HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

More from SCaLE 15x

— PICKS —

Runs Linux

The credit card reader at gift shop uses Linux

Desktop App Pick

GScan2PDF

A basic scanning application that converts a document to a PDF file for archiving documents

— NEWS —

Major Upgrade to Wire

Calling has always been one of Wire’s most popular features. Today we’re happy to announce the rollout of a major upgrade to our calling protocol. It further improves the secure calling experience and takes a step forward for privacy.

This update means more successfully connected calls, even in challenging network conditions. Another iteration in a few weeks will significantly shorten the call setup time. When you call someone and they accept then you’ll be able to start talking almost instantly.

Telegram & WhatsApp Vulnerability

One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy. This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between.

BeagleBone Blue: A Linux Robot Computer

BeagleBone® Blue is a complete, Linux-enabled robotics computer. Community-supported and fully open-source, the real-time performance, flexible networking and rich set of robotics-oriented peripherals make building mobile robots quick and affordable.

Smartwatch OS

The news comes via an interview with Swatch CEO Nick Hayek, who stated, “there’s a possibility for wearables to develop as a consumer product, but you have to miniaturize and have an independent operating system.” The statement comes on the heel of Tag Heuer’s unveiling of a new super high-end modular timepiece.

Feedback:

Mail Bag

Future Show Direction

• Name: Shannon S

• Subject: Just some love

• Message:

Hey there Chris and Noah. I wanted to reach out to you and show some support and thanks for the time, energy, and money that you put into the research, production and high quality of your show.

My fiance Christopher has been listening for a few years now. He loves what you do, and so do I! As my fiance has become more knowledgeable and more passionate about Linux, security, etc, he has so few people in our real world social network to chat about it with. He can’t dig in deep and dork out over it without eyes glazing over. You guys have been guides and friends as he has worked on moving his career path towards tech.

it’s tough to feel the support of your viewers, especially when they become complacent with sharing on social media. Just know there is tons of love for you guys coming from over in Vermont (though not with social media shares, guilty as charged).

Also, I’ve always appreciated the time you have spent talking about women in tech and women using linux. I’ve got ubuntu gnome onto my laptop and I’ve become a much more knowledgeable and confident with my computer knowledge thanks to you both. This is coming from a very grudging tech user.

We also love love love Unfilter, and we both think the intro is fine as is

• Name: Aaron R

• Subject: Firewall with Reverse Proxy

• Message:

Hey guys, I’m looking for a good open source firewall and reverse proxy that has a nice webUI that I can quickly configure and monitor from. I use cisco ASA’s and nginx combo normally but for the house and $ it doesn’t make sense. i have a limited number of external IP’s as you probably already know. I’ve now got a home setup that I’d like to start hosting some things on. I’m demoing cacheguard and it’s nice but only free for 5 users. Thanks! any help much

Noah’s Reccomendation

Protect your business network from viruses, malware and other threats using the UTM (Unified Threat Management) platform with the best usability in the industry. The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more.

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Altispeed Technologies
• System76 – system76

The post #SaveLAS | LAS 461 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Raspberry Pi Zero W is a $10 computer with WiFi and Bluetooth

In the case of the Raspberry Pi Zero W, the W signifies exactly what is new: wireless connectivity. It boasts exactly the same specifications (1GHz single-core Broadcom BCM2835 CPU, 512MB of RAM, 40-pin header) as its predecessor but the Zero W adds both 802.11n WiFi and Bluetooth 4.0 to the existing Zero design.

• New product! Raspberry Pi Zero W joins the family – Raspberry Pi

To recap, here’s the full feature list for Zero W:

• 1GHz, single-core CPU
• 512MB RAM
• Mini-HDMI port
• Micro-USB On-The-Go port
• Micro-USB power
• HAT-compatible 40-pin header
• Composite video and reset headers
• CSI camera connector
• 802.11n wireless LAN
• Bluetooth 4.0

Mozilla acquires Pocket to gain a foothold on mobile devices

The nine-year-old company, which makes tools for saving articles and videos to view them later, is Mozilla’s first acquisition. It represents a homecoming of sorts for Pocket, which began life as a Firefox extension before eventually expanding its team and building a suite of apps for every major platform. Pocket has been Firefox’s default read-it-later service since 2015.

AMD’s Ryzen Will Really Like A Newer Linux Kernel

So with Linux 4.10 looks to be — and reaffirmed by this trusted confidant — a good point for AMD Ryzen testing and usage. So far in the Linux 4.11 cycle we haven’t seen anything Ryzen-specific appear to come through.

#Ryzen will work best with #Linux 4.10 and later. In other words… #ARCH pic.twitter.com/KARy0RjhIg

— Chris Fisher (@ChrisLAS) February 27, 2017

Linux Academy

• Linux Academy | Linux and AWS Online Training

Do we really need swap on modern systems?

• Do we really need swap on modern systems?

Can I run without swap? Is further tuning possible?

Systems without swap can make sense and are supported by Red Hat – just be sure the behaviour of such a system under memory pressure is what you want. In most environments, a bit of swap makes sense.

• /proc/meminfo Committed_AS field shows how much memory processes have requested.
• Using sysctl, we can enable/disable overcommit, and configure how much overcommit should be allowed. The defaults need to be changed only in rare cases, and after properly testing the new settings. The RHEL Performance Tuning Guide has details.
• A solution document with details regarding the likeliness of swapping – for example in changing vm.swappiness. This also requires good testing with your applications.
• Without swap, the system will call the OOM when the memory is exhausted. You can prioritize which processes get killed first in configuring oom_adj_score.
• If you write an application, want to lock pages into RAM and prevent them from getting swapped, mlock() can be used.
• If you design your applications to regularly use swap, make sure to use faster devices, like SSD – starting with Red Hat Enterprise Linux 7.1, ‘swapon –discard’ can be used to send TRIM to SSD devices, to discard the device contents on swapon. *

The Storage Administration Guide has also a section on swap configuration.

Linux Update Fixes 11-Year-Old Flaw

Andrey Konovalov, a security researcher at Google, found a use-after-free hole within Linux, CSO Online reported. This particular flaw is of interest because it appears to be situational. It only showed up in kernels built with a certain configuration option — CONFIG_IP_DCCP — enabled.

Unfortunately, many popular Linux distributions have enabled this option by default. A new Linux update has since patched the vulnerability, although the exploit has been present in Linux kernels since 2005.

Telegram is no longer open source :: lucb1e.com

Telegram for Android is now a closed source application. According to the repository and the Telegram website, it is covered by the GPL license which states one must publish changes. However, since early October 2016, there have been many releases but no updates of the source code. Everyone involved is pretending there is no issue because they have their fingers in their ears:

• the original author did not respond to the criticism for months;
• Telegram’s chat support does not respond in over a week;
• Telegram’s Twitter account is active (30 minutes ago) but ignores my tweet of a week ago;
• Markus Ra (the face of Telegram) does not respond in over a week; and

• Telegram has no other, official contact method nor a physical mail address.

• telegram-history-dump: Backup Telegram chat logs using telegram-cli

This utility is the successor of telegram-json-backup, written from the
ground up in Ruby. It can create backups of your Telegram user and (super)group
dialogs using telegram-cli’s remote control feature.

Compared to the old project, telegram-history-dump:

• Has better support for media downloads
• Supports output formats other than JSON and is extensible with custom formats
• Supports incremental backup (only new messages are downloaded)
• Does not depend on unstable Python/Lua bindings within telegram-cli
• Has a separate YAML formatted configuration file

The default configuration will backup all dialogs to a directory named output in JSON format, without downloading any media.

TING

• Ting – mobile that makes sense

Internet-Connected Teddy Bear Leaks Millions Of Voice Messages and Password

Now, in the latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts.

• Troy Hunt: Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages

CloudPets has absolutely no password strength rules. When I say “no rules”, I mean you can literally have a password of “a”. That’s right, just a single character. Not only that, check out how the tutorial demonstrates account creation and particular, how to choose a password:

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

gstreamer 0.10 moved to AUR

yaourt -R gstreamer0.10 gstreamer0.10-ffmpeg gstreamer0.10-bad gstreamer0.10-bad-plugins gstreamer0.10-base gstreamer0.10-base-plugins gstreamer0.10-good gstreamer0.10-good-plugins gstreamer0.10-ugly gstreamer0.10-ugly-plugins

• gstreamer0.10 packages moved to AUR | Antergos Community Forum

gstreamer0.10 was maintained because of legacy software. Now that most of all audio/video software can be compiled against current gstreamer, gstreamer0.10 has no use.

• AUR gstreamer packages broke : archlinux

The packages not updating are the gstreamer0.10, not the gstreamer1.10 ones.

• Gstreamer Cheat Sheet
• Gstreamer Application Development

The post AWS Loses Its ShIOT | LINUX Unplugged 186 first appeared on Jupiter Broadcasting.

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Signal Messenger is Secure

They conclude that it is impossible to say if Signal meets its goals, as there are none stated, but say their analysis proves it satisfies security standards adding “we have found no major flaws in its design, which is very encouraging”.

New MacBook Doesn’t Run Linux

The three primary issues here are:
1) The input devices are on SPI, not USB. Apple’s ACPI tables don’t provide the GPIO mappings for these things via the standard mechanisms, so the chipset driver won’t bind. You then still need another driver for the SPI controller, and there’s an out of tree one at https://github.com/cb22/macbook12-spi-driver/ . Longer term, the kernel needs to be able to parse Apple’s ACPI tables and that driver needs merging.

2) Apple’s NVME hardware uses the wrong PCI device class, possibly because it’s not entirely NVME compatible (trying to read 64 bits of mmio register space in one go will fail, for instance). Linux has a specific entry for the older Apple NVME devices, and that may need to be broadened.

3) Having source ID checking enabled when doing IRQ remapping results in the system hanging on boot. It’s unclear what the underlying problem is.
– mjg59 @ https://news.ycombinator.com/item?id=12924051

LinuxFest Northwest founder honored with Cascadia Community Builder Award

In 1968, The Great Northern Railroad hired Bill, then a student at Western Washington University, because of his computer experience, which at that time consisted of using punched cards and perforated paper tapes. Bill became interested in Linux and the open source community in the late 1990s. With a few other computer nerds, he helped start the Bellingham Linux User Group in 1998 and its first LinuxFest in 2000. As BLUG and LFNW’s Treasurer, Bill has been involved with organizing and community outreach ever since.

“Linuxfest Northwest reaches a huge number of people,” said Emily Dunham, who serves on the award committee. “Bill is a great example of what the award is about.” The award committee hopes that Bill Wright’s tireless work will continue to inspire other free software activists in the Cascadia region.

Budgie withdrawn from Open Build Service

Please note that as of Budgie 11, support will be withdrawn for the OBS repositories for the Budgie Desktop for openSUSE and Fedora.

This will ensure that the Solus project is no longer maintaining external repositories for Budgie Desktop. As a desktop environment, it is vital that it is well tested, and well integrated, into other distributions.

Unfortunately, in the 3 years that the OBS repo has been maintained by the Solus team (Ikey, personally), nobody has stepped forward to maintain the repos, and we’ve seen no news of remaining downstreams trying to integrate Budgie into their parent repos (Budgie Desktop wiki in openSUSE says to use the OBS repo)

The Linux Foundation’s Core Infrastructure Initiative Renews Funding for Reproducible Builds Project

The grant extends the contribution to include Debian developers Chris Lamb, Mattia Rizzolo, Ximin Luo and Vagrant Cascadian, as well as extending funding for Holger Levsen. Furthermore, this contribution adds support for Ed Maste, working with FreeBSD.

While anyone can inspect the source code of free software for malicious flaws, most Linux distributions provide binary (or compiled) packages to end users. The motivation behind “reproducible” builds is to allow verification that no flaws have been introduced during the compilation process by endeavouring that identical binary packages are generated from a given source. This prevents the installation of backdoor-introducing malware on developers’ machines as an attacker would need to simultaneously infect all developers attempting to reproduce the build.

“Ensuring that no flaws are introduced during the build process greatly improves software security and control,” said Lamb. “Our work has already made significant progress in Debian GNU/Linux, and we are making our tools available for Fedora, Guix, Ubuntu, OpenWrt and other distributions.

Linux Desktop 0-day from a NES emulator?

A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System

This exploit abuses a vulnerability in the gstreamer-0.10 plug-in for playing NSF music files. These music files are not like most other music files that your desktop can play. Typical music files are based on compressed samples and are decoded with a bunch of math. NSF music files, on the other hands, are played by actually emulating the NES CPU and sound hardware in real time. Is that cool or what? The gstreamer plug-in creates a virtual 6502 CPU hardware environment and then plays the music by running a bit of 6502 code for a little while and then looking at the resulting values in the virtualized sound hardware registers and then rendering some sound samples based on that.

• NES Classic joins the “can it run Linux” club

TING

• Ting – mobile that makes sense

PSA: KDE Neon users are requested to perform a full reinstall

The package archive used by KDE neon was incorrectly configured allowing anyone to upload packages to it. There is no reason to think that anyone actually did so but as a precaution we have emptied the archives and removed ISOs built before this date. The archive is being rebuilt and ISOs regenerated.

Solution:
Upgrade to the latest packages once rebuilt.

You can bypass linux disk encryption authentication by pressing the enter key for 70 seconds

An error in the implementation of the Cryptsetup utility used for encrypting hard drives allows an attacker to bypass the authentication procedures on some Linux systems just by pressing the Enter key for around 70 seconds. This results in the attacked system opening a shell with root privileges.

Encrypted data is safe, but attackers can get root privileges on targeted systems.

• Major Linux security hole gapes open | ZDNet

Can Linux containers save IoT from a security meltdown?

Security is a selling point for these products, and for good reason. The Mirai botnet that recently attacked the Dyn service and blacked out much of the U.S. Internet for a day brought Linux-based IoT into the forefront — and not in a good way. Just as IoT devices can be turned to the dark side via DDoS, the devices and their owners can also be the victimized directly by malicious attacks.

In this final, future-looking segment of our IoT series, we look at two Linux-based, Docker-oriented container technologies that are being proposed as solutions to IoT security. Containers might also help solve the ongoing issues of development complexity and barriers to interoperability that we explored in our story on IoT frameworks.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

The End of the General Purpose Operating System

• Going Serverless: AWS and Compelling Science Fiction

• Re-Imagining the Container Stack to Optimize Space and Speed

• The cloud’s most open option for containers

Linux Academy

• Linux Academy | Linux and AWS Online Training

Doing Business with Linux

• Free Geek Toronto

• Other Free Geek locations – Wikipedia

• Microsoft partner claims Windows 10 a better choice for Munich

Semi-automatic document scanning with Paperwork

• Paperwork Github
• Paperless: Scan and index paper documents

Post Show

+ [fix-windows-privacy: new tool to automate getting your privacy back on Windows 10](https://modzero.github.io/fix-windows-privacy/)

The post Uncontained Human Error | LINUX Unplugged 171 first appeared on Jupiter Broadcasting.