 Million Origin Accounts and Passwords; Electronic Arts Finds No Evidence

• Hackers attempt to ransom 600,000 Domino’s Pizza customer records from France and Belgium. Demand 30,000 EUR, $40,000, USD or they will release the data. Data said to include full names, addresses, phone numbers, email addresses, passwords, delivery instructions, and favourite toppings. Dominos says no credit card or financial information was compromised, and they will not pay the ransom

• In 2007 (when half of all smart phones were made by Nokia), Nokia paid a random of millions of euros to an attacker who managed to steal the encryption/signing keys used for Symbian. If the keys had been leaked or used, Nokia would not have had a way to ensure that phones only accepted updated from Nokia, and not malware. The money was left in a bag in a parking lot at a nearby amusement park. The blackmailer took the bag. Police, however, lost track of the blackmailer and the money was gone. Finnish authorities have had no luck solving the case.

• The SSD Endurance Experiment: Casualties on the way to a petabyte
• Intel introduces new Xeons with embedded FPGAs, compatible with existing sockets/motherboards (may require BIOS update), can greatly accelerately specific tasks
• Hacker Hijacks Storage Devices, Mines $620,000 in Dogecoin
• FOIA request releases FBIs translations of ‘twitter shorthand’
• TW Telecom (provider of business internet connections, was spun off from Time Warner Cable years ago) has been purchased by Level3 Communications (major internet backbone) for 5.7 billion USD
• After admitting it has no idea how attackers compromised its payment processing system, PF Changs restaurants switch back to old fashion analog ‘imprint’ machines for credit card processing
• Auditor asks one TrueCrypt author about forking the project, anonymous author says “I am sorry, but I think what you\’re asking for here is impossible. I don\’t feel that forking truecrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn\’t require much more work than actually learning and understanding all of truecrypts current codebase. I have no problem with the source code being used as reference.”

The post Docker Shocker | TechSNAP 167 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

PIE and ASLR in FreeBSD update

• A status update for Shawn Webb’s ASLR and PIE work for FreeBSD
• One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree
• “FreeBSD has supported loading PIEs for a while now, but the applications in base weren’t compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support”
• If you’re running -CURRENT, just add “WITH_PIE=1” to your /etc/src.conf and /etc/make.conf
• The next step is working on the ASLR coding style and getting more developers to look through it
• Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR

Misc. pfSense news

• Couple of pfSense news items this week, including some hardware news
• Someone’s gotta test the pfSense hardware devices before they’re sold, which involves powering them all on at least once
• To make that process faster, they’re building a controllable power board (and include some cool pics)
• There will be more info on that device a bit later on
• On Friday, June 27th, there will be another video session (for paying customers only…) about virtualized firewalls
• pfSense University, a new paid training course, was also announced
• A single two-day class costs $2000, ouch

ZFS stripe width

• A new blog post from Matt Ahrens about ZFS stripe width
• “The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice”
• Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages
• He covers best performance on random IOPS, best reliability, and best space efficiency use cases
• It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels’ overhead factor

FreeBSD 9.3-BETA3 released

• The third BETA in the 9.3 release cycle is out, we’re slowly getting closer to the release
• This is expected to be the final BETA, next will come the RCs
• There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what’s in -CURRENT (but still isn’t using ChaCha20)
• The FreeBSD foundation has a blog post about it too
• There’s a list of changes between 9.2 and 9.3 as well, but we’ll be sure to cover it when the -RELEASE hits

Interview – Bryce Chidester – brycec@devio.us / @brycied00d

Running a BSD shell provider

Tutorial

Chaining SSH connections

News Roundup

My FreeBSD adventure

• A Slackware user from the “linux questions” forum decides to try out BSD, and documents his initial impressions and findings
• After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to “politics” (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on
• In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things
• So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux
• Might be an interesting, ongoing series we can follow up on later

Even more BSDCan trip reports

• BSDCan may be over until next year, but trip reports are still pouring in
• This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation
• He’s part of the “Jenkins CI for FreeBSD” group and went to BSDCan mostly for that
• Nice long post about all of his experiences at the event, definitely worth a read
• He even talks about… the food

FreeBSD disk partitioning

• For his latest book series on FreeBSD’s GEOM system, MWL asked the hackers mailing list for some clarification
• This erupted into a very long discussion about fdisk vs gnop vs gpart
• So you don’t have to read the tons of mailing list posts, he’s summarized the findings in a blog post
• It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools

BSD Router Project version 1.51

• A new version of the BSD Router Project has been released, 1.51
• It’s now based on FreeBSD 10-STABLE instead of 10.0-RELEASE
• Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere
• Check the sourceforge page for the complete list of changes
• The minimum disk size requirement has increased to 512MB

Feedback/Questions

• Fongaboo writes in
• David writes in
• Kristian writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• A special thanks to our viewer Lars for writing most of today’s tutorial and sending it in
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Devious Methods | BSD Now 42 first appeared on Jupiter Broadcasting.

This time on the show we\’ll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer\’s keynote (he\’s on next week\’s episode)
• Mariusz Zaborski and Pawel Jakub Dawidek,
  Capsicum and Casper (relevant to today\’s interview)
• Luigi Rizzo,
  In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL – The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD\’s Ext2 Implementation
  
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There\’s also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that\’s a recurring trend)

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems – this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you\’re watching!

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren\’t familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question \”my server already works, why bother switching?\”
• \”Stackoverflow’s answers assume I have apt-get installed\” ← lol
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: \”I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before\”

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD\’s newest developers
• Back in 2010, he started sending in patched for OpenBSD\’s \”mg\” editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back

Interview – Jon Anderson – jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial \”portable\” versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly – stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It\’s a free PDF, go grab it

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation\’s recent activities, his own work in the project, some stories about the hardware in Theo\’s basement and a lot more
• The interview itself isn\’t about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time

Feedback/Questions

• We got a number of replies about last week\’s VPN question, so thanks to everyone who sent in an email about it – the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We\’re looking for new tutorial ideas, so if there\’s something specific you\’d like to learn about, let us know
• FreeBSD core team elections are in progress – nominations ended today. There are 21 candidates, and voting is open for the next month. We\’ll let you know how it goes in a future episode.
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post The Friendly Sandbox | BSD Now 39 first appeared on Jupiter Broadcasting.

We\’ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller – one of the lead developers of OpenSSH – about some recent crypto changes in the project. If you\’re into data security, today\’s the show for you. The latest news and all your burning questions answered, right here on BSD Now – the place to B.. SD.

Thanks to:

• iXsystems: This is what 80 cores and 1TB of RAM looks like!

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Secure communications with OpenBSD and OpenVPN

• Starting off today\’s theme of encryption…
• A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
• Part 1 covers installing OpenBSD with full disk encryption (which we\’ll be doing later on in the show)
• Part 2 covers the initial setup of OpenVPN certificates and keys
• Parts 3 and 4 are the OpenVPN server and client configuration
• Part 5 is some updates and closing remarks

FreeBSD Foundation Newsletter

• The December 2013 semi-annual newsletter was sent out from the foundation
• In the newsletter you will find the president\’s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
• The president\’s letter alone is worth the read, really amazing
• Really long, with lots of details and stories from the conferences and projects

Use of NetBSD with Marvell Kirkwood Processors

• Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
• The IP-Plug is a \”multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\”
• Really cool little NetBSD ARM project with lots of graphs, pictures and details

Experimenting with zero-copy network IO

• Long blog post from Adrian Chad about zero-copy network IO on FreeBSD
• Discusses the different OS\’ implementations and options
• He\’s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\’t stopping there
• Tons of details, check the full post

Interview – Damien Miller – djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Full disk encryption in FreeBSD & OpenBSD

• Shows how to install both FreeBSD and OpenBSD with full disk encryption
• We\’ll be using geli and bioctl and doing it step by step

News Roundup

OpenZFS office hours

• Our buddy George Wilson sat down to take some ZFS questions from the community
• You can see more info about it here

License summaries in pkgng

• A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
• Similar to pkgsrc\’s \”ACCEPTABLE_LICENSES\” setting, pkgng could let the user decide which software licenses he wants to allow
• Maybe we could get a \”pkg licenses\” command to display the license of all installed packages
• Ok bapt, do it

The post Cryptocrystalline | BSD Now 16 first appeared on Jupiter Broadcasting.

What we’d like to see come out of Google I/O, and the real changes they need to make to boost Android development to the next level. We’ve got our list, and we’re checking it twice.

Plus is there such a thing as a VPS on the cheap? The real improvements Apple needs to make in iOS 7, your feedback and more!

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback:

• VPS on the cheap?
• Sharing a favorite new tool
• A quick QML Correction
• Just under the wire!

Dev World Hoopla

• Google IO Predications

  • What Google I/O should bring for Android hardware lovers | Internet & Media – CNET News

Google\’s hotly anticipated annual developer conference will kick off in just a couple days in San Francisco. And conference-goers and Android fans are excited about the possibility of new products the company may announce and/or give away.

• New Android Boss Finally Reveals Plans for World\’s Most Popular Mobile OS

So far Pichai, a 40-year old grad of the fabled Indian Institute of Technology and later Stanford, has kept his head down and refused all press. But as this week’s I/O event approached, he granted WIRED his first interview since taking over Android.

• WWDC Wish List

• iOS 7 Launch Likely In WWDC 2013 As Web Traffic From Devices Running Unannounced Apple OS Surge

TechCrunch reported Wednesday that Onswipe, a company that specializes in creating tablet-optimized HTML5 websites for its customers, has observed \”a significant bump\” in the number of visits to its partner sites — from both iPhones and iPads that apparently run on iOS 7

• UDS May 2013 14 May – 16 May 2013

• Ouya Update

• Ouya delays retail launch until June 25th to ensure it can meet demand | The Verge

Ouya has revealed it will delay the retail launch of its Android-based gaming console by three weeks until June 25th. In an interview with Ouya CEO Julie Uhrman.

• OUYA Closes $15 Million Round, Sets Up Microconsole Showdown – Forbes

OUYA, the most well-funded and heavily marketed of a number of approaches to TV-based microconsole gaming, has announced both a $15 million funding round and a three-week pushback on its June 4  retail launch date.

The round, led by Kleiner Perkins, features investment from graphics company NVIDIA (which is marketing its new mobile processors heavily on their console-like gaming performance, most obviously in their proof-of-concept Project Shield console, and which supplies the Tegra 3 mobile processor powering the OUYA), the Mayfield Fund, Shasta Ventures and Ocean Partners. This nearly doubles the $8.5 million funding the OUYA console raised in its July 2012 Kickstarter campaign. Kleiner Perkins\’ Bing Gordon, an EA veteran currently on the board of Zynga, will also join  the OUYA board.

Follow the show

• Email the show
• Join the Coder Radio Sbureddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Google I/O Wish List | CR 49 first appeared on Jupiter Broadcasting.

Internet Explorer, Ruby on Rails, and the Windows Nvidia drivers all have new exploits. We’ll tell you the good, the bad, and the ugly.

Plus picking the right VPS, a big batch of your questions, and Allan’s videos from EuroBSD Con.

On this week’s episode of TechSNAP!

Thanks to:

Use our code tech295 to get a .COM for $2.95.

Something else in mind? Use go20off5 to save 20% on your entire order!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show:

   

Support the Show:

   

Support the Show: