Podd: All Jupiter Broadcasting Shows

2024 Tuxies | LINUX Unplugged 594

22 december 2024 | min

Mikestrodamus | Coder Radio 600

18 december 2024 | min

Zen and the Art of Kernel Preempting | LINUX Unplugged 593

15 december 2024 | min

ODROID and Chill | Self-Hosted 138

13 december 2024 | min

GPU Game Theory | Coder Radio 599

11 december 2024 | min

Sam's Checkmate: How Open Source AI and Silicon Valley Kingmakers dethroned the OpenAI emperor! Plus, Tesla's API Apocalypse has arrived.

Support Coder Radio

Links:

💥 Gets Sats with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
🇨🇦 Bitcoin Well — Enable your independence with the fastest and safest way to buy Bitcoin in Canada and the USA. Focused on Bitcoin excellence, enabling true financial independence 🥇
📻 Boost with Fountain.FM — Boost with Fountain.FM and kick the tires on the Podcasting 2.0 revolution! 🚀
Tesla Is Screwing Over Dozens Of App Developers — Tesla is preparing to begin charging software developers to access the Application Programming Interface for its cars—something used by just about every third-party dev that builds software that integrates with Tesla's vehicles.
Donald Trump Names David Sacks as White House AI and Crypto Czar — Intelligence and Cryptocurrency, two areas critical to the future of American competitiveness. David will focus on making America the clear global leader in both areas,”
E129: Sam Altman plays chess with regulators, AI's "nuclear" potential, big pharma bundling & more - YouTube
OpenAI launches a new $200 monthly subscription and an updated model — The company is also introducing ChatGPT Pro, a new $200 monthly subscription tier that includes unlimited access to OpenAI o1, GPT-4o, and Advanced Voice mode. It also includes a version of o1, exclusive to Pro users, that uses more compute to provide the best possible answer to the hardest problems (called o1 pro mode).
Introducing ChatGPT Pro — ChatGPT Pro provides a way for researchers, engineers, and other individuals who use research-grade intelligence daily to accelerate their productivity and be at the cutting edge of advancements in AI.
OpenAI explores advertising as it steps up revenue drive — OpenAI is discussing plans to introduce advertising to its artificial intelligence products, as the ChatGPT maker seeks new revenue sources as it restructures as a for-profit company.
AI startups snatch San Francisco offices, use Zoom fatigue to recruit — “In-person teams have a magic to them,” Tratar said. “When one thing is going well it adds energy to the system and people get excited.”

Chris' Netboot Nonsense | LINUX Unplugged 592

8 december 2024 | min

No Code is just Other People's Code | Coder Radio 598

4 december 2024 | min

KDE Goes Banana | LINUX Unplugged 591

1 december 2024 | min

Mechanically Compatible | Self-Hosted 137

29 november 2024 | min

Make Google Great Again | Coder Radio 597

27 november 2024 | min

Self-Host Before You're Toast | LINUX Unplugged 590

24 november 2024 | min

Chrome For Sale | Coder Radio 596

20 november 2024 | min

6 Reasons to Love Linux 6.12 | LINUX Unplugged 589

17 november 2024 | min

Google is Done | Self-Hosted 136

15 november 2024 | min

Year of the Snake | Coder Radio 595

13 november 2024 | min

Python's eating the world - and AI's helping it digest. A cheeky look at why this programming language is suddenly everywhere and the bizarre tale of how AI infiltrated the last place you'd expect.

Sponsored By:

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
🇨🇦 Bitcoin Well — Enable your independence with the fastest and safest way to buy bitcoin in Canada and the USA. Focused on Bitcoin excellence, enabling true financial independence 🥇
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
AMD grabs a quarter of x86 market with desktop gains — AMD now accounts for 25 percent of all x86 processor shipments, but only made a slight increase in the past quarter against industry leader Intel in servers – the main gains came from the desktop market.
Intel exec says Arrow Lake launch ‘just didn’t go as planned' — Intel’s Arrow Lake chips’ “bones are solid,” Hallock said during the interview. Still, the company has identified factors “that can combine to produce some pretty wild unintended effects.” Hallock was also clear that the new Arrow Lake performance issues are strictly Intel’s responsibility, and not the fault of Microsoft or anyone else.
Announcing .NET 9 — Today, we are excited to announce the launch of .NET 9, the most productive, modern, secure, intelligent, and performant release of .NET yet. It’s the result of another year of effort on the part of thousands of developers from around the world.
Octoverse: AI leads Python to top language as the number of global developers surges - The GitHub Blog — In this year’s Octoverse report, we study how public and open source activity on GitHub shows how AI is expanding as the global developer community surges in size.
TensorFlow — TensorFlow makes it easy to create ML models that can run in any environment. Learn how to use the intuitive APIs through interactive code samples.
NumPy - — The fundamental package for scientific computing with Python
pandas - Python Data Analysis Library — pandas is a fast, powerful, flexible and easy to use open source data analysis and manipulation tool, built on top of the Python programming language.
PyTorch — A rich ecosystem of tools and libraries extends PyTorch and supports development in computer vision, NLP and more.
I’m a neurology ICU nurse. The creep of AI in our hospitals terrifies me — We didn’t call it AI at first. The first thing that happened was these new innovations just crept into our electronic medical record system. They were tools that monitored whether specific steps in patient treatment were being followed. If something was missed or hadn’t been done, the AI would send an alert. It was very primitive, and it was there to stop patients falling through the cracks.
Text Editor Election Results

Clearing out the Tumbleweeds | LINUX Unplugged 588

10 november 2024 | min

Smart Contracts for Dumb People | Coder Radio 594

6 november 2024 | min

Malicious NPM packages are sneaking into codebases while FFmpeg devs prove old-school assembly skills can still smoke the competition. Plus, a rare bee species takes on Zuck's AI dreams.

Sponsored By:

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
🇨🇦 Bitcoin Well — Enable your independence with the fastest and safest way to buy bitcoin in Canada and the USA. Focused on Bitcoin excellence, enabling true financial independence 🥇
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Oops, Apple approved another illegal streaming app — A ‘productivity app’ that streams pirated movies seems to have slipped past Apple’s review process — and it’s far from the first one to do it.
Why Avoiding Technical Debt Might Be Your Biggest Mistake — In this post, I’ll argue that technical debt isn’t inherently bad — it’s unmanaged technical debt that causes problems. Programmers who refuse to incur any technical debt pay a high price, using up one of a company’s most valuable resources: present time!
Hundreds of code libraries posted to NPM try to install malware on dev machines — The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries
FFmpeg devs boast of up to 94x performance boost after implementing handwritten AVX-512 assembly code — The developers have created an optimized code path using the AVX-512 instruction set to accelerate specific functions within the FFmpeg multimedia processing library. By leveraging AVX-512, they were able to achieve significant performance improvements — from three to 94 times faster — compared to standard implementations. AVX-512 enables processing large chunks of data in parallel using 512-bit registers, which can handle up to 16 single-precision FLOPS or 8 double-precision FLOPS in one operation. This optimization is ideal for compute-heavy tasks in general, but in the case of video and image processing in particular.
Regulators reject power deal for nuclear Amazon datacenters — Amazon has hit a roadblock in its plans for nuclear-powered US datacenters. Federal regulators rejected a deal that would let it draw more power from a Susquehanna plant to supply new bit barns next to the site, on the grounds this would set a precedent which may affect grid reliability and increase energy costs.
Meta’s nuclear datacenter plan reportedly stung by bees — CEO Mark Zuckerberg reportedly told employees at an all-hands meeting that the discovery of a rare species of bees on the prospective build site had contributed to the cancellation of the datacenter project, according to The Financial Times.
AI's energy appetite has Taiwan reconsidering nuclear option — The global surge in AI is placing unprecedented pressure on energy resources, with chipmakers such as TSMC consuming vast amounts of electricity to meet growing demand for advanced silicon. In response, Taiwan's government is signaling a potential shift in its longstanding opposition to nuclear energy to address its mounting power needs.
Mike's Poll says it all. — Let’s celebrate Election Day by voting to “settle” a classic debate.

Triple Fedora Taste-Test | LINUX Unplugged 587

3 november 2024 | min

Rebuilding For the Last Time | Self-Hosted 135

1 november 2024 | min

Bake Your Own Linux Cake | Coder Radio 593

30 oktober 2024 | min

Kexec with Determination | LINUX Unplugged 586

27 oktober 2024 | min

Choosy Moms Choose Ubuntu | LINUX Unplugged 585

20 oktober 2024 | min

YouTube Unplugged | Self-Hosted 134

18 oktober 2024 | min

FOSS does what Nintendont | Coder Radio 591

16 oktober 2024 | min

We get frustrated with Nintendo. Then, dig into the 30-year-old backdoor that was recently exploited and the hard lesson we should learn from it. Then, we'll break down some "hot tips" that promise to make you the next DevRel star.

Sponsored By:

Annual Membership - Jupiter Party: Put your support on auto-pilot and get one month for free!

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
🇨🇦 Bitcoin Well — Enable your independence with the fastest and safest way to buy bitcoin in Canada and the USA. Focused on Bitcoin excellence, enabling true financial independence 🥇
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Ryujinx Switch Emulator Project Shuts Down Under Nintendo Pressure — Open source Nintendo Switch emulator Ryujinx has thrown in the towel under pressure from Nintendo. Lead developer 'gdkchan' was reportedly contacted by the gaming giant on Monday. He was given the opportunity to stop working on the project and shut down everything under his control, presumably to avoid further action. The project's repo on GitHub has already been deleted.
'Modded Hardware' Defendant Denies Nintendo's Copyright Claims in Court — The alleged operator of Modded Hardware has filed an answer to Nintendo's copyright complaint, denying any wrongdoing. The defendant, who represents himself in court, counters with a long list of affirmative defenses including fair use. The case will now move forward to the discovery process. Meanwhile, the Modded Hardware site has gone private.
The 30-year-old internet backdoor law that came back to bite — The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.
Meredith Whittaker on Masto — Case in point: there's no way to build a backdoor that only the "good guys" can use.
Chinese hackers access US telecom firms, worrying national security officials — US investigators believe the hackers potentially accessed wiretap warrant requests, two of the sources said, but officials are still working to determine what information the hackers may have obtained. US broadband and internet providers AT&T, Verizon and Lumen are among the targets, the sources said.
Exclusive | U.S. Wiretap Systems Targeted in China-Linked Hack - WSJ — AT&T and Verizon are among the broadband providers that were breached
Unlocking the ‘aha’ moment: Developer relations for startups — Developer relations (DevRel) can be a cornerstone of product adoption and growth for early-stage companies, but too often early-stage companies end up focusing on the wrong things. The linchpin for success lies in how quickly developers reach their first "aha" moment
Mermaid | Diagramming and charting tool — JavaScript based diagramming and charting tool that renders Markdown-inspired text definitions to create and modify diagrams dynamically.
Integrations | Mermaid

Captain Meshtastic and the Solar Cowboy | LINUX Unplugged 584

13 oktober 2024 | min

Google’s Loss is Our Win | Coder Radio 590

9 oktober 2024 | min

Our reaction to Google's major legal blow, forcing them to open the Play Store wide, our thoughts on the world's lovefest with AI-generated podcasts, and the next tool Microsoft is porting over from Linux.

Sponsored By:

Annual Membership - Jupiter Party: Put your support on auto-pilot and get one month for free!

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
🇨🇦 Bitcoin Well — Enable your independence with the fastest and safest way to buy bitcoin in Canada and the USA. Focused on Bitcoin excellence, enabling true financial independence 🥇
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Google must crack open Android for third-party stores, rules Epic judge — Google must give rival third-party app stores access to the full catalog of Google Play apps — and distribute third-party stores.
Why Google is appealing the U.S. Epic Games verdict — The Epic verdict missed the obvious: Apple and Android clearly compete. We will appeal and ask the courts to pause implementing the remedies to maintain a consistent and safe experience for users and developers as the legal process moves forward.
There’s a New Hit Podcast That Will Blow Your Mind - WSJ — With this Google tool, you can make a show about any topic you could possibly imagine. The hosts aren’t human. You won’t believe your ears.
List of "Fake Podcasts" — Listen Notes' list of AI-genreated podcasts.
Analyzing Poop & Fart written 1,000 times — Creating meaning from the meaningless.
NotebookLM now lets you listen to a conversation about your sources — Today, we're introducing Audio Overview, a new way to turn your documents into engaging audio discussions. With one click, two AI hosts start up a lively “deep dive” discussion based on your sources. They summarize your material, make connections between topics, and banter back and forth. You can even download the conversation and take it on the go.
ebpf-for-windows — eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.

Nix on Easy Mode | LINUX Unplugged 583

6 oktober 2024 | min

No Google October | Self-Hosted 133

4 oktober 2024 | min

Blame the Tools using the Tools | Coder Radio 589

2 oktober 2024 | min

On the CUPS of Disaster | LINUX Unplugged 582

29 september 2024 | min

A Coder PSA | Coder Radio

24 september 2024 | min

The Linux Escape Hatch | LINUX Unplugged 581

22 september 2024 | min

Uploading at the Speed of Light | Self-Hosted 132

20 september 2024 | min

Hulk Smash “PUNY DEVS” | Coder Radio 588

18 september 2024 | min

Brent's Boogie Bus Broadcast Bash | LINUX Unplugged 580

15 september 2024 | min

Surfing the WSL Wave | Coder Radio 587

11 september 2024 | min

Lost & Found | LINUX Unplugged 579

8 september 2024 | min

The Value of Community | Self-Hosted 131

6 september 2024 | min

Mike's Clone Army | Coder Radio 586

4 september 2024 | min

How Mike plans to win the Clone Wars with Dokku, we review some shocking developer data and say goodbye to another project DMCA'd by Apple.

Sponsored By:

Coder QA: Take $1 a month off for the lifetime of your membership and contribute to our show directly. Promo Code: summer

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
AWS CEO Says Most Developers Could Stop Coding Soon As AI Takes Over — "If you go forward 24 months from now, or some amount of time — I can't exactly predict where it is — it's possible that most developers are not coding," said Garman, who became AWS's CEO in June.
Amazon S3 now supports conditional writes — Using conditional writes, you can simplify how distributed applications with multiple clients concurrently update data in parallel across shared datasets. Each client can conditionally write objects, making sure that it does not overwrite any objects already written by another client. This means you no longer need to build any client-side consensus mechanisms to coordinate updates or use additional API requests to check for the presence of an object before uploading data.
Syncing Prod & Staging Data With Dokku — Dokku’s apps:clone command is a fantastic utility that allows you to replicate an entire app, including all code, databases and environment variables.
Study Finds 77% of Employees Report AI Has Increased Their Workload — The new global study, in partnership with The Upwork Research Institute, interviewed 2,500 global C-suite executives, full-time employees and freelancers. Results show that the optimistic expectations about AI's impact are not aligning with the reality faced by many employees.
Docker Image disappeared · Issue #799 — The DMCA notice
macos: OSX (macOS) inside a Docker container. — By default, macOS Ventura will be installed. But you can add the VERSION environment variable to your compose file, in order to specify an alternative macOS version to be downloaded
A long, weird FOSS circle ends as Microsoft donates Mono to Wine project — Mono had many homes over 23 years, but Wine's repos might be its final stop.
Thank you to all the Mono developers!

Young and the Rustless | LINUX Unplugged 578

1 september 2024 | min

From Ops to Dev and Back Again | Coder Radio 585

28 augusti 2024 | min

We reflect on the rise of DevOps and the frustrating dynamics that led to it. Plus, tech's latest bright idea: Roombas with attitude.

Sponsored By:

Coder QA: Take $1 a month off for the lifetime of your membership and contribute to our show directly. Promo Code: summer

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
iPad Illustration App Procreate Condemns Generative AI — We're here for the humans. We're not chasing a technology that is a moral threat to our greatest jewel: human creativity. In this technological rush, this might make us an exception or seem at risk of being left behind. But we see this road less travelled as the more exciting and fruitful one for our community.
Procreate on X — We’re never going there. Creativity is made, not generated. You can read more at http://procreate.com/ai ✨
History of DevOps — The DevOps movement started to coalesce some time between 2007 and 2008, when IT operations and software development communities raised concerns what they felt was a fatal level of dysfunction in the industry.
The Cloud Talent Crisis: Skills Shortage Drives Up Costs, Risks — Organizations are facing increased cloud costs, risks, and inefficiencies due to a shortage of skilled cloud professionals.
Apple Is Developing a Tabletop Robot for the Home - YouTube — Apple Inc., seeking new sources of revenue, is moving forward with development of a pricey tabletop home device that combines an iPad-like display with a robotic limb. Bloomberg's Mark Gurman reports this is part of Apple's bigger move into robotics.
First Plans for Apple's Tabletop Robot Spotted in Supply Chain
Tesla is hiring people to train its Optimus bot via motion capture — The company is paying people to train its humanoid Optimus bot via motion capture, but the task may require vast amounts of data.

Summer Kernel Corn Roast | LINUX Unplugged 577

26 augusti 2024 | min

Make it or Break it | Self-Hosted 130

23 augusti 2024 | min

Google’s Poisoned Apple | Coder Radio 584

21 augusti 2024 | min

The walled garden wrecking ball is fueling up - where we think it strikes first. Plus, what was really behind the recent GitHub outage.

Sponsored By:

Coder QA: Take $1 a month off for the lifetime of your membership and contribute to our show directly. Promo Code: summer

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Raspberry Pi 5 2GB Launches At $50 USD — Upton explained of the new Broadcom BCM2712 D0 stepping that it eliminates some dark silicon that goes unused by the Raspberry Pi boards but ultimately impacts the die space/pricing and is now eliminated with this new stepping
Epic judge says he’ll ‘tear the barriers down’ on Google’s app store monopoly — udge James Donato will issue his final order on what Google gives — and Epic gets — in mere weeks.
US Considers a Rare Antitrust Move: Breaking Up Google — This action would mark Washington's first attempt to break up a company for illegal monopolization since the failed bid to dismantle Microsoft two decades ago.
GitHub rolls out AI-powered fixes for code vulnerabilities — Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them.
GitHub rolls back database change after breaking itself — "We are experiencing interruptions in multiple public GitHub services," the source code silo said in an advisory on its status page. "We suspect the impact is due to a database infrastructure related change that we are working on rolling back."
GitHub Status - All GitHub services are experiencing significant disruptions — At 22:59 UTC an erroneous configuration change rolled out to all GitHub.com databases that impacted the ability of the database to respond to health check pings from the routing service. As a result, the routing service could not detect healthy databases to route application traffic to. This led to widespread impact on GitHub.com
Diablo 1 for web browsers — I've modified the code to remove all dependencies and exposed the minimal required interface with JS, allowing the game to be compiled into WebAssembly.

The Secret Server | LINUX Unplugged 576

18 augusti 2024 | min

A Shekel for Every Click | Coder Radio 583

14 augusti 2024 | min

Brent's Busted Builds | LINUX Unplugged 575

11 augusti 2024 | min

Forged Alliance | Self-Hosted 129

9 augusti 2024 | min

Intel: It Hurts Inside | Coder Radio 582

7 augusti 2024 | min

We take a look at SeaweedFS, roast Apple Intelligence, and reveal the vendor that caught Intel's mess before it shipped.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Judge rules that Google ‘is a monopolist’ in US antitrust case — udge Amit Mehta ruled in favor of the Department of Justice, writing that Google has maintained a monopoly in the search and advertising markets.
Google default search deals break US law, court finds — "This victory against Google is an historic win for the American people," said Attorney General Merrick Garland, in a statement. “No company – no matter how large or influential – is above the law. The Justice Department will continue to vigorously enforce our antitrust laws."
Jason Kint on X — Don't overlook the impact this may have on Apple. Yes, I believe any remedy has to look at forced divestiture of Chrome and Android in addition to killing the exclusive dealing. But if Apple loses its sweetheart deal with Google, it may lose $12B in revenue (mostly profits)
Intel is laying off over 15,000 employees and will stop ‘non-essential work’ — After losses, the chipmaker is cutting $10 billion in costs.
Puget Systems' Perspective on Intel CPU Instability Issues — Based on this information, we are definitely experiencing CPU failures higher than our historical average, especially with 14th Gen. We have enough data to know that we don’t have an acute problem on the horizon with 13th Gen — it is more of a slow burn
seaweedfs — SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding.
PodcastIndex Dashboard 1.1.0 — rPodcast's Podcast Index Dashboard.
Apple Intelligence Early Preview: In-Call Recording, Safari Summaries, New Siri — After testing the first beta version of Apple Intelligence myself, I can tell you that the features don’t yet live up to the excitement.
Cabel Sasser - Panic Social — Apple Intelligence in 15.1 just flagged a phishing email as “Priority” and moved it to the top of my Inbox. This seems… bad
iOS 18: These Apple Intelligence Features Won't Be Ready Until 2025

COSMIC Encounter | LINUX Unplugged 574

4 augusti 2024 | min

Lunacy Lake | Coder Radio 581

31 juli 2024 | min

Why is Google feeling lucky, and the Intel situation slips into pure lunacy. Plus, thoughts on the C# Type Union proposal.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
OpenAI on X: "We’re testing SearchGPT" — We’re testing SearchGPT, a temporary prototype of new AI search features that give you fast and timely answers with clear and relevant sources.
Google’s antitrust defense could benefit from the threat of SearchGPT — The new risk Google faces from AI challengers could play a role in the ultimate outcome of a landmark antitrust trial where a judge must decide whether the tech giant illegally monopolized online search.
Intel's Biggest Failure in Years: Confirmed Oxidation & Excessive Voltage - YouTube
Intel confirms that any Raptor Lake instability damage is permanent, and no, it's not planning a recall — Microcode patch can't reverse the damage caused by the elevated voltage - only prevent further harm.
CrowdStrike Outage Losses Estimated at a Staggering $5.4B — Parametrix researchers have found that roughly 25% of Fortune 500 companies experienced disruptions due to the incident, the most heavily affected industries financially being healthcare ($1.94 billion in estimated losses) and banking ($1.15 billion). In addition, a shocking 100% of the transportation and airlines sector was affected, and the group will rack up an estimated $0.86 billion in losses, according to the forecast. The $5.4 billion estimate excludes Microsoft.
Parametrix Analysis.pdf
proposals/TypeUnions.md — A proposal for type unions (aka discriminated unions) in C#.
California DMV puts 42 million car titles on blockchain to fight fraud — The project, in collaboration with tech company Oxhead Alpha on Ava Labs' Avalanche blockchain, will allow California's more than 39 million residents to claim their vehicle titles through a mobile app, the first such move in the United States.
How Kamala Harris Could Usher in a Clean Slate for Crypto Regulation — She may not be appearing at Bitcoin Nashville this year alongside Donald Trump. But, if elected president, Kamala Harris could reshape the U.S.'s policy on digital assets.
What is Operation Choke Point 2.0? Trump promises to end it. - YouTube — It was one of the many promises made by former President Donald Trump to a cryptocurrency crowd at this year’s Bitcoin conference. Crypto advocates have dubbed efforts to cut off the cryptocurrency industry from banking services “Operation Choke Point 2.0,” and Trump is vowing to end it.
Operation Choke Point 2.0 — Crypto still needs on- and off-ramps for US dollars, but the US is making it increasingly difficult to maintain them
Operation Choke Point 2.0: How U.S. Regulators Fight Bitcoin With Financial Censorship — “The clandestine Operation Choke Point had more in common with a purge of ideological foes than a regulatory enforcement action”, wrote Frank Keating, a former governor of Oklahoma who served in the DOJ during the Reagan administration, in a 2018 editorial for The Hill. “It targeted wide swaths of businesses with little regard for whether legal businesses were swept up and harmed. In fact, that seemed to be the goal.”

Universal Blue Man Group | LINUX Unplugged 573

28 juli 2024 | min

To Update, or Not to Update? | Self-Hosted 128

26 juli 2024 | min

Error Lake | Coder Radio 580

24 juli 2024 | min

Data Security Only a Maniac Could Love | LINUX Unplugged 572

21 juli 2024 | min

The Insufferable Small Business | Coder Radio 579

17 juli 2024 | min

Multi-Machine Lifestyle | LINUX Unplugged 571

14 juli 2024 | min

Texas LinuxFest Day 2 | Jupiter Extras 92

13 juli 2024 | min

Texas LinuxFest Day 1 | Jupiter Extras 91

13 juli 2024 | min

Nostr Workshop | Jupiter Extras 90

13 juli 2024 | min

Can't Fix What You Don't Track | Self-Hosted 127

12 juli 2024 | min

Cancel the 100X | Coder Radio 578

10 juli 2024 | min

Apple finally stands down in its battle with Epic, and Google gets caught with its hand in the full access to everything jar.

Sponsored By:

Coder QA: Take $1 a month off your membership for a year, and contribute to our show directly! Promo Code: darthjarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Siri features are likely to go into beta testing for developers in January — Siri features are likely to go into beta testing for developers in January and then debut publicly around the springtime — part of an iOS 18.4 upgrade that’s already in the works.
Epic Games Newsroom on X — 1/3 Apple has rejected our Epic Games Store notarization submission twice now, claiming the design and position of Epic’s “Install” button is too similar to Apple's "Get" button and that our "In-app purchases" label is too similar to the App Store's "In-App Purchases" label.
Apple approves Epic Games Store for iOS — Later the same day, Apple had a change of heart about the situation, and instead has approved the Epic Games Store.
Jeff Johnson - Mastodon — Apple has ZERO moral high ground. The crApp Store is the origin of many dark patterns.
tvOS 18 Hints at HomePod With Touchscreen Display — A unique touchscreen interface was allegedly found buried in tvOS 18 beta 3 by 9to5Mac, and the finding is actually relevant to the ‌HomePod‌ because the ‌HomePod‌'s software is an offshoot of the tvOS software.
Future HomePod Again Rumored to Add Curved LCD Display — In October, Kosutami shared images of component parts that allegedly belong to a prototype touch screen ‌HomePod‌. Other reports at the time claimed to verify the legitimacy of these images with other sources.
HomePod Saves Family's Life After Dog Starts Kitchen Fire — omePod‌ has Sound Recognition, an option that is able to detect the sound of a fire alarm and send an alert.
Dog Starts Kitchen Fire Video
Luca Casonato 🏳️‍🌈 on X — Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel.
Luca Casonato 🏳️‍🌈 on X — For those interested: this is done through a built-in Chrome extension that can not be disabled, and does not show up in the extensions panel.
hangout_services

RegreSSHion Strikes | LINUX Unplugged 570

7 juli 2024 | min

Holy Order of the Admins | Coder Radio 577

2 juli 2024 | min

Our Plasma Panacea | LINUX Unplugged 569

30 juni 2024 | min

Smart But Not Cloudy | Self-Hosted 126

28 juni 2024 | min

The New 800-pound Gorilla | Coder Radio 576

26 juni 2024 | min

All Your Silos are Broken | LINUX Unplugged 568

23 juni 2024 | min

The Omakub Directive | Coder Radio 575

19 juni 2024 | min

A couple of our long-standing forecasts are coming true. We unpack the recent developments. Plus, our thoughts on OpenAI going commercial and more.

Sponsored By:

Coder QA: Take $1 a month off your membership for a year, and contribute to our show directly! Promo Code: darthjarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 100 countries. Easily integrates with Fountain.fm. Setup your Strike account, and you have one of the world's best ways to buy sats.
📻 Boost with Fountain.FM — Boost from Fountain.FM's website and keep your current Podcast app. Or kick the tires on the Podcasting 2.0 revolution and try out Fountain.FM the app! 🚀
Study finds 1/4 of bosses hoped RTO would make staff quit — A study claims to have proof of what some have suspected: return to office mandates are just back-channel layoffs and post-COVID work culture is making everyone miserable.
Return to Office mandates boost company profits? Nope — Research has shed light on the profitability gains that the biggest US corporations experienced after issuing return to office mandates: There weren't any, and the policy made their staff unhappier.
DHH on X — Nothing gets me quite as fired up as discovering the future early and undistributed. That feeling of realizing that something is simply better, and the only reason it hasn't taken off yet is because the world hasn't realized it. It's amazing, and it's how I'm feeling about Linux right now. That "how did I not know it was this good" sensation.
Eva on X - Director of Cybersecurity @EFF — I hate every operating system so much right now. It is truly going to be the year of Linux on the desktop.
notch on X — Alright, that's enough spyware in my OS. Do I go desktop Mac, or do I have the energy to go full Linux? Not sure, but I'm tired of my operating system treating me like the product.
Lenovo 14" T14s Gen 6 Snapdragon Laptop
ASUS VivoBook S 15 Copilot+ PC Review
TUXEDO on ARM is coming
Qualcomm announces Snapdragon X Plus and Elite processors — The Snapdragon X Series processors could be the biggest CPU shakeup since Apple Silicon.
OpenAI CEO Says Company Could Become a For-Profit Corporation Like xAI, Anthropic — OpenAI CEO Sam Altman recently told some shareholders that the artificial intelligence developer is considering changing its governance structure to a for-profit business that OpenAI's nonprofit board doesn't control, according to a person who heard the comments. One scenario Altman said the board is considering is a for-profit benefit corporation, which rivals such as Anthropic and xAI are using, this person said. Such a change could open the door to an eventual initial public offering of OpenAI, which currently sports a private valuation of $86 billion, and may give Altman an opportunity to take a stake in the fast-growing company, a move some investors have been pushing.
OpenAI CEO Says Company Could Become Benefit Corporation Akin to Rivals Anthropic, xAI — The Information
Microsoft backtracks on PC screenshot feature after outcry — Microsoft is making changes to a controversial feature announced for its new range of PCs powered by artificial intelligence after it was flagged as a potential "privacy nightmare".
Alice.Dev — The AI Bot Designed to make your business more efficient.

So Long sudo | LINUX Unplugged 567

16 juni 2024 | min

Tiny Mini Micro Systems FTW | Self-Hosted 125

14 juni 2024 | min

Craig Stans Unite | Coder Radio 574

12 juni 2024 | min

Our thoughts and reactions to Apple's WWDC '24, and more importantly what was missed.

Sponsored By:

Coder QA: Take $1 a month off your membership for a year, and contribute to our show directly! Promo Code: darthjarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 has a new UI, upgrades, and super simple Strike integration for easy Boosts.
Apple’s AI promise: “Your data is never stored or made accessible to Apple” — And publicly reviewable server code means experts can "verify this privacy promise."
Apple is bringing RCS to the iPhone in iOS 18 — The new standard will replace SMS as the default communication protocol between Android and iOS devices.
Apple Intelligence is the company's new generative AI offering — Apple unveiled Apple Intelligence, its long-awaited, ecosystem-wide push into generative AI
Introducing Apple’s On-Device and Server Foundation Models — In the following overview, we will detail how two of these models — a ~3 billion parameter on-device language model, and a larger server-based language model available with Private Cloud Compute and running on Apple silicon servers — have been built and adapted to perform specialized tasks efficiently, accurately, and responsibly.
Apple Likely to Add Google Gemini and Other AI Models to iOS 18 — In conversation with reporters after the WWDC keynote, Apple's senior VP of software engineering Craig Federighi revealed that as Apple Intelligence evolves, the company eventually wants to give its users a choice between different AI models, and suggested that Google Gemini could be an option in the future.
Blackmagic Design Unveils Spatial Video Camera for Shooting Apple Vision Pro Content — The URSA Cine Immersive camera features a custom stereoscopic 3D lens system with dual 8K sensors, capable of capturing a 180-degree field of view with spatial audio support. It is designed to capture content with a resolution of 8,160 x 7,200 per eye and offers 16 stops of dynamic range to ensure detail and color accuracy in every frame, with the ability to shoot stereoscopic 3D immersive cinema content at 90 frames per second.

Chef's Choice Ubuntu | LINUX Unplugged 566

9 juni 2024 | min

The Ultimate Computer | Coder Radio 573

5 juni 2024 | min

The story of how Mike got in a fight with a supercomputer and, like Captain Kirk, came out on top.

Sponsored By:

Coder QA: Take $1 a month off your membership for a year, and contribute to our show directly! Promo Code: darthjarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 has a new UI, upgrades, and super simple Strike integration for easy Boosts.
Exclusive-Arm aims to capture 50% of PC market — "Arm's market share in Windows - I think, truly, in the next five years, it could be better than 50%," CEO Rene Haas told Reuters in an interview.
Microsoft needs Windows developers like never before — This new Windows AI push needs developers on board for it to truly work.
OpenAI fixes the issue that caused ChatGPT outage for several hours — Popular AI chatbot service ChatGPT faced multiple outages today. OpenAI had to work for hours on these issues to make the service available to users again.
Michael Dominick on X — I think I broke Gemini. I got it to agree that my Alice logo wasn't a person when it objected to giving feedback, then uploaded it again & this.... 1st screen-cap & a link.
Daniel Kokotajlo on X — n April, I resigned from OpenAI after losing confidence that the company would behave responsibly in its attempt to build artificial general intelligence — “AI systems that are generally smarter than humans.”
OpenAI Whistle-Blowers Describe Reckless and Secretive Culture — A group of current and former employees is calling for sweeping changes to the artificial intelligence industry, including greater transparency and protections for whistle-blowers.
A Right to Warn about Advanced Artificial Intelligence
Microsoft layoffs hit HoloLens, Azure cloud teams — Microsoft is reportedly cutting around 1,000 employees, with departments working on HoloLens 2 and Azure ‘moonshots’ among those affected.
Google Leak Reveals Thousands of Privacy Incidents — An internal Google database obtained by 404 Media shows Google recording childrens' voices, saving license plates from Street View, and many other self-reported incidents, large and small.
Why Your Wi-Fi Router Doubles as an Apple AirTag — At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.
8BitDo Retro Mechanical Keyboard - M Edition — Meet the new M Edition from the 8BitDo Keyboard line. Packed with programmable keys and an intuitive control panel. Compatible with Windows and Android.

Mistakes That Made Us Love Linux | LINUX Unplugged 565

2 juni 2024 | min

The End of Ownership | Self-Hosted 124

31 maj 2024 | min

Foxes In The Henhouse | Coder Radio 572

29 maj 2024 | min

The Goldilocks Build | LINUX Unplugged 564

26 maj 2024 | min

Old Wine New Bottle | Coder Radio 571

22 maj 2024 | min

Nix's People Problem | LINUX Unplugged 563

19 maj 2024 | min

How much CPU do You REALLY Need | Self-Hosted 123

17 maj 2024 | min

4o | Coder Radio 570

15 maj 2024 | min

Red Hat Knows How to Party | LINUX Unplugged 562

12 maj 2024 | min

Whatever It Takes | Coder Radio 569

8 maj 2024 | min

Altman's on a spending spree for AGI – why the huge price tag? Mike's back from NYC with juicy API gossip, and we break down the incentives pumping up a giant AI bubble.

Sponsored By:

Coder QA: Take $1 a month off your membership for a year, and contribute to our show directly! Promo Code: darthjarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 has a new UI, upgrades, and super simple Strike integration for easy Boosts.
'Belligerent' United Airlines passenger hit with $20K fine, TSA says — United Airlines passenger had been in custody since the March 1 incident
<a href="https://twitter.com/tsarnick/status/1785838281671975136?t=E9EIlRX-vHxbQ8g23lQU3A" title=""Sam Altman: I don't care if we burn $50 billion a year"" rel="nofollow">"Sam Altman: I don't care if we burn $50 billion a year" — Sam Altman: I don't care if we burn $50 billion a year, we're building AGI and it's going to be worth it
Sam on GPT4 — GPT4 is "the dumbest model any of you will ever have to use again... by a lot"
The Possibilities of AI [Entire Talk] - Sam Altman (OpenAI) - YouTube — Sam Altman is the co-founder and CEO of OpenAI, the AI research and deployment company behind ChatGPT and DALL-E. Altman was president of the early-stage startup accelerator Y Combinator from 2014 to 2019. In 2015, he co-founded OpenAI as a nonprofit research lab with the mission to build general-purpose artificial intelligence that benefits all humanity. In this conversation with Stanford adjunct lecturer Ravi Belani, Altman gives advice for aspiring AI entrepreneurs and shares his insights about the opportunities and risks of AI tools and artificial general intelligence.
Microsoft, Meta, and Alphabet disclosed that they had spent $32B+ combined on data centers and other capital expenses in Q1, as they accelerate AI spending — The spending that the industry’s giants expect artificial intelligence to require is starting to come into focus — and it is jarringly large.
@shiraovide • For a sense of how bonkers the money is — Google and Microsoft combined spent $26 billion IN THREE MONTHS on computer chips, servers, data centers and other big ticket costs.
"BlackRock CEO Larry Fink: "In developed countries the big winners are... — BlackRock CEO Larry Fink: "In developed countries the big winners are those with shrinking populations.. They'll rapidly develop robotics/AI.. transform productivity.. elevate living standards.. substitute humans for machines"
Apple Vision Pro a big hit in enterprise — There isn't a line item in Apple's earnings for Apple Vision Pro, but CEO Tim Cook shared a tidbit of interest during the Q2 earnings call. He said Apple Vision Pro has been purchased by half of Fortune 100 companies.

Folders as a Service | LINUX Unplugged 561

5 maj 2024 | min

Back to the Future | Self-Hosted 122

3 maj 2024 | min

The Junior Jump | Coder Radio 568

1 maj 2024 | min

Linux Festivus For the Rest of Us | LINUX Unplugged 560

28 april 2024 | min

The year of Small Models | Coder Radio 567

24 april 2024 | min

Linux is Bigger in Texas | LINUX Unplugged 559

21 april 2024 | min

Forbidden Fruit | Self-Hosted 121

19 april 2024 | min

FOSS Feed & Care | Coder Radio 566

17 april 2024 | min

Top 5 Essential Apps | LINUX Unplugged 558

14 april 2024 | min

The Great Llama | Coder Radio 565

10 april 2024 | min

Crouching kexec, Hidden Linux | DOUBLE Sunday Extravaganza 557

7 april 2024 | min

Can a VPS Replace a Homelab? | Self-Hosted 120

5 april 2024 | min

Re-Re-Rewrite it in Rust | Coder Radio 564

3 april 2024 | min

The xz Backdoor Exposed 🚨 | LINUX Unplugged 556

31 mars 2024 | min

Mike’s No Good Very Bad Rails Update | Coder Radio 563

27 mars 2024 | min

Glide like a Goose, Honk like a Moose | LINUX Unplugged 555

24 mars 2024 | min

Apple Loses It's Shine | Coder Radio 562

22 mars 2024 | min

Why So Many Llamas? | Self-Hosted 119

22 mars 2024 | min

SCaLEing Nix | LINUX Unplugged 554

17 mars 2024 | min

No CUDA for You! | Coder Radio 561

13 mars 2024 | min

Portably Predictable Productivity | LINUX Unplugged 553

10 mars 2024 | min

How Hard Could it Be? | Self-Hosted 118

8 mars 2024 | min

Artificial Information | Coder Radio 560

6 mars 2024 | min

Apple is pissed, and we'll dig into why. Plus, there are some big hints at Apple's AI plans; Meta's had a rough morning, and Sergey Brin popped back up at Google and proceeded to blow it immediately.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 has a new UI, upgrades, and super simple Strike integration for easy Boosts.
Victoria Nuland, third-highest ranking US diplomat and critic of Russia's war in Ukraine, retiring — She had been a candidate to succeed Wendy Sherman as deputy Secretary of State and had served as acting deputy since Sherman’s retirement seven months ago but lost an internal administration personnel battle when President Joe Biden nominated Kurt Campbell to the no. 2 spot. Campbell took office last month.
The App Store, Spotify, and Europe’s thriving digital music market - Apple — The primary advocate for this decision — and the biggest beneficiary — is Spotify, a company based in Stockholm, Sweden. Spotify has the largest music streaming app in the world, and has met with the European Commission more than 65 times during this investigation.
Will Oremus on X — - Apple complains there was no "credible evidence of consumer harm" - Spotify is pleased but says “it does not solve Apple’s bad behaviour
iOS 17.4 won't remove Home Screen web apps in the EU after all — Apple is now walking back that decision and says it will “continue to offer the existing Home Screen web apps capability in the EU.”
Apple launches new 13-inch and 15-inch MacBook Air with M3 chip, support for two external displays, faster Wi-Fi — As far as specs are concerned, the M3 MacBook Air features a faster 8-core CPU combined with up to 10-core GPU. Apple is also calling the new Air the “world’s best consumer laptop for AI” thanks to the inclusion of a faster 16-core Neural Engine.
Teslaconomics on X — Google hackathon to stop racism & sexism in Gemeni and the founder of Google, Sergey Brin, shows up to get front row seats
Te𝕏asLindsay™ on X — Co-founder of Google, Sergey Brin, seems to think they only messed up on their image generator and fails to acknowledge that Google’s chatbot is just as broken.
Sergey Brin Says Google 'Definitely Messed up' With Gemini Images — Sergey Brin said Google "definitely messed up" with Gemini's image generation.
Marc Andreessen 🇺🇸 on X — And they are lobbying as a group with great intensity to establish a government protected cartel, to lock in their shared agenda and corrupt products for decades to come.
Donations - Panther Pride Boosters — As many know, funding for the arts is abysmal. That is actually a major part of the primary mission of this booster club, to raise funds to allow our students to get the experiences they deserve. 100% of all donations support the Ridgeview High School Panther Pride Band and Color Guard.

Plasma's Perfect Play | LINUX Unplugged 552

3 mars 2024 | min

Double Botched | Coder Radio 559

28 februari 2024 | min

AI Under Your Control | LINUX Unplugged 551

25 februari 2024 | min

Unraid as a Service | Self-Hosted 117

23 februari 2024 | min

Big Zuck Energy | Coder Radio 558

21 februari 2024 | min

Ready Player Linux | LINUX Unplugged 550

18 februari 2024 | min

Betting it all on Green | Coder Radio 557

14 februari 2024 | min

Will it Nixcloud? | LINUX Unplugged 549

11 februari 2024 | min

Making it all Connect | Self-Hosted 116

9 februari 2024 | min

Facial Computing | Coder Radio 556

7 februari 2024 | min

Uncomfortable Linux Truths | LINUX Unplugged 548

4 februari 2024 | min

It's Good to be the King | Coder Radio 555

31 januari 2024 | min

If you're going to come at the king, you better not miss; now it's Apple's turn to make everyone feel pain.

And our spicy take on why AI saftey is really about stopping a movment.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 is out with a new UI, upgrades, and super simple Strike integration for easy Boosts.
Apple says UK could 'secretly veto' global privacy tools — Apple has attacked proposals for the UK government to pre-approve new security features introduced by tech firms.
Apple won’t give up control of the iPhone — The EU wants to weaken Apple’s gatekeeper power, and the company is on the wrong side of history by fighting it.
Apple’s Proposed Changes Reject the Goals of the DMA
AI companies will need to report safety tests to US government | AP News — Chief among the 90-day goals from the order was a mandate under the Defense Production Act that AI companies share vital information with the Commerce Department, including safety tests.
New GitHub Copilot Research Finds 'Downward Pressure On Code Quality' — "We find disconcerting trends for maintainability," explains the paper's abstract. "Code churn -- the percentage of lines that are reverted or updated less than two weeks after being authored -- is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."
Apple Vision Pro review: magic, until it’s not - The Verge — The Apple Vision Pro is the best consumer headset anyone’s ever made — and that’s the problem.
Apple Has Sold Approximately 200,000 Vision Pro Headsets — Apple has sold upwards of 200,000 Vision Pro headsets, MacRumors has learned from a source with knowledge of Apple's sales numbers. Apple began accepting pre-orders for the Vision Pro on January 19, so the headset has been available for purchase in the U.S. for 10 days.
Apple Vision Pro Review — We have rounded up some of the videos below from well-known YouTube creators and reporters, including Marques Brownlee, Joanna Stern, and others.
President Biden is preparing to announce chipmaker subsidies. — So says The Wall Street Journal in a report this morning that his administration will give “billions of dollars” to the likes of Intel and Taiwan Semiconductor Manufacturing Company (TSMC), both of which have started US manufacturing projects, although TSMC, at least, is behind schedule.

Behind the Shelves | LINUX Unplugged 547

28 januari 2024 | min

A NAS in Every Home | Self-Hosted 115

26 januari 2024 | min

The App Store Addiction | Coder Radio 554

24 januari 2024 | min

What You’re Missing about NixOS | LINUX Unplugged 546

21 januari 2024 | min

Fake AI Until You Make AI | Coder Radio 553

17 januari 2024 | min

They are building AI into toilets now; CES was a clown show. But we put our business hats on and find the bright side.

Plus, Epic's major loss to Apple that just rolled in, and where we think the next fight will be, and how developers can get ahead of it.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 is out with a new UI, upgrades, and super simple Strike integration for easy Boosts.
Mark Gurman on X — The Vision Pro virtual keyboard is a complete write-off at least in 1.0. You have to poke each key one finger at a time like you did before you learned how to type. There is no magical in-air typing. You can also look at a character and pinch. You’ll want a Bluetooth keyboard.
Here's How Vision Pro Demos Will Work at Apple Stores — In his Power On newsletter today, Bloomberg's Mark Gurman said each demo will last around 20 to 25 minutes. After a calibration process, he said the customer will view still photos, panoramas, spatial photos, and spatial videos in the Photos app. Next, he said customers will learn how to position multiple app windows and scroll through pages in Safari. Then, they will view immersive 3D content, including movie clips, sports, and a tightrope scene.
Epic’s California injunction against Apple’s anti-steering rule takes effect as Supreme Court denies both parties’ petitions — The most important question, however, is whether the United States Department of Justice, which is reportedly readying a major antitrust case against Apple, and/or other private parties are now going to sue Apple over the App Store monopoly, potentially with stronger expert testimony (which is not even the only way in which they could benefit form the lessons learned from Epic Games v. Apple).
gamesfray on X🧵1/4 — The #EpicGames v. #Apple judgment is now FINAL. The Supreme Court has denied either party's petition for review.
This means the anti-anti-steering injunction that Epic won under California Unfair Competition Law enters into force. Apple wanted to prevent or delay that.

🧵1/4
App Store to Be 'Split in Two' Ahead of EU iPhone Sideloading Deadline — Apple is apparently planning to roll out adjustments to comply with the new legal requirements in the coming weeks, including splitting off the ‌App Store‌ in the EU from the rest of the world. The deadline for Apple to comply with the DMA is March 7, so the company has just over seven weeks to enact the changes.
Google confirms it just laid off around a thousand employees — Or more than a thousand? Depends on the definition of “few”.
Google announces another round of layoffs - YouTube
Vic 🌮 on X — It's January 11 and the following companies have done layoffs so far.
Layoffs.fyi — Tech Layoff Tracker and Startup Layoff Lists.
Discord lays off 17 percent of employees — In an internal memo, CEO Jason Citron said the company grew headcount too quickly over the past few years.
Apple to Shutter 121-Person San Diego AI Team in Reorganization — Apple Inc. is shutting a 121-person team related to artificial intelligence operations in San Diego, leaving many employees at risk of termination, according to people familiar with the matter.
At CES, everything was AI, even when it wasn’t — But as more companies rebrand anything involving algorithms as AI, how are we meant to separate the chaff from the wheat?
AI Briefing: What marketing and tech experts noticed at CES 2024 — Unsurprisingly in Las Vegas last week, AI was inarguably one of the hot topics. Major brands and startups alike spent the week touting new AI chatbots for everything from cars and bikes to smart TVs and personal devices.
A high-tech, no touch throne: Kohler's smart toilet - YouTube

3,062 Days Later | LINUX Unplugged 545

14 januari 2024 | min

Unintended Consequences | Self-Hosted 114

12 januari 2024 | min

We kick off the new year with new apps in our home lab you’ll want to try and a new way to do networking.

Sponsored By:

Tailscale: Tailscale is a Zero config VPN. It installs on any device in minutes, manages firewall rules for you, and works from anywhere. Get 3 users and 100 devices for free.

Support Self-Hosted

Links:

⚡ Grab Sats with Strike Around the World — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
🎉 Boost with Fountain FM — Fountain 1.0 is out with a new UI, upgrades, and super simple Strike integration for easy Boosts.
Using the occ command — Nextcloud’s occ command (origins from “ownCloud Console”) is Nextcloud’s command-line interface. You can perform many common server operations with occ, such as installing and upgrading Nextcloud, manage users, encryption, passwords, LDAP setting, and more.
Jellystat — Jellystat is a free and open source Statistics App for Jellyfin
OpenSSH: Release Notes — This release contains fixes for a newly-discovered weakness in the SSH transport protocol, a logic error relating to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for programs that invoke ssh(1) with user or hostnames containing invalid characters.
audiobookshelf — Self-hosted audiobook and podcast server
Stirling-PDF: locally hosted web application — This is a powerful locally hosted web based PDF manipulation tool using docker that allows you to perform various operations on PDF files, such as splitting merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application started as a 100% ChatGPT-made application and has evolved to include a wide range of features to handle all your PDF needs.
lubelog: Vehicle Service Records and Maintainence Tracker — Because nobody should have to deal with a homemade spreadsheet or a shoebox full of receipts when it comes to vehicle maintainence.
memos: An open source, lightweight note-taking Apple Notes killer — A privacy-first, lightweight note-taking service. Easily capture and share your great thoughts.
How to setup a reverse proxy with LetsEncrypt SSL for all your Docker apps — The reverse proxy. One of those projects you put off for years but when you finally get to it you find that it was relatively simple all along.
Traefik 101 Guide - Perfect Media Server — In this article we will be discussing reverse proxies, how they will enable you to securely expose webapps running on your LAN to the outside world, and how to automate issuing TLS (the artist formerly known as SSL) certificates using Let's Encrypt, Traefik, Cloudflare and Namecheap.
Sengled Smart Plugs — Work as Zigbee Repeater
SSH 114 Boost Barn! — Thank you to everyone who supports the show with a Boost!

iPad Friend Zone | Coder Radio 552

10 januari 2024 | min

A prominent developer has brought the anti-trust heat against Apple to the public, kicking off a chain reaction that could have gone very wrong for Apple. Plus, why the Apple Vision Pro is destined for the Friend Zone.

Sponsored By:

Coder QA: Take $2 a month off for the lifetime of your membership and contribute to our show directly Promo Code: jarjar

Support Coder Radio

Links:

💥 Gets Sats Quick and Easy with Strike — Strike is a lightning-powered app that lets you quickly and cheaply grab sats in over 36 countries.
📻 Boost with Fountain.FM — Fountain 1.0 is out with a new UI, upgrades, and super simple Strike integration for easy Boosts.
🎧 Boost with Podverse — A GPL Podcasting 2.0 platform that supports Boosts and more!
Bitcoin ETF widely expected to get approval this week - YouTube — CNBC's Kate Rooney reports on news around Bitcoin.
Macs can now detect liquids in USB-C ports — On the Mac, however, the code suggests that the daemon is only used for “analytics” and is not associated with end-user features. While Apple may eventually implement an alert similar to the one that already exists in iOS, it seems more likely that the data collected by this daemon will be used for technicians to determine whether a Mac is eligible for free repair.
Apple Vision Pro sales will start on February 2 — Apple's headset will ship to customers on February 2. Preorders begin on January 19.
Apple: Developers shouldn't refer to visionOS apps as AR or VR —
The company is asking developers not to refer to visionOS apps using terms such as AR (augmented reality), VR (virtual reality), XR (extended reality), or MR (mixed reality). Instead, Apple says that visionOS apps are “spatial computing apps.”
DHH on X — We have some great, native, dedicated apps ready for HEY Calendar. The Android one is just sitting there waiting for us to push publish in the Google Play Store. Guess what's happening to the other one for iOS? Still "in review" since mid December 🙄
DHH on X — Ah @apple, not this shit again. I thought we sorted it out 2.5 years ago in round one?! Why oh why must it be like this! You know we're not just going to roll over, that we're never going to pay the 30% ransom. Just approve the fucking app and we'll be on our merry way!
DHH on X — Apple just called to let us know they're rejecting the HEY Calendar app from the App Store (in current form). Same bullying tactics as last time: Push delicate rejections to a call with a first-name-only person who'll softly inform you it's your wallet or your kneecaps.
Apple rejects the HEY Calendar from their App Store — So what’s going to happen? I don’t know, but I do know that we’ll keep fighting. We’re never going to roll over and pay Apple 30% in protection money to be left alone. Last time we found a way, and we will again.
Apple might be the next Big Tech company facing antitrust charges in the US - The Verge — The Department of Justice is finalizing an antitrust investigation into Apple that targets its closed ecosystem, according to The New York Times.
Tim Sweeney on X — Fortnite, but not on iOS because you are blocking it from a billion users.
Apple’s rejection of Hey calendar app renews an old fight — Basecamp founder and app creator David Heinemeier Hansson referred to Apple’s decision as “bullying tactics.”
Happiness is never having to ask for permission — We can put peak native apps in the rearview mirror in 2024. So pack your bags and come along for the ride!
We’ve resubmitted the HEY Calendar app to Apple — Did we want to work through the weekend to add this? No. But we also don’t want to leave our customers with iPhones waiting for our awesome native HEY Calendar app.
DHH on X — Apple approved the HEY Calendar!! It's now available for download in the @appstore . Ridiculous it needed this level of awareness/pressure, but I'm so happy for our iOS team to see their work through the weekend pay off in full. Thanks to all who cheered!
The New York Times Sues Microsoft, OpenAI for Copyright Infringement — The New York Times has sued Microsoft and OpenAI for copyright infringement and is seeking “billions of dollars in statutory and actual damages.”
Amazon's Silent Sacking — In 2023 Amazon laid off more than 27,000 people. While that’s a big number it’s a deceptively small percentage for a company with more than 1.6 million employees (1.7%).
Should You Watch Babylon 5? : startrek — Babylon 5 is basically the anti-Trek. More specifically, it's the anti-TNG. The Earth Alliance isn't a magic utopia, it's the exact government you would expect modern boneheaded American politicians to set up if they suddenly landed in 2250.

Our First Official LIT Stream 🎉 | Jupiter Extras 89

9 januari 2024 | min

First Monday Live Stream of the year w/Chris | Jupiter Extras 88

8 januari 2024 | min

Half the Bits, Double the Pain | LINUX Unplugged 544

7 januari 2024 | min

The Workstation Lifestyle | Coder Radio 551

3 januari 2024 | min

Profoundly Prophetic Prognostications | LINUX Unplugged 543

31 december 2023 | min

State of the Homelabs 2023 | Self-Hosted 113

29 december 2023 | min

Buff Uncle Jeff | Coder Radio 550

27 december 2023 | min

2023 Tuxies | LINUX Unplugged 542

24 december 2023 | min

Hacking The Gathering | Coder Radio 549

20 december 2023 | min

Out with a Bang | LINUX Unplugged 541

17 december 2023 | min

Red Light, Green Light | Self-Hosted 112

15 december 2023 | min

Alby's Home for the Holidays | Office Hours 36

13 december 2023 | min

Don't Fight the Music | Coder Radio 548

13 december 2023 | min

Uncensored AI on Linux | LINUX Unplugged 540

10 december 2023 | min

The Slow and the Infuriating | Coder Radio 547

6 december 2023 | min

Rollback Required | LINUX Unplugged 539

3 december 2023 | min

pfSense Makes no Sense | Self-Hosted 111

1 december 2023 | min

A Very Tidy Excuse | Coder Radio 546

29 november 2023 | min

Surprisingly Smooth Transition | LINUX Unplugged 538

26 november 2023 | min

Sam's Busy Weekend | Coder Radio 545

22 november 2023 | min

This Makes Us Unemployable | LINUX Unplugged 537

19 november 2023 | min

Google Photos Replacement | Self-Hosted 110

17 november 2023 | min

Microsoft Already Did It | Coder Radio 544

15 november 2023 | min

Plasma Power-Ups | LINUX Unplugged 536

12 november 2023 | min

Hit the Turbo | LINUX Unplugged 535

9 november 2023 | min

For Your Safety | Coder Radio 543

8 november 2023 | min

Alex’s Backups Disaster | Self-Hosted 109

3 november 2023 | min

Fresh Cut Fraud | Coder Radio 542

1 november 2023 | min

We Nixed Proxmox | LINUX Unplugged 534

29 oktober 2023 | min

Better Late than Never | Coder Radio 541

25 oktober 2023 | min

LinuxFest North Jeff | LINUX Unplugged 533

22 oktober 2023 | min

Year of Voice: A Bigger Deal Than You Think | Self-Hosted 108

20 oktober 2023 | min

Sherlockin All Over the Place | Coder Radio 540

18 oktober 2023 | min

We Like Snaps Now | LINUX Unplugged 532

15 oktober 2023 | min

Mike Breaks the Build | Coder Radio 539

11 oktober 2023 | min

The Windows Challenge | LINUX Unplugged 531

8 oktober 2023 | min

Laptop Dumpster Diving | Self-Hosted 107

6 oktober 2023 | min

You Never Forget Your First | Coder Radio 538

4 oktober 2023 | min

No Payne No Gain | Office Hours 35

3 oktober 2023 | min

Wes visits the office to chat about some new podcast tech inbound, Google killing their Podcast app, and Chris' story from his morning with Podfans.

Special Guest: Alecks Gates.

Sponsored By:

Join the Party! The Jupiter Membership Party: Join the party and get exclusive content.

Links:

⚡ Alby: Your Boost companion for the web — Send a boost from the web; just Get Alby, top it off, and start boosting!
🎉 Office Hours on the Podcastindex.org — Boost from the Web. Once you have Alby topped off, you can Boost from our page on the Podcast Index.
Google Podcasts to shut down in 2024 — Today, Google says it plans on further increasing its investment in the podcast experience on YouTube Music and making it more of a destination for podcast fans with features focused on discovery, community and switching between audio podcasts and video.
YouTube is going to remove some ad controls for creators — YouTube creators won’t be able to individually select if pre-roll, post-roll, skippable, and non-skippable ads appear in new videos.
Podcast Mirror by Blubrry — We offer blazing performance speeds and reliability regardless of web traffic. At the same time allowing your Podcast to support Value4Value, Lit and Live and more Podcasting 2.0 features include the Medium Tag. Podcast Mirror provides you modern podcast features and high dependability.
Features Podcast Mirror
Podcasting 2.0 Top 100 (Music) — This chart is a ranking of the music tracks played on podcasts that have been boosted the most over the last 7 days. Each entry shows the number of listener boosts sent over this time period. The chart is updated hourly.
Podfans — Podcasting that Pays
Empath Eyes - Ethereal - Shadow Man — A unique blend of organic and electronic elements form these 3 tracks. Featuring electric guitar, bass, drums, horns, and plenty of synths, "Ethereal" will challenge your concept of electronic music.
Radio mediums · Discussion #567 — This medium would be dedicated to 24/7 live streams that don't expect regular updates in their metadata.
Relai — Buy Bitcoin instantly and hold your own keys with ease and simplicity. Join 80,000 others using Relai and start your Bitcoin journey.
LinuxFest Northwest | Meetup
Jupiter Broadcasting Meetup

Leave the Pi in the Oven | LINUX Unplugged 530

1 oktober 2023 | min

Unity Mutiny | Coder Radio 537

30 september 2023 | min

Changing the Game | LINUX Unplugged 529

24 september 2023 | min

The Plex Situation Just got Worse | Self-Hosted 106

22 september 2023 | min

Grindr-in-Chief | Coder Radio 536

20 september 2023 | min

Where's Your Data? | LINUX Unplugged 528

17 september 2023 | min

Pocket Office We'll do it LIVE! | Office Hours 03

13 september 2023 | min

Locally Sourced Carbon Neutral Consumer | Coder Radio 535

13 september 2023 | min

Framing Brent | LINUX Unplugged 527

10 september 2023 | min

Sleeper Storage Technology | Self-Hosted 105

8 september 2023 | min

Blame the Automation | Coder Radio 534

6 september 2023 | min

Canonical Wins by Default | LINUX Unplugged 526

3 september 2023 | min

Critical Failure in Open Source | Coder Radio 533

30 augusti 2023 | min

Beating Apple to the Sauce | LINUX Unplugged 525

27 augusti 2023 | min

Podcast Bounty Hunters | Office Hours 34

25 augusti 2023 | min

Name-Not-So-Cheap | Self-Hosted 104

25 augusti 2023 | min

Take It to the Limit | Coder Radio 532

23 augusti 2023 | min

Mike hits the limits of ChatGPT's knowledge, a chat about editors and what we'd do for a living if it had to be outside of tech.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

⚡ Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
🎉 Coder Radio on the Podcastindex.org — Boost from the Web. Once you have Alby topped off, you can Boost from our page on the Podcast Index.
Berlin with Brent, Fri, Sep 8, 2023 — Brent will be back in Berlin for the Nextcloud Conference and can't get enough of Berlin Meetups!
Spokane Linux Love, Sat, Sep 16, 2023 — It's finally happening! Let's get together at Iron Goat Brewing
Microsoft kills Kinect again — Microsoft will no longer make the Azure Kinect Developer Kit.
Orbbec announces family of products based on Microsoft iToF Depth Technology — Orbbec and Microsoft’s collaboration marks a new era of accessibility for AI developers to tap the power of 3D vision for their applications.
CarDealershipGuy on X — UPDATE: Ford has received this patent. 😂
ChatGPT Cheat Sheet for Developers — As a developer, learning how to master ChatGPT can help you to generate code snippets in various languages, learn programming concepts by example, quickly debug code, write test cases, write documents, and gather information.
The emerging usability of ChatGPT in software development — In the hands of a creative developer, ChatGPT has what it takes to be a helpful coding tool. But generative AI may soon attain the capability to act as more than an assistant.
CLion: A Cross-Platform IDE for C and C++ by JetBrains — A cross-platform IDE for C and C++
Cursor - The AI-first Code Editor — Build software faster in an editor designed for pair-programming with AI
Cursor - Features
Alex MacCaw on X — Cursor is the best product I've used in a while - it's an AI enabled editor.
Santiago on X — I'm trying Cursor, an AI-first code editor. Artificial Intelligence is not a feature for them. It's the whole thing!
Tailscale on X — The Tailscale extension for VS Code just got a major upgrade — now you can seamlessly navigate and edit files on any node on your tailnet, all powered by Tailscale SSH.
MetaGPT: 🌟 — The Multi-Agent Framework: Given one line Requirement, return PRD, Design, Tasks, Repo. Assign different roles to GPTs to form a collaborative software entity for complex tasks.
Serge — Serge is a chat interface crafted with llama.cpp for running Alpaca models. No API keys, entirely self-hosted!
README - TypeScript Deep Dive — I've been looking at the issues that turn up commonly when people start using TypeScript.

How Our Server Got It's Groove Back | LINUX Unplugged 524

20 augusti 2023 | min

Pocket Office We Broke Things Again | Office Hours 02

16 augusti 2023 | min

C# as it Should Have Been | Coder Radio 531

16 augusti 2023 | min

Ride the Rhino | LINUX Unplugged 523

13 augusti 2023 | min

Archiving the Internet | Self-Hosted 103

11 augusti 2023 | min

What the AI Skeptics got Right | Coder Radio 530

9 augusti 2023 | min

Did we get this one wrong? It seems consumer AI is eating the lunch of some web's biggest names.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

⚡ Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
🎉 Coder Radio on the Podcastindex.org — Boost from the Web. Once you have Alby topped off, you can Boost from our page on the Podcast Index.
Tesla hackers turn to voltage glitching to unlock features — Instead of approaching the problem like Tesla hackers of the past, who've tried to gain control of vehicles or break into them as an outsider, Christian Werling and his fellow researchers wanted to approach the problem like someone who already had physical access to a vehicle and was trying to make their own modifications – like breaking through soft locks on optional, but installed, features.
Apple already shipped attestation on the web — Google isn't the first to think of this, but in fact they're not even the first to ship it. Apple already developed & deployed an extremely similar system last year, now integrated into MacOS 13, iOS 16 & Safari, called "Private Access Tokens".
Zoom can now train its A.I. using some customer data — Zoom's terms of service update establishes the video platform's right to use some customer data for training its AI models.
Gabor Gurbacs on Twitter — New Zoom Terms of Service (10.2) stipulate that you as a user consent to allow AI to train on and use all of your data, including video, audio, facial, biometric data, etc...
ChatGPT is putting Stack Overflow out of business traffic is down over 50% — ChatGPT has been crushing Stack Overflow. To combat ChatGPT they announced their own AI "OverflowAI" which includes AI-enhanced search to attract users back.
Venture-backed startups are failing at record rates — In the first half of 2023, 338 U.S. companies filed for bankruptcy protection, according to newly released S&P Global Market Intelligence data, including 54 companies with private equity or venture capital backing. At that rate, 108 VC-backed startups will fail by year’s end, besting the 95 that failed during 2010.
Coming soon: Fedora for Apple Silicon Macs! — Fedora Asahi Remix will provide a polished experience for Workstation and Server use-cases on Apple Silicon systems. The Asahi Linux project has also announced that the new Asahi Linux flagship distribution will be Fedora Asahi Remix.
ChromeOS is splitting the browser from the OS — The project is called "Lacros," which Google says stands for "Linux And ChRome OS." This will split ChromeOS's Linux OS from the Chrome browser, allowing Google to update each one independently.
Funding Developers With Lightning — PkgZap gives a way for NodeJS developers to easily fund the packages they're relying upon for their project.
Alby | pkgzap — Value4Value payments for npm (and other package managers)
Serving at the Pleasure of the King — But as a software developer, I am deeply ambivalent about an Apple dominated future. Apple isn't shy about cultivating the experience around their new iOS products and the App Store. There are unusually strict, often mysterious rules around what software developers can and cannot do — at least if they want entry into the App Store. And once you're in, the rules can and will change at any time.

Practical Privacy | LINUX Unplugged 522

6 augusti 2023 | min

Pocket Office Bounty Reached | Office Hours 01

4 augusti 2023 | min

This API is Not for You | Coder Radio 529

2 augusti 2023 | min

Rethinking GNOME | LINUX Unplugged 521

30 juli 2023 | min

NixOS is a bit Flakey | Self-Hosted 102

28 juli 2023 | min

I'm a 1.2x Developer | Coder Radio 528

26 juli 2023 | min

Elon Musk trying to build the "everything app" is ridiculous, and the quiet little promise openAI just made with the White House.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

⚡ Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
🎉 Coder Radio on the Podcastindex.org — Boost from the Web. Once you have Alby topped off, you can Boost from our page on the Podcast Index.
Introducing GitHub Copilot X — With chat and terminal interfaces, support for pull requests, and early adoption of OpenAI’s GPT-4, GitHub Copilot X is our vision for the future of AI-powered software development. Integrated into every part of your workflow.
GitHub Copilot Chat enters beta — “As we prepare to bring the entirety of GitHub Copilot X to general availability, we believe every developer could be made 10 times more productive. This means 10 days of work, done in one day. 10 hours of work, done in one hour. 10 minutes of work, done with a single prompt command."
Apple Vision Pro Developer Kits Now Available — Along with a Vision Pro, developers will get help with device setup and onboarding, check-ins with Apple experts for UI design and development guidance, and help with app refining. Each developer who receives a kit will be provided with two additional code-level support requests for troubleshooting code issues.
President Joe Biden wanted Gigi Sohn to fix America’s internet — what went wrong? — ‘Dark money’ and the never-ending election cycle kept a qualified consumer advocate out of the Federal Communications Commission.
CSPAN on Twitter — President Biden announces an agreement for responsible innovation in development of artificial intelligence (AI) among seven of the leading AI companies.
Twitter has officially changed its logo to ‘X’ — This is not the first time Musk is changing the Twitter logo. Earlier this year, he briefly changed the social network’s logo to the Doge meme.
Elon Musk on Twitter — In the months to come, we will add comprehensive communications and the ability to conduct your entire financial world. The Twitter name does not make sense in that context, so we must bid adieu to the bird.
Elon Musk Wants to Relive His Start-Up Days. — In 2017, he reacquired the X.com domain name and, according to Soni, he once pitched Reid Hoffman on the idea of reacquiring PayPal to revive his original vision.
Worldcoin Launches WLD Token — The Worldcoin Foundation also launched its World ID system and expanded its World App to over 80 countries, with plans to increase that number to 120.
Worldcoin Whitepaper - Supply Schedule
Pledditor on Twitter — Here's a list of WorldCoin VCs, according to http://dealroom.co
plane: 🔥 🔥 🔥 Open Source JIRA — Meet Plane. An open-source software development tool to manage issues, sprints, and product roadmaps with peace of mind lotuspositionwoman.
Taiga: Your opensource agile project management software — A featured-rich software that offers a very simple start through its intuitive user interface.
Outline – Team knowledge base & wiki — Lost in a mess of Docs? Never quite sure who has access? Colleagues requesting the same information repeatedly in chat? It’s time to get your team’s knowledge organized.

To Infinity and Berlin | LINUX Unplugged 520

23 juli 2023 | min

Just Burn it all Down | Office Hours 33

21 juli 2023 | min

The Internet is for Stealing JPGs | Coder Radio 527

19 juli 2023 | min

The Clone Grift Wars | LINUX Unplugged 519

16 juli 2023 | min

Joining the Federation | Self-Hosted 101

14 juli 2023 | min

The Closing Moment of Opportunity | Coder Radio 526

12 juli 2023 | min

Race To Immutability | LINUX Unplugged 518

9 juli 2023 | min

Things are Changing | Office Hours 32

7 juli 2023 | min

Linux Action News 299

6 juli 2023 | min

Mike Gets Unreal | Coder Radio 525

5 juli 2023 | min

Caught Red-Hatted | LINUX Unplugged 517

2 juli 2023 | min

Our Essentials Apps | Self-Hosted 100

30 juni 2023 | min

Linux Action News 298

29 juni 2023 | min

Linux Action News 298

29 juni 2023 | min

Apple's Blurry Vision | Coder Radio 524

28 juni 2023 | min

We got our eyes on the Vision Pro SDK and share our new insights. And why the claims of stalled Mastodon adoption might ring a bit true.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Elon Musk Says He'd Be up for 'Cage Match' With Mark Zuckerberg — Elon Musk said he'd be up for fighting his tech world nemesis, jiu-jitsu lover Mark Zuckerberg.
visionOS - Apple Developer — The choice is yours, and it all starts with the building blocks of spatial computing in visionOS.
Bringing your existing apps to visionOS | Apple Developer Documentation — In some cases, it might not make sense to port your app for visionOS.
Apple Vision Pro Will Support WebXR — With Apple now officially supporting WebXR, the standard can claim truly widespread support; WebXR is now supported, at least in some capacity, by Chrome, Firefox, Opera, Edge, and Safari, as well as the Quest browser, Pico browser, Magic Leap Browser, Chrome for Android, Samsung Internet, Opera Mobile, and Firefox for Android. Though like visionOS Safari, some of these browsers have kept the feature as a developer preview for now.
Omni Group Apps Coming to 🍏Vision Pro — Now, we don’t expect this first generation Vision Pro to be adopted by everyone, any more than first generations of Apple’s other platforms—the Apple II, 128K Mac, iPhone, iPad, or Apple Watch—were adopted by everyone.
Apple's Phil Schiller refuses to fix app review and "needs to get his meaty paws off the App Store" —
“I think the way to radically improve the App Store is have Phil be an Apple fellow and get his hands off the App Store,” says Shoemaker. “That’s what they really need to do. Eddy’s more progressive, Joz is more progressive, and we know Matt is as well. Phil just needs to get his meaty paws off the App Store.”
Why did the #TwitterMigration fail? — I have evidence of this. I recently shut down my Mastodon instance that I started in November, mastodon.bloonface.com, and (as is proper) it sent out about 700,000 kill messages to inform other instances that it had federated with that it was going offline for good, and to delete all record of it from their databases. Around 25% of these were returned undelivered because the instances had simply dropped offline.
Daring Fireball: Why Has Mastodon Adoption Stalled? — After Elon Musk took the helm at Twitter there was an initial burst of new users and increased usage on Mastodon (and the rest of the Fediverse, but mostly this is about Mastodon as an alternative to Twitter). And then it flattened, and perhaps has even declined.
I would like to see Mastodon thrive. But the platform’s ideological zealotry is obviously holding it back and seemingly isn’t going to change.
Boost with Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
Coder Radio on the Podcastindex.org — Boost from the web using the Podcast Index. Top off Alby first, and then visit Coder Radio on the Podcast Index and boost from our page there.

The Fixer-Upper | LINUX Unplugged 516

25 juni 2023 | min

Pod Flopping | Office Hours 31

24 juni 2023 | min

Scooby-Doo of Code Hiding | Coder Radio 523

21 juni 2023 | min

Ham Sandwich | LINUX Unplugged 515

18 juni 2023 | min

Lemmy at em! | Self-Hosted 99

16 juni 2023 | min

Linux Action News 297

15 juni 2023 | min

Reddit Goes Dark | Coder Radio 522

14 juni 2023 | min

We chew on the ridiculous situation Reddit has created for itself and the weak position of app developers.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

New Xbox Unlikely as Microsoft Gaming Chief Doesn't Feel Need for Upgrade — “That’s not the feedback we’re getting right now,”
Stephen Totilo on Twitter — At a behind-closed-doors presentation to press, Xbox boss Phil Spencer says gaming revenue for the company is double what it was in the 360 era, says Xbox has more players than ever, expecting more than $1 billion in PC gaming revenue this year
Apple Releases Tool to Help Developers Port Windows Games to Mac — Developers interested in porting Windows games to the Mac can watch Apple's series of "bring your game to Mac" videos for more details. Apple also has a page on its website outlining various gaming technologies and tools available for developers.
Whisky — Whisky provides a clean and easy to use graphical wrapper for Wine built in native SwiftUI. You can make and manage bottles, install and run Windows apps and games, and unlock the full potential of your Mac with no technical knowledge required.
Coder Radio: Bite of the AR Apple | CR 276 — Wes joins Mike to chat all things Apple. We discuss the surprising implications of the iPhone X, including the challenges of its new special shape & the exciting possibilities of ARKit.
Cheaper Apple Vision Headset Likely to Launch by End of 2025 — Apple still plans to launch a more affordable version of its Vision Pro headset by the end of 2025, with the non-Pro model likely to be called "Apple Vision One," or more simply, "Apple Vision," according to Bloomberg's Mark Gurman.
Apple Executive Discusses New Mac Pro's Lack of Graphics Card Support — "Fundamentally, we've built our architecture around this shared memory model and that optimization, and so it's not entirely clear to me how you'd bring in another GPU and do so in a way that is optimized for our systems," Ternus told Gruber. "It hasn't been a direction that we wanted to pursue."
Reddit’s users and moderators are revolting against its CEO — Fallout from the unpopular API pricing change and disastrous AMA with CEO Steve Huffman is turning out the lights on some of Reddit’s most prominent communities.
Reddark
Sebastiaan de With on Twitter — Reddit’s AMA with its CEO on their API (read: third party app killing) is a train wreck. These are remakes from their CEO. Why does Reddit consistently have such terrible leadership?
Before this, Huffman had no public interactions with the community or website for 10 months.
Paul Hudson on Twitter — Apologies for the interruption on r/swift, but Reddit needs a change in management. See https://reddark.untone.uk for the huge number of other subreddits going dark in support of @ChristianSelig 💪
Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
Coder Radio on the Podcastindex.org — Send a Boost into the show via the web. First, top-up Alby, then head over to our entry on the Podcast Index.

Connection Established | LINUX Unplugged 514

11 juni 2023 | min

Linux Action News 296

8 juni 2023 | min

More Pro, More Problems | Coder Radio 521

7 juni 2023 | min

We argue over what sucked the most at WWDC this year and then surprise each other with two things that thrill us.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

US SEC charges crypto platform Coinbase, one day after suing Binance — The lawsuit is the SEC's second in two days against a major crypto exchange, following its case against Binance, the world's largest cryptocurrency exchange, and founder Changpeng Zhao.
LinuxFest Northwest 2023: Call for Speakers — "After receiving some great submissions over the last couple of days, we decided to EXTEND the speaker submission to June 25th! Submit your talk now.
WWDC 2023 — June 5 - YouTube — Watch the WWDC23 Apple Keynote announcing the latest Apple Vision Pro, MacBook Air 15", software, services, and operating systems.
Ed Leon Klinger on Twitter — “One of the coolest results involved predicting a user was going to click on something before they actually did. That was a ton of work and something I’m proud of. Your pupil reacts before you click in part because you expect something will happen after you click. So you can create biofeedback with a user's brain by monitoring their eye behavior, and redesigning the UI in real time to create more of this anticipatory pupil response. It’s a crude brain computer interface via the eyes, but very cool”
Sterling Crispin 🕊️ on Twitter — I spent 10% of my life contributing to the development of the #VisionPro while I worked at Apple as a Neurotechnology Prototyping Researcher in the Technology Development Group. It’s the longest I’ve ever worked on a single effort. I
Apple Vision Pro Testers Share Impressions: 'By Far the Best Headset' — In a tweet, tech columnist Joanna Stern described the Vision Pro as "by far the best headset out there." In a report for The Wall Street Journal, she elaborated that "the interface and hand gestures are intuitive, 3-D movies are finally making sense and a huge dinosaur felt like it really broke through a wall right in front of me."
Apple to Provide Developers With Vision Pro Development Kits — Apple says that developer kits will be offered to help developers bring their creations to life on Vision Pro, and that they will offer the ability to quickly build, iterate, and test on the headset. Developers will be able to apply to get a kit, but Apple hasn't offered details on when the kits will be made available.
Vision Pro developer kit — To support great ideas for apps and games for visionOS, developer kits will be available to help bring your creations to life on Apple Vision Pro. These kits provide the ability to quickly build, iterate, and test on Apple Vision Pro, so your app or game will be ready to deliver amazing experiences. Stay tuned for how to apply.
The Apple Vision Pro features an M2 chip, a ton of sensors and a new R1 chip — Each pixel is 7.5-micron wide and there are 23 million pixels across two panels that are the size of a postage stamp. For reference, a 4K TV features a bit more than 8 million pixels.
Apple Vision Pro first look: the mixed reality future is (almost) here — Apple’s first mixed reality device has been years in the making — and at first glance, the headset itself looks really nice. Not that we were allowed to touch it.
Mark Gurman on Twitter — Unless I missed something, it is very curious to me why there are no photos of Tim Cook or other Apple executives actually wearing the Vision Pro. If that is indeed true, that was of course a calculated decision. The question is why?
Mac Studio with M2 Ultra chip is real — Don't call it a comeback — the Mac Studio makes a slightly surprising return at WWDC 2023.
Apple Announces 'Game Mode' in macOS Sonoma for Better Mac Gaming Performance — With Game Mode enabled in macOS 14, the Mac prioritizes CPU and GPU power for the running title, thereby improving gaming hardware performance across the board. For example, Game Mode makes gaming on Mac even more immersive by dramatically lowering audio latency with AirPods.
iOS 17 Lets You Create a Voice That Sounds Like You — With the first iOS 17 beta, Apple has introduced a new accessibility feature called Personal Voice. First highlighted earlier this year, Personal Voice is designed to allow you to use artificial intelligence to create a replica of your voice.
These iOS 17 features require an iPhone 12 or newer — Apple just previewed iOS 17. With this new operating system coming later this fall, iPhone 8 and iPhone X users won’t be able to update to the latest update. That said, even if you have an iPhone XS, it doesn’t mean you enjoy all the iOS 17 functions.
New iPhone feature warns about unwanted nudes — “Naked photos and videos show the private body parts that are usually covered by underwear or bathing suits,” the pop-up explains. “It’s not your fault, but naked photos and videos can be used to hurt you.” The screen goes on to explain that the person in the photo or video may or may not have consented to this media being shared.
Apple avoids “AI” hype at WWDC keynote — Apple prefers using "machine learning," or just having AI work in the background.
Apple hid something AMAZING for Mac gaming at WWDC - YouTube
Add RFC on governance, establishing the Leadership Council — This RFC was jointly authored by @jntrnr (Core), @joshtriplett (Lang Team Lead), @khionu (Moderation), @Mark-Simulacrum (Core Project Director, Release Lead), @rylev (Core Project Director), @technetos (Moderation), and @yaahc (Collaboration Project Director).
The RustConf Keynote Fiasco, explained
Alby: Yourboost companion for the web — Send a Boost into the show via the web. First, top-up Alby, then head over to our entry on the Podcast Index.
Coder Radio on the Podcastindex.org — You can Boost via the web, get Alby then head over to the Index!

There Is No Distro | LINUX Unplugged 513

4 juni 2023 | min

The One with 45Drives | Self-Hosted 98

2 juni 2023 | min

Linux Action News 295

1 juni 2023 | min

Microsoft Goes All-In | Coder Radio 520

31 maj 2023 | min

The Sound of Rust | LINUX Unplugged 512

28 maj 2023 | min

Zuck Dub Time Machine | Office Hours 30

26 maj 2023 | min

Linux Action News 294

25 maj 2023 | min

Not So OpenAI | Coder Radio 519

24 maj 2023 | min

Accepting the Future | LINUX Unplugged 511

21 maj 2023 | min

Tempted by the Fruit of Another | Self-Hosted 97

19 maj 2023 | min

Alex tempts Chris with his Obsidian ways, our thoughts on Drobo going bankrupt, and Photoprism adding paid tiers. Plus, the slick suite of tools you'll want to run on your LAN.

Sponsored By:

Support Self-Hosted

Links:

Garden - planning with Canvas — I am using Obsidian to keep track of my gardening stuff. I have notes for all vegetables i am growing, how much i harvested etc...This year i decided to use the canvas feature to help with planning.Overall its a rough sketch of my garden and the beds, thats also why there is a huge empty spot in the middle as there are my garden-house and lawn etc...
obsidian-text-extractor — Text Extractor is a "companion" plugin. It's mainly useful when used in conjunction with other plugins (like Omnisearch), but you can also use it to quickly extract texts from images & PDFs.
Drobo, having stopped sales and support, reportedly files Chapter 7 bankruptcy — Company posted in January that it had "transitioned to a self-service model."
Drobo - Wikipedia
45Drives Needs Your Help Developing a Homelab Server — 45Drives here to talk about a new project that we are super excited about. We’ve realized it’s time to build a home lab-level storage server.
Pricing & Editions – PhotoPrism — Simple, affordable pricing. Upgrade or downgrade at any time.
Fasten — Fasten securely connects your healthcare providers together, creating a personal health record that never leaves your hands
CorentinTh/it-tools: Collection of handy online tools for developers, with great UX. — Useful tools for developers and people working in IT.
IT Tools - Demo site
Split DNS Magic with Tailscale - YouTube — Tailscales Split DNS function within the MagicDNS feature allows us to access devices by name, not IP. But what if we could also access any service running in a remote subnet via a Tailscale subnet router? That's what we'll cover in today's video.
Garden Gnomes Chat on Matrix — A chat room is for people who are interested in discussing all things gardening, and garden technology. Share your garden pictures, nerds out about about sensors, automated watering, build ideas, and more. We can share our experiences, ask questions, and learn from each other.
OpenSprinkler — OpenSprinkler is an open-source, web-based smart sprinkler controller for lawn and plant watering, drip irrigation, farm irrigation, hydroponics etc. The current version is OS 3.2, with built-in WiFi (based on ESP8266) and OLED display. You can choose between AC-powered, DC-powered, or Latch version. OpenSprinkler supports a variety of solenoid valves (24VAC, Latch, DC, motorized ball valve etc.)
Alby: Your Boostcompanion for the web — Alby brings Boosts to the web.
Self-Hosted on the Podcastindex.org — Send a Boost into the show via the web. First, top-up Alby, then head over to our entry on the Podcast Index.

Linux Action News 293

18 maj 2023 | min

Driving Mr. Dominick | Coder Radio 518

17 maj 2023 | min

Thinking in Decades | LINUX Unplugged 510

14 maj 2023 | min

Let's Play Doctor | Office Hours 29

12 maj 2023 | min

Linux Action News 292

11 maj 2023 | min

Savage Serverless Shutdown | Coder Radio 517

10 maj 2023 | min

The Next Gen Desktop | LINUX Unplugged 509

7 maj 2023 | min

Outdoor Home Assistant | Self-Hosted 96

5 maj 2023 | min

Linux Action News 291

3 maj 2023 | min

There is No Moat | Coder Radio 516

3 maj 2023 | min

The Worst Distro Ever | LINUX Unplugged 508

30 april 2023 | min

Everyone Had a Podcast | Office Hours 28

28 april 2023 | min

Linux Action News 290

27 april 2023 | min

Codeium Comes for Copilot | Coder Radio 515

26 april 2023 | min

Full Wobble | LINUX Unplugged 507

23 april 2023 | min

Docker U-Turn | Self-Hosted 95

21 april 2023 | min

We debate if users learned their lesson from the Docker Hub drama, and the silent self-hosting winner going from strength to strength. Proxmox gets some big updates.

Plus, our thoughts on the state of self-hostable AI tools.

Sponsored By:

Support Self-Hosted

Links:

Olympia Linux Spring Meetup , Sat, Apr 29, 2023, 1:00 PM — Let's have a local PNW get-together.
We're no longer sunsetting the Free Team plan — Last week we felt our communications were terrible but our policy was sound. It’s now clear that both the communications and the policy were wrong, so we’re reversing course and no longer sunsetting the Free Team plan
LUP 502: Docker Shocker — The story of an open-source hero who became a villain.
Proxmox Virtual Environment 7.4 — Proxmox VE 7.4 is based on Debian 11.6 (“Bullseye”), but uses a newer, long-term supported Linux kernel 5.15 and includes updates to the latest versions of leading open-source technologies for virtual environments, such as QEMU 7.2, LXC 5.0.2, and ZFS 2.1.9.
Pricing v3, plans, packages, and debugging · Tailscale — The new plans should save money for essentially everyone, but you can keep your old plan if you want.
web-whisper — OpenAI's whisper on your web browser!
KTZ Systems - YouTube — Creating videos and tutorials about Self-hosting, Homelabs, Networking, Linux, Containers, Home Automation, and much more...
Auto-GPT — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. This program, driven by GPT-4, chains together LLM "thoughts", to autonomously achieve whatever goal you set. As one of the first examples of GPT-4 running fully autonomously, Auto-GPT pushes the boundaries of what is possible with AI.
gpt4all chatbot ui — This is a Flask web application that provides a chat UI for interacting with llamacpp based chatbots such as GPT4all, vicuna etc...
turbopilot — TurboPilot is a self-hosted copilot clone which uses the library behind llama.cpp to run the 6 Billion Parameter Salesforce Codegen model in 4GiB of RAM. It is heavily based and inspired by on the fauxpilot project.
You all NEED these Obsidian community plugins - YouTube — In this YouTube video, I’m talking about how Obsidian can do so much more than just note-taking and writing technical documentation.
Alby: Your Boost companion for the web — Create an Alby Account to get a lightning wallet for payments wherever you go.
Self-Hosted on the Podcastindex.org — Send a Boost into the show via the web. First, top-up Alby, then head over to our entry on the Podcast Index.

Linux Action News 289

20 april 2023 | min

Designing a Villain | Coder Radio 514

19 april 2023 | min

Three Wild and Crazy Topics | LINUX Unplugged 506

16 april 2023 | min

It's About to Get Real | Office Hours 27

14 april 2023 | min

Linux Action News 288

13 april 2023 | min

Apple's Golden Hour | Coder Radio 513

12 april 2023 | min

Keep Your Darn Secrets | LINUX Unplugged 505

9 april 2023 | min

Full Power | Self-Hosted 94

7 april 2023 | min

Linux Action News 287

5 april 2023 | min

The Hysterics Chronicles | Coder Radio 512

5 april 2023 | min

It's a Trap! | LINUX Unplugged 504

2 april 2023 | min

Berlin Hangover | Office Hours 26

31 mars 2023 | min

Linux Action News 286

30 mars 2023 | min

Robot Chat Shack | Coder Radio 511

29 mars 2023 | min

Berlin with Brent | LINUX Unplugged 503

26 mars 2023 | min

The Podman Perspective | Self-Hosted 93

24 mars 2023 | min

Alex goes all in on Rootless Podman, Chris is saving his Nextcloud install from disaster, and a special guest joins us.

Special Guest: Alex Ellis.

Sponsored By:

Support Self-Hosted

Links:

Secret Management with Ansible Vault and docker-compose - YouTube — Secret management with docker-compose doesn't have to be an enigma. This video shows how I use Ansible and Ansible Vault in conjunction with docker-compose to keep my secrets safe and encrypted whilst still being able to push my repos to Github publicly.
KTZ Systems — We specialize in professional cloud infrastructure management and business network services.
Gitea 1.19.0 is released — We are proud to present the release of Gitea version 1.19.0.
Linode Green Light Beta Program — Get early access and test new Linode products before they hit the market, provide valuable feedback to influence product direction, and become part of a community of developers helping us build the cloud that works for you.
Docker is deleting Open Source organisations — Yesterday, Docker sent an email to any Docker Hub user who had created an "organisation", telling them their account will be deleted including all images, if they do not upgrade to a paid team plan. The email contained a link to a tersely written PDF (since, silently edited) which was missing many important details which caused significant anxiety and additional work for open source maintainers.
Alex Ellis' Web Site
Podman issue pulling from local registry
/etc/subuid and /etc/subgid configuration — Rootless Podman requires the user running it to have a range of UIDs listed in the files /etc/subuid and /etc/subgid.
Using volumes with Podman — If your container runs with the root user, then root in the container is actually your user on the host. UID/GID 1 is the first UID/GID specified in your user's mapping in /etc/subuid and /etc/subgid, etc. If you mount a directory from the host into a container as a rootless user, and create a file in that directory as root in the container, you'll see it's actually owned by your user on the host.
Hub 4 pioneers ethical AI integration for a more productive and collaborative future — Today, we are excited to announce a major step forward with Hub 4 – the very first on-premises collaboration platform to integrate intelligent features across its applications.
Remove not supported column comments for SQLite - Nextcloud — Some times column comments are used, e.g. to make clear an integer is used as a timestamp. For SQLite column comments are not supported and migration that use column comments will not work (see linked comment above for an example). Somehow it works when you have a clean install, then all migrations pass, but when executing single migrations they will fail.
Updating to 3.2.0 fails on SQLite installations · Nextcloud
Command Line Shell For SQLite — Like the ".dump" command, ".recover" attempts to convert the entire contents of a database file to text.
Converting Nextcloud database typw — You can convert a SQLite database to a better performing MySQL, MariaDB or PostgreSQL database with the Nextcloud command line tool. SQLite is good for testing and simple single-user Nextcloud servers, but it does not scale for multiple-user production servers.
Belkin (Wemo) takes “big step back” from Matter — Belkin says Wemo devices will support Matter once the company can "find a way to differentiate them,"
Alby — Lightning for your Browser! — Alby brings Boosts to the web.
Self-Hosted on the Podcastindex.org — Send a Boost into the show via the web. First, top-up Alby, then head over to our entry on the Podcast Index.

Linux Action News 285

22 mars 2023 | min

Edge of Disaster | Coder Radio 510

22 mars 2023 | min

Docker Shocker | LINUX Unplugged 502

19 mars 2023 | min

Dipstick Consoeur | Office Hours 25

17 mars 2023 | min

The Great Cloud Exodus | Coder Radio 509

16 mars 2023 | min

Linux Action News 284

15 mars 2023 | min

Hybrid Hangover | Coder Radio 508

14 mars 2023 | min

Fat Stacks for Flatpaks | LINUX Unplugged 501

12 mars 2023 | min

Rip it all Out | Self-Hosted 92

10 mars 2023 | min

Linux Action News 283

9 mars 2023 | min

Our Biggest Announcement Yet | LINUX Unplugged 500

5 mars 2023 | min

Tough Little Liver | Coder Radio 507

4 mars 2023 | min

Mike's got a new rig, and Ford wants to recall yours automatically! Plus, we get a bit spicy about money.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

The Coder Robe — The Coder Robe is black and is a one-size-fits-most robe made from 100% cotton terry velour for soft, cozy wear. It is embroidered on the left chest with a classic white on black Coder Radio logo.
Path of Titans
Ford Applies for Patent to Let Cars Repossess Themselves — Ford filed the patent application with the US Trademark and Patent Office in the summer of 2021, but the document was only published last week as part of the review process. Titled “Systems and Methods to Repossess a Vehicle,” the application summarizes a system that would autonomize the repossession process. First, a computer (likely associated with a financing agency) would send a message to the purchaser or lessee of a vehicle informing them of their delinquency. This message would contain a request to confirm receipt.
Ford files patent for system that could remotely repossess a car — Ford says it has no plans to deploy such a system; it just files a lot of patents.
Hastings’ Lessons From the Grave — At the time of Hastings’ death, counterterrorism expert Richard Clarke told The Huffington Post that it was possible that Hastings’ car had been hacked; that the known details of the crash were consistent with a car cyber attack.
Amazon HQ2 Pauses Construction Amid Layoffs, Remote Work — The delay affects a larger phase across the street. It calls for three, 22-story office towers and the 350-foot-tall (107-meter) Helix, a corporate conference center and indoor garden designed to echo the Spheres, plant-filled orbs at the heart of the company’s Seattle headquarters. Arlington officials granted the 2.8-million-square-foot project, called PenPlace, its most important approval in April.
Alby — Lightning for your Browser! — Alby brings Boosts to the web
Coder Radio on the Podcastindex.org — Send a Boost from the Podcast Index, first top up Alby, then visit our entry on the Inex, you can Boost right from the web page.

🦒 | Office Hours 24

3 mars 2023 | min

Linux Action News 282

2 mars 2023 | min

'velopers Choose Snap | LINUX Unplugged 499

26 februari 2023 | min

Total Network Rebuild | Self-Hosted 91

24 februari 2023 | min

Hay Tay | Coder Radio 506

22 februari 2023 | min

Linux Action News 281

22 februari 2023 | min

Rolling Papercuts | LINUX Unplugged 498

19 februari 2023 | min

Bleeding the Feed | Office Hours 23

17 februari 2023 | min

Linux Action News 280

16 februari 2023 | min

Panic at the GPTdisco | Coder Radio 505

15 februari 2023 | min

More Features? More Problems. | LINUX Unplugged 497

12 februari 2023 | min

Proxmox ClusterF | Self-Hosted 90

10 februari 2023 | min

Linux Action News 279

9 februari 2023 | min

Gateway Timeout Error | Coder Radio 504

8 februari 2023 | min

We get spicy about the state of hybrid app development and then dig into the App store gatekeeper busting by the White House.

Sponsored By:

Support Coder Radio

Links:

The Coder Robe — The Coder Robe is black and is a one-size-fits-most robe made from 100% cotton terry velour for soft, cozy wear. It is embroidered on the left chest with a classic white on black Coder Radio logo.
Coder Tumbler — What’s an episode of Coder Radio without a wine tumbler to keep a drink fresh and at just the right temperature? Forget breakable and EASY to spill glasses—give this uniquely shaped wine tumbler a chance and have fun with friends without worry.
Coder Cut Sticker — Give your gear a quick upgrade, with a Coder Sticker! Get motivated every time you look at the Coder sticker by remembering that thing we said that really pissed you off. Add a little extra motivation and joy to your life when you remember you spill less than Mike. They will serve as a perfect reminder to live your life to the fullest.
Microsoft announces surprise event for tomorrow with Bing ChatGPT expected — Microsoft is holding a special press event at its Redmond headquarters tomorrow, and it’s expected to focus primarily on its OpenAI partnership and ChatGPT for Bing.
Aaruni Kaushik on Masto — @ChrisLAS In coder 503 you advocate chatGPT like AI for your RV's wiring diagram. But how would it be any better than the website just having a make-model-variant selector as input and giving you the diagram in return? Sure you could apply AI here, but its not required as far as I can see ?
CoderRadio #AI #chatgpt
Join our JB Jobs Room — Matrix chat room for folks looking to hire, or looking for work.
Google Working on Browser for iOS That Would Break Apple's App Store Rules — Based on the visible code commits, the app purportedly looks like the start of an alternate browser build and is still missing some key features at this early stage. Google claims that the app is merely "an experimental prototype [...] with the goal to understand certain aspects of performance on iOS," and "it will not be available to users and we'll continue to abide by Apple's policies."
What is .NET MAUI? — .NET MAUI is open-source and is the evolution of Xamarin.Forms, extended from mobile to desktop scenarios, with UI controls rebuilt from the ground up for performance and extensibility.
Flutter — Flutter transforms the app development process. Build, test, and deploy beautiful mobile, web, desktop, and embedded apps from a single codebase.
Flutter desktop isn't there yet — In practice, though, Flutter is currently not a great option if you want to build a new desktop application from the ground up. What follows is a quick summary of the issues I encountered while using Flutter to do exactly this myself.
Biden Administration Wants Apple to Quit Gatekeeping the iPhone — The NTIA says it’s a problem that consumers cannot easily use apps from outside the respective app stores on both the Android and iOS platforms and that “they should be able to choose their own apps as defaults, use alternative mobile app stores and delete or hide pre-installed apps.”
Direct Link to Report [PDF]
Apple sales drop 5% in largest quarterly revenue decline since 2016 — CEO Tim Cook said three factors hurt the results: a strong dollar, production issues in China affecting the iPhone 14 Pro and iPhone 14 Pro Max, and the overall macroeconomic environment.
Apple Now Has More Than Two Billion Active Devices Worldwide — There are more than two billion active iPhones, iPads, Macs, and other Apple devices worldwide, Apple said today in the earnings report covering the first fiscal quarter of 2023.
Alby — Lightning for your Browser! — Alby brings Boosts to the web.
Coder Radio on the Podcastindex.org — Boost the show from the Podcast Index website, first top off Alby, and then head on over!

Tux in the Hen House | LINUX Unplugged 496

5 februari 2023 | min

Running with Flaming Chainsaws | Office Hours 22

3 februari 2023 | min

We blow the lid off a secret project and get LIT.

Sponsored By:

Links:

The Story of Upgrading our OBS Rig on LUP — Today we are finally taking on a project months in the making, and we're switching to an entirely new generation of Linux tech in the process.
Sovereign Feeds — A tool to create your own Podcasting 2.0 feed!
Jupiter Test Signal on the Podcastindex.org — Grab the test feed for the show from the Podcast Index.
Jupiter Test Signal on Podverse — The test feed is already on Podverse, great way to try out the LIT support for the next episode. :)
Podcasting 2.0 Spec on Transcripts — This is the initial spec for the podcast transcript format. There are four possible formats detailed below.
48 Cores Maxed Out — Transcription maxes out our beast.
At Patreon, Mismanagement Thwarts a Pandemic-Era Star — Jack Conte’s artistic and entrepreneurial passions forged one of the standout successes of the creator economy. But payouts to settle sex-discrimination complaints, a stock sale by insiders and Conte’s haphazard leadership of Patreon have sullied its image among some current and former employees.
paris martineau on Twitter — I spent the last 2mo talking to 20+ employees at the tech unicorn Patreon. They described a mission-driven startup crumbling under the leadership of YouTuber turned CEO Jack Conte
Alby 🐝 on Twitter — Alby is pleased to announce a new partnership with Blubrry; a leading podcasting platform for hosting, distribution, audience statistics, monetization, and other tools podcasters need to publish, analyze and grow their podcasts. Bringing V4V streaming.
Sam Talks Technology on Twitter — This week on @Podnews weekly is Todd Cochrane @GeekNews CEO of @blubrry talking about their new partnership with @getAlby, so 100K+ customers now have a digital wallet for micropayments. They have also added support for LIT for all customers. #value4value
How it's Made, v1 — Before we get into how I am doing things (the what), let’s take a step back and first look at why I’m doing things the way I am. To do that, we need to start with talking about what Podcasting 2.0 is.
Jamie Dimon Thinks Bitcoin Supply Won’t Really Be Capped at 21 Million — “Maybe it's gonna get to 21 million and Satoshi’s picture is gonna come up and laugh at you all.”
The Blocksize War — The battle over who controls Bitcoin’s protocol rules.
What is the best takedown of Bitcoin out there? — I'd like to see a solid argument for why Bitcoin will fail, I want to properly steal-man the opposing view, and I want to have a deeper perspective as to what the risks and negatives are with Bitcoin.
Alby — Lightning for your Browser! — Alby brings Boosts to the web.

Linux Action News 278

2 februari 2023 | min

Ruby in the WebAssembly | Coder Radio 503

1 februari 2023 | min

The Moment of Truth | LINUX Unplugged 495

29 januari 2023 | min

Jellyfans | Self-Hosted 89

27 januari 2023 | min

Linux Action News 277

25 januari 2023 | min

Too Big to Care | Coder Radio 502

25 januari 2023 | min

How the world without "big tech" might look like, the EU promises to go after Elon and a much-needed head adjustment.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.
Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder

Support Coder Radio

Links:

JB's Jobs Matrix Chatroom — Looking for work or hiring? It's a spot for people in our community to make a connection.
Google, Microsoft, Amazon, others have cut more than 70,000 employees — The job cuts in tech land are piling up, as companies that led the 10-year bull market adapt to a new reality.
Layoffs in some of Apple's retail channels have begun — The layoff news was first disclosed from an email to AppleInsider. The email — which we have since verified through other sources — says that some Apple retail channel employees who work in places like Best Buy stores have received a thirty-day notice about their rights as it pertains to a layoff.
Microsoft Hosted Sting Performance in Davos on Night Before Announcing Layoffs — On Tuesday evening, Microsoft hosted an event. It was an intimate gathering of 50 or so people, including the company’s top executives, who got to while away the evening listening to a performance by the musical artist Sting, said people familiar with the event.
Old vs. New HomePod Buyer's Guide — First-time ‌HomePod‌ customers, those considering upgrading from the original, or anyone considering adding another ‌HomePod‌ to their setup to create a stereo pair may be wondering whether it is worth buying an original model or the new one, so it is important to weigh up exactly what was added with the reintroduced ‌HomePod‌.
Jas on Twitter — Bad economy or bad planning?
Udhay on Twitter — Very well said. 🙌🏼
Maniiesh on Twitter — This advice is a billion dollar one for all freshers and newbies like us of IT industry 👍
Tanmay on Twitter — Value - Life, Family, Live with them for them.
Jeremy Joslin on Twitter — It's hard for me to believe that after 20 years at #Google I unexpectedly find out about my last day via an email. What a slap in the face. I wish I could have said goodbye to everyone face to face. #layoffs
Daniel Roberts on Twitter — Google NYC employees who arrived at the office early this morning stood in a line to test their badges-- if light turned red, it meant you had been laid off. if green, you were safe. 👎
Elon Musk Claims He’s Not Worried About The FTC — A recent Washington Post article that is mainly about Musk’s actions over the past two months has destroyed his reputation among many who previously were impressed by him includes two tidbits about Musk and the FTC that suggest he’s in for a world of hurt when the agency takes action.
EU Commissioner: Elon Musk Has To "Behave" Or Else.
Alby — Lightning for your Browser! — Alby brings Boosts to the web.
Coder Radio on the Podcastindex.org — Boost right from your web browser. After you top off Alby with some sats, head to our Podcast Index entry and Boost away.

Updating Our Fiddly Bits | LINUX Unplugged 494

22 januari 2023 | min

Boiling the Frog | Office Hours 21

20 januari 2023 | min

If you've noticed something a little off about your favorite podcasts, we might know why.

Plus some big Podcasting 2.0 endorsements and adoption.

Sponsored By:

Links:

2022: The Year That Podcasting Died — Firstly, I am no longer having any conversations with clients that do not involve video in the discussion.
The Great Podcasting Market Correction - Bloomberg — This past year, podcasting finally achieved one of the ultimate signifiers of middle age — an unsettling realization that the best days of its high-spirited youth may now be behind it.
Spotify enhances chapter support for podcasters — Spotify appears to have enhanced chapter support within the Spotify podcasts app. Nic Ivanov, founder of Vizzy, notes that there’s a new Chapters section in an episode page, and chapter marks and titles within a new player which is rolling out to both iOS (above) and Android. However, Spotify isn’t supporting either ID3 embedded chapters, nor chapters via the new podcast namespace
Podcasting 2.0 Introduction - Blubrry Podcasting — We are in a unique position in that 85,000 independent podcasts use our PowerPress plugin, and tens of thousands of shows use our internal publisher. We can, as one company, enable more than 100,000 shows to implement these new features.
Podcast Addict: "A new Beta has just been published — A new Beta has just been published with support for Podcasting 2.0 LIVE feature. Hopefully, it should be available on the Play Store before tomorrow's LIVE recording of the Podcasting 2.0 podcast. Feel free to provide feedback if you able to test it
Support creators with boostagrams and streaming sats using Podverse and Alby — Podverse is a Podcasting 2.0 app that integrates with Alby for sending boostagrams and streaming sats to podcasters. All Podverse software is provided under a free and open source license.
Mitch Downey on Masto — We created an onboarding guide for sending boostagrams and streaming sats with @podverse + Alby.
Alby — Lightning for your Browser! — Alby brings Boosts to the web. Grab Alby, then head over to the Podcast Index to Boost from your browser!
Office Hours on Podcastindex.org — Boost from the Podcast Index page, a quick and easy way to get your message and support into the show.

Linux Action News 276

19 januari 2023 | min

The AWS of AI | Coder Radio 501

18 januari 2023 | min

Network Nirvana | LINUX Unplugged 493

15 januari 2023 | min

Great Scott! | Self-Hosted 88

13 januari 2023 | min

Linux Action News 275

12 januari 2023 | min

Internal Server Error | Coder Radio 500

11 januari 2023 | min

A New Challenge Approaches | LINUX Unplugged 492

8 januari 2023 | min

Breaking Brent | Office Hours 20

6 januari 2023 | min

Linux Action News 274

5 januari 2023 | min

The Copy Paste Wars | Coder Radio 499

4 januari 2023 | min

2023 Spoilers | LINUX Unplugged 491

1 januari 2023 | min

Jellyfin January | Self-Hosted 87

30 december 2022 | min

Linux Action News 273

29 december 2022 | min

The Birds and the Elephants | Coder Radio 498

28 december 2022 | min

2022 Tuxies | LINUX Unplugged 490

25 december 2022 | min

What We're Building Next | Office Hours 19

23 december 2022 | min

Gamer Radio Gaming with Perspective - Test Show | Coder Radio

23 december 2022 | min

Linux Action News 272

22 december 2022 | min

Shots Across the Pond | Coder Radio 497

21 december 2022 | min

Brent's Secret Emails | LINUX Unplugged 489

18 december 2022 | min

Disqus-ting Tracking | Self-Hosted 86

16 december 2022 | min

What disgusted Alex about Disqus, and how he replaced it with a Self-Hosted solution, a hot HDHomeRun tip, and an update on Chris' hunt for the perfect notes app.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
LogScale: Take logs from any source and make them usable. Get started with LogScale Community Edition for free.

Support Self-Hosted

Links:

Self-Hosted 86 - Live Stream Recording - JupiterTube — The live stream of episode 86's recording.
Infinity for Reddit — Infinity is a beautiful, feature-rich app that offers a smooth Reddit browsing experience. It is completely free and ad-less; you can browse Reddit without interruptions or distractions. Built by a passionate university student, Infinity is open source. Please check out, support or contribute to the project at https://github.com/Docile-Alligator/Infinity-For-Reddit!
Apprise - Push Notifications that work — Apprise allows you to send a notification to almost all of the most popular notification services available to us today such as: Telegram, Discord, Slack, Amazon SNS, Gotify, etc.
Dump Disqus for Giscus — This is an easy project. Sure it will probably take an hour or two to get your head around but don't put it off. The end result is great and means no ads or tracking are insidiously injected into your content anymore.
giscus — A comments system powered by GitHub Discussions. Let visitors leave comments and reactions on your website via GitHub! Heavily inspired by utterances.
How to make your own self-hosted VPN in under 30 minutes — As you might have expected, making your own VPN server has multiple advantages and disadvantages. Here are the main points to remember when deciding if you want to go through with hosting a server or not.
HDMI Distribution over your Home Network? — Low-Cost HDMI Matrix using IP-Based Hardware
HDHomeRun SCRIBE 4K — 4 tuners and 150 hours of recording storage all-in-one amazing box. Watch and record free TV all around your home. Love your TV more.
Alby — Lightning buzz for your Browser! — Alby brings Bitcoin payments to the web with in-browser payments and identity, all with your own wallet.
SATurn — Connect your getalby.com Account and see which content resonates most with your audience and recognize your top contributors.
Self-Hosted on the Podcastindex.org — Send a Boost into the Show via the Podcast Index's website!
Send a Boost into the Show with a new Podcast App — Upgrade to a Podcasting 2.0 app, get great new features, and send a Boost into the show 🎉

Linux Action News 271

15 december 2022 | min

Sweeney's Final Swing | Coder Radio 496

14 december 2022 | min

Revenge of the Lizard People | LINUX Unplugged 488

11 december 2022 | min

AI Action Show | Office Hours 18

9 december 2022 | min

Linux Action News 270

8 december 2022 | min

.Not Funded | Coder Radio 495

7 december 2022 | min

The Debian Debate | LINUX Unplugged 487

4 december 2022 | min

Wendell’s Hot Pi | Self-Hosted 85

2 december 2022 | min

Linux Action News 269

1 december 2022 | min

Python Paradigms | Coder Radio 494

30 november 2022 | min

Goodbye, Google | LINUX Unplugged 486

27 november 2022 | min

And What Do You Do? | Office Hours 17

25 november 2022 | min

Linux Action News 268

24 november 2022 | min

Super Spellcheck | Coder Radio 493

23 november 2022 | min

We will discuss the practical implementations of AI embedded in future products, then take a look at FTX's books and have a few highlights to share.

Plus, we lay out the PMC warfare theory, which might explain what bloated tech companies have coming.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

DiffusionBee - Stable Diffusion GUI App — DiffusionBee is the easiest way to generate AI art on your computer with Stable Diffusion. Comes with a one-click installer. No dependencies or technical knowledge needed.
FTX Owes Its 50 Biggest Unsecured Creditors More Than $3 Billion — Sam Bankman-Fried’s bankrupt crypto empire owes its 50 biggest unsecured creditors a total of $3.1 billion, new court papers show, with a pair of customers owed more than $200 million each.
kadhim on Twitter
Antonio García PMC Warfare Theory — What Elon is doing is a revolt by entrepreneurial capital against the professional-managerial class regime that otherwise everywhere dominates (including and especially large tech companies), and that same PMC (which includes the media) is treating it as an act of lèse-majesté.
Elon Musk's ‘Hardcore’ Ultimatum Sparks Exodus, Leaving Twitter at Risk — Musk aims to retain workers, softening work from home policy
Twitters top former Censor Yoel Roth Outlines How Apple/Google could Stop Elon/Twitter — There is one more source of power on the web — one that most people don’t think much about, but which may be the most significant check on unrestrained speech on the mainstream internet: the app stores operated by Google and Apple.
CBS Quits Twitter, then Returns — On Friday, one of the media outlet’s national correspondents stated that “in light of the uncertainty around Twitter and out of an abundance of caution, CBS News is pausing its activity on the social media site as it continues to monitor the platform.”
Apple Executive Phil Schiller Deactivates Twitter Account — Schiller often used his account to promote new Apple products, services, software, and initiatives and interact with customers. As noted on Twitter by Bloomberg's Mark Gurman, however, Schiller's account no longer exists. The account had over 200,000 followers and was created in November 2008 according to a web archive of the account dated November 4.
Apple, Google to Serve as Gatekeepers and Beneficiaries of $8 Twitter Blue — Twitter is trending toward 250 million daily active users. Let’s assume that 1% of that user base—2.5 million people—subscribe on either iOS or Android. Excluding additional subscription products within Twitter, that adds up to $72 million in year one revenue for Apple and $36 million for Google.
Mark Gurman on Twitter — While I expect lots of leeway, there is a real scenario in which Apple/Google remove Twitter because of content moderation issues or because Twitter decides to bypass the 15%-30% cuts. Notably, we appear to now know how Apple’s App Store chief feels about the new Twitter.
Send a Boost into the Show — Upgrade to a Podcasting 2.0 app, and send a Boost into the show!

Mystery Box | LINUX Unplugged 485

20 november 2022 | min

Hidden NAS | Self-Hosted 84

18 november 2022 | min

We're chatting about workstation builds for a home NAS with Joe Ressington this week. Chris chews on the news of the Evernote buyout and his challenges with Zigbee.

Special Guest: Joe Resington.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
LogScale: Take logs from any source and make them usable. Get started with LogScale Community Edition for free.

Support Self-Hosted

Links:

Late Night Linux — Late Night Linux is a podcast that takes a look at what’s happening with Linux and the wider tech industry.
2.5 Admins — 2.5 Admins is a podcast featuring two sysadmins called Allan Jude and Jim Salter, and a producer/editor who can just about configure a Samba share called Joe Ressington.
Choose your Zigbee channel wisely —
Before optimizing your channels, it’s best to reduce the amount of traffic on the 2.4 GHz band. There are a few different ways of doing that. But it all boils down to removing as many devices from the 2.4 GHz Wi-Fi band as possible. As Zigbee devices can only use the 2.4 GHz band, there isn’t much you can do with them except minimizing the number of commands sent using Zigbee Groups.
Z Wave vs Zigbee — While Z Wave has a better track record of compatibility between products and never interferes with your Wi-Fi network, Zigbee is faster,has a greater range of signal, boasts on open protocol standard, and owns a significantly larger marketshare of the smart home product space.
Aeotec MultiSensor 7, 6-in-1 Zwave Sensors — Contains Monitor Motion, Temperature, Light, Humidity, UV, and Vibration, Z-Wave Plus, Gen7, S2, SmartStart Enabled, Compatible with Zwave
Evernote’s Next Move: Joining the Bending Spoons Suite of Apps — In the deal signed between Bending Spoons and Evernote, Bending Spoons agrees to take ownership of Evernote in a transaction expected to complete early in 2023.
Jupiter Broadcasting Matrix Info — Jupiter Broadcasting’s Rooms are organized into groups called “spaces”.
UptimeRobot: Free Website Monitoring Service — The world's leading uptime monitoring service.
The Helpful Idiot — Idiots don't have time for cable management.
Send a Boost into the Show — Upgrade to a Podcast 2.0 compatible app, and send a Boost into the show.

Linux Action News 267

17 november 2022 | min

Linux Action News 267

17 november 2022 | min

The Troll Wizard | Coder Radio 492

16 november 2022 | min

Microsoft lets its geek flag fly, our observations on .NET 7, and the recent upset caused by the Troll Wizard, but we can't understand who will pay the toll.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

NSA urges orgs to use memory-safe programming languages — "NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency.
Aegis Authenticator — Aegis Authenticator is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.
Casey Newton on Twitter — Update: company sources tell me that yesterday Twitter eliminated ~4,400 of its ~5,500 contract employees, with cuts expected to have significant impact to content moderation and the core infrastructure services that keep the site up and running.
.NET 7 is Available Today — Thanks to the open-source .NET community for your numerous contributions that helped shape this .NET 7 release. 28k contributions made by over 8900 contributors throughout the .NET 7 release!
Announcing .NET MAUI for .NET 7 General Availability — Six short months ago we introduced you to .NET Multi-platform App UI (MAUI) and today we are excited to announce the general availability of .NET MAUI in our next major release, .NET 7.
.NET Conf 2022 Keynote: Welcome to .NET — .NET 7 is here! Find out what is new for .NET developers across all workloads including cloud, mobile, desktop, web, AI, IoT, and so much more.
Meta laying off more than 11,000 employees — Meta is laying off 13% of its staff, or more than 11,000 employees, CEO Mark Zuckerberg told employees Wednesday.
Mark Zuckerberg Won't Rule Out Further Layoffs
Amazon Is Said to Plan to Lay Off Approximately 10,000 Employees — The job cuts of approximately 10,000, which would start as soon as this week,
Apple being "very deliberate" on hiring amid economic uncertainty, says CEO Tim Cook — "What we're doing as a consequence of being in this period is we're being very deliberate on our hiring," Cook told "CBS Mornings" at Apple's headquarters in California. "That means we're continuing to hire, but not everywhere in the company are we hiring."
Jay Owens (@hautepop) — Vox’s Future Perfect vertical, which took SBF money to shill for SBF ideology
Preventing 2FA Crises — A recent podcast episode I listed to detailed the painful process of what could happen if you lose your 2FA codes, and I hope to address how to prevent this even if you don't have SMS/calls to authenticate to the 2FA service I'm mentioning (their typical verification process).
Send a Boost into the Show — Upgrade to a Podcasting 2.0 compatible app, and send a Boost into the show. 🔥

Fedora Falls Flat | LINUX Unplugged 484

13 november 2022 | min

Sats Over Snake Oil | Office Hours 16

11 november 2022 | min

Linux Action News 266

10 november 2022 | min

Voltron Based Development | Coder Radio 491

9 november 2022 | min

Chris Is Done With Raspberry Pi | LINUX Unplugged 483

6 november 2022 | min

Unintended Upgrades | Self-Hosted 83

4 november 2022 | min

Linux Action News 265

3 november 2022 | min

Final Boss Battle | Coder Radio 490

2 november 2022 | min

Legacy Gets the Boot | LINUX Unplugged 482

30 oktober 2022 | min

One PR At a Time | Office Hours 15

28 oktober 2022 | min

Linux Action News 264

27 oktober 2022 | min

Luther Curious | Coder Radio 489

26 oktober 2022 | min

Just a Prompt Away | LINUX Unplugged 481

23 oktober 2022 | min

Roon Ready Ruh-Roh | Self-Hosted 82

21 oktober 2022 | min

Alex gives Roon Labs whole home audio a try but discovers a critical design flaw while Chris checks out his new ODROID-H3+ and plans his next epic build.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
CloudFree.shop: CloudFree Smart Plug – Runs Tasmota for $9. Use code SELFHOSTED and support the show. Promo Code: SELFHOSTED

Support Self-Hosted

Links:

ODROID-H3+ — Intel® Quad-Core Processor Jasper Lake N6005 has a base clock of 2GHz and a boost clock of 3.3GHz with 1.5MB L2 and 4MB L3 cache by a 10 nm process.
Roon 2.0 & ARC: WHAT'S GOING ON? - YouTube
Roon Labs - The audiophile player for music fanatics — Whether you’re working out at the gym, heading to the office, or traveling thousands of miles from home – Roon ARC gives you mobile access to your full library of artists, albums, playlists, and tags. No more settling for second-best from streaming apps when you’re on the go. Roon ARC makes everywhere feel like home.
How to prepare for a time when I’m tired of tinkering with Home Assistant? — I know from experience that there will come a time when I won’t find home automation as flattering any more but I’ll still need my lights and whatnot to function properly.
Zigbee Binding — Zigbee has support for binding which makes it possible that devices can directly control each other without the intervention of Zigbee2MQTT or any home automation software.
Badgers Stack - May 2022 - Perfect Media Server — A new page for May 2022, here's a high level overview snapshot of PMS as it stands today.
Your free and decentralized audio platform - Funkwhale — Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network.
Top 10 Self-Hosted Apps - Perfect Media Server — Storing and serving files is all well and good but with a little effort, we can replace dozens of hosted services that don't respect your privacy. Here are some of my favourite self-hosted app picks.
moodeaudio.org — Audiophile-quality music playback for the wonderful Raspberry Pi family of single board computers.
Send a Boost into the Show — Upgrade to a Podcasting 2.0 compatible app, and get new features like Boosts.

Linux Action News 263

20 oktober 2022 | min

Code Laundering | Coder Radio 488

19 oktober 2022 | min

We debate if GitHub's Copilot enables automated code laundering after a developer makes a startling discovery. Then we dispense some seriously old-school wisdom.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Is a ‘software engineer’ an engineer? Alberta regulator says no. — The Association of Professional Engineers and Geoscientists of Alberta (APEGA), has asked a court to order one of the province’s leading software companies, Octopusapp Inc., known as Jobber, to stop using the term “engineer” in job titles and postings unless it gets a permit from the regulator.
Frank Karlitschek | Nextcloud — Frank Karlitschek started Nextcloud as an open source project to power a decentralized internet, believing that companies should control their own data. As an engineer in computer science, he worked on many open source projects throughout his career.
Configuring GitHub Copilot in Visual Studio Code — GitHub Copilot includes a filter which detects code suggestions matching public code on GitHub. You can choose to enable or disable the filter. When the filter is enabled, GitHub Copilot checks code suggestions with their surrounding code of about 150 characters against public code on GitHub. If there is a match or near match, the suggestion will not be shown to you.
Tim Davis on Twitter — @github copilot, with "public code" blocked, emits large chunks of my copyrighted code, with no attribution, no LGPL license. For example, the simple prompt "sparse matrix transpose, cs" produces my cstranspose in CSparse. My code on left, github on right. Not OK.
Jeremy Soller on Twitter — Illegal source code laundering, automated by GitHub
Hector Martin on Twitter — Don't do this. Ever. This is insulting and disrespectful to your users.
Nobody is entitled to support from volunteer FOSS projects, but they absolutely do deserve not to have the issues they took time to file actively thrown away. If you haven't fixed the bug, it stays open.
Meta Sunk $15 Billion Building the Metaverse. Where Did the Money Go? — Meta has sunk more than $15 billion into its metaverse project since the start of last year.
Most Metaverse Users Don't Even Make It a Month — Most Metaverse users don't return to the Horizon Worlds platform after the first month, WSJ reported.
Upgrade to a Podcasting 2.0 App — Grab a Podcasting 2.0 compatible app, send Boosts, and keep podcasting decentralized.

Taming the Beast | LINUX Unplugged 480

16 oktober 2022 | min

Debian Downer | Office Hours 14

14 oktober 2022 | min

Linux Action News 262

13 oktober 2022 | min

Casual Coders | Coder Radio 487

12 oktober 2022 | min

Good Software, Bad Blood | LINUX Unplugged 479

9 oktober 2022 | min

The Badger Stack | Self-Hosted 81

7 oktober 2022 | min

Chris Raspberry Pi server is dead, and Alex has a few ideas for his next build.

Special Guest: Brent Gervais.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
CloudFree.shop: CloudFree Smart Plug – Runs Tasmota for $9. Use code SELFHOSTED and support the show. Promo Code: SELFHOSTED

Support Self-Hosted

Links:

You can't buy a Raspberry Pi right now — ...or at least, not without a lot of patience or a fat wallet.
Matter is now official! — The Connectivity Standards Alliance has certified and released the first version of the Matter smart home interoperability protocol Tuesday and I couldn’t be happier.
Paulus Schoutsen on Twitter — Ladies and gentlemen, we've got it! That's the first release.
Invoice Ninja — Focus on doing what you love. We’ll help with the invoicing.
Docker files for Invoice Ninja — Introducing our very own Helm Chart that helps you launch a simple standalone app to a production-ready, highly available Invoice Ninja setup.
InvoicePlane — InvoicePlane is a self-hosted open source application for managing your quotes, invoices, clients and payments.
Cloudflare Zero Trust and Yubico — Yubico is providing Security Keys at “Good for the Internet” pricing - as low as $10 per key. Yubico will ship the keys to customers directly.
SSH with YubiKey
Bitwarden Two-step Login via YubiKey
expanse — fully selfhosted multi-user web app for externally storing Reddit items (saved, created, upvoted, downvoted, hidden) to bypass Reddit's 1000-item listing limits
Use Bitwarden to Generate Email Aliases with Fastmail — As of the September release, the Bitwarden username generator now supports creating email aliases
netbird — NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
RuneAudio — RuneAudio is a free and open source software that turns embedded hardware into Hi-Fi music players.
Volumio - The Audiophile Music Player — A very powerful and convenient music aggregator, now Volumio can also be used with great results in all sorts of different situations.
snapcast: Synchronous multiroom audio player — Snapcast is a multiroom client-server audio player, where all clients are time synchronized with the server to play perfectly synced audio. It's not a standalone player, but an extension that turns your existing audio player into a Sonos-like multiroom solution.
ConBee II Zigbee USB Gateway — Universal Zigbee USB gateway integrates Zigbee products across manufacturers
Slaesh Zigbee 3.0 USB Stick - CloudFree — Recommended by Zigbee2MQTT
Badgers Stack — A new page for May 2022, here's a high level overview snapshot of PMS as it stands today.
Install Proxmox VE on Debian 11 Bullseye — The installation of a supported Proxmox VE server should be done via bare-metal ISO installer. In some cases it makes sense to install Proxmox VE on top of a running Debian Bullseye 64-bit, especially if you want a custom partition layout. For this How-To any official Bullseye installation medium should work.
ironicbadger/infra: 99.9% less leaked credentials
Send a Boost with a New Podcast App — Upgrade to a Podcasting 2.0 compatible app.

Linux Action News 261

6 oktober 2022 | min

The Fight for the Next Knight Rider | Coder Radio 486

5 oktober 2022 | min

The Best of Both Worlds | LINUX Unplugged 478

2 oktober 2022 | min

One Long Monday | Office Hours 13

30 september 2022 | min

Linux Action News 260

29 september 2022 | min

Going All In on Linux | Coder Radio 485

28 september 2022 | min

Mike has spent just over a month living in Linux full-time, and Chris wants to check in and see how he’s doing. Plus we both have the new Thelio from System76 in-house, and our takeaways might surprise you.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Southern California Meet up this Friday — Come join us! We’ll be hanging out from 6pm-8pm. This place has everything you need, great food, great beer, a great atmosphere, and phenomenal company. Also, the patio is dog friendly!
Linux On The Laptop Works So Damn Well That It’s Boring — Honestly, when I use my Linux computer, very little is different from my Mac or Windows machines. It works so well that it’s essentially kind of boring. Which is what you want, right? You don’t want to have to think about your operating system, or worry about it. You just want it to work.
System76 Thelio — We’ve slimmed down Thelio’s wood wrapping into a swappable accent on the front of the system. Style your Thelio with a variety of wood or powder-coated aluminum accents to empower any mindset.
Thelio 2022 Redesign Review - dominickm.com — Proudly proclaiming “real computers have ports”, it comes with a variety of HDMI, Display Port (depending on your GPU) and UBS-C ports. Whether your a developer who needs to connect IOT devices for debugging or a content creator preaching the gospel of Objective Binks, you’ll have the ports you need for your audio devices and (in my case) your mute pedal. Keen observers will notice that the back panel is slightly less styled than previous model, but that hardly detracts from the overall aesthetic appeal.
Thelio Timed Linux Kernel Compilation — This test times how long it takes to build the Linux kernel in a default configuration (defconfig) for the architecture being tested or alternatively an allmodconfig for building all possible kernel modules for the build.
Parboil DevOne Benchmarks — The Parboil Benchmarks from the IMPACT Research Group at University of Illinois are a set of throughput computing applications for looking at computing architecture and compilers. Parboil test-cases support OpenMP, OpenCL, and CUDA multi-processing environments. However, at this time the test profile is just making use of the OpenMP and OpenCL test workloads.
Grab a New Podcast App — Send a Boost into the show with a Podcasting 2.0 compatible app.

The Feeling of Fast | LINUX Unplugged 477

25 september 2022 | min

Solving Whole Home Audio | Self-Hosted 80

23 september 2022 | min

Linux Action News 259

22 september 2022 | min

I Wanted to be a Hipster | Coder Radio 484

21 september 2022 | min

Canary in the Photo Mine | LINUX Unplugged 476

18 september 2022 | min

Don't Clip and Drive | Office Hours 12

16 september 2022 | min

Linux Action News 258

15 september 2022 | min

Objective D | Coder Radio 483

14 september 2022 | min

Brent's Bug Battle | LINUX Unplugged 475

11 september 2022 | min

Self-Hosted 79 | Self-Hosted 79

9 september 2022 | min

Linux Action News 257

8 september 2022 | min

Building Your Light Saber | Coder Radio 482

7 september 2022 | min

Linux’s Malware Inevitability | LINUX Unplugged 474

4 september 2022 | min

Linux Action News 256

1 september 2022 | min

Flipping The Switch | Office Hours 11

31 augusti 2022 | min

Apple's Metal Tax | Coder Radio 481

31 augusti 2022 | min

End of the Road | LINUX Unplugged 473

28 augusti 2022 | min

We Should Know Better | Self-Hosted 78

26 augusti 2022 | min

Linux Action News 255

25 augusti 2022 | min

Google's 1984 Moment | Coder Radio 480

24 augusti 2022 | min

We're spooked to learn how one man's life has been turned upside down just because he used Google Photos.

Plus Mike's thoughts on .Net 7's trajectory and a little hope for Ionic.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Michael Dominick on Twitter — Check out "TCG-Con Tampa"
Why Pixelmator Photo is switching to subscription pricing — TL;DR: Pixelmator Photo will now cost $4.99 per month, $23.99 per year, or $54.99 for a lifetime license but existing paid users get unlimited access for free.
Our West Coast Meetup Chat Room on Matrix — Join our room and get the inside deets.
Jupiter @ JPL - Get your name in the Hat! — We picking names SOON.
Announcing .NET 7 Preview 7 — This preview of .NET 7 includes improvements to System.LINQ, Unix file permissions, low-level structs, p/Invoke source generation, code generation, and websockets.
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. — Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.
Matthew Green on Twitter — He took a private photo intended for a doctor. In a situation where human being expect (but may not be entitled to) the most extreme privacy that our technical situations have to offer.
Instead his child’s genitals were transmitted to a team of people and he lost years of data.
Matthew Green on Twitter — This is the situation that every normal person fears will happen when “classifiers work as intended” on their private data.
It’s fine to argue this is an extreme and regrettable edge case we can design out of the system. To say it’s defensible? That’s dangerous.
Deirdre Connolly¹ on Twitter — "Fun" reveal in this story: per the (erroneous) referral to police, Google complied with a warrant for this user's /entire Google search history/, as well as location history, messages, and any documents they had associated with the account
The Amazing Critter Man 🇺🇸🐍 on Twitter — Consider this: These photos were unique. There was no hash in any law enforcement database for these images. Google still found them. They look at your stuff, you have no secrets from Google. Don't give them anything, you have everything to hide.
Micro Frontend Architecture for Mobile Web Apps — Portals micro frontends allow multiple teams to build, test, and ship in parallel with hyper-focused embedded web experiences in your React Native, Android, and iOS mobile apps.
Appflow — Move faster with cloud native builds, live updates, app publishing, and the ability to automate all of it.
It’s time for Apple to fix texting. — These problems exist because Apple refuses to adopt modern texting standards when people with iPhones and Android phones text each other.
Follow Chris on Fountain — Fountain offers a rich clip discovery system. Follow the ones I publish with this link.
New Podcast Apps — Grab a Podcasting 2.0 compatible app, or try out Breez and keep your app!

5 Problems With NixOS | LINUX Unplugged 472

21 augusti 2022 | min

Coming in Hot with the Code! | Office Hours 10

19 augusti 2022 | min

Linux Action News 254

18 augusti 2022 | min

Apple's Mob Move | Coder Radio 479

17 augusti 2022 | min

New leaks reveal how hollow Apple's claims of fighting for user privacy are. We discuss their scheme to monetize the downturn.

Plus, why we've never seen an App blow it as severely as Telegram is right now, and Electron's Flash moment.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

CoderRadioMascot on Twitter — I want to remind you that we have strict labor laws in Europe. I don't think denying a mascot it's vacation is legal. I consider founding the first podcast mascot union to make sure podcast mascot's rights are respected and not eradicated.
Workplace Productivity: Are You Being Tracked? - The New York Times — Across industries and incomes, more employees are being tracked, recorded and ranked. What is gained, companies say, is efficiency and accountability. What is lost?
Archive.org: The Rise of the Worker Productivity Score — Now digital productivity monitoring is also spreading among white-collar jobs and roles that require graduate degrees. Many employees, whether working remotely or in person, are subject to trackers, scores, “idle” buttons, or just quiet, constantly accumulating records. Pauses can lead to penalties, from lost pay to lost jobs.
Stof's thoughts on tabs or Spaces — Essentially, tabs are idealistic and would win any argument not based on real world 'not caring' of humans, so in reality spaces win, but how many spaces is a better question! I wonder what the audience would say about 2 spaces?
West Coast Crew Chat — Join our west coast locals chan room.
Want to join us at JPL? — Put your name in the hat, just be sure you can be there Sept 29th!
Researchers Find Vulnerabilities in Software Underlying Discord, Microsoft Teams, and Other Apps — Aaditya Purani, one of the researchers who found these vulnerabilities, said that “regular users should know that the Electron apps are not the same as their day-to-day browsers,” meaning they are potentially more vulnerable.
RCE Vulnerability found in Electron — This occurs because of the way ElectronJS is designed and is a fundamental design issue within the framework. (ElectronJs = JS + Chromium so this intersection is where the flaw occurs as it’s not same as your normal chrome browser).
Telegram update brings new animated emoji — The latest update to Telegram’s app for iOS comes with multiple new features, especially for Premium subscribers.
Telegram CEO complains about App Store 'obscure review process' — For example, our upcoming update – which is about to revolutionize how people express themselves in messaging – has been stuck in Apple’s ‘review’ for two weeks, without explanation or any feedback provided by Apple.
Apple asked for a cut of Facebook’s ad sales years before it stifled Facebook’s ad sales — Apple reportedly argued that it deserved a cut of certain portions of Facebook’s ad revenue.
Apple Set to Expand Advertising, Bringing Ads to Maps, TV and Books Apps — Apple is set to expand ads to new areas of your iPhone and iPad in search of its next big revenue driver. Also: The company slows its pace of acquiring startups, and Peloton embarks on a major overhaul.
Apple and Facebook’s Pre-ATT Negotiations, Timing and Documentation — The Wall Street Journal fills in important details about the run-up to ATT, including negotiations between Apple and Facebook. Then, ATT denials don't hold water. – Stratechery by Ben Thompson
Mark Gurman on Twitter — Power On: Apple is set to expand ads to more parts of your iPhone, beyond News, Stocks and the App Store. Up next? Probably in Maps, Books, Podcasts and one day TV+.
Patrick Moorhead #SixFiveSummit on Twitter — What an Apple power move: Hobble the advertising efforts of your ecosystem and then start monetizing the real estate yourself. Redefines vertical integration. Truly brilliant.
Send a Boost with a New Podcast App — Boosts, chapters, transcripts, and more. Get a Podcasting 2.0 compatible app.

The Cottonwood Disaster | LINUX Unplugged 471

14 augusti 2022 | min

Automations Gone Wrong | Self-Hosted 77

12 augusti 2022 | min

Linux Action News 253

11 augusti 2022 | min

Strange New Workflows | Coder Radio 478

10 augusti 2022 | min

Let's Call It an Upgrade | LINUX Unplugged 470

7 augusti 2022 | min

We Hate Crypto Too | Office Hours 9

5 augusti 2022 | min

Linux Action News 252

4 augusti 2022 | min

Sweet Little Lies | Coder Radio 477

3 augusti 2022 | min

We debate the lies our tool makers tell us, if Clojure has a Rails-sized hole, and the secrets of a successful software engineer.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Jupiter Broadcasting Meetup Page — London Meetup just days away!
Join our West Coast Crew Matrix chat. — Calling West Coast Locals!
ResearchKit — ResearchKit is an open source framework introduced by Apple that allows researchers and developers to create powerful apps for medical research. Easily create visual consent flows, real-time dynamic active tasks, and surveys using a variety of customizable modules that you can build upon and share with the community. And since ResearchKit works seamlessly with HealthKit, researchers can access even more relevant data for their studies — like daily step counts, calorie use, and heart rate.
ResearchKit and CareKit - Apple — a framework for developers to build apps that let you manage your own well-being on a daily basis.
What is GitOps? — GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation.
Clojure needs a Rails — Other programming languages have their definitive web framework. Ruby has Rails, Python has Django, Java has Play, Elixir has Pheonix.
Luminus - a Clojure web framework — Luminus is a Clojure micro-framework based on a set of lightweight libraries. It aims to provide a robust, scalable, and easy to use platform. With Luminus you can focus on developing your app the way you want without any distractions.
Michael Dominick on Twitter — First time using Migration Assistant. Going from an M1 to an Intel Mac. Let’s see how this goes lol
Skills of a Successful Software Engineer — Skills to grow from a solo coder into a productive member of a software development team, with seasoned advice on everything from refactoring to acing an interview.
Coder to Developer
Open Source Licenses to Avoid — Check if the open sources you use pose a threat to your business and find out what to do today to secure your company for years.

Tough Linux Love | LINUX Unplugged 469

31 juli 2022 | min

Solid as a Rock | Self-Hosted 76

30 juli 2022 | min

Alex runs us through his new and improved off-site backup setup, and Chris is trying out some Shelly devices.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
Humio: Take logs from any source and make them usable. Get started with Humio Community Edition for free.

Support Self-Hosted

Links:

Jupiter Broadcasting Meetup Page
Tailscale mesh network using OPNsense — OPNsense is an open source router and firewall platform built using FreeBSD. Tailscale can be installed on an OPNsense platform, joining it to your WireGuard-based mesh network.
OPNsense repo by mimugmail — Here you'll find source of a couple of plugins but it's mainly just for tracking bugs or new feature requests.
Install AdGuard Home on an OPNsense router
Hard Drive Life Expectancy — Using the Drive Stats data we’ve collected since 2013, we have selected 10 drive models that have a sufficient number of both drives and drive days to produce Kaplan-Meier life expectancy curves we can use to easily visualize their life expectancy. Using these life expectancy curves we’ll compare drive models in cohorts of 4TB, 8TB, 12TB, and 14TB to see what we can find.
Shelly Flood
Shelly Flood Notification on Water Detection
SHELLY FLOOD Detect any leakages immediately — I will show you how to use Home Assistant and Shelly Flood Sensor to detect any leakages at your home immediately. We will use some Home Assistant automations and MQTT protocol.
UNNotificationInterruptionLevel.timeSensitive — The system presents the notification immediately, lights up the screen, and can play a sound, but won’t break through system notification controls.
Shelly Plus H&T — With over 1 year of battery life, Shelly Plus H&T will make sure that you are always aware of the temperature and humidity levels in your home. Enhanced with a faster processor, Shelly Plus H&T monitors even the slightest change in the conditions and will help you prevent dryness or mold while maintaining comfortable conditions at the premises.
Shelly Plus Plug US — Shelly Plus Plug US will monitor and control lighting, heating, or any other connected electrical appliance at home.
Leviton joins as a Works with Home Assistant partner — Today we are happy to announce our first Works with Home Assistant partner: Leviton!
Shelly Smoke — When there is smoke detected, Shelly Smoke activates a Voice and Light alarm, and sends a notification instantly.
Jellyfin CSS Customization — Custom CSS provides customization such as changing colors, changing layouts, and item size and behavior. Below is a list of various tweaks that can be applied.
What is the Lightning Network? — The Lightning Network was proposed in 2015 by two researchers, Thaddeus Dryja and Joseph Poon, in a paper titled “The Bitcoin Lightning Network.” Their writings were based on previous discussions of payment channels made by Satoshi Nakamoto, the anonymous creator of Bitcoin. Nakamoto described payment channels to fellow developer Mike Hearn, who published the conversations in 2013.
Umbrel — Run a personal server in your home, self-host open source apps like Nextcloud and Bitcoin node, break away from big tech, and take full control of your data. For free.
nix-bitcoin — nix-bitcoin is a collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security.
Grab a New Podcast app — Get a Podcasting 2.0 compatible app.

Linux Action News 251

30 juli 2022 | min

Tapping the Breaks | Coder Radio 476

27 juli 2022 | min

The Read Only Scenario | LINUX Unplugged 468

24 juli 2022 | min

A Good Problem to Have | Office Hours 8

22 juli 2022 | min

Linux Action News 250

21 juli 2022 | min

I Do Declare | Coder Radio 475

20 juli 2022 | min

All Hands on Deck | LINUX Unplugged 467

17 juli 2022 | min

In-Flight Changes | Self-Hosted 75

15 juli 2022 | min

Our thoughts on the new Works with Home Assistant program, some changes to Alex's off-site backup server, and a million bits of great feedback.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
Humio: Take logs from any source and make them usable. Get started with Humio Community Edition for free.

Support Self-Hosted

Links:

Introducing the Works with Home Assistant program — With Home Assistant, we integrate with over 1000 different APIs. The majority of these integrations are created and maintained by the Home Assistant community. Over the years a number of companies have stepped up to work with our community offering samples and engineering support. In a few cases, we saw companies pick up the maintenance of integrating their products in Home Assistant.
Database of Zigbee devices — List of Zigbee devices supported by ZHA, Tasmota, Zigbee2MQTT, deCONZ, Zigbee for Domoticz or ioBroker.zigbee
Vikunja — Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the AGPLv3.
Vikunja Docker Walkthrough
London Meetup — August 5th at 6pm GMT (meetup.com is based off JBs Pacific Time). To confirm when I say 6pm GMT I mean 6pm as you look your watch - time savings and all that be damned - you know what I mean when I say 6pm GMT :)
West Coast Crew Matrix Chat Room — Are you on the US West coast? Join our Matrix room and get the latest on our west coast road tour coming up!
LinuxCard — Using the LinuxCard is easy, insert the SD card, connect USB-C to a computer, and open your favourite serial console app (minicom, PuTTY, etc), if you do not see the boot log, try the other virtual serial port (two exist). In case of a boot error, the SD card LED will blink in an infinite pattern, you can see the code for details on what various numbers of blinks mean.
First Alert Z-Wave Smoke Detector — Receive real-time notifications when smoke or carbon monoxide is detected.
Aeotec Water Leak Sensor Zigbee — lace the Aeotec SmartThings Water Leak Sensor under sinks, refrigerators, washing machines, and more to detect excess water or moisture and receive immediate alerts on your phone
FlightAware ADS-B Store — This kit provides you all the parts you need to create an ADS-B receiver. It will allow you to track aircraft up to 250NM away. Using FlightAware’s open-source software you can receive data from 1090MHz equipped aircraft and have it displayed in a web-based radar-like interface.
Valeronoi — A companion for Valetudo for generating WiFi signal strength maps. It visualizes them using a Voronoi diagram.
Shelly Leak Sensor — Connect Shelly Flood directly to your Wi-Fi network, without the need of any additional controller.
Get a New Podcast App and Boost the Show — Grab a Podcasting 2.0 compatible app or a Boost-specific app.

Linux Action News 249

14 juli 2022 | min

Why Google says we should all go rolling, Red Hat's got a new boss, Microsoft gets called out, and why it might be the year of Linux hardware.

Sponsored By:

Support Linux Action News

Links:

How Google got to rolling Linux releases for Desktops — Today, the life of a gLinux team member looks very different. We have reduced the amount of engineering time and energy required for releases to one on-duty release engineer that rotates among team members. We no longer have a big push to upgrade our entire fleet. No more need for multi stage alpha, betas and GAs for new LTS releases while simultaneously chasing down older machines that still were running Ubuntu Precise or Lucid.
Red Hat names new CEO — In a move many will find surprising, Red Hat announced that Paul Cormier, the company's CEO and president since 2020, is stepping over to become chairman of the board. Matt Hicks, a Red Hat veteran and the company's head of products and technologies, will replace Cormier as president and CEO.
KDE Announces Powerful Slimbook 4 Linux Laptop — The laptops are powered by AMD Ryzen 7 5700U processor with eight cores. They use USB-C for charging and power, like many other modern laptops. There are two USB 3.0 ports, one USB 2.0 port, an HDMI port, and a wired Ethernet jack.
System76 Launch Lite Teaser — Launch, but Lite. Launch Lite is the everyperson's keeb — comfortable, portable, and configurable.
System76 Teases the Launch Lite Open-Source Configurable Keyboard, Coming July 14th
AMD Is Hiring To Improve Its Linux Graphics Driver Installation Experience — In addition to their recent hiring for a open-source Linux GPU driver developer with multimedia experience, this week they have posted a new role looking for Linux build engineer(s) to focus on their graphics driver.
Linux Build Engineer — Our team works on open-source GPU drivers for Linux. We are leading contributors to the Radeon Mesa graphics and multimedia drivers included in popular Linux distributions like Ubuntu, Fedora, Arch, Red Hat Enterprise Linux, SUSE Linux Enterprise Desktop, and Debian. Our software is used in exciting products such as the Tesla Model S and the Steam Deck.
Matthew Garrett: Responsible stewardship of the UEFI secure boot ecosystem — So, to have Microsoft, the self-appointed steward of the UEFI Secure Boot ecosystem, turn round and say that a bunch of binaries that have been reviewed through processes developed in negotiation with Microsoft, implementing technologies designed to make management of revocation easier for Microsoft, and incorporating fixes for vulnerabilities discovered by the developers of those binaries who notified Microsoft of these issues despite having no obligation to do so, and which have then been signed by Microsoft are now considered by Microsoft to be insecure is, uh, kind of impolite?
X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities — CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server's Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren't relying on your xorg-server running as root.
Many Old X.Org Components Saw New Releases This Weekend - Phoronix
Boycott Wayland. It breaks everything! — tl;dr: Wayland is not ready as a 1:1 compatible Xorg replacement just yet, and maybe never will. Hence, if you are interested in existing applications to "just work" without the need for adjustments, then you may be better of not using Wayland at this point.
X.Org Security Advisory: July 12, 2022

Horton Hears a Linux User | Coder Radio 474

13 juli 2022 | min

The Night of a Thousand Errors | LINUX Unplugged 466

10 juli 2022 | min

Brunch With Brent: Tim Canham | Jupiter Extras 87

10 juli 2022 | min

Podcasting is Back | Office Hours 7

8 juli 2022 | min

Linux Action News 248

7 juli 2022 | min

Laptop Coasters | Coder Radio 473

6 juli 2022 | min

Too Nixy for My Shirt | LINUX Unplugged 465

3 juli 2022 | min

A Pi For Every Problem | Self-Hosted 74

1 juli 2022 | min

Linux Action News 247

30 juni 2022 | min

Drunken Copilot | Coder Radio 472

29 juni 2022 | min

Git Happens | LINUX Unplugged 464

26 juni 2022 | min

Linux Action News 246

23 juni 2022 | min

Technical Guardians of the Galaxy | Coder Radio 471

22 juni 2022 | min

Humble Beginnings | LINUX Unplugged 463

19 juni 2022 | min

Brunch with Brent: Quentin Stafford-Fraser | Jupiter Extras 86

19 juni 2022 | min

100 Days of HomeLab | Self-Hosted 73

17 juni 2022 | min

Linux Action News 245

16 juni 2022 | min

Make it so, Dev One! | Coder Radio 470

15 juni 2022 | min

You can't judge a book by its cover, and this week we surprised each other when we dug into the HP Dev One. Plus some insights on remote virtual dev desktops and the gotcha's from WWDC we missed.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.
Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder

Support Coder Radio

Links:

Jupiter Broadcasting Meetup — No venue confirmed atm, this event is currently 100% provisional. Location most likely in London area - probably central and probably outdoors for obvious reasons. If you're interested in attending please indicate by RSVPing yes to this event.
Managed PostgreSQL and MongoDB are Here | Linode — We’ve added PostgreSQL and MongoDB to our managed database service. Launched in May with support for MySQL, Linode Managed Databases gives developers access to popular databases in a managed service that shifts some of the responsibility for maintenance and monitoring to us.
HP Dev One — From preinstalled Linux Pop!OS to a tuned Linux keyboard with a Super key, HP Dev One is designed with powerful features and tools to help you code your way.
Introducing Zed — A lightning-fast, collaborative code editor written in Rust.
Sunsetting Atom — Today, we’re announcing that we are sunsetting Atom and will archive all projects under the organization on December 15, 2022.
Here's why Stage Manager only works on M1 iPads — While iPadOS 16 is compatible with tablets ranging from the A9-powered fifth-gen iPad, not all features will roll out to non-M1-powered machines — the most notable being Stage Manager.
Apple will allow Linux VMs to run Intel apps with Rosetta in macOS Ventura — Some developers, including Hector Martin of the Asahi Linux project and Twitter user @neverreleased, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set.
Apple Will Handle Its Own Lending for Buy Now Pay Later Service — Apple Inc. will handle the lending itself for a new “buy now, pay later” offering, sidestepping partners as the tech giant pushes deeper into the financial services industry.
Qualcomm will beat M2 chips, claims CEO, with former Apple engineers — Qualcomm will beat M2 chips in the laptop and desktop PC sector, claims the company’s CEO, thanks to expertise from three former Apple Silicon engineers.
Boost: Grab a new Podcast App — Send a Boost into the show with a Podcasting 2.0 compatible app.

One Cosmic Collaboration | LINUX Unplugged 462

12 juni 2022 | min

Peer to Peer Future | Office Hours 6

10 juni 2022 | min

Outdoor networking adventures, new decentralized tools we're building, and a great chat with one of the co-founders of Podverse - an impressive open-source Podcasting 2.0 app.

Plus, a surprise live unboxing of HP's Dev One Linux laptop.

Sponsored By:

Links:

JupiterTube — Live streams and special events.
VDO.Ninja Trampoline — This form is just a URL simplification trampoline, i.e., it takes a few intuitive URL parameters and redirects to the underlying complex technical URL of VDO.Ninja. It allows you to control VDO.Ninja parameters at a central place while being able to use clean, intuitive and stable URLs for both the presenters and OBS Studio.
Vingester — Vingester (Video ingester, /ˈvɪnˈdʒɛster/) is a small, Open Source licensed, Electron-based, desktop application for use under Windows, macOS or Linux to run multiple Chromium-based Web browser instances and ingesting their rendered Web Contents as screen/window-captured or NDI-multicasted or FFmpeg-based video streams for further use in local or remote video mixing applications or for local recording.
Raspberry_ninja — Turn your Raspberry Pi or Nvidia Jetson into a ninja-cam with hardware-acceleration enabled! This lets you publish live streaming video and audio directly to your web browser or OBS instance using VDO.Ninja. Achieve very low streaming latency over the Internet or a LAN; all for free.
electroncapture: Playback video in a frameless electron app for screen-sharing and window capture — Created for VDO.Ninja users, it can provide users a clean way of window capturing websites. In the case of VDO.Ninja, it may offer a more flexible and reliable method of capturing live video than the browser source plugin built into OBS.
Issue tracking for Jupiter Broadcasting's peertube — Issue tracking for Jupiter Broadcasting's peertube instance at https://jupiter.tube/
PeerTube 4.2 — Editing videos from the web interface, detailed viewers stats for videos, ability to adjust latency during a live broadcast and much more... Let's look around and see what it brings us!
JupiterTube Matrix Chatroom — Join our JupiterTube Operations chat room on Matrix.
Podverse — Open source podcast app. Available for iOS, Android, F-Droid, and web.
Office Hours on Podverse
@Podverse on Twitter
Podverse on GitHub
Alby - Bitcoin Lightning Wallet — The Bitcoin Lightning wallet for direct payments across the globe, Bitcoin Lightning applications and passwordless logins. Alby is a wallet to send and receive Bitcoin payments with your normal browser on the Bitcoin Lightning Network with ease.
HP Dev One — From preinstalled Linux Pop!_OS to a tuned Linux keyboard with a Super key, HP Dev One is designed with powerful features and tools to help you code your way.
HP Dev One Unboxing - JupiterTube — I clipped the video of the HP Dev One unboxing from Office Hours, just in case you'd like to take a peek!
Umbrel 0.5 — This is Umbrel 0.5. A beautiful personal server OS that makes self-hosting accessible for everyone. And our biggest update to Umbrel yet.
Umbrel ☂️ on Twitter — A whole new look. Realtime app updates. App permissions, dependencies, and authentication. Official Bitcoin & Lightning node apps. Oh, and dark mode.
Boost: Grab a New Podcast App — Send a Boost into the show with a Podcasting 2.0 compatible app.

Linux Action News 244

9 juni 2022 | min

The Problem with WWDC | Coder Radio 469

8 juni 2022 | min

Deep in the Tumbleweeds | LINUX Unplugged 461

5 juni 2022 | min

First Account is Free | Self-Hosted 72

3 juni 2022 | min

Linux Action News 243

2 juni 2022 | min

Coding to Make It | Coder Radio 468

1 juni 2022 | min

CPU as a Service | LINUX Unplugged 460

29 maj 2022 | min

A new Linux update allows Intel to control features in your CPU using hardware-level DRM.

Sponsored By:

Support LINUX Unplugged

Links:

London Meetup — Sat, Aug 6, 2022, 2:00 PM GMT
Newest Version of Systemd Includes Experimental Feature for A/B-Style Updating — "Let's popularize image-based OSes," writes Lennart Poettering, "with modernized security properties built around immutability, SecureBoot, TPM2, adaptability, auto-updating, factory reset, uniformity — built from traditional distribution packages, but deployed via images."
Fitting Everything Together — In this blog story I hope to provide that from my personal perspective, i.e. explain how I personally would build an OS and where I personally think OS development with Linux should go.
systemd-sysupdate — This tool implements file, directory, or partition based update schemes, supporting multiple parallel installed versions of specific resources in an A/B (or even: A/B/C, A/B/C/D/, …) style. A/B updating means that when one version of a resource is currently being used, the next version can be downloaded, unpacked, and prepared in an entirely separate location, independently of the first, and — once complete — be activated, swapping the roles so that it becomes the used one and the previously used one becomes the one that is replaced by the next update, and so on.
Thoughts on software-defined silicon — The benefits to Intel are clear. The company can do price differentiation among its customers in an attempt to extract the maximum revenue from each while simultaneously reducing the number of different hardware products it must carry in its catalog. The revenue stream from a processor will not necessarily stop once the CPU is purchased, and might continue indefinitely. The benefit for customers is not quite so clear. In theory, customers with minimal needs can avoid paying for expensive features they don't use and can "upgrade" their hardware without downtime if their needs change.
platform/x86: Add Intel Software Defined Silicon driver — Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for activating additional silicon features. Features are enabled through a license activation process. The SDSi driver provides a per socket, sysfs attribute interface for applications to perform 3 main provisioning functions.
Boost without Switching Podcast Apps with Breez
New Podcast Apps
Pick: Mainline — A tool for installing the latest Linux kernels on Ubuntu-based distributions.

The Real MVP | Office Hours 5

27 maj 2022 | min

Linux Action News 242

26 maj 2022 | min

No More Snake Mustaches | Coder Radio 467

25 maj 2022 | min

No More Snake Mustaches | Coder Radio 467

25 maj 2022 | min

Soon there will be no shame in that snake game, the big trend that is not our friend, and Microsoft reinvents the widget.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Danielle DiMartino Booth on Twitter — "Amazon first announced it was going to be laying off 100,000 workers, and we really did get validation of the slowdown with Target, Walmart, Kohl’s saying we’re sitting on way too much inventory, demand is not there."
Richard Field on Twitter — So to retain its mythical credibility, will Fed follow through on its forward guidance and raise rates thereby making the recession more severe or will the Fed say, wait, all the contemporaneous data we have suggests we are in a recession, so time to halt rate increases?
The Labor Market Just Cratered — the Fed will be hard-pressed to drive inflation down towards its 2% target without raising the unemployment rate meaningfully, which in turn will require a significant downshift in labor demand.
The Cantillon Effect: Why Wall Street Gets a Bailout and You Don't — The reason is because money has to travel through institutions, and right now, the institutions for the powerful function well, and those for the rest of us are rickety and broken. So money gets to the rich first. Eventually, some money will get to the rest of us, but in the interim period before that money fully circulates, the wealthy can use their access to money to buy up physical or financial assets.
What is the Cantillon Effect and Why It’s Even More Important Now?
London Meetup PROVISIONAL, Sat, Aug 6, 2022 — Alex from Self-Hosted will be in the UK in August and is proposing a meetup in London on August 6th at 2pm GMT (meetup.com is based off JBs Pacific Time).
What’s New In Python 3.11 — This article explains the new features in Python 3.11, compared to 3.10.
What’s in which Python — 10–60% faster than 3.10
HP Dev One — Get ready for a laptop that’s customized for the way you code. Featuring preinstalled Pop!_OS Linux and a tuned Linux keyboard with a Super key, HP Dev One was designed with developers in mind.
Adaptive Cards — Adaptive Cards are platform-agnostic snippets of UI, authored in JSON, that apps and services can openly exchange.
AdaptiveCards on GitHub
The Mad Botter Is Hiring — Find your next job at The Mad Botter INC.

Better than Butter | LINUX Unplugged 459

22 maj 2022 | min

Recipe for Success | Self-Hosted 71

20 maj 2022 | min

Linux Action News 241

19 maj 2022 | min

Luxury Emotional Manipulation | Coder Radio 466

18 maj 2022 | min

Why Mike feels like Heroku is in a failed state, what drove us crazy about Google I/O this year, how Chris botched something super important, and some serious Python love sprinkled throughout.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Michael Dominick on Twitter — The first step pf #opencore / #foss Alice. See @CoderRadioShow I’m working on it! #automation. For nerds I’m trying to split the layers - the ones that make sense as #GPL and of course the rest. This harder than I had thought
Why Did Heroku Fail? — Fifteen years later, developers are still trying to recreate the developer experience of Heroku.
Announcing TypeScript 4.7 RC — Today we’re excited to announce our Release Candidate (RC) of TypeScript 4.7!
Google I/O 2022: Every New Device and Announcement — From Android 13 to the upcoming Pixel Watch, here's what Google unveiled at its annual developer conference.
Flutter 3 — Flutter 3 is live!!! For more information, see Introducing Flutter 3, What’s new in Flutter 3, and Dart 2.17:
A Few Things You Might Have Missed from Google I/O 2022
It's official. Remote work has zero negative impact on your productivity — Almost all of the study’s employees were right back up to the same level of output as they were doing before Hurricane Harvey.
Apple's Director of Machine Learning Resigns Due to Return to Office Work — Goodfellow reportedly broke the news to staff in an email, saying his resignation is in part due to Apple's plan to return to in-person work, which required employees to work from the office at least one day per week by April 11, at least two days per week by May 2, and at least three days per week by May 23. "I believe strongly that more flexibility would have been the best policy for my team," Goodfellow said in the email.
FIG JAM on Twitter — So...all these tech companies that have created hardware and software to connect people and enable them to collaborate and create from all over the world doesn't work for the companies themselves? What happened to eating your own dog food?
Python Distilled 1, Beazley, David M, eBook — The richness of modern Python challenges developers at all levels. How can programmers who are new to Python know where to begin without being overwhelmed? How can experienced Python developers know they're coding in a manner that is clear and effective? How does one make the jump from learning about individual features to thinking in Python at a deeper level? Dave Beazley's new Python Distilled addresses these and many other real-world issues.
Python Workout — The only way to master a skill is to practice. In Python Workout, author Reuven M. Lerner guides you through 50 carefully selected exercises that invite you to flex your programming muscles.
What is Tauri? — Tauri is a toolkit that helps developers make applications for the major desktop platforms - using virtually any frontend framework in existence. The core is built with Rust, and the CLI leverages Node.js making Tauri a genuinely polyglot approach to creating and maintaining great apps.
nitter
TMB Careers - The Mad Botter

NVIDIA's New View | LINUX Unplugged 458

15 maj 2022 | min

Finding Our Squeaky Wheels | Office Hours 4

13 maj 2022 | min

We've made some essential decisions for our big projects, what really has us excited about Podcasting 2.0, and the real problem with Boosts.

Plus Chris figured out one of Brent's secret flaws!

Open a channel to our node: 037d284d2d7e6cec7623

Special Guest: Brent Gervais.

Sponsored By:

Links:

Fountain 0.3.16 — You can now add another Fountain user as a split for your show or any episode. This is a really valuable feature if you have co-hosts, guests or a larger team working on your podcast that you want to distribute your income to.
Fountain on Twitter — Give @LynAldenContact a warm welcome to Podcasting 2.0! When you listen to Lyn's interview with @kerooke , a share of the sats you stream or Boost go to her Fountain wallet.
nout on Twitter — So I sent 10k sats from my @MuunWallet to @fountain_app (1 sat fee), I started listening to a podcast by @kerooke chatting with @LynAldenContact and I sent them a @PodcastindexOrg 2.0 boost, which got split evenly between Kevin and Lyn, while couple sats went to the tools!
FOUNTAIN: Podcasting 2.0 With Bitcoin - YouTube
Try the Fountain.FM Podcast App — Find Chris on Fountain, he is @ChrisLAS on there.
@chrislas - Fountain — Chris' clips he has shared on Fountain.
Podcast Index Case Study — Established in September of 2020, The Podcast Index is an alternative podcast directory that offers open, free access to creators, listeners, and podcast app developers. The inspiration of the brand is to be an alternative podcast directory to Apple, which is centralized and is monopolizing podcast distribution.
An Introduction to Podcasting 2.0 — Podcasting 2.0 is an umbrella term that covers a collection of initiatives to advance podcasting technology and to decentralize podcasting, taking control of the medium out of the hands of large technology companies.
Jupiter Broadcasting GitHub
Podcasting 2.0 Podcast — The Podcast Index presents Podcasting 2.0 - Upgrading Podcasting
Mastering the Lightning Network (LN) — The book describes the Lightning Network (LN), a Peer-to-Peer protocol running on top of Bitcoin and other blockchains, which provides near-instant, secure, micro-payments.
Non-Technical: Lightning Network Explained - YouTube — For the non-technical, what is the Lightning Network? How does it function? In this video Andreas walks through what's happening on the Lightning Network, all in a non-technical fashion. From funding transactions, to channels, routing, fees, security and trustlessness, this clip will give you a good overview of what's happening!
Bitcoin Lightning Network: How to Send and Receive Payments - YouTube — In this video, I discuss how to send and receive payments using the Lightning Network.

Linux Action News 240

11 maj 2022 | min

Mike's Magic Mom | Coder Radio 465

11 maj 2022 | min

After solving a moral dilemma in our particular kind of way, Mike dishes on some ambitious plans that might kick off a new era of development for him.

Sponsored By:

Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.
Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder

Support Coder Radio

Links:

Episode 5: End of the Petrodollar - Weirdly, not alarmist
Episode 14: Can't spell stagflation without oil and gas
Leaf Node Monitoring - Leaf Node — Open Source (GPLv3) Network Monitoring for Windows, Linux & Android. Written in C++ & Qt 5. Perfect to run on your desktop and monitor your servers. Simple setup, auto-detects running services, runs checks concurrently, open port scanning and alerting. Hosts with failed checks automatically rise to the top, everything that’s okay stays nice and green.
Selling my own GPL software part 3, prior art (existing GPL software for sale)
Python.NET — Python.NET provides a powerful application scripting tool for .NET developers. Using this package you can script .NET applications or build entire applications in Python, using .NET services and components written in any language that targets the CLR (C#, VB.NET, F#, C++/CLI).
Alice — The AI Bot Designed to make your business more efficient.
Joshua Lee / Jb Challenges · GitLab — This repository is setup for the Jupiter Broadcasting Community, by a community member. These challenges are for the Jupiter Broadcasting community and entirely community driven. It's easy make a challenge, and offer a reward in Bitcoin Satoshi's with a match going to Jupiter Broadcasting.
An Introduction to Podcasting 2.0 — The Podcast Namespace is a collection of extensions to the RSS 2.0 specification which support additional features for podcasting.
The RSS 2.0 spec was last updated in 2009 and there had been little to no activity to update RSS since then.
Podcastindex-org/podcast-namespace — A wholistic rss namespace for podcasting that is meant to synthesize the fragmented world of podcast namespaces. The broad goal is to create a single, compact, efficient namespace that is easily extensible, community controlled/authored and addresses the needs of the independent podcast industry now and in the future. Our hope is that this namespace will become the framework that the independent podcast community needs to deliver new functionality to apps and aggregators.

Automated Chaos | LINUX Unplugged 457

8 maj 2022 | min

Plausible Deniability | Self-Hosted 70

6 maj 2022 | min

Linux Action News 239

6 maj 2022 | min

Our Cuban Car Moment | Coder Radio 464

4 maj 2022 | min

Our Linux Regrets | LINUX Unplugged 456

1 maj 2022 | min

Linux Action News 238

28 april 2022 | min

New Website Energy | Office Hours 3

28 april 2022 | min

You Git What You Pay For | Coder Radio 463

27 april 2022 | min

Mike battles the onslaught of yet another bout with the plague. At the same time, we react live to Elon buying Twitter, Gitlab kicking off some free accounts, and we discover Google and Apple are working together again to pull the rug on app developers.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Tailscale: Tailscale is the easiest way to create a peer-to-peer network with the power of Wireguard.

Support Coder Radio

Links:

Elon Musk on Twitter — I hope that even my worst critics remain on Twitter, because that is what free speech means.
Twitter accepts Elon Musk's buyout deal — The announcement ends a weeks-long saga Musk kicked off when he offered to buy the company at $54.20 per share, his “best and final.”
Elon Musk talks Twitter, Tesla and how his brain works — live at TED2022 - YouTube — In this unedited conversation with head of TED Chris Anderson, Elon Musk — the head of Tesla, SpaceX, Neuralink and The Boring Company — digs into the recent news around his bid to purchase Twitter and gets honest about the biggest regret of his career, how his brain works, the future he envisions for the world and a lot more. (Recorded at TED2022 on April 14, 2022)
DNS on Blockchain: the next evolution of domain names? — The Blockchain technology could be a considerable evolution for DNS, bringing several advantages and new functionalities.
NEW SHOW: Office Hours with Chris — A podcast for the community of Jupiter Broadcasting, the Open Source media powerhouse of the Internet. Get the inside scope on our projects, the future of independent media, and decentralized community.
Upcoming changes to user limits on Free tier of GitLab SaaS — The Free tier of GitLab SaaS will have a limit of 5 users per namespace beginning June 22, 2022
Protopop Games on Twitter — I feel sick. Apple just sent me an email saying they're removing my free game Motivoto because its more than 2 years old.
Protopop Games on Twitter Adds — I'm sitting here on a Friday night, working myself to to bone after my day job, trying my best to scrape a living from my indie games, trying to keep up with Apple, Google, Unity, Xcode, MacOS changes that happen so fast my head spins while performing worse on older devices.
Google Play Store cracks down on outdated app — It’s limiting the availability of apps over two years out of date

I run NixOS BTW | LINUX Unplugged 455

24 april 2022 | min

Get Off My Lawn, The Robot's Got It | Self-Hosted 69

22 april 2022 | min

Linux Action News 237

21 april 2022 | min

Podcasting Perils | Office Hours 2

21 april 2022 | min

Account Suspenders | Coder Radio 462

20 april 2022 | min

Double Distro Details | LINUX Unplugged 454

17 april 2022 | min

The Enthusiast Trap | Office Hours 1

15 april 2022 | min

Linux Action News 236

14 april 2022 | min

SUSE has a skunkworks distro in development, the transition Debian is struggling with, and some long-awaited improvements to Raspberry Pi OS.

Sponsored By:

Support Linux Action News

Links:

openSUSE Developing “Adaptable Linux Platform” For Next-Gen SUSE Linux Enterprise — Another important point is that we intend to split what was a more generic, everything is closely intertwined into two parts: One smaller hardware enabling piece, a kind of "host OS", and the and the layer providing and supporting applications, which will be container (and VM) based.
Update on next generation of SLE - openSUSE Mailing Lists
An update to Raspberry Pi OS Bullseye — With this latest release, the default “pi” user is being removed, and instead you will create a user the first time you boot a newly-flashed Raspberry Pi OS image. This is in line with the way most operating systems work nowadays, and, while it may cause a few issues where software (and documentation) assumes the existence of the “pi” user, it feels like a sensible change to make at this point.
PipeWire 0.3.50 — WINE applications using the JACK backend should no longer crash.
OpenSSH 9.0 released — It is claimed to be primarily a bug-fix release, but it also switches to a new, quantum-computer-proof key-exchange protocol by default and includes a number of sftp changes, some of which may create some compatibility issues with scp.
Reiser5 Issues New Development Release, Performance Numbers For Scaling Out — Shishkin published an new Reiser5 unstable snapshot today that targets Linux 5.16 kernel compatibility. Along with updating Reiser5 for newer kernel compatibility and other changes since its prior snapshot, Shishkin accompanied today's announcement with some benchmark numbers.
New NVIDIA Open-Source Linux Kernel Graphics Driver Appears — Appearing with NVIDIA's latest Linux4Tegra code drop is a new open-source kernel graphics driver not previously published. This driver isn't based on the existing Nouveau driver but rather appears to be derived from their internal driver code-base with some copyright references going back to 90's.
NVIDIA Publishes Signed Ampere Firmware To Finally Allow Accelerated Open-Source Support — Even with the signed firmware images, there are still complications around re-clocking the GPU to get off the rather low boot clock frequencies. Those complications around power management in the context of signed firmware images have meant the GTX 900 series and newer hasn't been able to operate with the open-source driver at its optimal clock frequencies...
Debian still having trouble with merged /usr — The addition of the "/usr merge" feature has been something of longstanding mess in the Debian world. It seems like a relatively innocuous change, but ever since we first covered the feature introduction for Debian—more than six years ago—it has a been a recurring series of headaches within that community. Recent events have seemingly simply prolonged the pain, though perhaps the end is in sight.
Usr move status in various distros
The Case For The Usr Merge

Easy for Schmidt to Say | Coder Radio 461

13 april 2022 | min

Raleigh Action Show | LINUX Unplugged 453

10 april 2022 | min

Unwyze Choices | Self-Hosted 68

8 april 2022 | min

Linux Action News 235

7 april 2022 | min

Request Out of Time | Coder Radio 460

6 april 2022 | min

Headline Hangout w/Chris | Jupiter Extras 85

4 april 2022 | min

Synapse Collapse | LINUX Unplugged 452

3 april 2022 | min

March Boost Battle | Jupiter Extras 84

31 mars 2022 | min

Linux Action News 234

31 mars 2022 | min

Revolution in Review | Coder Radio 459

30 mars 2022 | min

The NixOS Challenge | LINUX Unplugged 451

27 mars 2022 | min

The No Container Theory | Self-Hosted 67

25 mars 2022 | min

Linux Action News 233

23 mars 2022 | min

No Sideloading in this House | Coder Radio 458

23 mars 2022 | min

Apple enters full panic mode over sideloading, and our plan to push back against industry-wide consolidation kicks off.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Datadog: Try Datadog free by starting a your 14-day trial and receive a free t-shirt once you install the agent.

Support Coder Radio

Links:

You can't install your own SSD into a Mac Studio despite there being slots — In news that should surprise nobody, you can't install your own SSD into a Mac Studio.
Jupiter Broadcasting East Coast Meetup — Let's hang out at the park across the street from Prime BBQ.
Install and Configure NixOS on a Linode — You can use a pre-existing Linode, or you can create a new one. If you’re using a pre-existing Linode, go to the Create Disks for Nix section, and resize your images into that approximate format.
iCloud and Many Other Apple Services Are Down — Affected services and apps include the App Store, iCloud, Siri, iMessage, iTunes Store, Apple Maps, Apple Music, Apple Podcasts, Apple Arcade, Apple Fitness+, Apple TV+, Find My, FaceTime, Notes, Stocks, and many others, according to complaints across Twitter and other platforms. Apple's developer website is also inaccessible due to server issues.
Upcoming EU Sideloading Bill — The Digital Markets Act has been in development for some time and the finalized version that could be completed as soon as this month will allow for sideloading and alternate app store options. Apple will be required to allow customers in Europe to download apps outside of the app stores, and it will also allow developers to use alternate purchase methods.
Consolidation in podcasting: happening fast — If you wanted to reach 50% of all weekly podcast consumers a year ago, you would need to have advertised on the top seven podcast networks. But after considerable acquisition of big independent shows in the past twelve months, you can now reach 50% of weekly listeners if you buy advertising on just four podcast networks, he says
On the weaponisation of open source | Tales about Software Engineering — As part of this post, I’m going to look at the decision by MongoDB to cut off services in Russia, the destructive change in a node library that deleted files on Russian IPs, a change in code/licence in a community terraform module.
New sanctions bill targets publishing code — It additionally calls for sanctions on anyone who “significantly and materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of any [sanctioned] person.”
[PDF] Digital Asset Sanctions Compliance Enhancement Act

It Went Real Bad | LINUX Unplugged 450

20 mars 2022 | min

Linux Action News 232

17 mars 2022 | min

Rich Clownshow Services | Coder Radio 457

16 mars 2022 | min

Bugfix and Chill | LINUX Unplugged 449

13 mars 2022 | min

Mmm. Pi. | Self-Hosted 66

10 mars 2022 | min

Linux Action News 231

10 mars 2022 | min

Linux CEO | Coder Radio 456

9 mars 2022 | min

We revisit one of the core theses of the show and expand on it in a new way, leading us to ponder just what a wild ride the next eight years are going to be.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Datadog: Try Datadog free by starting a your 14-day trial and receive a free t-shirt once you install the agent.

Support Coder Radio

Links:

John Carmack asks why Wine isn't good enough — I truly do feel that emulation of some sort is a proper technical direction for gaming on Linux. It is obviously pragmatic in the range of possible support, but it shouldn’t have the technical stigma that it does. There really isn’t much of anything special that a native port does – we still make OpenGL calls, winsock is just BSD sockets, windows threads become pthreads, and the translation of input and audio interfaces don’t make much difference (XInput and Xaudio2 are good APIs!). A good shim layer should have far less impact on performance than the variability in driver quality.
Jupiter Broadcasting East Coast Meetup — Let's hang out at the park across the street from Prime BBQ.
After NVIDIA, Hacker Group Lapsus$ Targets Samsung — Global tech and electronics major Samsung became the latest target of the South America-based cyber extortion group Lapsus$. The hacker group leaked sensitive proprietary information, including source codes, for various device and online operations a week after it leaked 19 GB of data stolen from NVIDIA. Lapsus$’s has hinted that its next big target could be Vodafone, Impresa, or MercadoLibre/MercadoPago.
Samsung confirms hackers stole Galaxy devices source code
Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online
Ransomware Group Threatens To Leak "Nvidia's Most Closely Guarded" Secrets — “We request that Nvidia commits to completely open source their graphics processing unit drivers for Windows, MacOS, and Linux from now on and forever,” the ransomware group said in a statement. Should the company not acquiesce to the request, Lapsus will “release the complete silicon, graphics, and computer chipset files for all recent Nvidia graphics processing units.”
Russia to Legalize Software Piracy — Against the backdrop of sanctions gaining momentum, Russian authorities are urgently preparing support measures, among which is being discussed the suspension of criminal and administrative liability for use of pirated software “from countries supporting sanctions”. Such a step could temporarily soften the exit from Russia of Microsoft, IBM, Oracle, and others, say experts. But, they warn, a large part of significant software from those companies is sold on subscription, which means access to them will be blocked in any event.
Microsoft Flight Simulator's cloud debut comes with upsides for devs — Microsoft is releasing an API for developers interested in building cloud-native games with Xbox Cloud Gaming capabilities in mind.

A Mystery in Plain Sight | LINUX Unplugged 448

6 mars 2022 | min

Linux Action News 230

3 mars 2022 | min

One Revision Away | Coder Radio 455

2 mars 2022 | min

An Umbrel for Everything | LINUX Unplugged 447

27 februari 2022 | min

Failing at Scale | Self-Hosted 65

25 februari 2022 | min

Linux Action News 229

24 februari 2022 | min

No Quest for the Wicked | Coder Radio 454

23 februari 2022 | min

Mike has some huge news and busted wifi, Chris spent a weekend in the Metaverse, and why Microsoft has us both upset.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
Datadog: Try Datadog free by starting a your 14-day trial and receive a free t-shirt once you install the agent.

Support Coder Radio

Links:

Michael Dominick on Twitter — Mission accomplished! Now to get her running Linux!
Amazon Basics 500-Watt Ceramic Small Mini Heater — Compact personal space heater design that is small enough for tables or desktops
Warm Desk Pad — Warm desk pad made with high quality PVC Mateirals and rubber back,edge stitched, waterproof, pad size: 31*13 inch.
Their Bionic Eyes Are Now Obsolete and Unsupported — These three patients, and more than 350 other blind people around the world with Second Sight’s implants in their eyes, find themselves in a world in which the technology that transformed their lives is just another obsolete gadget.
Chris Lattner left Swift core team — To answer your question, the root cause of my decision to leave the core team is a toxic environment in the meetings themselves. The catalyst was a specific meeting last summer: after being insulted and yelled at over WebEx (not for the first time, and not just one core team member), I decided to take a break. I was able to get leadership to eventually discuss the situation with me last Fall, but after avoiding dealing with it, they made excuses, and made it clear they weren't planning to do anything about it. As such, I decided not to return. They reassure me they "want to make sure things are better for others in the future based on what we talked about" though.
Core team to form language workgroup — The core team is currently looking at restructuring the project's leadership to provide more pathways for community members to become actively involved in the project's stewardship.
You’ll need a Microsoft account to set up future versions of Windows 11 Pro | Ars Technica — Like the Home edition of Windows 11, the Pro version will now require an Internet connection and a Microsoft account during setup.
Why Coinbase admitted Apple calls the shots — As Coinbase CEO Brian Armstrong wrote on February 4th, “For any app to be listed in the Apple and Google App Stores, it needs to play by the rules of those two companies.” That means that whatever Apple and Google decide as their content policy, Coinbase will follow, Armstrong says. “Our approach is to be free speech supporters, but not free speech martyrs.”
Immersed on Oculus Quest 2 | Oculus — VR Offices! Free app to get your Mac/PC/Linux screens in VR (including additional virtual screens with no extra hardware) in stunning virtual worlds!

Kudu Cores and Cloud Wars | LINUX Unplugged 446

20 februari 2022 | min

Linux Action News 228

17 februari 2022 | min

International Boomer Marooners | Coder Radio 453

16 februari 2022 | min

Brent's Betrayal | LINUX Unplugged 445

13 februari 2022 | min

Analysis Paralysis | Self-Hosted 64

11 februari 2022 | min

Linux Action News 227

10 februari 2022 | min

Shockingly Pragmatic | Coder Radio 452

9 februari 2022 | min

Much Ado About Ubuntu | LINUX Unplugged 444

6 februari 2022 | min

Linux Action News 226

3 februari 2022 | min

The Trouble with Tablets | Coder Radio 451

2 februari 2022 | min

Who Wants to be a Satoshionaire Land of the Snow Edition | Jupiter Extras 83

2 februari 2022 | min

Linux Did This First | LINUX Unplugged 443

30 januari 2022 | min

Pulling the Rug Out | Self-Hosted 63

28 januari 2022 | min

Linux Action News 225

27 januari 2022 | min

MetaWave | Coder Radio 450

26 januari 2022 | min

Liberty Leaks and Lies | LINUX Unplugged 442

23 januari 2022 | min

Linux Action News 224

20 januari 2022 | min

Monetized Misery | Coder Radio 449

19 januari 2022 | min

Microsoft is now the Disney of Video Games | Jupiter Extras 82

18 januari 2022 | min

We react to Microsoft gobbling up yet another game studio, chat about Crypto.com's recent $15M hack, the massive failure YouTube just admitted, and a few personal crew stories.

Sponsored By:

Support JB Directly : Support the network directly with our new network membership.

Links:

Microsoft to acquire Activision Blizzard — Microsoft will acquire Activision Blizzard for $95.00 per share, in an all-cash transaction valued at $68.7 billion, inclusive of Activision Blizzard’s net cash. When the transaction closes, Microsoft will become the world’s third-largest gaming company by revenue, behind Tencent and Sony. The planned acquisition includes iconic franchises from the Activision, Blizzard and King studios like “Warcraft,” “Diablo,” “Overwatch,” “Call of Duty” and “Candy Crush,” in addition to global eSports activities through Major League Gaming. The company has studios around the world with nearly 10,000 employees.
Microsoft’s Xbox Game Pass service grows to 25 million subscribers
Crypto.com Suffers Hack for At Least $15M in Ethereum — The crypto exchange has reportedly lost at least $15 million in Ethereum, and security experts believe the true losses could be much higher.
Coinbase NFT Marketplace Will Enable Purchases With Mastercard — Crypto exchange Coinbase has announced a partnership with Mastercard to address the 'pain points' of purchasing NFTs.
Intel to Unveil 'Ultra Low-Voltage Bitcoin Mining ASIC' in February — One of Intel's "highlighted chip releases" at the conference is entitled "Bonanza Mine: An Ultra-Low-Voltage Energy-Efficient Bitcoin Mining ASIC." The session is scheduled for Feb. 23.
YouTube Shuts Down Original Content Group — “We will honor our commitment for already contracted shows in progress and creators who are involved with those shows should expect to hear from us directly in the coming days,” Kyncl wrote in the message posted to Twitter.
Susanne Daniels Exits YouTube as Global Originals Head — Susanne Daniels is exiting YouTube after nearly seven years at the Google-owned global video-sharing company. The YouTube global head of original content will depart in March.
Apple retakes top spot in global smartphone market in Q4 2021 — Apple accounted for 22% of worldwide smartphone shipments in Q4 2021, thanks to strong demand for the iPhone 13.

Planet Incinerating Technology | LINUX Unplugged 441

16 januari 2022 | min

Succumbing to the Ecosystem | Self-Hosted 62

14 januari 2022 | min

Alex got some new devices for Christmas, and we set off to figure out how to integrate them into his network.

And Brent's tale of giving the gift of Jellyfin.

Special Guest: Brent Gervais.

Sponsored By:

Support Self-Hosted

Links:

homebridge — Homebridge is a lightweight NodeJS server you can run on your home network that emulates the iOS HomeKit API. It supports Plugins, which are community-contributed modules that provide a basic bridge from HomeKit to various 3rd-party APIs provided by manufacturers of "smart home" devices.
HomeKit - Home Assistant — The HomeKit integration allows you to make your Home Assistant entities available in Apple HomeKit, so they can be controlled from Apple’s Home app and Siri; even if those devices do not natively support HomeKit.
How to Easily Program NFC Tags with Your iPhone — The best part is that you can do many things with an NFC tag. Basically, the sky is the limit – and if you can program it, you can use an NFC tag to automate it.
Apple TV - Home Assistant — The Apple TV integration allows you to control an Apple TV (any generation).
Infuse 7 on the App Store — Ignite your video content with Infuse – the beautiful way to watch almost any video format on your iPhone, iPad, Apple TV, and Mac. No need to convert files! Infuse is optimized for macOS 12, with powerful streaming options, Trakt sync, and unmatched AirPlay & subtitle support. Gorgeous interface. Precise controls. And silky-smooth playback.
Docker - Perfect Media Server
Dozzle — Dozzle is a real-time log viewer for docker containers.
ChrisLAS Birthday Party Hang and Chow Meetup — Join us at the studio up in Arlington for a hang and chow. Attendees are encouraged to bring their favorite dish or at least an appetite.

Road Trip Tech | Jupiter Extras 81

13 januari 2022 | min

Linux Action News 223

13 januari 2022 | min

Fakers and Takers | Coder Radio 448

12 januari 2022 | min

Road Trip Memories | Jupiter Extras 80

11 januari 2022 | min

Saving Podcasting from Centralization | LINUX Unplugged 440

9 januari 2022 | min

Linux Action News 222

6 januari 2022 | min

All Roads Lead to Clippy | Coder Radio 447

5 januari 2022 | min

Why Linux Will Win in 20 Years | Jupiter Extras 79

4 januari 2022 | min

Double Server Jeopardy | LINUX Unplugged 439

2 januari 2022 | min

That First Layer Squish | Self-Hosted 61

31 december 2021 | min

Blizzard Battery Battle | Coder Radio 446

29 december 2021 | min

Million-Dollar Predictions | LINUX Unplugged 438

28 december 2021 | min

Linux Action News 221

27 december 2021 | min

Say No to Node | Coder Radio 445

22 december 2021 | min

The 2021 Tuxies | LINUX Unplugged 437

21 december 2021 | min

elementary OS 6.1 Secrets with Founder and CEO Danielle Foré | Jupiter Extras 78

21 december 2021 | min

Linux Action News 220

19 december 2021 | min

Someone Else's Computer | Self-Hosted 60

17 december 2021 | min

Recent AWS outages sent Alex on a hunt to find more self-hosted alternatives, and Chris digs into the latest Home Assistant release.

Plus a frenzy of your excellent feedback and questions.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
Backblaze Unlimited Backup: Get peace of mind knowing your files are backed up securely in the cloud with Backblaze.

Support Self-Hosted

Links:

AWS explains outage — A major Amazon Web Services outage on Tuesday started after network devices got overloaded, the company said on Friday.
Arthur on Twitter — The AWS outage trickled down to my automated Christmas lights not turning on tonight
WLED — Control WS2812B and many more types of digital RGB LEDs with an ESP8266 or ESP32 over WiFi!
John Foreman on Twitter — AWS had an outage and now I can't vacuum the dog hair in my living room. What a time to be alive
Valetudo — Valetudo is a standalone binary, which runs on rooted Vacuums of the Xiaomi ecosystem and aims to enable the user to operate the robot vacuum without any Cloud Connection whatsoever.
Amazon Web Services crashed today : amazonecho — I spent about an hour restarting routers, checking for updates, unplugging and plugging in devices, and scouring the web for answers and finally saw in the news that an AWS outage took out a huge chunk of the internet. Amazon hasn’t released a statement yet, that I know of, but I assume this is what’s affecting all of the devices, e.g., my smart plug stopped working and my echo dot and show only stream one song before quitting for no apparent reason.
Tasmota — Total local control with quick setup and updates. Control using MQTT, Web UI, HTTP or serial. Automate using timers, rules or scripts. Integration with home automation solutions. Incredibly expandable and flexible.
log4j Vulnerability | Info :: LinuxServer.io — Multiple vulnerabilities (CVE-2021-44228 and CVE-2021-45046) have been discovered in log4j which can lead to denial of service and remote code execution. The following Linuxserver containers have been confirmed not to be affected by CVE-2021-44228 or CVE-2021-45046 due to existing mitigations, upstream patches, or workarounds applied to the container images.
changedetection.io — The best and simplest self-hosted open source website change detection monitoring and notification service. An alternative to Visualping, Watchtower etc. Designed for simplicity - the main goal is to simply monitor which websites had a text change. Open source web page change detection - Now also includes JSON API change detection and monitoring support!
2021.12 - Home Assistant — New configuration menu, the button entity, and gorgeous area cards!
Paulus Schoutsen on Twitter — With @NabuCasa we’re doing all our meetings in VR. It feels more like being together compared to a grid of webcam feeds. Especially for collaborative sessions this is a big win.
How to Approach a company about building an HA integration on their API? — From the web UI I can see that the system is designed with security in mind - each request must contain various tokens generated with a combination of AES256 encryption, MD5 and SHA512 hashing of the rest of the request, along with device-provided keys and various state-tracking.
Infrastructure as Code - Perfect Media Server — This simple philosophy of managing configuration in the same way as we do with source code revolutionized the way I approach building systems.
Get Together | New Server Christening — Lets get together, share some foods, and power up the new Jupiter Broadcasting local server. Then stick around and listen in to a live recording of LINUX Unplugged from the studio.

Mining the Logs | Coder Radio 444

15 december 2021 | min

Hop on Pop | LINUX Unplugged 436

14 december 2021 | min

We each try out the new Pop_OS! and Carl Richell from System76 joins us to get into the details.

Plus why we feel Pop might be the new Ubuntu.

Special Guest: Carl Richell.

Sponsored By:

Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.

Support LINUX Unplugged

Links:

Amazon Is Hiring DXVK, Mesa & Proton Linux Developers For Luna Cloud Gaming - Phoronix — As part of the work on Amazon's Luna cloud gaming service, the company has put out job openings of great match to our audience... An Amazon engineer did confirm that this indeed is for genuine Linux gaming engineers.
New Server Christening Get Together — Lets get together, share some foods, and power up the new Jupiter Broadcasting local server. Then stick around and listen in to a live recording of LINUX Unplugged from the studio.
System76 Blog — Pop!OS 21.10 has landed!
Pop!OS 21.10 Introduces Mini Application Menu
Jeremy Soller on Twitter — Pop switched the build system and repositories away from http://launchpad.net to our own system http://apt.pop-os.org/release for 21.10 in order to improve our control of package updates and reduce the time to build, test, and release them. It is not related to changing bases.
Linode Security Digest December 12-19, 2021
Pop!OS Auto Tiling Tutorial
Recovery Partition - System76 Support — The Recovery Partition is a full copy of the Pop!OS installation disk. It can be used exactly the same as if a live disk copy of Pop!OS was booted from a USB drive.
Add Recovery To Your Pop!OS — If you like me, fellow reader, you may be using a more custom partition setup. Unfortunately, anything other than the default clean install on Pop!_OS means you do not get the automatically generated recovery partition of goodness. Here's a small guide over how to get the setup on an already existing install.
casper — A hook for initramfs-tools to boot live systems.
pop-os/launcher — Modular IPC-based desktop launcher service.
Raycast — Raycast is a blazingly fast, totally extendable launcher. It lets you complete tasks, calculate, share common links, and much more.
Pick: n.eko — A self hosted virtual browser that runs in docker and uses WebRTC.
Ventoy — With ventoy, you don't need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.

Linux Action News 219

12 december 2021 | min

Reptilian Power Play | Coder Radio 443

8 december 2021 | min

Desktop Burnout | LINUX Unplugged 435

7 december 2021 | min

Cryptocurrency Chat with Chris | Jupiter Extras 77

6 december 2021 | min

Linux Action News 218

5 december 2021 | min

I Tried to Love Portainer | Self-Hosted 59

3 december 2021 | min

Touched by the Bar | Coder Radio 442

1 december 2021 | min

Mike visits Pallet Town and comes back with some SQLAlchemy performance wisdom to share. Meanwhile, struggling with a lack of performance, Chris has kicked the tires of his new M1 Max MacBook Pro and is ready to share his counter-narrative take on the new hardware.

Sponsored By:

Support Coder Radio

Links:

Ditto — Ditto is an extension to the Windows Clipboard. You copy something to the Clipboard and Ditto takes what you copied and stores it in a database to retrieve at a later time.
Maccy — Maccy is a lightweight clipboard manager for macOS. It keeps the history of what you copy and lets you quickly navigate, search, and use previous clipboard contents.
SUSE-Cafe: Personal Color scheme for KDE Plasma 5 — Coffee lovers rejoice! I'm sharing my personal color scheme. Simple, easy on the eyes, and chocolatey!
Advanced Visual Studio Code for Python Developers — During this tutorial, you’ll learn how you can configure, extend, and optimize VS Code for a more effective and productive Python development environment. After finishing this tutorial, you’ll have a variety of tools to help you be more productive using VS Code. It can be a powerful tool for rapid Python development.
Pallet Town: SQLAlchemy Performance I — SQLAlchemy is the standard ORM toolkit for Python programs and it can be a little intimidating, especially for folks who haven’t done much database development. It also, like just about every ORM, is laden with pitfalls for developers who haven’t deal with even medium-scale database-powered applications. Once you get some of the basics down, these three tips should help you avoid those pitfalls.
Parallels Desktop 17 — Support for VirGL in Virtio GPU which enables Linux 3D acceleration out of the box in supported Linux distributions, brings visual performance improvements, and allows using the Wayland protocol in Linux virtual machines.

Endlessly Flat | LINUX Unplugged 434

30 november 2021 | min

The Director of EndlessOS joins us to respond to recent Flatpak criticism.

We take the opportunity to expand on the overall effort to solve Linux fragmentation.

Special Guests: Martin Wimpress, Neal Gompa, and Will Thompson.

Sponsored By:

Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.

Support LINUX Unplugged

Links:

Pocket Popcorn Computer — Finally, a handheld Linux device with a high-definition 1080p display and large battery life. Pocket P.C. is your hacker terminal on-the-go.
On Flatpak disk usage and deduplication – Will Thompson’s GNOME-ish blog — There is a blog post doing the rounds asserting that Flatpak Is Not The Future. The post is really long, and it seems unlikely that I and the author will ever agree on this topic, so I’m only going to talk about a couple of paragraphs about disk usage and sharing of runtimes between apps which caught my eye.
Bustle — Graphical D-Bus message analyser and profiler.
Gnome Initial Setup
Endless OS Foundation — Our mission is to help all people and communities connect with technology.
Will sometimes does other stuff and writes about it
Flatpak Is Not the Future - Ludocode — Flatpak calls itself “the future of application distribution”. I am not a fan. I’m going to outline here some of the technical, security and usability problems with Flatpak and others. I’ll try to avoid addressing “fixable” problems (like theming) and instead focus on fundamental problems inherent in their design. I aim to convince you that these are not the future of desktop Linux apps.
docker-slim — Don’t change anything in your Docker container image and minify it by up to 30x
Flatseal — Flatseal is a graphical utility to review and modify permissions from your Flatpak applications.
Bruch with Brent with Stuart Langridge — Brent sits down with Stuart Langridge, co-host of Bad Voltage, for an exploration of open source’s “final mile”, the text and language interface as a UX opportunity, terminals vs. search engines, Darwinian processes and crab-bucketism in software development, and more.
Seeking contractors for work on Flathub project — GNOME has a donor who is interested in supporting financial sustainability for app developers and removing barriers to an inclusive ecosystem. Flathub would like to use these funds to work with a contractor for a short-term project and make steps towards supporting application developers being able to request payments (whether donations or subscriptions).

Linux Action News 217

28 november 2021 | min

Dependency Derby | Coder Radio 441

24 november 2021 | min

Are Linux devs getting upset with the Python community? We weigh in on a nuanced issue. Plus the mass-mod resignation over at Rust, and Mike's thoughts on setting up a dev environment on Windows 11.

Sponsored By:

Support Coder Radio

Links:

Windows 11 - A Dev's Perspective — I was up and running with Python / FastAPI in less than a half hour. Postgresql, my database of choice, works just fine on Windows. Coder Radio listeners will know that I have been a fan of WSL for some time, however, for this challenge, I stuck with native Windows tooling. That’s right PowerShell! Upon install and launching the now built-in Windows Terminal, I was prompted to update PowerShell to PowerShell 7 and it’s great. If you only use BASH for basic terminal functionality or git from the CLI, you’ll be just fine on PowerShell.
Python: Please stop screwing over Linux distros — I manage my Python packages in the only way which I think is sane: installing them from my Linux distribution’s package manager. I maintain a few dozen Python packages for Alpine Linux myself. It’s from this perspective that, throughout all of this turmoil in Python’s packaging world, I have found myself feeling especially put out. Every one of these package managers is designed for a reckless world in which programmers chuck packages wholesale into ~/.pip, set up virtualenvs and pin their dependencies to 10 versions and 6 vulnerabilities ago, and ship their computers directly into production in Docker containers which aim to do the minimum amount necessary to make their user’s private data as insecure as possible.
mod team resignation by BurntSushi · Pull Request #671 · rust-lang/team — The entire moderation team resigns, effective immediately. This resignation is done in protest of the Core Team placing themselves unaccountable to anyone but themselves.
1068-rust-governance - The Rust RFC Book — Subteam, and especially core team members are also held to a high standard of behavior. Part of the reason to separate the moderation subteam is to ensure that CoC violations by Rust's leadership be addressed through the same independent body of moderators.
Moderation Team Resignation : r/rust

The Lessons of Jellyfin | LINUX Unplugged 433

23 november 2021 | min

We revisit some old assumptions about the open-source Plex-alternative, Jellyfin. We each try it out, and along the way, gain a few insights about open source.

Sponsored By:

Support LINUX Unplugged

Links:

Register for Ohio LinuxFest 2021
Kodi “Matrix” 19.3 Release — Okay, we know that we've only just released 19.2, and some of you are probably even still waiting for that, but that's a big part of the reason we need to push out a new build. We still had some challenges with the Xbox release, and some other issues came to light that we didn't want to ignore - so, rather than get into platform-specific point releases, we thought we'd just nudge up to 19.3 and go for it.
Jellyfin — Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way.
Plex — Plex brings together all the media that matters to you. Your personal collection will look beautiful alongside stellar streaming content.
Dual Gigabit Ethernet Carrier Board for Raspberry Pi CM4 4 with 4GB RAM/ 32GB eMMC — It features a variety of I/O peripherals such as MIPI CSI, MIPI DSI, micro-HDMI to connect displays/ cameras, a standard 9-pin USB 3.0 header for more USB expansion, a micro-SD card slot, and an FPC connector while maintaining a compact form factor! This board is ideal for HTPC makers, Linux developers, software router enthusiasts, and the majority of regular Raspberry Pi users.
Client Spotlight: Infuse for tvOS and iOS - Jellyfin: The Free Software Media System — With Infuse, it's easy to connect to with automatic server discovery. Once connected, you can enjoy direct playback (no transcoding required) for almost all formats.
Jellyfin Plugin for Kodi — The Jellyfin for Kodi add-on combines the best of Kodi - ultra smooth navigation, beautiful UIs and playback of any file under the sun, and Jellyfin - the most powerful open source multi-client media metadata indexer and server. You can now retire your MySQL setup in favor of a more flexible setup.
catt — Cast All The Things allows you to send videos from many, many online sources to your Chromecast.
Self-Hosted Podcast — Discover new software and hardware to get the best out of your network, control smart devices, and secure your data on cloud services.
Perfect Media Server — Perfect Media Server began life as a series of blog posts over at blog.linuxserver.io. Those posts continue to be very popular but a blog post (or three) can only get you so far... I therefore introduce perfectmediaserver.com - a wiki format information repository detailing all you need to know to build a free, open and modular media server that will last for many, many years.
Jellyfin Android App
Jellyfin for Android TV
Jellyfin Roku App
Jellyfish Bitrate Test Files
jellyfin-mpv-shim — MPV Cast Client for Jellyfin.
Pick: Junction — Set Junction as the default application for a resource and let it do the rest. Junction will pop up and offer multiple options to handle it.
Junction on Flathub

Linux Action News 216

21 november 2021 | min

Pi Server Upgrade | Self-Hosted 58

19 november 2021 | min

Just Say No to M1 | Coder Radio 440

17 november 2021 | min

Three Tumbleweed Temptations | LINUX Unplugged 432

16 november 2021 | min

Linux Action News 215

14 november 2021 | min

Github NoPilot | Coder Radio 439

10 november 2021 | min

Command Line Love | LINUX Unplugged 431

9 november 2021 | min

Linux Action News 214

7 november 2021 | min

Alex Deletes it All | Self-Hosted 57

5 november 2021 | min

The Oppenheimer Problem | Coder Radio 438

3 november 2021 | min

After a little async Ruby chat and developer morality struggle, Chris explains how macOS Monterey has lapped Linux with a critical workstation feature.

Sponsored By:

A Cloud Guru: A Cloud Guru now includes Cloud Playground. Azure, AWS, or GCP Sandboxes at your fingertips.
Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder

Support Coder Radio

Links:

Google's 'Be Evil' business transformation is complete — Looking through the lawsuit, the scope and shamelessness of Google's greed would appear to be stark. Project Bernanke, for example, is claimed to take data from publishers' ad servers to boost Google's own services. Project NERA, to create a "not owned but operated" walled garden for users if they used any Google service. "Project Jedi" was allegedly meant to freeze out independent ad exchanges by using insider knowledge, and in "Jedi Blue", Google is alleged to have conspired with Facebook to parcel out the goodies between themselves.
fasterthanlime 🌌 on Twitter — "Ok so, I just read through all 173 pages of the unredacted Google antitrust filing and I have to say that either Google is screwed or society is screwed, we'll find out which."
Async Ruby — Async Ruby adds new concurrency features to the language; you can think of it as "threads with none of the downsides". It's been in the making for a couple of years, and with Ruby 3.0, it's finally ready for prime time.
Explaining Ruby Fibers — A fiber is simply an independent execution context that can be paused and resumed programmatically. We can think of fibers as story lines in a book or a movie: there are multiple happenings involving different persons at different places all occurring at the same time, but we can only follow a single story line at a time: the one we’re currently reading or watching.
How macOS is more reliable, and doesn’t need reinstalling — This layout segregates the contents of the system into files which don’t change, except in a macOS update, and everything else which does.
Low Power Mode — The downside of any Low Power Mode feature will be reduced performance. This is generally easy to quantify via benchmarks, and the Mac's low power mode is not an exception
Erase all content and settings — Open System Preferences and check the menu bar to launch the Erase Assistant. In short, it retains the system data volume (originally introduced in Catalina) and formats the paired data volume, destroying your encryption keys in the process so that no data can be recovered from the drive.
Window management — Clicking and holding the green stoplight button when an app is in full-screen mode presents some additional options, too. In Big Sur, this menu will only offer to exit full-screen mode, but in Monterey you can send a Split View window into its own separate full-screen view, or you can replace one half of a Split View window with another app. And there’s also a setting that makes the menu bar stay at the top of the screen even when you’re using full-screen mode, instead of hiding-and-showing as it does by default.
Some Older Macs Reportedly Bricked After Installing macOS Monterey — At least ten separate posts (1, 2, 3 4, 5, 6, 7, 8, 9, 10) on Apple Support Communities contain users complaining that as they were attempting to update their Mac to ‌macOS Monterey‌, the Mac went completely black and they're unable to turn it on.

The Real Beefy Miracle | LINUX Unplugged 430

2 november 2021 | min

Linux Action News 213

31 oktober 2021 | min

Microsoft War Stories | Coder Radio 437

27 oktober 2021 | min

Starlink's Linux Secrets | LINUX Unplugged 429

26 oktober 2021 | min

Linux Action News 212

26 oktober 2021 | min

Feeling Wyze | Self-Hosted 56

22 oktober 2021 | min

The Diablo is in the Details | Coder Radio 436

20 oktober 2021 | min

Pi for the People | LINUX Unplugged 428

19 oktober 2021 | min

Linux Action News 211

17 oktober 2021 | min

Ask Alice | Coder Radio 435

13 oktober 2021 | min

Life Changing Virtualization | LINUX Unplugged 427

12 oktober 2021 | min

Linux Action News 210

10 oktober 2021 | min

Home Assistant Turns Amber | Self-Hosted 55

8 oktober 2021 | min

This Old Linux PC | LINUX Unplugged 426

7 oktober 2021 | min

Coding Gungan Style | Coder Radio 434

6 oktober 2021 | min

Linus Tech Tips Linux Challenge: Our Reaction | Jupiter Extras 76

5 oktober 2021 | min

Linux Action News 209

4 oktober 2021 | min

Falling for FastAPI | Coder Radio 433

29 september 2021 | min

Mike's falling in love with FastAPI and gives us a hint at the next project he's building.

Plus, our thoughts on employee machine monitoring and building a transition plan when you are ready to quit your job.

Sponsored By:

Support Coder Radio

Links:

Michael Dominick on Twitter — The newest addition to the @TheMadBotterINC team, he’s a QA Engineer with keen eyes and sharp claws to testing.
Apple CEO Tim Cook addresses workplace issues, pay equity, more in all-hands meeting — Cook, along with SVP of Retail and People Deirdre O'Brien, addressed a range of subjects from pay equity to Texas' new abortion law in a meeting broadcast to employees around the world, reports The New York Times.
Activist employees told the publication that Cook answered only two of a number of questions they wanted to ask. The report fails to detail what those two questions were, but notes the Apple chief did comment on pay equity, at least in part.
FastAPI — FastAPI is a modern, fast (high-performance), web framework for building APIs with Python 3.6+ based on standard Python type hints.
Starlette — Starlette is a lightweight ASGI framework/toolkit, which is ideal for building high performance asyncio services.
pydantic — Data validation and settings management using python type annotations.
Typer — Typer is a library for building CLI applications that users will love using and developers will love creating. Based on Python 3.6+ type hints.
SQLModel — SQL databases in Python, designed for simplicity, compatibility, and robustness.
Street Coder — Software development isn't an "ivory tower" exercise. Street coders get the job done by prioritizing tasks, making quick decisions, and knowing which rules to break.
Coder to Developer — Coder to Developer helps you excel at the many non-coding tasks entailed, from start to finish, in just about any successful development project.
Will Monitoring the Workplace Improve Productivity? — According to technical talent recruiting company Apollo Technical, here are a couple of key research findings about remote workers and productivity.

Sad Server Stories | LINUX Unplugged 425

28 september 2021 | min

Linux Action News 208

26 september 2021 | min

Ultimate Off-Site Setup | Self-Hosted 54

25 september 2021 | min

That Time We Stepped In It | Coder Radio 432

22 september 2021 | min

Space for Theming | LINUX Unplugged 424

21 september 2021 | min

Linux Action News 207

19 september 2021 | min

Success is not Illegal | Coder Radio 431

15 september 2021 | min

What Makes a Linux User? | LINUX Unplugged 423

14 september 2021 | min

Linux Action News 206

12 september 2021 | min

Adventurous Build | Self-Hosted 53

10 september 2021 | min

We chat with Matt from Adventurous Way about the home automations that have improved his quality of life, the clever way he manages their off-grid rig, and the new smart home project he's just kicking off.

Special Guest: Matt from Adventurous Way.

Sponsored By:

Support Self-Hosted

Links:

Adventurous Way - YouTube — Our motto is to live life the adventurous way. If there is a conventional way to do something and an adventurous way to do something - we choose the adventurous way.
Our DIY RV electrical system 3 years later - a detailed walk-through - YouTube — We installed our DIY RV electrical system as soon as we hit the road in the RV almost 3 years ago. In this video, we give you a detailed walk-through of our system that consists of 300Ah Battle Born Batteries, Victron inverter, DC to DC charger, 600 watts of rooftop solar that lets us boondock in beautiful places that we otherwise couldn't.
The ultimate DIY SMART RV - tour our SMART HOME on wheels - YouTube — A tour of our DIY smart RV, packed full of home automation technology that makes our full-time RV life more comfortable, secure and efficient!
SONOFF SV — Wi-Fi DIY Smart Switch for low voltage goodness
CARP — CARP is the Common Address Redundancy Protocol. Its primary purpose is to allow multiple hosts on the same network segment to share an IP address. CARP is a secure, free alternative to the Virtual Router Redundancy Protocol (VRRP) and the Hot Standby Router Protocol (HSRP).
Color Control GX — The Color Control GX is the communication-centre of your installation. It offers at-a-glance live information, and lets you control all products connected to it.
Node-RED — Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
Pi-KVM — This device helps to manage servers or workstations remotely, regardless of the health of the operating system or whether one is installed. You can fix any problem, configure the BIOS, and even reinstall the OS using the virtual CD-ROM or Flash Drive.
Adventurous Way - Technology / Smart Home website — A highly informative blog series from Matt on his smart RV experience.
dbus-mqtt Github repo — The Github repo for Victron's MQTT implementation.
Self-Hosting Victron Venus OS on a Raspberry Pi — This page explains how to install the Victron Energy Venus OS onto a RaspberryPi.
Home Assistant - set_location service — Set your location programmatically with Home Assistant.

Steamy PostgreSQL Shower | Coder Radio 430

8 september 2021 | min

The Fun Distro | LINUX Unplugged 422

7 september 2021 | min

Linux Action News 205

5 september 2021 | min

Apple Fools Everyone | Coder Radio 429

1 september 2021 | min

Server Savior Squad | LINUX Unplugged 421

31 augusti 2021 | min

Linux Action News 204

29 augusti 2021 | min

Navigating DeGoogling | Self-Hosted 52

27 augusti 2021 | min

Epic's Receipts | Coder Radio 428

25 augusti 2021 | min

Real People Are Out There | LINUX Unplugged 420

24 augusti 2021 | min

Linux Action News 203

22 augusti 2021 | min

Second-Class Desktop | Coder Radio 427

18 augusti 2021 | min

What's Cookin' at System76 | LINUX Unplugged 419

17 augusti 2021 | min

Linux Action News 202

15 augusti 2021 | min

Apple's Rotten Scanning | Self-Hosted 51

13 augusti 2021 | min

The Thoughtful Triangle | Coder Radio 426

11 augusti 2021 | min

What's up with WireGuard | LINUX Unplugged 418

10 augusti 2021 | min

Linux Action News 201

8 augusti 2021 | min

Ruby in the Rough | Coder Radio 425

4 augusti 2021 | min

Big promises are being made in Ruby land, Tech Crunch says Open Source is dead, and we have thoughts to share about both!

We also discuss Google's Time Crystals. They have the power to fundamentally change our lives, but what the heck are they?

Sponsored By:

Support Coder Radio

Links:

Sorbet Compiler — For the past year, the Sorbet team has been working on an experimental, ahead-of-time compiler for Ruby, powered by Sorbet and LLVM. Today we’re sharing the source code for it.
Patrick Collison on Twitter — We're big believers in multi-year infrastructure bets. After a few years of Ruby infra work, our in-house Ruby compiler is now 22–170% faster than Ruby's default implementation for Stripe's production API traffic. If interested in working on such problems, we're hiring!
Sorbet · A static type checker for Ruby — Sorbet is 100% compatible with Ruby. It type checks normal method definitions, and introduces backwards-compatible syntax for method signatures.
Time crystals — But time crystals want to be coherent. So putting them inside a quantum computer, and using them to conduct computer processes could potentially serve an incredibly important function: ensuring quantum coherence.
White paper: Observation of Time-Crystalline Eigenstate Order on a Quantum Processor — Here we implement a continuous family of tunable CPHASE gates on an array of superconducting qubits to experimentally observe an eigenstate-ordered DTC. We demonstrate the characteristic spatiotemporal response of a DTC for generic initial states. Our work employs a time-reversal protocol that discriminates external decoherence from intrinsic thermalization, and leverages quantum typicality to circumvent the exponential cost of densely sampling the eigenspectrum. In addition, we locate the phase transition out of the DTC with an experimental finite-size analysis. These results establish a scalable approach to study non-equilibrium phases of matter on current quantum processors.
First ‘Time Crystal’ Built Using Google’s Quantum Computer
Time crystals could be the miracle quantum computing needs
The end of open source? — I think the “hypocrite commits” contretemps is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users. That ecosystem has long wrestled with problems of scale, complexity and free and open-source software’s (FOSS) increasingly critical importance to every kind of human undertaking.
Facebook allegedly tried to buy Pegasus spyware to track iPhone users — The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” Hulio said in his declaration.

Run Every Distro At Once | LINUX Unplugged 417

3 augusti 2021 | min

Linux Action News 200

1 augusti 2021 | min

Perfect Plex Setup | Self-Hosted 50

30 juli 2021 | min

We discuss Chris's latest wall-mounted tablet solution for Home Assistant and several scripts to pimp your Plex setup.

Join us for a very special birthday episode as we celebrate our 50th.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh
A Cloud Guru: This course is a deep-dive course on Linux File Sharing.
CloudFree.shop: CloudFree Smart Plug – Runs Tasmota for $9. Use code SELFHOSTED and support the show. Promo Code: SELFHOSTED

Support Self-Hosted

Links:

Chris and The Badger T-Shirt — A limited edition "Chris and The Badger" t-shirt to commemorate the Self-Hosted podcasts 50th episode. Get yours whilst supplies last!
Chris and The Badger Sticker — To celebrate the 50th episode of Self-Hosted we're launching a new Chris and The Badger sticker!
Self-Hosted T-Shirt — We challenge you to tell the world you are nerd without saying a word. This new t-shirt is sure to be a conversation starter! Available for a limited time.
Self-Hosted Square Sticker — We love this one because it's our MP3 album art turned into a sticker. And we think that makes it pretty darn special.
WallPanel — WallPanel is an Android application for Web Based Dashboards and Home Automation Platforms. You can either side load the application to your Android device from the release section, install the application from Google Play or get WallPanel from the Amazon Appstore.
Amazon Fire Toolbox — Now, thanks to XDA Senior Member Datastream33, owners of Amazon Fire/Fire HD tablets can more easily sideload Google Play Store, replace the stock launcher, and remove all Amazon bloatware apps with an easy-to-use application.
[WINDOWS][TOOL]Fire Toolbox V20.0 — The Fire Toolbox is a collection of useful ADB (Android Debug Bridge) tweaks that can be applied to Amazon's Fire Tablets. The Toolbox project aims to help users fully customize and unlock the full potential of their tablets by putting all the power into their hands.
Jupiter Broadcasting - Show Notes — Alex and TheOrangeOne's latest project
Shaw in Canada thinks plex is suspicious — Shaw Protected Browsing uses Zvelo, which flags app.plex.tv.
Plex-Meta-Manager — Plex Meta Manager is a Python 3 script that can be continuously run using YAML configuration files to update on a schedule the metadata of the movies, shows, and collections in your libraries as well as automatically build collections based on various methods all detailed in the wiki.
MovieMatch for Plex — Have you ever spent longer deciding on a movie than it'd take to just watch a random movie? This is an app that helps you and your friends pick a movie to watch from a Plex server.
Hide Spoilers Plex Script
Infuse 7 — Browse and play videos stored on a Mac, PC, NAS, media servers like Plex, Emby, Jellyfin, or cloud service like Dropbox, Google Drive, OneDrive, Box, MEGA, and others. Plus, videos from multiple sources can all be displayed neatly together in one central library.
Arlo (VMS4330P) Pro 2 - Wireless Home Security Camera System with Siren — Arlo Pro 2 is the most powerful and easy to use wire-free security camera ever thanks to its 1080P video, wire-free simplicity and the option to plug it in to a power outlet whenever needed, all in a small weather-resistant design. Additional features include Alexa voice commands and rechargeable batteries. Requirements: High-speed Internet connection, Available Ethernet port on your router. Wireless: 2.4 GHz & 802.11n. Operating temperature: 32° to 122° F (0° to 50° C). Battery - 2440mAh rechargeable battery. Battery life varies based on settings, usage, & temperature.
Wyze Cam RTSP
Does the v3 support RTSP?
Shinobi — Shinobi is Open Source, written in Node.js, and real easy to use. It is the future of CCTV and NVR for developers and end-users alike.
Denver and SLC Meetups Soon!

Denial of DOS | Coder Radio 424

28 juli 2021 | min

Server Meltdown | LINUX Unplugged 416

27 juli 2021 | min

Linux Action News 199

25 juli 2021 | min

Dead Desktop Disco | Coder Radio 423

21 juli 2021 | min

Something Sinister Below Deck | LINUX Unplugged 415

20 juli 2021 | min

Linux Action News 198

17 juli 2021 | min

Update Roulette | Self-Hosted 49

16 juli 2021 | min

Don't Code in Bed | Coder Radio 422

14 juli 2021 | min

Linux’s Awkward News Phase | LINUX Unplugged 414

13 juli 2021 | min

Linux Action News 197

11 juli 2021 | min

Misdirected Request | Coder Radio 421

7 juli 2021 | min

Community of Enterprise Linux | LINUX Unplugged 413

6 juli 2021 | min

Linux Action News 196

5 juli 2021 | min

A Solution Looking for a Problem | Self-Hosted 48

2 juli 2021 | min

You Can't Sideload Happiness | Coder Radio 420

1 juli 2021 | min

Going Deepin on Fuchsia | LINUX Unplugged 412

29 juni 2021 | min

Linux Action News 195

27 juni 2021 | min

Authentication Timeout | Coder Radio 419

23 juni 2021 | min

The Best of Both OSs | LINUX Unplugged 411

22 juni 2021 | min

Linux Action News 194

20 juni 2021 | min

Whose License Is It Anyway? | Self-Hosted 47

18 juni 2021 | min

I'm a Teapot | Coder Radio 418

16 juni 2021 | min

Ye Olde Linux Distro | LINUX Unplugged 410

15 juni 2021 | min

Linux Action News 193

13 juni 2021 | min

Why Would Developers Care? | Coder Radio 417

9 juni 2021 | min

Launch Your Memories Into the Future | LINUX Unplugged 409

8 juni 2021 | min

Linux Action News 192

6 juni 2021 | min

Pastebin Alternative | Self-Hosted 46

4 juni 2021 | min

Strange Voltron of Hell | Coder Radio 416

2 juni 2021 | min

Linux Road Warrior | LINUX Unplugged 408

1 juni 2021 | min

Linux Action News 191

31 maj 2021 | min

Keyboard Kurious | Coder Radio 415

26 maj 2021 | min

And the Answer is... | LINUX Unplugged 407

25 maj 2021 | min

Linux Action News 190

22 maj 2021 | min

The Future of Home Assistant | Self-Hosted 45

21 maj 2021 | min

Google I/NO | Coder Radio 414

19 maj 2021 | min

Mars Goes to Shell | LINUX Unplugged 406

18 maj 2021 | min

Linux Action News 189

15 maj 2021 | min

Painpoints to Profits | Coder Radio 413

12 maj 2021 | min

Distro in the Rough | LINUX Unplugged 405

11 maj 2021 | min

Linux Action News 188

9 maj 2021 | min

Plex Skeptics | Self-Hosted 44

7 maj 2021 | min

Context in Comprehension | Coder Radio 412

5 maj 2021 | min

You've Got Mail | LINUX Unplugged 404

4 maj 2021 | min

Linux Action News 187

2 maj 2021 | min

The Misadventures of Mad Mikhail | Coder Radio 411

28 april 2021 | min

Hidden Features of Fedora 34 | LINUX Unplugged 403

27 april 2021 | min

Linux Action News 186

25 april 2021 | min

A New Solution for Backups | Self-Hosted 43

23 april 2021 | min

M1 has a Dirty Little Secret | Coder Radio 410

21 april 2021 | min

Our Worst Idea Yet | LINUX Unplugged 402

20 april 2021 | min

Linux Action News 185

18 april 2021 | min

Conflict | Coder Radio 409

14 april 2021 | min

Own Your Mailbox | LINUX Unplugged 401

13 april 2021 | min

Linux Action News 184

11 april 2021 | min

Don't Panic | Self-Hosted 42

9 april 2021 | min

Request Timeout | Coder Radio 408

7 april 2021 | min

The See Ya Next Tuesday | LINUX Unplugged 400

6 april 2021 | min

Linux Action News 183

4 april 2021 | min

Halls of Glowing Apples | Coder Radio 407

31 mars 2021 | min

No PRs Please | LINUX Unplugged 399

30 mars 2021 | min

Linux Action News 182

28 mars 2021 | min

The One with Jeff Geerling | Self-Hosted 41

26 mars 2021 | min

Functional Sadism | Coder Radio 406

24 mars 2021 | min

Back in the Freedom Dimension | LINUX Unplugged 398

23 mars 2021 | min

Linux Action News 181

21 mars 2021 | min

Method Not Allowed | Coder Radio 405

17 mars 2021 | min

Linux Desktop Levels Up | LINUX Unplugged 397

16 mars 2021 | min

Linux Action News 180

13 mars 2021 | min

Password Shaming | Self-Hosted 40

12 mars 2021 | min

Not Found | Coder Radio 404

10 mars 2021 | min

How Linux Got to Mars | LINUX Unplugged 396

9 mars 2021 | min

Linux Action News 179

7 mars 2021 | min

Forbidden | Coder Radio 403

3 mars 2021 | min

The Waybig Machine | LINUX Unplugged 395

2 mars 2021 | min

Linux Action News 178

28 februari 2021 | min

We run Arch BTW | Self-Hosted 39

26 februari 2021 | min

Payment Required | Coder Radio 402

24 februari 2021 | min

Tempted But the Truth is Discovered | LINUX Unplugged 394

23 februari 2021 | min

Linux Action News 177

21 februari 2021 | min

Unauthorized | Coder Radio 401

17 februari 2021 | min

Perfecting Our Plasma | LINUX Unplugged 393

16 februari 2021 | min

Linux Action News 176

14 februari 2021 | min

Crouching Pi, Hidden Server | Self-Hosted 38

12 februari 2021 | min

Bad Request | Coder Radio 400

10 februari 2021 | min

Dad's Deployments | LINUX Unplugged 392

9 februari 2021 | min

Linux Action News 175

6 februari 2021 | min

Better Living Through Bots | Coder Radio 399

3 februari 2021 | min

GNOME 40ified | LINUX Unplugged 391

2 februari 2021 | min

Linux Action News 174

31 januari 2021 | min

Security Growing Pains | Self-Hosted 37

29 januari 2021 | min

Testing the Test | Coder Radio 398

27 januari 2021 | min

Eating the License Cake | LINUX Unplugged 390

26 januari 2021 | min

Linux Action News 173

24 januari 2021 | min

Electron Ennui | Coder Radio 397

20 januari 2021 | min

Harder Butter Faster Stronger | LINUX Unplugged 389

19 januari 2021 | min

Linux Action News 172

17 januari 2021 | min

Google Docs Replacement | Self-Hosted 36

15 januari 2021 | min

Everyone Fools Around with Linux in College | Coder Radio 396

13 januari 2021 | min

Waxing On With Wendell | LINUX Unplugged 388

12 januari 2021 | min

Linux Action News 171

10 januari 2021 | min

50 Shades of M1 | Coder Radio 395

6 januari 2021 | min

Tumbling Into the New Year! | LINUX Unplugged 387

5 januari 2021 | min

Linux Action News 170

3 januari 2021 | min

The Perfect Media Server | Self-Hosted 35

1 januari 2021 | min

SaaS is a Blast | Coder Radio 394

30 december 2020 | min

Perilously Precocious Predictions | LINUX Unplugged 386

29 december 2020 | min

Linux Action News 169

27 december 2020 | min

The Snake in the Room | Coder Radio 393

23 december 2020 | min

Mike details his favorite python tools and his tricks for performance concerns.

Plus a bunch of workspace improvment ideas, feedback, and more.

Sponsored By:

Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
A Cloud Guru: A Cloud Guru now includes Cloud Playground. Azure, AWS, or GCP Sandboxes at your fingertips.

Support Coder Radio

Links:

Mechanical Keyboards Matrix Chat
ThinkPad TrackPoint Keyboard II — The ThinkPad TrackPoint II Keyboard translates the ThinkPad notebook’s iconic typing experience into a stand-alone device.
Gooseneck Tablet Holder — Flexible Arm Clip Tablet Stand Bed Desk Mount Compatible with iPad Pro Mini Air, Galaxy Tabs and More
Portable Monitor — UPERFECT 15.6" 100% DCI-P3, 99% Adobe RGB, 500 Nits Brightness, FHD 1920x1080 IPS Screen
Chris’ WFH Setup Pics on Instagram
Welcome to Flask
FastAPI — FastAPI framework, high performance, easy to learn, fast to code, ready for production
Qt for Python | The official Python bindings for Qt — Qt for Python is the project that provides the official set of Python bindings (PySide2) that will supercharge your Python applications. While the Qt APIs are world renowned, there are more reasons why you should consider Qt for Python. The first official release of the PySide2 module is available now!
Pylance - Visual Studio Marketplace — Pylance is an extension that works alongside Python in Visual Studio Code to provide performant language support. Under the hood, Pylance is powered by Pyright, Microsoft's static type checking tool. Using Pyright, Pylance has the ability to supercharge your Python IntelliSense experience with rich type information, helping you write better code faster.
pylance-release: Documentation and issues for Pylance
microsoft/pyright: Static type checker for Python — Pyright is a fast type checker meant for large Python source bases. It can run in a “watch” mode and performs fast incremental updates when files are modified.
Jeremy Soller on Twitter — "I can no longer let things like this go. While System76 has been a part of the process, this should not be interpreted as consent to the new GNOME Shell design. We will do whatever possible to improve Pop!_OS UX even if it breaks significantly from GNOME's defaults."
Carl Richell on Twitter — Yes, we were involved but our involvement had no impact on the design. Our design ethos and reading of the research differs. We raised our concerns and proposed a different design. We’re continuing our research and building prototypes.
GNOME on Twitter — System76 was part of the entire process: setting up the research, doing polls, evaluating the results, suggesting changes
KDE Architecture — Human Interface Guidelines documentation
Plasma/Architecture - KDE Community Wiki

The 2020 Tuxies | LINUX Unplugged 385

22 december 2020 | min

Linux Action News 168

20 december 2020 | min

Take Powerline Seriously | Self-Hosted 34

18 december 2020 | min

Seduced by The Snake | Coder Radio 392

16 december 2020 | min

Born To Run Fedora | LINUX Unplugged 384

15 december 2020 | min

Linux Action News 167

13 december 2020 | min

Coder In the Woods | Coder Radio 391

9 december 2020 | min

Murder of a Distro | LINUX Unplugged 383

8 december 2020 | min

Linux Action News 166

6 december 2020 | min

Helios64 Review | Self-Hosted 33

4 december 2020 | min

The Gold Rust | Coder Radio 390

2 december 2020 | min

A New Endeavour | LINUX Unplugged 382

1 december 2020 | min

Linux Action News 165

29 november 2020 | min

Smoked Laptops | Coder Radio 389

25 november 2020 | min

Secret Modem Sounds | LINUX Unplugged 381

24 november 2020 | min

Linux Action News 164

22 november 2020 | min

Google Turning the Screw | Self-Hosted 32

20 november 2020 | min

MacOS Lincoler | Coder Radio 388

18 november 2020 | min

No Sur, No Thank You | LINUX Unplugged 380

17 november 2020 | min

Linux Action News 163

15 november 2020 | min

ARMed & Dangerous | Coder Radio 387

11 november 2020 | min

Favorite Linux Tweaks | LINUX Unplugged 379

10 november 2020 | min

Linux Action News 162

8 november 2020 | min

Industrial Grade Mobile Internet | Self-Hosted 31

6 november 2020 | min

i386 | Coder Radio 386

4 november 2020 | min

All in One Pi | LINUX Unplugged 378

3 november 2020 | min

Linux Action News 161

1 november 2020 | min

Edging the Fox | Coder Radio 385

28 oktober 2020 | min

Buttered-Up Fedora | LINUX Unplugged 377

27 oktober 2020 | min

Linux Action News 160

25 oktober 2020 | min

Automation Entropy Factor | Self-Hosted 30

23 oktober 2020 | min

Leaping Lizard People | Coder Radio 384

21 oktober 2020 | min

From The Factory Floor | LINUX Unplugged 376

20 oktober 2020 | min

Linux Action News 159

18 oktober 2020 | min

Wrong About Pop! | LINUX Unplugged 375

13 oktober 2020 | min

Java Justice | Coder Radio 383

13 oktober 2020 | min

Linux Action News 158

11 oktober 2020 | min

Perils of Self-Hosting | Self-Hosted 29

9 oktober 2020 | min

Perfect Nextcloud Setup | LINUX Unplugged 374

6 oktober 2020 | min

Hacktoberbust | Coder Radio 382

6 oktober 2020 | min

Linux Action News 157

4 oktober 2020 | min

Flamewar Feedback Frenzy | Coder Radio 381

30 september 2020 | min

Your New Tools | LINUX Unplugged 373

29 september 2020 | min

Linux Action News 156

27 september 2020 | min

Directing Traefik | Self-Hosted 28

25 september 2020 | min

Developer Unfriendly | Coder Radio 380

23 september 2020 | min

Distro Triforce | LINUX Unplugged 372

22 september 2020 | min

Linux Action News 155

20 september 2020 | min

Neckbeards Get Shaved | Coder Radio 379

16 september 2020 | min

Cabin Fever | LINUX Unplugged 371

15 september 2020 | min

Linux Action News 154

13 september 2020 | min

Picture Perfect | Self-Hosted 27

11 september 2020 | min

Rust, Safe for Marketing | Coder Radio 378

9 september 2020 | min

PipeWire Progress | LINUX Unplugged 370

8 september 2020 | min

Linux Action News 153

6 september 2020 | min

An Epic Underdog | Coder Radio 377

2 september 2020 | min

Double Data Rate Trouble | LINUX Unplugged 369

1 september 2020 | min

The Trouble with Docker | Self-Hosted 26

27 augusti 2020 | min

The Best is Yet to Come | LINUX Unplugged 368

25 augusti 2020 | min

Check Out The New Show! | User Error 89

25 augusti 2020 | min

WESA BACK! | Coder Radio 376

25 augusti 2020 | min

Podcatcher Play-off | LINUX Unplugged 367

18 augusti 2020 | min

The Future of Unraid | Self-Hosted 25

13 augusti 2020 | min

Linux Server Salvage | LINUX Unplugged 366

11 augusti 2020 | min

There's a Hole in my Boot! | LINUX Unplugged 365

4 augusti 2020 | min

OPNsense Makes Sense | Self-Hosted 24

30 juli 2020 | min

Linux Arm Wrestling | LINUX Unplugged 364

28 juli 2020 | min

Brunch with Brent: Carl Richell | Jupiter Extras 75

24 juli 2020 | min

Return of the Terminal Server | LINUX Unplugged 363

21 juli 2020 | min

Shields Up | Self-Hosted 23

16 juli 2020 | min

The Hidden Cost of Nextcloud | LINUX Unplugged 362

14 juli 2020 | min

Buttery Smooth Fedora | LINUX Unplugged 361

7 juli 2020 | min

Slow Cooked Servers | Self-Hosted 22

2 juli 2020 | min

The Hard Work of Hardware | LINUX Unplugged 360

30 juni 2020 | min

Death of the Mac | LINUX Unplugged 359

23 juni 2020 | min

Brunch with Brent: Philip Müller | Jupiter Extras 74

19 juni 2020 | min

The Perfect Server Build | Self-Hosted 21

18 juni 2020 | min

Our Fragmented Favorite | LINUX Unplugged 358

16 juni 2020 | min

The Little Distro That Could | LINUX Unplugged 357

9 juni 2020 | min

One is None | Self-Hosted 20

4 juni 2020 | min

You're not a true self-hoster until you've lost your entire configuration at least once. Alex does a deep dive into cloud backup, plus we need your help to find the right Wifi solution for a listener.

Links:

LINUX Unplugged 355: Chris' Data Crisis — Chris' tale of woe after a recent data loss, and Wes' adventure after he finds a rogue device on his network.
Jupiter Extras: A Chat with mergerfs Developer Antonio Musumeci — mergerfs makes JBOD (Just a Bunch Of Drives) appear like an ‘array’ of drives. mergerfs transparently translates read/write commands to the underlying drives from a single mount point, such as /mnt/storage.
Duplicati — Duplicati works with standard protocols like FTP, SSH, WebDAV as well as popular services like Backblaze B2, Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, hubiC and many others.
restic · Backups done right! — Backing up your data with restic should only be limited by your network or hard disk bandwidth so that you can backup your files every day.
Backblaze — Cloud storage that's astonishingly easy and low-cost.
How does Backblaze support Linux Users? — There are a variety of options for using Linux with B2. These include open-source (free) and commercial applications, command-line (CLI) and graphical interface (GUI) tools, and tools that include encryption, automation, hybrid NAS/B2 support, mounting remote archives as volumes, and other capabilities.
How to configure Backblaze B2 with Duplicity on Linux — Duplicity can store backup data in many destinations, including Backblaze B2. This guide will help you get setup and give you the commands to do a full backup and restore of a specific folder.
duplicity — Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server.
rsync.net — We give you an empty UNIX filesystem that you can access with any SSH tool
Amazon S3 Glacier — Long-term, secure, durable Amazon S3 object storage classes for data archiving, starting at $1 per terabyte per month
Installation Methods & Community Guides Wiki - Home Assistant — Today I want to take a step back and take a holistic view of installation methods. What installation methods do we support as a project, and what does supported mean.
TiddlyWiki — a non-linear personal web notebook — A unique non-linear notebook for capturing, organising and sharing complex information.
An opinionated approach to TiddlyWiki

Linux Hardware Love | LINUX Unplugged 356

3 juni 2020 | min

All Good Things | TechSNAP 430

28 maj 2020 | min

Chris' Data Crisis | LINUX Unplugged 355

26 maj 2020 | min

Brunch with Brent: Kyle Rankin | Jupiter Extras 73

22 maj 2020 | min

The Open Source Catch-22 | Self-Hosted 19

21 maj 2020 | min

Microsoft FINALLY Gets It | LINUX Unplugged 354

19 maj 2020 | min

Curious About Caddy | TechSNAP 429

14 maj 2020 | min

Feeling Elive | LINUX Unplugged 353

12 maj 2020 | min

Entropy Overhaul | BSD Now 349

7 maj 2020 | min

Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.

Headlines

EKCD - Encrypted Crash Dumps in FreeBSD

Some time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.

The main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.

Time on Unix

Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.

Over millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.

We’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.

See the article for more

News Roundup

Improve ZVOL sync write performance by using a taskq

A central log host with syslog-ng on FreeBSD - Part 1

syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.

HEADS UP: NetBSD Entropy Overhaul

This week I committed an overhaul of the kernel entropy system. Please let me know if you observe any snags! For the technical background, see the thread on tech-kern a few months ago: https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html.

Setting Up NetBSD Kernel Dev Environment

I used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.

Beastie Bits

Feedback/Questions

Ghislain - ZFS Question
Jake - Paypal Donations
Oswin - Hammer tutorial

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Ring Doorbell Alternative | Self-Hosted 18

6 maj 2020 | min

Three Course Battery | LINUX Unplugged 352

5 maj 2020 | min

RAID Reality Check | TechSNAP 428

30 april 2020 | min

BSD Community Collections | BSD Now 348

30 april 2020 | min

FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.

Headlines

FuryBSD 2020Q2 Images Available for XFCE and KDE

The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support.

Technical reasons to choose FreeBSD over GNU/Linux

Since I wrote my article "Why you should migrate everything from Linux to BSD" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.

News Roundup

+ Not actually Linux distro review deux: GhostBSD

When I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.

I think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.

GhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.

“TLS Mastery” sponsorships open

My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.

This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.

JT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:

JT's post: https://twitter.com/q5sys/status/1251194823589138432
- High Resolution Image to see the bottom shelf better: https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg
- Closeup of the BSD Section: https://twitter.com/q5sys/status/1251294290782928897
Others jumped in with their collections:
- Deb Goodkin's collection: https://twitter.com/dgoodkin/status/1251294016139743232 & https://twitter.com/dgoodkin/status/1251298125672660992
- FreeBSD Frau's FreeBSD Collection: https://twitter.com/freebsdfrau/status/1251290430475350018
- Jason Tubnor's OpenBSD Collection: https://twitter.com/Tubsta/status/1251265902214918144

Do you have a nice collection, take a picture and send it in!

Tale of OpenBSD secure memory allocator internals - malloc(3)

Hi there,

It's been a very long time I haven't written anything after my last OpenBSD blogs, that is,

OpenBSD Kernel Internals — Creation of process from user-space to kernel space.

OpenBSD: Introduction to execpromises in the pledge(2)

pledge(2): OpenBSD's defensive approach to OS Security

So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator

How I learned to stop worrying and love SSDs

my home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?

So I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?

Well even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.

My infrastructure as of 2019

I've wanted to write about my infrastructure for a while, but I kept thinking, "I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?

For something different than our usual Beastie Bits… we bring you…

We're all quarantined so lets install BSD on things! Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!

BSDNow is going Independent

After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.

Feedback/Questions

Todd - LinusTechTips Claims about ZFS

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Lenovo Loves Linux | LINUX Unplugged 351

28 april 2020 | min

Learning, Failing, and Hacking the Industry: Danny Akacki | Jupiter Extras 72

28 april 2020 | min

New Directions | BSD Now 347

23 april 2020 | min

Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.

Headlines

Rethinking OpenBSD Security

OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.
I picked a few errata, not all of them, that were interesting and happened to suit my narrative.

FreeBSD 2020 Q1 Quarterly report

Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.

News Roundup

The Notion of Progress and User Interfaces

One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.

How should we think about progress? Both in general and regarding technology?

Thomas E. Dickey on NetBSD curses

I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.

Making Unix a little more Plan9-like

I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.

A Warning

The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.

Not-actually Linux distro review: FreeBSD 12.1-RELEASE

This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.

The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.

Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.

FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.

Beastie Bits

BSDNow is going Independent

After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different. What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.

Feedback/Questions

Jordyn - ZFS Pool Problem
- debug - https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Where Do I Start? | Self-Hosted 17

22 april 2020 | min

Focal Focus | LINUX Unplugged 350

21 april 2020 | min

Brunch with Brent: Sri Ramkrishna | Jupiter Extras 71

21 april 2020 | min

Gigahertz Games | TechSNAP 427

16 april 2020 | min

Core File Tales | BSD Now 346

16 april 2020 | min

Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.

Headlines

Tales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later

On the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.

Update Lenovo X260 BIOS with OpenBSD

My X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.

First off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.

News Roundup

The problem of Unix iowait and multi-CPU machines

Various Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.

My Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More

After hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.

In this post, i’ll show you my workflow for deploying my Hugo generated site (www.jaredwolff.com). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.

Let’s get to it.

Extending support for the NetBSD-7 branch

Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.

We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.

Security fixes will still be made to the NetBSD-7 branch.

We hope you're all safe. Stay home.

Tale of two hypervisor bugs - Escaping from FreeBSD bhyve

VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT

Beastie Bits

GhostBSD 20.02 Overview
FuryBSD 12.1 Overview > Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed. Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.
OS108-9.0 amd64 MATE released
FreeBSD hacking: carp panics & test
Inaugural FreeBSD Office Hours

Feedback/Questions

Shody - systemd question
Ben - GELI and GPT
Stig - DIY NAS

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Arm: A New Hope | LINUX Unplugged 349

14 april 2020 | min

The Resilience of the Voyagers | Jupiter Extras 70

12 april 2020 | min

Hiatus | Choose Linux 33

9 april 2020 | min

Goodbye from Linux Action News

9 april 2020 | min

Switchers to BSD | BSD Now 345

9 april 2020 | min

NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.

Headlines

NetBSD 8.2 is available!

The third release in the NetBSD-8 is now available.

This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.

Some highlights include:
- x86: fixed regression in booting old CPUs
- x86: Hyper-V Gen.2 VM framebuffer support
- httpd(8): fixed various security issues
- ixg(4): various fixes / improvements
- x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.
- Various kernel memory info leaks fixes
- Update expat to 2.2.8
- Fix ryzen USB issues and support xHCI version 3.10.
- Accept root device specification as NAME=label.
- Add multiboot 2 support to x86 bootloaders.
- Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.
- nouveau: limit the supported devices and fix firmware loading.
- radeon: fix loading of the TAHITI VCE firmware.
- named(8): stop using obsolete dnssec-lookaside.

NextCloud on OpenBSD

NextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.

Preface

Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).

A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.

News Roundup

X11 screen locking: a secure and modular approach

For years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements

NetBSD and RISC OS running parallel

I have been experimenting with running two systems at the same time on the RK3399 SoC.
It all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.
OK I thought why not give it something to do!
My first step was to run some small programs.
It worked!

Thanks to Tom Jones for the pointer to this article

Several weeks ago we covered a story about switching from Linux to BSD. Benedict and JT asked for community feedback as to their thoughts on the matter. Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.

Jamie - Dumping Linux for BSD
Matt - BSD Packaging
Brad - Linux vs BS
MJ - Linux vs BSD Feedback
Ben - Feedback for JT
Henrik - Why you should migrate everything to BSD

Beastie Bits

Feedback/Questions

Ales - Manually verify signature files for pkg package
Shody - Yubikey
Mike - Site for hashes from old disks
- Answer: https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Compromised Networking | Self-Hosted 16

9 april 2020 | min

OK OOMer | LINUX Unplugged 348

7 april 2020 | min

Today we make nice with a killer, an early out-of-memory daemon, and one of the new features in Fedora 32. We put EarlyOOM to the test in a real-world workload and are shocked by the results.

Plus we debate if OpenWrt is still the best router solution, and chew on Microsoft's new SELinux competitor.

Special Guests: Alex Kretzschmar and Neal Gompa.

Links:

Window Maker Version 0.95.9 Released
Microsoft announces IPE, a new code integrity feature for Linux — Microsoft says that IPE is not intended for general-purpose computing. The IPE LSM was designed for very specific use cases where security is paramount, and administrators need to be in full control of what runs on their systems. Examples include embedded systems, such as network firewall devices running in a data center, or Linux servers running strict and immutable configurations and applications.
OpenWrt - Opkg susceptible to MITM
Brent sits down with Daniel Foré, founder of elementary OS
Know when we're going to be live. Check out the calendar!
Keep the conversation going join us on Telegram
Fedora nightly compose finder
Fedora 32 Looking At Using EarlyOOM By Default To Better Deal With Low Memory Situations — The oom-killer generally has a bad reputation among Linux users. This may be part of the reason Linux invokes it only when it has absolutely no other choice. It will swap out the desktop environment, drop the whole page cache and empty every buffer before it will ultimately kill a process. At least that's what I think that it will do. I have yet to be patient enough to wait for it, sitting in front of an unresponsive system.
earlyoom - Early OOM Daemon for Linux — The oom-killer generally has a bad reputation among Linux users. This may be part of the reason Linux invokes it only when it has absolutely no other choice. It will swap out the desktop environment, drop the whole page cache and empty every buffer before it will ultimately kill a process. At least that's what I think that it will do. I have yet to be patient enough to wait for it, sitting in front of an unresponsive system.
rfjakob/systembus-notify: systembus-notify - system bus notification daemon
oomd — Out of memory killing has historically happened inside kernel space. On a memory overcommitted linux system, malloc(2) and friends usually never fail. However, if an application dereferences the returned pointer and the system has run out of physical memory, the linux kernel is forced to take extreme measures, up to and including killing processes. This is sometimes a slow and painful process because the kernel can spend an unbounded amount of time swapping in and out pages and evicting the page cache. Furthermore, configuring policy is not very flexible while being somewhat complicated.
low-memory-monitor on GitLab
low-memory-monitor — low-memory-monitor, as its name implies, monitors the amount of free physical memory on the system and will shoot off signals to interested user-space applications, usually session managers, or sandboxing helpers, when that memory runs low, making it possible for applications to shrink their memory footprints before it's too late either to recover a usable system, or avoid taking a performance hit.
Nohang — Nohang is a highly configurable daemon for Linux which is able to correctly prevent out of memory (OOM) and keep system responsiveness in low memory conditions.
Better interactivity in low-memory situations - devel - Fedora Mailing-Lists
EnableEarlyoom - Fedora Project Wiki
Nushell - The Unix philosophy of shells, where pipes connect simple commands together, and bring it to the modern style of development.
Timekpr - simple and easy to use time managing software that helps optimizing time spent at computer.

Pagure a GitLab Alternative: Neal Gompa | Jupiter Extras 69

7 april 2020 | min

Linux Action News 152

5 april 2020 | min

Brunch with Brent: Daniel Foré | Jupiter Extras 68

3 april 2020 | min

Storage Stories | TechSNAP 426

2 april 2020 | min

Grains of Salt | BSD Now 344

2 april 2020 | min

Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.

Headlines

Text processing in the shell

This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!

One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.

When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.

Rebalancing data on ZFS mirrors

One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”

If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.

Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.

News Roundup

Using OpenBSD relayd to Add Security Headers

I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.

How we set up our ZFS filesystem hierarchy in our ZFS pools

Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.

Speeding up ZSH

https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh

I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.

In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.

How do Unix Pipes work

Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.

What we do to enable us to grow our ZFS pools over time

In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.
Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.

Linux maintains bugs: The real reason ifconfig on Linux is deprecated

In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).

In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.

Clear Your Terminal in Style

if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.

This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.

Feedback/Questions

Guy - AMD GPU Help
MLShroyer13 - VLANs and Jails
Master One - ZFS Suspend/resume

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Windows as a Linux User + Sway Window Manager | Choose Linux 32

1 april 2020 | min

Arm is Here | LINUX Unplugged 347

31 mars 2020 | min

User Error: What Will Change Post-virus? | Jupiter Extras 67

31 mars 2020 | min

Linux Action News 151

29 mars 2020 | min

Brunch with Brent: Aleix Pol | Jupiter Extras 66

27 mars 2020 | min

Well, Actually | User Error 88

26 mars 2020 | min

FreeBSD, Corona: Fight! | BSD Now 343

26 mars 2020 | min

Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.

Headlines

Fighting the Coronavirus with FreeBSD

Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.

UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.

Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.

How to configure the Wireguard VPN in OPNsense

WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.

WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.

The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.

News Roundup

NomadBSD 1.3.1

NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.

GhostBSD 20.02

Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.

New FuryBSD XFCE and KDE images

This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.

pf-badhost 0.3 Released

pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.

Beastie Bits

Feedback/Questions

Master One - Torn between OpenBSD and FreeBSD
Brad - Follow up to Linus ZFS story
Filipe Carvalho - Call for Portuguese BSD User Groups

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Keeping Track of Stuff | Self-Hosted 15

25 mars 2020 | min

The One-Click Trap | LINUX Unplugged 346

24 mars 2020 | min

Linux Action News 150

21 mars 2020 | min

Brunch with Brent: Stuart Langridge | Jupiter Extras 65

20 mars 2020 | min

Ryzen Gets Real | TechSNAP 425

19 mars 2020 | min

Layout the DVA | BSD Now 342

19 mars 2020 | min

OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.

Headlines

OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload

It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.

Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)

Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption

I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.

See article for rest of story

FreeBSD 12.0 EOL

Dear FreeBSD community,

As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.

News Roundup

Some effects of the ZFS DVA format on data layout and growing ZFS pools

One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.

Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.

Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.

Critical Information for Current FreeNAS and TrueNAS Users

Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.

FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.

Full name of the FreeBSD Root Account

NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....

OpenBSD Go Situation

Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:

I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.

If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Solus + Visual Studio Code | Choose Linux 31

18 mars 2020 | min

Don't Go Viral, Go Virtual | LINUX Unplugged 345

17 mars 2020 | min

Behind the Scenes: LINUX Unplugged | Jupiter Extras 64

17 mars 2020 | min

Linux Action News 149

14 mars 2020 | min

Solid releases from GNOME and Firefox, bad news for custom Android ROM users, and a new container distro from Amazon.

Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Links:

Firefox 74 arrives with stricter add-on rules, TLS 1.0 and TLS 1.1 disabled — Starting with Firefox 74, users will need to take explicit action to install the extensions they want, and will be able to remove previously sideloaded extensions when they want to.
Introducing GNOME 3.36: “Gresik” — GNOME 3.36 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, such as new login and unlock experience, and a dedicated app for managing extensions.
GNOME 3.36 Released with New Lock Screen, Better Performance — Six months of development later and the official GNOME 3.36 release is finally here, with source code available to download from the usual places.
Announcing Bottlerocket — Bottlerocket comes with a single-step update mechanism and includes only the essential software to run containers. These properties enable customers to use container orchestrators to manage OS updates with minimal disruptions, enabling better uptime for containerized applications and lower operational cost.
Docker: Helping You and Your Development Team Build and Ship Faster — How are we going to do this? By focusing on developer experience through Docker Desktop, partnering with the ecosystem, and making Docker Hub the nexus for all the integrations, configuration, and management of the application components which constitute your apps and microservices.
VMware Announces Expanded Portfolio of Products and Services to Help Customers Modernize Applications and Infrastructure — Tanzu, first introduced at the VMworld event in August 2019, is a portfolio of products centered on K8s. Also announced was vSphere 7, newly rearchitected using Kubernetes, and optimized to run both modern container-based and traditional virtual machine-based workloads.
KaiOS Technologies and Mozilla partner to enable a healthy mobile internet for everyone — This partnership bolsters the security and performance of KaiOS-enabled smart feature phones, as well as the platform’s developer tools, security, and available functions, including better Progressive Web App and WebAssembly support.
Magisk may no longer be able to hide bootloader unlocking from apps — Users have noticed that their bootloader-unlocked devices are failing SafetyNet’s Basic Integrity check even though they used Magisk to patch the boot image. According to Magisk creator John Wu, this is because Google may have implemented hardware-level key attestation to verify that the boot image has not been tampered with.
Kernels for WSL2 will come from Windows Update — WSL2 will soon be officially available as part of Windows 10, version 2004! As we get ready for general availability, we want to share one additional change: updating how the Linux kernel inside of WSL2 is installed and serviced on your machine.

Brunch with Brent: Elizabeth K. Joseph | Jupiter Extras 63

13 mars 2020 | min

AksError | User Error 87

12 mars 2020 | min

U-NAS-ification | BSD Now 341

12 mars 2020 | min

FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.

Headlines

FreeBSD on Power

The power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.

The FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.

This blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.

Dragonfly 5.8

DragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.

The details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.

See article for rest of information

2nd HamBUG meeting recap

The second meeting of the Hamilton BSD Users Group took place last night
The next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020

News Roundup

FreeNAS/TrueNAS Brand Unification

FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications.

From the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.

With the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS.

OpenBSD versus Prometheus (and Go).

We have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability

FreeBSD removed gcc from base

As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).

GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Embracing Automation | Self-Hosted 14

11 mars 2020 | min

Our Week with Windows | LINUX Unplugged 344

10 mars 2020 | min

Building an Open Source Community: Wirefall | Jupiter Extras 62

10 mars 2020 | min

Linux Action News 148

8 mars 2020 | min

Brunch with Brent: Nuritzi Sanchez | Jupiter Extras 61

6 mars 2020 | min

AMD Inside | TechSNAP 424

5 mars 2020 | min

Check My Sums | BSD Now 340

5 mars 2020 | min

Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.

Headlines

Checksumming in filesystems, and why ZFS is doing it right

One of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:

Data bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.
Misdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.
Misdirected read - when we miss reading the block when a bit flip occurred.
Phantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.

Checksumming may help us detect errors in a few of those situations.

DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

It's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap.

Of several interesting commits merged tonight, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."

https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860

There's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.

https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351

This work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.

News Roundup

Why ZFS is not good at growing and reshaping pools (or shrinking them)

recently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.

(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)

Using PKGSRC on Manjaro Linux aarch64 Pinebook-pro

I wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.

One might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)

I have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/

A Central Log Host with syslog-ng on FreeBSD

Part 1

syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.

Part 2

This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.

Beastie Bits

FreeBSD at Linux Conf 2020 session videos now online
Unlock your laptop with your phone
Managing a database of vulnerabilities for a package system: the pkgsrc study
Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
CharmBUG Meeting: March 24th 7pm in Severn, MD ***

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Project Catch Up | Choose Linux 30

4 mars 2020 | min

What Linux is Best At | LINUX Unplugged 343

3 mars 2020 | min

Pentesting Problems: Bryson Bort | Jupiter Extras 60

3 mars 2020 | min

Linux Action News 147

1 mars 2020 | min

Brunch with Brent: Brandon Bruce | Jupiter Extras 59

28 februari 2020 | min

\o/ | User Error 86

27 februari 2020 | min

BSD Fundraising | BSD Now 339

27 februari 2020 | min

Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines

Meet FuryBSD: A New Desktop BSD Distribution

At its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.

You might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.

As it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”

Currently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.

NetBSD 9.0

The NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.

This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.

News Roundup

OpenBSD Foundation 2019 campaign wrapup

Our target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.

We thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!

OpenBSD Foundation 2019 Fundraising Goal Exceeded

A retrospective on our OmniOS ZFS-based NFS fileservers

Our OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.

I will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.

On the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.

NetBSD Fundraising 2020 goal

Is it really more than 10 years since we last had an official fundraising drive?

Looking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.

OpenSSH 8.2 released February 14, 2020

OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:

https://www.openssh.com/donations.html

Beastie Bits

FreeNAS vs. Unraid: GRUDGE MATCH!
Unix Toolbox
Rigs of Rods - OpenBSD Physics Game
NYCBug - Dr Vixie
Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
BSD Stockholm - Meetup March 3rd 2020

Feedback/Questions

Shirkdog - Question
Master One - ZFS + Suspend/resume
Micah Roth - ZFS write caching

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

IRC is Not Dead | Self-Hosted 13

27 februari 2020 | min

Shrimps have SSHells | LINUX Unplugged 342

25 februari 2020 | min

Mastering Cyber Security Basics: James Smith | Jupiter Extras 58

25 februari 2020 | min

Linux Action News 146

23 februari 2020 | min

Hopeful for HAMR | TechSNAP 423

21 februari 2020 | min

We explore the potential of heat-assisted magnetic recording and get excited about a possibly persistent L2ARC.

Plus Jim's journeys with Clear Linux, and why Ubuntu 18.04.4 is a maintenance release worth talking about.

Links:

Ubuntu 18.04.4 LTS: here's what's new — It's not as shiny and exciting as entirely new versions, of course, but it does pack in some worthwhile security and bugfix upgrades, as well as support for more and newer hardware.
18.04.4 - Ubuntu Wiki
MobaXterm — Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more.
Linux distro review: Intel’s own Clear Linux OS — There's not much question that Clear Linux is your best bet if you want to turn in the best possible benchmark numbers. The question not addressed here is, what's it like to run Clear Linux as a daily driver? We were curious, so we took it for a spin.
Clear Linux* Project — Clear Linux OS is an open source, rolling release Linux distribution optimized for performance and security, from the Cloud to the Edge, designed for customization, and manageability.
swupd — Documentation for Clear Linux* project
clr-boot-manager: Kernel & Boot Loader Management
Cannot compile zfs for 5.5-rc2 · Issue #9745 · zfsonlinux/zfs
Persistent L2ARC might be coming to ZFS on Linux — The primary ARC is kept in system RAM, but an L2ARC device can be created from one or more fast disks. In a ZFS pool with one or more L2ARC devices, when blocks are evicted from the primary ARC in RAM, they are moved down to L2ARC rather than being thrown away entirely. In the past, this feature has been of limited value, both because indexing a large L2ARC occupies system RAM which could have been better used for primary ARC and because L2ARC was not persistent across reboots.
Persistent L2ARC by gamanakis · Pull Request #9582 · zfsonlinux/zfs — This feature implements a light-weight persistent L2ARC metadata structure that allows L2ARC contents to be recovered after a reboot. This significantly eases the impact a reboot has on read performance on systems with large caches.
LINUX Unplugged 303: Stateless and Dateless — We visit Intel to figure out what Clear Linux is all about and explain a few tricks that make it unique.
LINUX Unplugged Blog: Clear Linux OS 2019
HAMR don’t hurt ’em: laser-assisted hard drives are coming in 2020 — Although the 2012 "just around the corner" HAMR drives seem to have been mostly vapor, the technology is a reality now. Seagate has been trialing 16TB HAMR drives with select customers for more than a year and claims that the trials have proved that its HAMR drives are "plug and play replacements" for traditional CMR drives, requiring no special care and having no particular poor use cases compared to the drives we're all used to.
HAMR Milestone: Seagate Achieves 16TB Capacity on Internal HAMR Test Units
Western Digital debuts 18TB and 20TB near-MAMR disk drives
Previously on TechSNAP 341: HAMR Time — We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.

Brunch with Brent: Heather Ellsworth | Jupiter Extras 57

21 februari 2020 | min

iocage in Jail | BSD Now 338

20 februari 2020 | min

Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.

Headlines

Distrowatch Fury BSD Review

FuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.

FuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.

My fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.

FuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.

LLDB now works on i386

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.

The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.

News Roundup

wpa_supplicant is definitely a lower-class citizen, sorry

wpa_supplicant is definitely a lower-class citizen, sorry.

I increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part
+ entire cities have open wifi in their downtown core
+ edu vs edu+transit split horizon problems have to be solved anyways
+ many universities have parallel open wifi
+ rate limiting / fare-share approaches for the open-net, on unmetered
+ flat-rate solves the problem
+ LTE hotspot off a phone isn't a rip off anymore
+ other open networks exist

essentially no one else feels compelled to do use 802.11x for a so called "semi-open access network", so I think they've lost the plot on friction vs benefit.

(we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi. we will not subject our developers to that extra complexity).

KDE FreeBSD Updates Feb 2020

Some bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people.

The big ticket things:
- Frameworks are at 5.66
- Plasma is at 5.17.5 (the beta 5.18 hasn’t been tried)
- KDE release service has landed 19.12.2 (same day it was released)
Developer-centric:
- KDevelop is at 5.5.0
- KUserfeedback landed its 1.0.0 release
- CMake is 3.16.3
Applications:
- Musescore is at 3.4.2
- Elisa now part of the KDE release service updates
Fuure work:
- KIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of mounts (just NFS in /etc/fstab) so I’m not the target audience.
- KTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.

Travel Grant Application for BSDCan is now open

Hi everyone,

The Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/

Did you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there, please fill out the general travel grant application. Your application must be received 7 weeks prior to the event. The general application can be found here: https://goo.gl/forms/QzsOMR8Jra0vqFYH2

Creating a ZFS dataset for testing iocage within a jail

Be warned, this failed. I’m stalled and I have not completed this.

I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.

In this post:
- FreeBSD 12.1
- py36-iocage-1.2_3
- py36-iocage-1.2_4

This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.

Beastie Bits

Feedback/Questions

Michael - Install with ZFS
Mohammad - Server Freeze
Todd - ZFS Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Linux Console + Boutique Distros | Choose Linux 29

19 februari 2020 | min

Long Term Rolling | LINUX Unplugged 341

18 februari 2020 | min

Podcasting Basics: Joe Ressington | Jupiter Extras 56

17 februari 2020 | min

Linux Action News 145

16 februari 2020 | min

Brunch with Brent: Broadus Palmer | Jupiter Extras 55

14 februari 2020 | min

Name Your Shoes | User Error 85

13 februari 2020 | min

Kubernetes on bhyve | BSD Now 337

13 februari 2020 | min

Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.

Headlines

The happinesses and stresses of full-time FOSS work

In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.

February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.

The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.

The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.

Building a FreeBSD File Server

Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.

Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!

Report from the first Hamilton BSD Users Group Meeting

February 11th was the first meeting of this new user group, founded by John Young and myself

11 people attended, and a lot of good discussions were had

One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.

Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.

The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.

We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.

News Roundup

Kubernetes on FreeBSD Bhyve

There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!

NetBSD 9 RC1 Available

We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).

Here are a few highlights of the new release:
- Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)
- Enhanced hardware support for Armv7-A
- Updated GPU drivers (e.g. support for Intel Kabylake)
- Enhanced virtualization support
- Support for hardware-accelerated virtualization (NVMM)
- Support for Performance Monitoring Counters
- Support for Kernel ASLR
- Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)
- Support for userland sanitizers
- Audit of the network stack
- Many improvements in NPF
- Updated ZFS
- Reworked error handling and NCQ support in the SATA subsystem
- Support a common framework for USB Ethernet drivers (usbnet)
You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/

OPNsense 20.1 Keen Kingfisher released

For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.

Idealistic Future for HardenedBSD

Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!

HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.

Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Which Wiki Wins | Self-Hosted 12

12 februari 2020 | min

We try out the top self-hosted Wikis and tell you which we like best, and Chris has a major project off-grid update.

Plus Alex tells us about his robot vacuum that runs Ubuntu.

Links:

Going Solar — Work, Life, and RV Podcast — It's a huge investment! So we lay out our rationale for going solar after four years in our RV. Why we think who and how it gets installed is so critical, exactly HOW MUCH we spent, and how this new set up will keep us working from the road.
Chris' Blog: Going Solar
Alex's Blog: ktz.
Developing on Remote Machines using SSH and Visual Studio Code — The Visual Studio Code Remote - SSH extension allows you to open a remote folder on any remote machine, virtual machine, or container with a running SSH server and take full advantage of VS Code's feature set. Once connected to a server, you can interact with files and folders anywhere on the remote filesystem.
Don't blindly trust Docker for the selfhosted stuff — It is my strong belief that you shouldn't go crazy with all-things-docker when deploying selfhosted services at home. Online forums, especially r/selfhosted, seem to foster an opinion that providing a Dockerfile or better yet a docker-compose.yml or even prebuilt public images on Docker Hub is an acceptable way to distribute software targeting the selfhosting crowd.
TiddlyWiki — a non-linear personal web notebook — Welcome to TiddlyWiki, a unique non-linear notebook for capturing, organising and sharing complex information.
Wiki.js — The most powerful and extensible open source Wiki software.
BookStack — BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information.
Material for MkDocs — Material is a theme for MkDocs, an excellent static site generator geared towards project documentation. It is built using Google's Material Design guidelines.
Roborock S5 Robot Vacuum Cleaner
Valetudo: Self-contained control webinterface for xiaomi vacuum robots — Self-contained control webinterface for xiaomi vacuum robots
clarifies mi home app version requirement by IronicBadger · Pull Request #11401 · home-assistant/home-assistant.io · GitHub

IRC is Dead | LINUX Unplugged 340

11 februari 2020 | min

Kubernetes Hart Hoover and Seth McCombs | Jupiter Extras 54

11 februari 2020 | min

Linux Action News 144

9 februari 2020 | min

AWS Christophe Limpalair | Jupiter Extras 53

7 februari 2020 | min

Multipath Musings | TechSNAP 422

6 februari 2020 | min

Archived Knowledge | BSD Now 336

6 februari 2020 | min

Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.

Headlines

OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux

OpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.

Linux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.

Making global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.

This goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.

FreeBSD Quarterly Status Report 2019Q4

Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.

If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.

Have a nice read!

News Roundup

OPNsense 19.7.9 released

As 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.

For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.

Archives are important to retain and pass on knowledge

Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.

HardenedBSD Tor Onion Service v3 Nodes

I've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.

hardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion
ci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion
ci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion
ci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion
git-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion

Beastie Bits

Feedback/Questions

Sean - ZFS and Creation Dates
Christopher - Help on ZFS Disaster Recovery
Mike - Encrypted ZFS Send

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

What We Love About Linux | Choose Linux 28

5 februari 2020 | min

The Mint Mindset | LINUX Unplugged 339

4 februari 2020 | min

Cyber Security Mistakes You're Probably Making: Duncan McAlynn | Jupiter Extras 52

4 februari 2020 | min

Linux Action News 143

2 februari 2020 | min

Brunch with Brent: Peter Adams Part 2 | Jupiter Extras 51

31 januari 2020 | min

Useless Dreams | User Error 84

30 januari 2020 | min

FreeBSD Down Under | BSD Now 335

30 januari 2020 | min

Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.

Headlines

FreeBSD is an amazing operating System

Update 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD "fanboy". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.

I think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.

I had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.

When I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, "The Free Version of Berkeley UNIX" and "Rock Solid Stability", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.

Hyperbola Dev Interview

In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).

Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.

To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.

News Roundup

Improving the ptrace(2) API and preparing for LLVM-10.0

This month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.

As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).

The first FreeBSD conference in Australia

FreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.

While there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.

And on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.

A practical guide to containers on FreeNAS for a depraved psychopath

This is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.

But muh jails?

You know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years…

So jails are dead then?

No, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.

Why you should migrate everything from Linux to BSD

As an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.

Response Should you migrate from Linux to BSD? It depends.

Beastie Bits

Feedback/Questions

All of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Host Your Blog the Right Way | Self-Hosted 11

29 januari 2020 | min

Success Through Vulnerability | LINUX Unplugged 338

28 januari 2020 | min

Brunch with Brent: Peter Adams Part 1 | Jupiter Extras 50

28 januari 2020 | min

Linux Action News 142

26 januari 2020 | min

Exploring VCV Rack: Graham Morrison | Jupiter Extras 49

24 januari 2020 | min

Firewall Fun | TechSNAP 421

23 januari 2020 | min

Distrowatch Running FreeBSD | BSD Now 334

23 januari 2020 | min

Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.

Headlines

Upgrading FreeBSD from 11.3 to 12.1

Now here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.

Our source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.

Switching Distrowatch over to BSD

This may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.

The primary "something else" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.

Since the transition was successful, though certainly not seamless, I thought people might want to do a Q&A on the migration process. Especially for those thinking of making the same switch.

News Roundup

iked(8) automatic IPv6 blocking removed

iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.

If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.

Linus says dont run ZFS

“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”

This is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.

To avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.

GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD

We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.

The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.

Working towards LLDB on i386 NetBSD

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.

Throughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.

Beastie Bits

Feedback/Questions

Pat - March Meeting
Madhukar - Overheating Laptop
Warren - R vs S

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

GhostBSD + Freedom vs Pragmatism | Choose Linux 27

22 januari 2020 | min

Mystical Users | LINUX Unplugged 337

21 januari 2020 | min

Brunch with Brent: Jim Salter | Jupiter Extras 48

21 januari 2020 | min

Linux Action News 141

19 januari 2020 | min

Infrastructure Engineer: Seth McCombs | Jupiter Extras 47

17 januari 2020 | min

No, But | User Error 83

16 januari 2020 | min

Unix Keyboard Joy | BSD Now 333

16 januari 2020 | min

Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.

Headlines

Your Impact on FreeBSD in 2019

It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.

In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.

Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.

Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.

Wireguard on OpenBSD Router

wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.

modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.

my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.

running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.

News Roundup

Amazon now has FreeBSD/ARM 12

AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.

Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.

The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.

General-purpose instances (M6g and M6gd)

Compute-optimized instances (C6g and C6gd)

Memory-optimized instances (R6g and R6gd)

You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.

And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.

AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).

Coverage of AWS Announcement

Announcing the pkgsrc-2019Q4 release

The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at https://www.pkgsrc.org/

In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.

The Joys of UNIX Keyboards

I fell in love with a dead keyboard layout.

A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.

We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.

I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.

OpenBSD on Digital Ocean

Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.

They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.

Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.

Beastie Bits

Feedback/Questions

Bill - 1.1 CDROM
Greg - More 50 Year anniversary information
Dave - Question time for Allan

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Compromised Cameras | Self-Hosted 10

15 januari 2020 | min

Linus' Filesystem Fluster | LINUX Unplugged 336

14 januari 2020 | min

Brunch with Brent: Chase Nunes | Jupiter Extras 46

14 januari 2020 | min

Linux Action News 140

12 januari 2020 | min

Self-Hosted: Fixing Brent's WiFi | Jupiter Extras 45

10 januari 2020 | min

Choose Your Own Compiler | TechSNAP 420

9 januari 2020 | min

The BSD Hyperbole | BSD Now 332

9 januari 2020 | min

Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.

Headlines

HyperbolaBSD Announcement

Due to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.

This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.

This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:
- Linux kernel forcing adaption of DRM, including HDCP.
- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)
- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)
- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)
- As such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.

Future versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

Forum Post

A simple IPFW In-Kernel NAT setup on FreeBSD

After graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.

Why IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.

But since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.

News Roundup

HEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux

This is just a heads up that the Wayland option is now turned on by

default for NetBSD 9 and Linux in cases where it peacefully coexists
with X11.

Right now, this effects the following packages:
- graphics/MesaLib
- devel/SDL2
- www/webkit-gtk
- x11/gtk3

The WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68

Please keep me informed of any fallout. Hopefully, there will be none.

If you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.

LLDB Threading support now ready for mainline

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.

So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.

OpenSSH U2F/FIDO support in base

Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.

You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.

So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.

drm/i915: Update to Linux 4.8.17

drm/i915: Update to Linux 4.8.17
- Broxton, Valleyview and Cherryview support improvements
- Broadwell and Gen9/Skylake support improvements
- Broadwell brightness fixes from OpenBSD
- Atomic modesetting improvements
- Various bug fixes and performance enhancements

Beastie Bits

Feedback/Questions

Samir - cgit
Russell - R
Wolfgang - Question

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Explaining Linux and Open Source as Concepts | Choose Linux 26

8 januari 2020 | min

Practically Perfect Predictions | LINUX Unplugged 335

7 januari 2020 | min

Brunch with Brent: Joe Ressington | Jupiter Extras 44

7 januari 2020 | min

Linux Action News 139

5 januari 2020 | min

OK Then | User Error 82

2 januari 2020 | min

Why Computers Suck | BSD Now 331

2 januari 2020 | min

How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.

Headlines

Why computers suck and how learning from OpenBSD can make them marginally less horrible

How much better could things actually be if we abandoned the enterprise development model?

Next I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.

One of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD.

To prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.

How Unix Works: Become a Better Software Engineer

Unix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.

Every fancy thing you want done is one google search away.

But understanding why the solution does what you want is not the same.

That’s what gives you real power, the power to not be afraid.

And since it rhymes, it must be true.

News Roundup

FreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X

For those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.

It was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.

While the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.

FreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.

BSDCan 2020 CFP

BSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).

NOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.

We are now accepting proposals for talks. The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.

See http://www.bsdcan.org/2020/

If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:

How we manage a giant installation with respect to handling spam.
and/or sysadmin.
and/or networking.
Cool new stuff in BSD
Tell us about your project which runs on BSD
other topics (see next paragraph)

From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.

Both users and developers are encouraged to share their experiences.

HardenedBSD Infrastructure Goals

2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.

The last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.

My available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.

My primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.

As I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.

Transparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.

Integrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.

I hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.

So, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.

Beastie Bits

Feedback/Questions

Tom - ZFS Mirror with different speeds
Jeff - Knowledge is power
Johnny - Episode 324 response to Jacob
Pat - NYC*BUG meeting Jan Meeting Location

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Conquering Planned Obsolescence | Self-Hosted 9

1 januari 2020 | min

Particularly Poor Predictions | LINUX Unplugged 334

31 december 2019 | min

Brunch with Brent: Jackie DeVore | Jupiter Extras 43

31 december 2019 | min

Linux Action News 138

29 december 2019 | min

Nebulous Networking | TechSNAP 419

26 december 2019 | min

Happy Holidays, All(an) | BSD Now 330

26 december 2019 | min

Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.

Headlines

Authentication vulnerabilities in OpenBSD

We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
From the manual page of login.conf:

OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are:
> passwd Request a password and check it against the password in the master.passwd file. See login_passwd(8).
> skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See login_skey(8).
> yubikey Authenticate using a Yubico YubiKey token. See login_yubikey(8).
> For any given style, the program /usr/libexec/auth/login_style is used to
> perform the authentication. The synopsis of this program is:
```
> /usr/libexec/auth/login_style [-v name=value] [-s service] username class
```

This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.

 login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program.  The allowed protocols are login, challenge, and response.  (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).

This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.
Case study: smtpd
Case study: ldapd
Case study: radiusd
Case study: sshd
Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.

First release candidate for NetBSD 9.0 available!

Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!
This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.
We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).
Here are a few highlights of the new release: > Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA) > Enhanced hardware support for Armv7-A > Updated GPU drivers (e.g. support for Intel Kabylake) > Enhanced virtualization support > Support for hardware-accelerated virtualization (NVMM) > Support for Performance Monitoring Counters > Support for Kernel ASLR > Support several kernel sanitizers (KLEAK, KASAN, KUBSAN) > Support for userland sanitizers > Audit of the network stack > Many improvements in NPF > Updated ZFS > Reworked error handling and NCQ support in the SATA subsystem > Support a common framework for USB Ethernet drivers (usbnet)
More information on the RC can be found on the NetBSD 9 release page

News Roundup

Running FreeNAS on a Digitalocean droplet

ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.
I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)
Before we begin, here's the gist of what we're going to do: > Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device.
Part 1: re-image our boot block device to boot FreeNAS install media.
Part 2: Install FreeNAS on the second block-device
Part 3: Re-image the boot block device using the FreeNAS-installed block device

NomadBSD 1.3 is now available

From the release notes:
> The base system has been changed to FreeBSD 12.1-RELEASE-p1 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse The GPT layout has been changed to MBR. This prevents problems with Lenovo systems that refuse to boot from GPT if "lenovofix" is not set, and systems that hang on boot if "lenovofix" is set. Support for ZFS installations has been added to the NomadBSD installer. The rc-script for setting up the network interfaces has been fixed and improved. Support for setting the country code for the wlan device has been added. Auto configuration for running in VirtualBox has been added. A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead. NVIDIA driver version 440 has been added. nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the default user and autologin has been added. nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added. Martin Orszulik added Czech translations to the setup and installation wizard. The NomadBSD logo, designed by Ian Grindley, has been changed. Support for localized error messages has been added. Support for localizing the password prompts has been added. Some templates for starting other DEs have been added to ~/.xinitrc. The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved. A script that helps users to configure a multihead systems has been added. The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting". /proc has been added to /etc/fstab A D-Bus session issue has been fixed which prevented thunar from accessing samba shares. DSBBg which allows users to change and manage wallpapers has been added. The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.

Support for multiple keyboard layouts has been added.
www/palemoon has been removed.
mail/thunderbird has been removed.
audio/audacity has been added.
deskutils/orage has been added.
the password manager fpm2 has been replaced by KeePassXC
mail/sylpheed has been replaced by mail/claws-mail
multimedia/simplescreenrecorder has been added.
DSBMC has been changed to DSBMC-Qt
Many small improvements and bug fixes.

At e2k19 nobody can hear you scream

After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.
I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.
Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.
Our next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).
I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.
In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!
Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Special Guest: Mariusz Zaborski.

Tails + Virtualization | Choose Linux 25

25 december 2019 | min

Linux Wayback Machine | LINUX Unplugged 333

24 december 2019 | min

Brunch with Brent: Catherine Kretzschmar | Jupiter Extras 42

24 december 2019 | min

Linux Action News 137

22 december 2019 | min

Brunch with Brent: Jason Spisak Part 2 | Jupiter Extras 41

20 december 2019 | min

Larry Two-tails | User Error 81

19 december 2019 | min

Lucas’ Arts | BSD Now 329

19 december 2019 | min

WLED Changes the Game | Self-Hosted 8

18 december 2019 | min

The WSL Secrets | LINUX Unplugged 332

17 december 2019 | min

Brunch with Brent: Jason Spisak Part 1 | Jupiter Extras 40

17 december 2019 | min

Linux Action News 136

15 december 2019 | min

Makerspace 101: Brian Beck | Jupiter Extras 39

13 december 2019 | min

5G Fundamentals | TechSNAP 418

12 december 2019 | min

EPYC Netflix Stack | BSD Now 328

12 december 2019 | min

LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.

Headlines

LLDB Threading support now ready for mainline

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.

So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.

Multiple IPSec VPN tunnels with FreeBSD

The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html)

But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.

The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).

Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).

VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).

News Roundup

Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance

Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.

Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.

For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.

unwind(8); "happy eyeballs"

In case you are wondering why happy eyeballs: It's a variation on this:
https://en.wikipedia.org/wiki/Happy_Eyeballs

unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.

This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix.

One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):
17 files changed, 385 insertions(+), 1683 deletions(-)

Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.

Amazon now has FreeBSD ARM 12

Product Overview

FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.

FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.

OpenSSH U2F/FIDO support in base

I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.

Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.

You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.

So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.

Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.

Please test this thoroughly - it's a big change that we want to have stable before the next release.

Beastie Bits

Feedback/Questions

Jeroen - Feedback
Savo - pfsense ports
Tin - I want to learn C

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Sponsored By:

Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.

What We Wish We'd Known Earlier | Choose Linux 24

11 december 2019 | min

apt install arch-linux | LINUX Unplugged 331

10 december 2019 | min

Brunch with Brent: Alan Pope | Jupiter Extras 38

10 december 2019 | min

Linux Action News 135

8 december 2019 | min

411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37

6 december 2019 | min

Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.

Special Guest: Karthik Gaekwad.

Sponsored By:

Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.

Links:

Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.
DevSecOps Days is coming to Austin, Texas. — Join us for the first ever DevSecOps Days Austin, Texas. Meet fellow practitioners integrating security into their DevOps practices. Learn about their journeys, share ideas on integrating security into your teams, and trade insights on automating security within the entire developer and production pipeline. Come learn how to put the "Sec" into DevSecOps.
How DevOps and security teams can get along better — One of the biggest issues for IT security teams is getting involved early enough in the development process. For many, security is something that gets applied once the applications have been built and are moving into production. However, this is an old fashioned approach that is held over from the days when development took place in waterfall phases and applications were held behind strong perimeter security implementations.
What is DevSecOps? — DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.
Security’s Shift Right — Once you give up on the idea of teaching developers to not write bugs, you are freer to think of approaches to help them. One of the best approaches is to provide rapid feedback to developers. In the land of application performance, we found that running APM tools in production was a way to help developers find places to optimize their code. This created a feedback loop from production (the right) to development (the left).
Karthik on Twitter — I live in Austin, work with @golang, k8s & containers at Oracle; @lynda author; organize @devopsdays, @containerdays and @cloudaustin. Views are my own.

Imaginary Turkey | User Error 80

5 december 2019 | min

Why We Love Home Assistant | Self-Hosted 7

5 december 2019 | min

ZFS Rename Repo | BSD Now 327

5 december 2019 | min

We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.

Headlines

FreeBSD third quarterly status report for 2019

This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).

Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.

Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.

Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.

OpenBSD on Sparc64

OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.

First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.

Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.

News Roundup

ZoL repo move to OpenZFS

Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at http://github.com/ZFSonLinux/zfs will be moved to the OpenZFS organization, at http://github.com/OpenZFS/zfs.

The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020.

Mcclure111 Sun Thread

A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.

GEOM NOP

Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.

GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.

Keeping NetBSD up-to-date with pkg_comp 2.0

This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.

Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.

This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.

Beastie Bits

Feedback/Questions

Chris - Ctrl-T
- Improved Ctrl+t that shows kernel backtrace
Brian - Migrating NexentaStore to FreeBSD/FreeNAS
Avery - How to get involved

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

'Tis the SSHession | LINUX Unplugged 330

3 december 2019 | min

Brunch with Brent: Rocco | Jupiter Extras 36

3 december 2019 | min

Linux Action News 134

1 december 2019 | min

Machine Learning Magic | TechSNAP 417

28 november 2019 | min

Certified BSD | BSD Now 326

28 november 2019 | min

LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.

Headlines

Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group

Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.

G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”

OpenZFS Trip Report

The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.

News Roundup

Using FreeBSD with Ports (2/2): Tool-assisted updating

Part 1 here: https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/

In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.

In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.

LLDB Threading support now ready for mainline

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.

So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.

Linux VS open source UNIX

Beastie Bits

Feedback/Questions

Paulo - Zfs snapshots
Phillip - GCP
A Listener - Old episodes?

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Sponsored By:

Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.

Void Linux + Contributing to Open Source | Choose Linux 23

27 november 2019 | min

Flat Network Truthers | LINUX Unplugged 329

26 november 2019 | min

Brunch with Brent: Jacob Roecker | Jupiter Extras 35

26 november 2019 | min

Linux Action News 133

24 november 2019 | min

Popey on Thinkpads | Jupiter Extras 34

22 november 2019 | min

Is Vegan TV Art? | User Error 79

21 november 2019 | min

Cracking Rainbows | BSD Now 325

21 november 2019 | min

FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.

Headlines

FreeBSD 12.1

Some of the highlights:
- BearSSL has been imported to the base system.
- The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.
- OpenSSL has been updated to version 1.1.1d.
- Several userland utility updates.
For a complete list of new features and known problems, please see the online release notes and errata list, available at: https://www.FreeBSD.org/releases/12.1R/relnotes.html

A History of UNIX before Berkeley: UNIX Evolution: 1975-1984.

Nobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.

Our title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.

Part One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at Research'', a part of Bell Laboratories (now AT&T Bell Laboratories, then as nowthe Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.

News Roundup

My FreeBSD Development Setup

I do my FreeBSD development using git, tmux, vim and cscope.

I keep a FreeBSD fork on my github, I have forked https://github.com/freebsd/freebsd to https://github.com/adventureloop/freebsd

OPNsense 19.7.6 released

As we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.

LDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.

HardenedBSD November 2019 Status Report.

We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work.

DNSSEC enabled in default unbound(8) configuration.

DNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)

How to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12

Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.

Requirements

Make sure your system meets the following minimum requirements:

Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed.

PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.

MySQL 5.5.0 or higher.

Possibility to set up cron jobs.

Minimum 4 GB available hard disk space.

IonCube Loader version 5.0.0 or higher (optional).

How to Compile RainbowCrack on OpenBSD

Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.

The Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.

Earlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.

You might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes

Feedback/Questions

Reese - Amature radio info
Chris - VPN
Malcolm - NAT

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Low Cost Home Camera System | Self-Hosted 6

20 november 2019 | min

My Mighty Fine Pine | LINUX Unplugged 328

19 november 2019 | min

Brunch with Brent: Emma Marshall | Jupiter Extras 33

19 november 2019 | min

Linux Action News 132

17 november 2019 | min

Mental Health Hackers | Jupiter Extras 32

15 november 2019 | min

I.T. Phone Home | TechSNAP 416

14 november 2019 | min

Emergency Space Mode | BSD Now 324

14 november 2019 | min

Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.

Headlines

Migrating drives and the zpool from one host to another.

Today is the day.

Today I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.

Fortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.

Now it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.

In this post:
- FreeBSD 12.0
- Dell R710 (r710-01)
- Dell R720 (r720-01)
- drive caddies from eBay and now I know the difference between SATA and SATAu
PLEASE READ THIS first: Migrating ZFS Storage Pools

OpenBSD in 2019

I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.

What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.

I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.

That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.

This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.

Verdict

Ouch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.

And maybe in a year I’ll have a review of OpenBSD on a laptop.

News Roundup

New zlib, new dhcpcd

zlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.

DHCPCD Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html
ZLIB Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html

Batch renaming images, including image resolution, with awk

The most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:

$ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++"_"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v "s/$fn/img_$fr/g" *); done
IMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg
IMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg
IMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg
IMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg
IMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg
IMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg
IMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg
IMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg
IMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg
IMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg
IMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg
IMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg
IMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg
// ... etc etc

The last item on the aforementioned list is “TODO: come up with a shorter title for this list.”

I hate the X11 ICCCM selection system, and you should too - A Rant

d00d, that document is devilspawn. I've recently spent my nights in pain
implementing the selection mechanism. WHY OH WHY OH WHY? why me? why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.

I didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?

So what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?

HAMMER2 emergency space mode

As anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much. There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity. It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled. So definitely don’t leave it on!

Beastie Bits

Feedback/Questions

Tim - Release Notes for Lumina 1.5
- Answer Here
Brad - vBSDcon Trip Report
Jacob - Using terminfo on FreeBSD

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Finding Your Community | Choose Linux 22

13 november 2019 | min

Distro Disco | LINUX Unplugged 327

12 november 2019 | min

Brunch with Brent: A Chat with Jill Bryant Ryniker | Jupiter Extras 31

12 november 2019 | min

Linux Action News 131

10 november 2019 | min

Google steps up support for older Chromebooks, Microsoft Edge is coming to Linux, and the App Defense Alliance teams up to fight Android malware.

Plus Google Cardboard goes open source, and a neat machine-learning tool to pull songs apart.

Special Guest: Wes Payne.

Links:

Google gives most Chromebooks an extra year of software support — Seven Chromebooks from Lenovo recently had their support lifespan extended, and now Google has updated the EOL date for 135 more models from several manufacturers. Most models received another year of support, others only got another six months, and some now have two more years.
What’s new in Chrome OS: Virtual Desks, simpler printing and more — Think of Virtual Desks as separate workspaces within your Chromebook. Use this feature to create helpful boundaries between projects or activities. If you’re working on multiple projects, you can dedicate a desk to each one. Open Overview and tap New Desk in the top right-hand corner of your screen to try out Virtual Desks.
Google Enlists Outside Help to Clean Up Android's Malware Mess — Today Google is announcing a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance.
Open sourcing Google Cardboard — Today, we’re releasing the Cardboard open source project to let the developer community continue to build Cardboard experiences and add support to their apps for an ever increasing diversity of smartphone screen resolutions and configurations.
Access ESM, now free to the community, via the updated Ubuntu Advantage client — Canonical is happy to announce that all community users are entitled to a free Ubuntu Advantage for Infrastructure account for access to Extended Security Maintenance (ESM) and Kernel Livepatch* for Ubuntu 14.04 LTS (Trusty Tahr) for up to three machines, and up to 50 machines for all official Ubuntu Members.
Releasing Spleeter: Deezer Research source separation engine — We are releasing Spleeter to help the research community in Music Information Retrieval (MIR) leverage the power of a state-of-the-art source separation algorithm. It comes in the form of a Python Library based on Tensorflow, with pretrained models for 2, 4 and 5 stems separation.
Microsoft Will Release Their Edge Web Browser For Linux — Microsoft announced at their Ignite conference in Seattle that their Edge web-browser will see a Linux release

Episode Ctrl V | User Error 78

7 november 2019 | min

ZFS Isn’t the Only Option | Self-Hosted 5

7 november 2019 | min

OSI Burrito Guy | BSD Now 323

7 november 2019 | min

The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.

Headlines

The Earliest Unix Code: An Anniversary Source Code Release

What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.

2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.

This man sent the first online message 50 years ago

As many of you have heard in the past, the first online message ever sent between two computers was "lo", just over 50 years ago, on Oct. 29, 1969.

It was supposed to say "log," but the computer sending the message — based at UCLA — crashed before the letter "g" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters "in," as in "log in."

The CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA

"The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,"

50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.

Q: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?

A: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.

Well, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.

Q: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?

A: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT&T said it won't work and, even if it does, we want nothing to do with it.

So I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.

Q: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.

A: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.

When the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.

But in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.

Q: Is there any part of you that regrets giving birth to this?

A: Absolutely not. The greater good is much more important.

News Roundup

How to use blacklistd(8) with NPF as a fail2ban replacement

blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.

The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf

Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.

Unfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.

FreeBSD’s handbook chapter on blacklistd

OpenBSD crossed 400,000 commits

Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.

(*) by one measure. Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard. If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.

Subject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020
NetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too

How to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12

Bolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.

Requirements
The system requirements for Bolt are modest, and it should run on any fairly modern web server:
- PHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.
- Access to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.
- Apache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).
- A minimum of 32MB of memory allocated to PHP.

hammer2 - Optimize hammer2 support threads and dispatch

Refactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer. This optimizes several cases and reduces unnecessary IPI traffic between cores. The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.

The best scaling case for this is when one has a large number of user threads doing I/O. One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.

This will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.

This should significantly increase I/O performance for multi-threaded workloads.

You know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys

I've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.

Sigh.

Beastie Bits

Feedback/Questions

Bostjan - Open source doesn't mean secure
Malcolm - Allan is Correct.
Michael - FreeNAS inside a Jail
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Dell, elementary, Fedora, oh my! | LINUX Unplugged 326

5 november 2019 | min

Threat Hunting 101 | Jupiter Extras 30

5 november 2019 | min

Brunch with Brent: A Chat with Martin Wimpress | Jupiter Extras 29

4 november 2019 | min

Linux Action News 130

3 november 2019 | min

It's All About IOPS | TechSNAP 415

31 oktober 2019 | min

A Chat with mergerfs Developer Antonio Musumeci | Jupiter Extras 28

31 oktober 2019 | min

Happy Halloween, 2019! | Jupiter Extras 27

31 oktober 2019 | min

Happy Birthday, Unix | BSD Now 322

31 oktober 2019 | min

Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.

Headlines

Unix is 50

In the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more "portable". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.

Hunting down Ken's PDP-7: video footage found

In my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.

News Roundup

OpenBSD 6.6 Released

Announce: https://marc.info/?l=openbsd-tech&m=157132024225971&w=2
Upgrade Guide: https://openbsd.org/faq/upgrade66.html
Changelog: https://openbsd.org/plus66.html

OPNsense 19.7.5 released

Hello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version

12.1 which is supposed to hit the next 20.1 release. Stay tuned for more infos in the next month or so.

Here are the full patch notes:

system: show all swap partitions in system information widget
system: flatten services_get() in preparation for removal
system: pin Syslog-ng version to specific package name
system: fix LDAP/StartTLS with user import page
system: fix a PHP warning on authentication server page
system: replace most subprocess.call use
interfaces: fix devd handling of carp devices (contributed by stumbaumr)
firewall: improve firewall rules inline toggles
firewall: only allow TCP flags on TCP protocol
firewall: simplify help text for direction setting
firewall: make protocol log summary case insensitive
reporting: ignore malformed flow records
captive portal: fix type mismatch for timeout read
dhcp: add note for static lease limitation with lease registration (contributed by Northguy)
ipsec: add margintime and rekeyfuzz options
ipsec: clear $dpdline correctly if not set
ui: fix tokenizer reorder on multiple saves
plugins: os-acme-client 1.26[1]
plugins: os-bind will reload bind on record change (contributed by blablup)
plugins: os-etpro-telemetry minor subprocess.call replacement
plugins: os-freeradius 1.9.4[2]
plugins: os-frr 1.12[3]
plugins: os-haproxy 2.19[4]
plugins: os-mailtrail 1.2[5]
plugins: os-postfix 1.11[6]
plugins: os-rspamd 1.8[7]
plugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)
plugins: os-telegraf 1.7.6[8]
plugins: os-theme-cicada 1.21 (contributed by Team Rebellion)
plugins: os-theme-tukan 1.21 (contributed by Team Rebellion)
plugins: os-tinc minor subprocess.call replacement
plugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)
plugins: os-virtualbox 1.0 (contributed by andrewhotlab)

Dealing with the misunderstandings of what is GhostBSD

Since the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.

Our official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.

There is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram https://t.me/ghostbsd, but you can also reach us on the forum.

SHUTTLE – VPN over SSH | VPN Alternative

Looking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.

VPN over SSH – sshuttle

sshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.

OpenSSH 8.1 Released

Security
- ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.
- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).
This release includes a number of changes that may affect existing configurations:
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").
New Features
- ssh(1): Allow %n to be expanded in ProxyCommand strings
- ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519"
- ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
- ssh-keygen(1): print key comment when extracting public key from a private key.
- ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too.
- All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.

Beastie Bits

Feedback/Questions

Trenton - Beeping Thinkpad
Alex - Per user ZFS Datasets
- Allan’s old patch from 2015
Javier - FBSD 12.0 + ZFS + encryption

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

KaOS + How We Install Software | Choose Linux 21

30 oktober 2019 | min

DNF or Die | LINUX Unplugged 325

29 oktober 2019 | min

OggCamp 2019 Panel | Jupiter Extras 26

28 oktober 2019 | min

Linux Action News 129

27 oktober 2019 | min

Interview with Security Analyst Lou Stella | Jupiter Extras 25

25 oktober 2019 | min

Episode Blinking Eye Patches | User Error 77

24 oktober 2019 | min

The Joy of Plex with Elan Feingold | Self-Hosted 4

24 oktober 2019 | min

The Robot OS | BSD Now 321

23 oktober 2019 | min

RAMburglars | LINUX Unplugged 324

22 oktober 2019 | min

Our Trip To Texas Cyber Summit | Jupiter Extras 24

21 oktober 2019 | min

Linux Action News 128

20 oktober 2019 | min

Rooting for ZFS | TechSNAP 414

18 oktober 2019 | min

Single Board Computers | Choose Linux 20

16 oktober 2019 | min

Codebase: Neck Deep | BSD Now 320

16 oktober 2019 | min

/*
Title: Episode 320: Codebase: neck deep
Description: FreeBSD on the Google Pixelbook, Porting NetBSD to the AMD x86-64, ZFS performance really does degrade as you approach quota limits, Fixing up KA9Q-unix, HAMMER2 and fsck for review, the return of startx(1) for non-root users, and more.

Tags: freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, google pixelbook, pixelbook, case study, portability, porting, zfs, zfs performance, performance, quota, quota limits, zfs quota, ka9q, unix, hammer2, fsck, startx
Date: 2019-10-16
*/

Headlines

FreeBSD and custom firmware on the Google Pixelbook

FreeBSD and custom firmware on the Google Pixelbook

Back in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\u2019t use the trackpoint much. But this summer I\u2019ve decided that it was time for something newer. I wanted something..

lighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);
with a 3:2 display (why is Lenovo making these Serious Work\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);
with a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);
with USB-C ports;
without a dGPU, especially without an NVIDIA GPU;
assembled with screws and not glue (I don\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);
supported by FreeBSD of course (\u201csome development required\u201d is okay but I\u2019m not going to write big drivers);
how about something with open source firmware, that would be fun.

I was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\u2019s fun. But going back in processor generations just doesn\u2019t feel great. I want something more efficient, not less!

And then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\u2019t every laptop ever doing that?!), the \u201cconvertibleness\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\u2019 stock firmware is coreboot + depthcharge).

So here it is, my new laptop, a Google Pixelbook.

Conclusion

Pixelbook, FreeBSD, coreboot, EDK2 good.

Seriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)

Porting NetBSD to the AMD x86-64: a case study in OS portability

Abstract

NetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.

Portability

Supporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.

General

Generally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.

Types

Assumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.

Conclusions and future work

The port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.

News Roundup

ZFS performance really does degrade as you approach quota limits

Every so often (currently monthly), there is an "OpenZFS leadership meeting". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones.

In the September meeting notes, I read a very interesting (to me) agenda item:
- Relax quota semantics for improved performance (Allan Jude)
- Problem: As you approach quotas, ZFS performance degrades.
- Proposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.

This is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).

Second, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)

With that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.

Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.."

I'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.

Anyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.

So yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.

But! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!

I grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.

HAMMER2 and fsck for review

HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.

[The return of startx(1) for non-root users with some caveats

Mark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:

CVSROOT:    /cvs
Module name:    src
Changes by:    [email protected]    2019/09/15 06:25:41

Modified files:
    etc/etc.amd64  : fbtab 
    etc/etc.arm64  : fbtab 
    etc/etc.hppa   : fbtab 
    etc/etc.i386   : fbtab 
    etc/etc.loongson: fbtab 
    etc/etc.luna88k: fbtab 
    etc/etc.macppc : fbtab 
    etc/etc.octeon : fbtab 
    etc/etc.sgi    : fbtab 
    etc/etc.sparc64: fbtab 

Log message:
Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.

ok jsg@, matthieu@
CVSROOT:    /cvs
Module name:    xenocara
Changes by:    [email protected]    2019/09/15 06:31:08

Modified files:
    xserver/hw/xfree86/common: xf86AutoConfig.c 

Log message:
Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.

This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).

ok jsg@, matthieu@

Beastie Bits

Feedback/Questions

Tim - GSoC project ideas for pf rule syntax translation
Brad - Steam on FreeBSD
Ruslan - FreeBSD Quarterly Status Report - Q2 2019

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

What is a Container? | Jupiter Extras 23

16 oktober 2019 | min

It's Pronounced 19.10 | LINUX Unplugged 323

15 oktober 2019 | min

A Chat with Allan Jude | Jupiter Extras 22

15 oktober 2019 | min

Linux Action News 127

13 oktober 2019 | min

Richard Stallman's GNU leadership is challenged by an influential group of maintainers, SUSE drops OpenStack "for the customer," and Google claims Stadia will be faster than a gaming PC.

Plus OpenLibra aims to save us from Facebook but already has a miss, lousy news for Telegram, and enormous changes for AMP.

Links:

FSF and GNU — GNU decision-making has largely been in the hands of GNU leadership. Since RMS resigned as president of the FSF, but not as head of GNU ("Chief GNUisance"), the FSF is now working with GNU leadership on a shared understanding of the relationship for the future.
Joint statement on the GNU Project — Yet, we must also acknowledge that Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to.
No radical changes in GNU Project — As Chief GNUisance, I'd like to reassure the community that there won't be any radical changes in the GNU Project's goals, principles and policies.
SUSE is dropping OpenStack and embracing Kubernetes — As we make these bold customer-driven investments and in order to maximize these opportunities, SUSE has carefully reviewed its business and has decided to cease production of new versions of SUSE OpenStack Cloud and to discontinue sales of SUSE OpenStack Cloud.
AMP is joining the OpenJS Foundation incubation program — After considering many options for a foundation that meets all of AMP’s needs, the OpenJS Foundation stood out as an ideal home for AMP.
Google Stadia will be “faster and more responsive” than local gaming hardware — Thanks to some precog trickery, Google believes its streaming system will be faster than the gaming systems of the near-future, no matter how powerful they may become.
Atari VCS architect quits project, claims he hasn’t been paid for six months — Retro console a mess, may never launch, sources allege
Atari disputes reports that its retro-inspired console is doomed
Open Libra — An open platform for financial inclusion. Not run by Facebook.
'Members' of OpenLibra Disavow Project Days After Its Devcon Unveiling
Facebook’s Libra Association crumbling

Ghost, Meat, or Block? | User Error 76

10 oktober 2019 | min

Home Network Under $200 | Self-Hosted 3

10 oktober 2019 | min

Lack Rack, Jack | BSD Now 319

9 oktober 2019 | min

Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.

Headlines

Causing ZFS corruption for fun and profit

Datto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.

Causing Corruption

Since this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.

Conclusion

At the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.

To others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.

NetBSD Assembly Programming Tutorial

A sparc64 version is also being prepared and will be added when done

This post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT&T syntax instead of Intel.

Why assembly?

Why not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs

Due to the nature of the guide, visit the site for the complete breakdown

News Roundup

The IKEA Lack Rack for Servers

The LackRack

First occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.

The LackRack will certainly make its appearance again this summer at eth0:2010 Summer.

Summary

When temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19" server racks.

The LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19" hardware, such as switches (see below), or perhaps other 19" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!

Howto

You can find a howto on buying a LackRack on this page. This includes the proof that a 19" switch can indeed be placed in the LackRack in its natural habitat!

OmniOS Community Edition r151030 LTS - Published at May 6, 2019

The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.

OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.

This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.

If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.

For full relase notes including upgrade instructions;
release notes
upgrade instructions

List Block Devices on FreeBSD lsblk(8) Style

When I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.

Example lsblk(8) output from Linux system:

$ lsblk
NAME                         MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT
sr0                           11:0    1  1024M  0 rom
sda                            8:0    0 931.5G  0 disk
|-sda1                         8:1    0   500M  0 part   /boot
`-sda2                         8:2    0   931G  0 part
  |-vg_local-lv_root (dm-0)  253:0    0    50G  0 lvm    /
  |-vg_local-lv_swap (dm-1)  253:1    0  17.7G  0 lvm    [SWAP]
  `-vg_local-lv_home (dm-2)  253:2    0   1.8T  0 lvm    /home
sdc                            8:32   0 232.9G  0 disk
`-sdc1                         8:33   0 232.9G  0 part
  `-md1                        9:1    0 232.9G  0 raid10 /data
sdd                            8:48   0 232.9G  0 disk
`-sdd1                         8:49   0 232.9G  0 part
  `-md1                        9:1    0 232.9G  0 raid10 /data

What FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all > < characters to ] [ ones in the commands outputs.

See the article for the rest of the guide

Project Trident 19.10 Now Available

This is a general package update to the CURRENT release repository based upon TrueOS 19.10

PACKAGE CHANGES FROM 19.08
- New Packages: 601
- Deleted Packages: 165
- Updated Packages: 3341

Beastie Bits

Feedback/Questions

Evilham - Couple Questions
Rob - APU2 alternatives and GPT partition types
Tom - FreeBSD journal article by A. Fengler

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

A Chat with Angela Fisher | Jupiter Extras 21

9 oktober 2019 | min

Just Enough VPN | LINUX Unplugged 322

8 oktober 2019 | min

Operation Safe Escape | Jupiter Extras 20

7 oktober 2019 | min

Linux Action News 126

6 oktober 2019 | min

The Coffee Shop Problem | TechSNAP 413

3 oktober 2019 | min

Reverse Proxy Basics | Jupiter Extras 19

3 oktober 2019 | min

Android-x86 + First steps into the cloud | Choose Linux 19

2 oktober 2019 | min

The TrueNAS Library | BSD Now 318

2 oktober 2019 | min

DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.

Headlines

DragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X

For those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.

Back in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything "just worked" without any compatibility issues for either of these BSDs.

We've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.

For comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.

All of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.

JFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives

iXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.

Having first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection.

Not only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process. The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.

With precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes.

Youtube Video

News Roundup

FreeBSD 12.1-beta available

FreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.

FreeBSD 12.1 has many security/bug fixes throughout, no longer enables "-Werror" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.

For those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.

The FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.

Announcement Link

Cool, but obscure X11 tools. More suggestions in the source link

ASClock
Free42
FSV2
GLXGears
GMixer
GVIM
Micropolis
Sunclock
Ted
TiEmu
X026
X48
XAbacus
XAntfarm
XArchiver
XASCII
XBiff
XBill
XBoard
XCalc
XCalendar
XCHM
XChomp
XClipboard
XClock
XClock/Cat Clock
XColorSel
XConsole
XDiary
XEarth
XEdit
Xev
XEyes
XFontSel
XGalaga
XInvaders 3D
XKill
XLennart
XLoad
XLock
XLogo
XMahjongg
XMan
XMessage
XmGrace
XMixer
XmMix
XMore
XMosaic
XMOTD
XMountains
XNeko
XOdometer
XOSView
Xplore
XPostIt
XRoach
XScreenSaver
XSnow
XSpread
XTerm
XTide
Xv
Xvkbd
XWPE
XZoom

vBSDCon 2019 trip report from iXSystems

The fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.

Project Trident 12-U7 now available

Package Summary
- New Packages: 130
- Deleted Packages: 72
- Updated Packages: 865
Stable ISO - https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso

A Couple new Unix Artifacts

I fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.

So I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:

by two large organisations
of great significance to Unix history
who want me to keep "mum" about them
as they are going to make announcements about them soon*

and I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)

Cheers, Warren

* for some definition of "soon"

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Fresh Install Feels | LINUX Unplugged 321

1 oktober 2019 | min

Linux Action News 125

29 september 2019 | min

CentOS Stream and 8 have quite a bit for us to talk about, Docker's struggles go public, and the GNOME Foundation is facing a patent fight.

Plus the best bit of Android 10 Go, Microsoft gives serious thought to bringing Edge to Linux, and Stallman's role at GNU comes into question.

Links:

CentOS 8 Released — Hello and welcome to the first CentOS-8 release. The CentOS Linux distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL)
Presenting CentOS Stream — CentOS Stream will be a rolling-release Linux distro that exists as a midstream between the upstream development in Fedora Linux and the downstream development for Red Hat Enterprise Linux (RHEL). It is a cleared-path to contributing into future minor releases of RHEL while interacting with Red Hat and other open source developers. This pairs nicely with the existing contribution path in Fedora for future major releases of RHEL.`
Transforming the development experience within CentOS
Fedora and CentOS Stream — There’s not really been a consistent flow between the projects and product at all.
Docker is struggling financially — Docker CEO Rob Bearden sent an email to employees this week acknowledging challenges as the company tries to raise money.
GNOME Foundation facing lawsuit — The GNOME Foundation has been made aware of a lawsuit from Rothschild Patent Imaging, LLC over patent 9,936,086. Rothschild allege that Shotwell, a free and open source personal photo manager infringes this patent.
Donate to GNOME
QR Code Patent Troll Sues Dickey’s Barbecue
Google announces Android 10 (Go edition) — Android 10 (Go edition) includes a new form of encryption, built by Google for entry-level smartphones, called Adiantum.
Gallery Go by Google Photos - Apps on Google Play
Android: Try OTA updates without committing — That’s why they unveiled Dynamic System Updates (DSU) in Android 10 to let developers try a barebones version of a new OS update without unlocking the bootloader or wiping data.
Sean Larkin on Twitter — "🚨🔥We on the @MSEdgeDev team are fleshing out requirements to bring Edge to Linux, and we need your help w/ some assumptions!🚨🔥 If you're a dev who depends on Linux for dev, testing, personal browsing, pleasetake a second to fill out this survey! 📝 https://t.co/PCerGONmCG" / Twitter
Stallman intends to keep leading GNU — I am still the head of the GNU Project (the Chief GNUisance), and I intend to continue as such.
Stallman changes his mind and quits GNU leadership role? — I hereby step down as head of the GNU Project, effective immediately.
Richard Stallman Reportedly Steps Down As Head Of The GNU Project

A Chat with Christophe Limpalair | Jupiter Extras 18

27 september 2019 | min

Memelord | User Error 75

26 september 2019 | min

Why Self-Host? | Self-Hosted 2

26 september 2019 | min

Bots Building Jails | BSD Now 317

25 september 2019 | min

Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.

Headlines

EuroBSDcon 2019 Recap

We’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of tutorials, parallel to the FreeBSD Devsummit, followed by two days of talks. Some speakers uploaded their slides to papers.freebsd.org already with more to come.

The social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.

The opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.

Setting up buildbot in FreeBSD jails

In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.

Setting up a mail server with OpenSMTPD, Dovecot and Rspamd

Self-hosting and encouraging smaller providers is for the greater good

First of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.

It doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.

There is nothing wrong with Random Joes using a service that works.

What is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.

News Roundup

The HamBSD project aims to bring amateur packet radio to OpenBSD

The HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.

HamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.

The amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).

DragonFlyBSD's HAMMER2 Gets Basic FSCK Support

HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.

commit

Add initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying.

Keep this as a separate command for now.
https://i.redd.it/vkdss0mtdpo31.jpg

The return of startx for users

Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.

This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Self-Hosted Production Meeting | Jupiter Extras 17

25 september 2019 | min

RHELhide | LINUX Unplugged 320

24 september 2019 | min

CentOS goes rolling and announces version 8. Find out why we're excited to take a dip in this stream.

Plus we review what might just be your next Linux laptop, and explain why systemd is coming for your /home.

Special Guest: Neal Gompa.

Links:

Ubuntu Touch on the Pinebook
CentOS 8.1905 — Hello and welcome to the first CentOS-8 release. The CentOS Linux distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL).
CentOS Stream — CentOS Stream will be a rolling-release Linux distro that exists as a midstream between the upstream development in Fedora Linux and the downstream development for Red Hat Enterprise Linux (RHEL). It is a cleared-path to contributing into future minor releases of RHEL while interacting with Red Hat and other open source developers. This pairs nicely with the existing contribution path in Fedora for future major releases of RHEL.
Transforming the development experience within CentOS — The CentOS Stream project sits between the Fedora Project and RHEL in the RHEL Development process, providing a "rolling preview" of future RHEL kernels and features. This enables developers to stay one or two steps ahead of what’s coming in RHEL, which was not previously possible with traditional CentOS releases
Reinventing Home Directories — The concept of home directories on Linux/UNIX has little changed in the last 39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more.
Twitch Becomes Premiere Sponsor of the OBS Project | OBS — We are excited to announce that Twitch is now officially sponsoring my work on the OBS Project! Since 2012 we've maintained a great relationship with Twitch and their engineers. They've always been good to us, and we've always helped each other whenever needed. Twitch has always been one of the biggest supporters of our project, and now it's official.
Free Courses at Linux Academy — On September 17th Linux Torvald first released the Linux Operating System Kernel on September 17th, 1991 so we are celebrating by offering free training for you to increase your Linux Skills.
Texas Cyber Summit — October 10th to the 12th in San Antonio Texas.
Unofficial Hacker Family Dinner & Unbirthday Party | Meetup — Join Chris, Wes, Chz and Ell for a meet and greet with fellow Texas Cyber Summit attendees and a belated celebration of Ell and Allie's Birthdays! There will be good food, good friends, and we hope some good conversation.
System76 Adder Workstation — For content creators, researchers, and gamers.
Adder WS Quickstart Guide
Sys76addws-memspeed Benchmarks
Sys76AdderWS-fio Benchmarks
Sys76AdderWS-graphics-magick Benchmarks
Clevo PB50RC-G
Starship Is A Minimal And Fast Shell Prompt Written In Rust - Linux Uprising Blog
Starship — The cross-shell prompt for astronauts

Texas Cyber Summit | Jupiter Extras 16

23 september 2019 | min

Linux Action News 124

22 september 2019 | min

A Chat with Ell Marquez | Jupiter Extras 15

20 september 2019 | min

Too Good To Be True | TechSNAP 412

19 september 2019 | min

Introducing New People to Linux | Choose Linux 18

18 september 2019 | min

git commit FreeBSD | BSD Now 316

18 september 2019 | min

NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.

Headlines

LLVM santizers and GDB regression test suite.

As NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.

I have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.

NetBSD distribution changes

I have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).

The following changes were committed to the sources:
- ab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers
- 966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build
- 8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data
- fe72740f64bf fsck: Stop defining the same variable concurrently in bss and data
- 40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER
- b71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER
- c581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER
- 030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER
- fd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER
- 5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data
- 5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot
- d134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk
- 2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER
- ce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7
- 7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7
- d8671fba7a78 Set NODEBUG for LLVM sanitizers
- 242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER
- 5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers
- e7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers
- 231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers
- 8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers
- 81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers
- a472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c
- 7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer
- 921ddc9bc97c Set NOSANITIZER in i386 ramdisk image
- 64361771c78d Enhance MKSANITIZER support
- 3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests
- c27f4619d513 Avoids signedness bit shift in db_get_value()
- 680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)
- 4ecfbbba2f2a Rework the LLVM compiler_rt build rules
- 748813da5547 Correct the build rules of LLVM sanitizers
- 20e223156dee Enhance the support of LLVM sanitizers
- 0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files
- Almost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.

Homura - a Windows Games Launcher for FreeBSD

Inspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.

Makes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you
Dependencies
- curl
- bash
- p7zip
- zenity
- webfonts
- alsa-utils (Optional)
- winetricks
- vulkan-tools
- mesa-demos
- i386-wine-devel on amd64 or wine-devel on i386

News Roundup

Ada—The Language of Cost Savings?

Many myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.

Chris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”

In general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.

FreeBSD core team appoints a WG to explore transitioning from Subversion to Git.

The FreeBSD Core Team is the governing body of FreeBSD.

Core approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).

The annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.

The core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.

There is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.

OpenBSD 6.6 Beta tagged

CVSROOT:    /cvs
Module name:    src
Changes by:    [email protected]    2019/08/09 21:56:02

Modified files:
    etc/root : root.mail
    share/mk : sys.mk
    sys/arch/macppc/stand/tbxidata: bsd.tbxi
    sys/conf : newvers.sh
    sys/sys : param.h
    usr.bin/signify: signify.1

Log message:
move to 6.6-beta

Preliminary release notes

Improved hardware support, including:

clang(1) is now provided on powerpc.
IEEE 802.11 wireless stack improvements:
Generic network stack improvements:
Installer improvements:
Security improvements:
+ Routing daemons and other userland network improvements
+ The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.
+ bgdp(8) improvements
+ Assorted improvements:
+ The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.
The BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).
Support for specifying boot device in vm.conf(5).
OpenSMTPD 6.6.0
LibreSSL 3.0.X
API and Documentation Enhancements
Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.
Documented undescribed options and removed unfunctional options description in openssl(1) manual.
OpenSSH 8.0

Project Trident 12-U5 update now available

This is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.

Package changes from Stable 12-U4
Package Summary
- New Packages: 20
- Deleted Packages: 24
- Updated Packages: 279
New Packages (20)
- artemis (biology/artemis) : 17.0.1.11
- catesc (games/catesc) : 0.6
- dmlc-core (devel/dmlc-core) : 0.3.105
- go-wtf (sysutils/go-wtf) : 0.20.0_1
- instead (games/instead) : 3.3.0_1
- lidarr (net-p2p/lidarr) : 0.6.2.883
- minerbold (games/minerbold) : 1.4
- onnx (math/onnx) : 1.5.0
- openzwave-devel (comms/openzwave-devel) : 1.6.897
- polkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8
- py36-traitsui (graphics/py-traitsui) : 6.1.2
- rubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1
- rubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0
- rubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0
- rubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9
- sems (net/sems) : 1.7.0.g20190822
- skypat (devel/skypat) : 3.1.1
- tvm (math/tvm) : 0.4.1440
- vavoom (games/vavoom) : 1.33_15
- vavoom-extras (games/vavoom-extras) : 1.30_4
Deleted Packages (24)
- geeqie (graphics/geeqie) : Unknown reason
- iriverter (multimedia/iriverter) : Unknown reason
- kde5 (x11/kde5) : Unknown reason
- kicad-doc (cad/kicad-doc) : Unknown reason
- os-nozfs-buildworld (os/buildworld) : Unknown reason
- os-nozfs-userland (os/userland) : Unknown reason
- os-nozfs-userland-base (os/userland-base) : Unknown reason
- os-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason
- os-nozfs-userland-bin (os/userland-bin) : Unknown reason
- os-nozfs-userland-boot (os/userland-boot) : Unknown reason
- os-nozfs-userland-conf (os/userland-conf) : Unknown reason
- os-nozfs-userland-debug (os/userland-debug) : Unknown reason
- os-nozfs-userland-devtools (os/userland-devtools) : Unknown reason
- os-nozfs-userland-docs (os/userland-docs) : Unknown reason
- os-nozfs-userland-lib (os/userland-lib) : Unknown reason
- os-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason
- os-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason
- os-nozfs-userland-rescue (os/userland-rescue) : Unknown reason
- os-nozfs-userland-sbin (os/userland-sbin) : Unknown reason
- os-nozfs-userland-tests (os/userland-tests) : Unknown reason
- photoprint (print/photoprint) : Unknown reason
- plasma5-plasma (x11/plasma5-plasma) : Unknown reason
- polkit-qt5 (sysutils/polkit-qt) : Unknown reason
- secpanel (security/secpanel) : Unknown reason

Beastie Bits

Feedback/Questions

Reinis - GELI with UEFI
Mason - Beeping

[CHVT feedback]
DJ - Feedback
Ben - chvt
Harri - Marc's chvt question

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Positive in the Freedom Dimension | LINUX Unplugged 319

17 september 2019 | min

Richard Stallman has resigned as president and director of the Free Software Foundation, and that's just one of the major shifts this week.

Also what makes Manjaro unique? We chat with one of the founders and find out why it's much more than a desktop environment.

Special Guests: Alex Kretzschmar, Bernhard Landauer, Brent Gervais, and Neal Gompa.

Links:

Richard Stallman Resigns — On September 16, 2019, Richard M. Stallman, founder and president of the Free Software Foundation, resigned as president and from its board of directors.
GNOME relationship with GNU and the FSF – Liberal Murmurs — In my capacity as the Executive Director of the GNOME Foundation, I have also written to the FSF. One of the most important parts of my role is to think of the well being of our community and the GNOME mission. One of the GNOME Foundation’s strategic goals is to be an exemplary community in terms of diversity and inclusion. I feel we can’t continue to have a formal association with the FSF or the GNU project when its main voice in the world is saying things that hurt this aim.
balena releases first fully functional 64-bit OS for the Raspberry Pi 4 — Today, we are excited to announce the release of 64-bit balenaOS for the Raspberry Pi 4, providing support for the full 4GB of memory and allowing the simultaneous, side-by-side running of 32-bit and 64-bit Docker containers - a first for the Raspberry Pi 4!
Nextcloud 17 scales up and improves data protection with Remote Wipe, collaborative text editor, 2FA updates, IBM Spectrum Scale support and Global Scale improvements – Nextcloud — Fresh from the Nextcloud conference stage, we are proud to announce a major release of Nextcloud, the easiest solution for secure, on-premises collaboration on documents, calendars and communication! Nextcloud 17 will introduce a series of secure collaboration features including a collaborative text editor, remote wipe, updated secure view, improved two-factor-authentication and easier access than ever with deeper integration of large-scale storage like S3 and IBM Spectrum Scale.
PowerShell on GitHub
PowerShellOnLinux - Home — Our Site is focused on everything PowerShell regardless of which OS you are running but we are specifically focused on Linux and Mac.
PowerShellOnLinux - FavoriteModules — Below you will find a list of PowerShell Modules that we've found useful.
PowerShellOnLinux on Twitter
DM on Twitter
Free Courses at Linux Academy — September 2019 — On September 17th Linux Torvald first released the Linux Operating System Kernel on September 17th, 1991 so we are celebrating by offering free training for you to increase your Linux Skills.
Texas Cyber Summit — October 10th to 12th in San Antonio, Texas.
Linux Headlines — Linux and open source headlines every weekday, in under 3 minutes.
Self-Hosted 1: The First One — You've been wanting to host a Nextcloud instance (or anything else) for your family for a while now. Where on Earth do you start? We share some hard learned lessons about self-hosting, discuss the most important things to consider when building a home server, and Chris gives Alex a hard time about Arch as a Server OS.
Unofficial Hacker Family Dinner & Unbirthday Party | Meetup — Join Chris, Wes, Chz and Ell for a meet and greet with fellow Texas Cyber Summit attendees and a belated celebration of Ell and Allie's Birthdays! There will be good food, good friends, and we hope some good conversation.
Manjaro - enjoy the simplicity — Manjaro is a professionally made Linux based operating system that is a suitable replacement for Windows or MacOS. Multiple Desktop Environments are available through our Official and Community editions. We also work with manufacturers to design dedicated hardware. Visit the shop for more information.
ClipGrab — A friendly downloader for YouTube and other sites
Linux 5.3 - Linux Kernel Newbies
Linux 5.4 Cycle To Begin With exFAT Driver, EPYC Improvements & New GPU Support — Finally there will be mainline exFAT support for that Microsoft file-system with it finally being blessed to be supported under Linux/open-source. The exFAT driver still has a lot of improvements to go (the current code quality has been called horrible) but is already making progress within staging.

PowerShell on Linux | Jupiter Extras 14

17 september 2019 | min

The Grey Havens | Coder Radio 375

16 september 2019 | min

Linux Action News 123

15 september 2019 | min

The Story Behind our Daily Linux Podcast | Jupiter Extras 13

13 september 2019 | min

Splitting Fun and Profit | User Error 74

12 september 2019 | min

The First One | Self-Hosted 1

12 september 2019 | min

Recapping vBSDcon 2019 | BSD Now 315

11 september 2019 | min

vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.

Headlines

vBSDcon Recap

Allan and Benedict attended vBSDcon 2019, which ended last week.

It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.

The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.

If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week

John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” abstract and the recent commit we covered in episode 313.

Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.

David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.

Shawn Webb followed with his overview talk about the “State of the Hardened Union”.

Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.

Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.

People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts.

Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.

Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.

“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.

Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.

Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.

A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.

We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!

humungus - an hg server

Features
- View changes, files, changesets, etc. Some syntax highlighting.
- Read only.
- Serves multiple repositories.
- Allows cloning via the obvious URL. Supports go get.
- Serves files for downloads.
- Online documentation via mandoc.
- Terminal based admin interface.

News Roundup

OpenBSD on fan-less Tuxedo InfinityBook 14″ v2.

The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).

I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.

The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.

See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader

Unix at 50: How the OS that powered smartphones started from failure

Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.

It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.

Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”

Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.

Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.

Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.

Some of Allan’s favourite excerpts:

In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.

And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.

With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.

McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.

It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”

Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.

Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.

In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.

Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.

By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.

It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.

The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.

The rest has quite literally made tech history.

See the link for the rest of the article

How to configure a network dump in FreeBSD?

A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.

So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.

Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client.

See the link for the rest of the article

Beastie Bits

Feedback/Questions

BostJan - Another Question
Tom - PF
JohnnyK - Changing VT without keys

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

A Chat with Wes Payne | Jupiter Extras 12

11 september 2019 | min

Manjaro Levels Up | LINUX Unplugged 318

10 september 2019 | min

It’s official, Manjaro is a legitimate business; so what happens next? We chat with Phil from the project about the huge news.

Plus we share some big news of our own, and the strange feels we get from Chrome OS.

Special Guests: Brent Gervais, Ell Marquez, and Philip Muller.

Links:

Kate Planning — Whereas Kate already works well as a general purpose editor, the competition in the text editor space got more intense in the last years. For example Sublime, Atom and Visual Studio Code are things to keep an eye on feature & polishing wise.
Free software advocate Richard Stallman spoke at Microsoft Research this week | ZDNet — Stallman gave a "mostly standard talk," covering the importance of free software, GPL v3, GNU vs. Linux. He added that "he had a list of 'small requests': make Github push users to better software license hygiene, make hardware manufacturers to publish their hardware specs, make it easier to workaround Secure Boot."
Microsoft hosts first Windows Subsystem for Linux conference | ZDNet — Hayden Barnes, founder of Whitewater Foundry, a startup focusing on Windows Subsystem for Linux (WSL) announced WSLconf 1, the first community conference for WSL.
Manjaro is taking the next step - Announcements - Manjaro Linux Forum — On July 8th, Philip and Bernhard met together with the CEO of Blue Systems to officially found this business entity. As a result, Bernhard and Philip will now be able to commit full-time to Manjaro, while Blue Systems will take a role as an advisor.
Manjaro CommunityBridge
Self-Hosted — Discover new software and hardware to get the best out of your network, control smart devices, and secure your data on cloud services. Self-Hosted is a chat show between Chris and Alex two long-time "self-hosters" who share their lessons and take you on the journey of their new ones.
Linux Headlines — Linux and open source headlines every weekday, in under 3 minutes.
Free Courses at Linux Academy — September 2019 — On September 17th Linux Torvald first released the Linux Operating System Kernel on September 17th, 1991 so we are celebrating by offering free training for you to increase your Linux Skills.
Texas Cyber Summit — October 10th-12th 2019 in San Antonio Texas
Texas Cyber Summit Telegram Group
Unofficial Hacker Family Dinner & Unbirthday Party — Join Chris, Wes, Chz and Ell for a meet and greet with fellow Texas Cyber Summit attendees and a belated celebration of Ell and Allie's Birthdays! There will be good food, good friends, and we hope some good conversation.
LINUX Unplugged 296: Defining Desktop Linux — "[...] a desktop linux operating system where you are able to download the source code for the current version of the kernel, compile it, install it, reboot and boot off the kernel you just compiled and built. If you can't do that, it is not desktop linux." - Wimpy
Linux for Chromebooks could get an installation menu for different distros – About Chromebooks — A Crostini user recently submitted a feature request to provide more options, such as Ubuntu, Fedora or theoretically, any Linux distro that Google could possibly offer.
Google Launches Chrome OS, Says Windows is 'Torturing Users' | CIO — Google co-founder Sergey Brin said Windows and other traditional PC operating systems are "torturing users" at Google's Chrome OS launch event Wednesday, where the company claimed 75% of business users can be converted from Windows to Chrome OS right away.
Elgan: Why Chromebooks will fail | Computerworld
In the Clouds: Inventing Chromebook — While working for Google back in 2006, I had the good fortune to create a new operating system.
dnschneid/crouton: Chromium OS Universal Chroot Environment
Chromebooks can now run Linux in a Chrome OS window – Gigaom — This is cool: Chromebook users can now run their favorite Linux distribution within a window right on their Chrome OS desktop. Google’s own happiness evangelist François Beaufort revealed with a Google+ post Tuesday that Chromebook oners who have set their device in developer mode can download special Crouton Chrome extension to run Linux without being forced to switch back and forth between the two operating systems.
The Google Play store, coming to a Chromebook near you
A new generation of Chromebooks, designed to work with millions of apps
LINUX Unplugged Episode 248: Contain All The Things — Chrome OS is officially getting full-fledged Linux apps, and we ponder if this is truly a win for Linux.
You can now run Linux apps on Chrome OS | TechCrunch — For the longest time, developers have taken Chrome OS machines and run tools like Crouton to turn them into Linux-based developer machines. That was a bit of a hassle, but it worked. But things are getting easier. Soon, if you want to run Linux apps on your Chrome OS machine, all you’ll have to do is switch a toggle in the Settings menu. That’s because Google is going to start shipping Chrome OS with a custom virtual machine that runs Debian Stretch, the current stable version of the operating system.
Chrome OS Stable Channel Gets Linux Apps | Linux Journal
Neverware — Whether you’re a business, a school, or a home user, CloudReady OS is the fast, easy way to convert your hardware to the security and manageability of Google's Chrome ecosystem.
chromefy — Transforming Chromium to Chrome
Brunch with Brent: A Chat with Drew DeVore — Brent sits down with Drew DeVore, Jupiter Broadcasting's latest addition to the Audio Editing Engineer team and cohost of Choose Linux. We chat shoes, his love for linux, adventures in audio, and why JB feels like home.

Python's Long Tail | Coder Radio 374

9 september 2019 | min

As Python 2's demise draws near we reflect on Python's popularity, the growing adoption of static typing, and why the Python 3 transition took so long.

Plus Apple's audacious app store tactics, Google's troubles with Typescript, and more!

Links:

Correction: macOS and Zsh — I believe the new macOS Catalina shell is zsh.
Feedback: What about Perl 6? — Last episode (373) that's on about shell scripting, interpreted languages, repl & cli, made me think about Perl 6.
Feedback: Pry and a Pick — In the previous episode I was amazed to hear that Mike had never used pry before! It's one of the first things I show off to people when introducing them to Ruby.
Feedback: Learning Web Dev — I feel woefully unready and I was wondering if either of you had suggestions for structured content around web dev/design that I could use to augment my learning? I've been using Pluralsight, which is great, and I'd be curious to know what else you might suggest.
Google feedback on TypeScript 3.5 — We know and expect every TypeScript upgrade to involve some work. For example, improvements to the standard library are expected and welcomed by us, even though they may mean removing similar but incompatible definitions from our own code base. However, TypeScript 3.5 was a lot more work for us than other recent TypeScript upgrades.
Apple has copied some of the most popular apps in the App Store for its iPhone, iPad and other software updates - The Washington Post — Apple plans this month to incorporate some of Clue’s core functionality such as fertility and period prediction into its own Health app that comes pre-installed in every iPhone and is free — unlike Clue, which is free to download but earns money by selling subscriptions and services within its app. Apple’s past incorporation of functionality included in other third-party apps has often led to their demise.
How Apple’s Apps Topped Rivals in the App Store It Controls - The New York Times — But as Apple has become one of the largest competitors on a platform that it controls, suspicions that the company has been tipping the scales in its own favor are at the heart of antitrust complaints in the United States, Europe and Russia.
Sunsetting Python 2 | Python.org — We have decided that January 1, 2020, will be the day that we sunset Python 2. That means that we will not improve it anymore after that day, even if someone finds a security problem in it. You should upgrade to Python 3 as soon as you can.
Python 2.7 Countdown
Porting Python 2 Code to Python 3
Our journey to type checking 4 million lines of Python | Dropbox Tech Blog — Dropbox is a big user of Python. It’s our most widely used language both for backend services and the desktop client app (we are also heavy users of Go, TypeScript, and Rust). At our scale—millions of lines of Python—the dynamic typing in Python made code needlessly hard to understand and started to seriously impact productivity. T
ProjectPSX: Experimental C# Playstation Emulator — ProjectPSX is a C# coded emulator of the original Sony Playstation (Playstation 1/PS1/PSX)
junegunn/fzf — fzf is a general-purpose command-line fuzzy finder.

Linux Action News 122

8 september 2019 | min

Mobile Security Mistakes | TechSNAP 411

5 september 2019 | min

We take a look at a few recent zero-day vulnerabilities for iOS and Android and find targeted attacks, bad assumptions, and changing markets.

Plus what to expect from USB4 and an upcoming Linux scheduler speed-up for AMD's Epyc CPUs.

Links:

Google says hackers have put ‘monitoring implants’ in iPhones for years | Technology | The Guardian — Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
Project Zero: A very deep dive into iOS Exploit chains found in the wild — We discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.
Project Zero: In-the-wild iOS Exploit Chain 1 — This exploit provides evidence that these exploit chains were likely written contemporaneously with their supported iOS versions; that is, the exploit techniques which were used suggest that this exploit was written around the time of iOS 10. This suggests that this group had a capability against a fully patched iPhone for at least two years.
Project Zero: In-the-wild iOS Exploit Chain 3 — It’s difficult to understand how this error could be introduced into a core IPC library that shipped to end users. While errors are common in software development, a serious one like this should have quickly been found by a unit test, code review or even fuzzing.
Project Zero: JSC Exploits — In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS.
Project Zero: Implant Teardown — There is no visual indicator on the device that the implant is running. There's no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system. The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds.The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage.
iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources — Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China.
Google's Shocking Decision To Ignore A Critical Android Vulnerability In Latest Security Update — Despite immediately acknowledging the vulnerability and confirming in June that it will be fixed, Google had not provided an estimated time frame for the patch.
Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn | Threatpost — “In the unlikely event an attacker succeeds in exploiting this bug, they would effectively have complete control over the target device,” he told Threatpost. Once an attacker obtains escalated privileges, “it means they could completely take over a device if they can convince a user to install and run their application,”
Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED — "During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we've recently started refusing some them"
Linux 5.4 Kernel To Bring Improved Load Balancing On AMD EPYC Servers — The scheduler topology improvement by SUSE's Matt Fleming changes the behavior as currently it turns out for EPYC hardware the kernel has failed to properly load balance across NUMA nodes on different sockets.
USB4 is coming soon and will (mostly) unify USB and Thunderbolt | Ars Technica — The USB Implementers Forum published the official USB4 protocol specification. If your initial reaction was "oh no, not again," don't worry—the new spec is backward-compatible with USB 2 and USB 3, and it uses the same USB Type-C connectors that modern USB 3 devices do.

Librem 5 Unplugged | Jupiter Extras 11

5 september 2019 | min

Hardware hacking basics, Slackel + OSCAR | Choose Linux 17

4 september 2019 | min

Swap that Space | BSD Now 314

4 september 2019 | min

Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.

Headlines

What has to happen with Unix virtual memory when you have no swap space

Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):

Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]

I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.

To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.

See link for the rest of the article

Dsynth details on Dragonfly

First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.

Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes.

dsynth

DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).

The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.

The intent is to make dsynth compatible with synth's configuration files and directory structure.

This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).

dsynth code

News Roundup

Instant Workstation

Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.

So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.

The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.

In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.

Here is the script in my GitHub repository with notes-for-myself.

New Servers, new Tech

Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure.

New servers in the colo, monster is being retired

We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency.

With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.

Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be.

But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.

I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.

Experimenting with streaming setups on NetBSD

Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.

Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.

My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.

NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support

Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.

Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.

These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.

Those curious about this DRM ioctl GSoC project can learn more from the NetBSD blog. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.

Beastie Bits

Feedback/Questions

Alan - Questions
Rodriguez - Feedback and a question
Jeff - OpenZFS follow-up, FreeBSD Adventures

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

A Chat with Drew DeVore | Jupiter Extras 10

4 september 2019 | min

Performance Picks for Kicks | LINUX Unplugged 317

3 september 2019 | min

We take a trip to visit Level1Tech's Wendell Wilson and come back with some of his performance tips for a smoother Linux desktop.

Plus the story behind exFAT coming to Linux, and the big desktop performance improvements landing next week.

Special Guests: Alex Kretzschmar, Brent Gervais, Cassidy James Blaede, Drew DeVore, and Ell Marquez.

Links:

XKCD Forum Hacked — The security breach occurred two months ago, according to security researcher Troy Hunt who alerted the company of the incident, with unknown hackers stealing around 562,000 usernames, email and IP addresses, as well as hashed passwords.
Examining exFAT — Linux kernel developers like to get support for new features — such as filesystem types — merged quickly. In the case of the exFAT filesystem, that didn't happen; exFAT was created by Microsoft in 2006 for use in larger flash-storage cards, but there has never been support in the kernel for this filesystem. Microsoft's recent announcement that it wanted to get exFAT support into the mainline kernel would appear to have removed the largest obstacle to Linux exFAT support. But, as is so often the case, it seems that some challenges remain.
Waypipe Is Successfully Working For This Network-Transparent Wayland Apps/Games Proxy — Waypipe development was successful this summer by student developer Manuel Stoeckl who was working on the effort as part of this year's Google Summer of Code (GSoC). Waypipe is successfully working now for running Wayland games/applications over the network using this proxy mechanism and supports features like compression, multi-threading optimizations, and hardware-accelerated VA-API for video encode/decode across the network.
GSOC 2019 - M. Stoeckl's website — Waypipe supports many quality of life features, including a user-friendly command line wrapper for ssh, hardware accelerated video encoding, transfer compression with either LZ4 or Zstd, and a method to reconnect applications when the ssh connection breaks. With more recent kernels and versions of Mesa that support DMABUFs (GPU-side buffers), it can proxy programs that render images using OpenGL.
What to Expect in GNOME 3.34, Out Next Week - OMG! Ubuntu! — GNOME 3.34 makes it MUCH easier to create app folders in the GNOME Shell ‘Application Overview’, i.e. the grid of app shortcuts you see when pressing the All Apps icon on the Ubuntu Dock.
GNOME 3.34's Mutter Lands A Last-Minute Performance Fix For NVIDIA — Canonical's Daniel van Vugt who is known for his many GNOME performance optimizations over the past two years has been toying with this NVIDIA fix/optimization the past few months and merged the code this morning to Mutter. This change that landed is the removal of GLX threaded swap wait handling for the NVIDIA binary driver.
Geometric Picking Finally Lands In GNOME/Mutter 3.34 For Lowering CPU Usage — This is about cursor movement and now avoiding OpenGL/GPU usage for the color picking operations. That logic is now being done on the CPU without OpenGL but turns out is more efficiently done this way and is able to cause a measurable drop in CPU usage when moving the mouse cursor and especially when moving around windows.
Geometric (OpenGL-less) picking · GNOME / mutter · GitLab) — By avoiding OpenGL and the graphics driver we also reduce CPU usage. Despite reimplementing the logic on the CPU, it still takes less CPU time than going through GL did.
GTK, Adwaita, and Vendor Styles - Platform - GNOME Discourse — After the BoF, we decided to continue the discussion and find actionable items to move things forward to improve Adwaita itself, the situation for app developers, and the experience for downstream vendors that wish to ship a distinct visual style. We decided that continuing here on Discourse is a good plan to keep the discussion persistent and centralized.
The Need for a FreeDesktop Dark Style Preference - GUADEC 2019 - Videos — Cassidy has been observing and researching dark styles in consumer software for several months, and conducted a user study with over 1,500 participants. In this talk he shares his research, observations, prior art, and requirements for a dark style preference on FreeDesktop platforms.
gamemode — GameMode is a daemon/lib combo for Linux that allows games to request a set of optimisations be temporarily applied to the host OS and/or a game process.
Free Courses at Linux Academy — September 2019 – Linux Academy — On September 17th Linux Torvald first released the Linux Operating System Kernel on September 17th, 1991 so we are celebrating by offering free training for you to increase your Linux Skills.
Texas Cyber Summit — October 10th-12th in San Antonio, Texas.
Unofficial Hacker Family Dinner & Unbirthday Party | Meetup — Join us for a meet and greet with fellow Texas Cyber Summit attendees and a belated celebration of Ell and Allie's Birthdays! There will be good food, good friends, and we hope some good conversation.
Level1Linux Channel
Chatting With Alex and Chris From The Self Hosted Podcast! - Level1Linux
cpufreq - GNOME Shell Extensions — This is a lightweight CPU frequency scaling monitor and powerful CPU management tool. The extension is using standard cpufreq kernel modules to collect information and manage governors. It needs root permission to able changing governors.
i7z — A better i7 (and now i3, i5) reporting tool for Linux.
CPUFREQ Extension
throttled — Workaround for Intel throttling issues in Linux.
Re: [X1C6/T480s] low cTDP and trip temperature in Linux - Page 9 - Lenovo Community — The good news: This problem is being very actively investigated and we (Lenovo) hope to have a solution soon.
Jupiter.Gallery — Our self-hosted photo gallery powered by Lychee. Send your photos to chz at jupiterbroadcasting.com.
Lychee — A great looking and easy-to-use photo-management-system you can run on your server, to manage and share photos.
Audio in Linux question — Is there something lacking in our ALSA/JACK/PuleAudio stack that I'm not aware of? We obviously can do pro audio production, given Ardour, REAPER and even Audacity. What's missing?
zFRAG by LostTrainDude — Defrag your mind by manually defragging a virtual Hard Disk, sector by sector, or enable the AUTODEFRAG to sit back and watch it do it on its own.
meshroom: 3D Reconstruction Software — Meshroom is a free, open-source 3D Reconstruction Software based on the AliceVision Photogrammetric Computer Vision framework.

Interactive Investigations | Coder Radio 373

2 september 2019 | min

We debate the best way to package scripting language apps then explore interactive development and the importance of a good shell.

Plus npm bans terminal ads, what comes after Rust, and why Mike hates macros.

Links:

Feedback: Getting started on .NET? — My question is what is the easiest route to get started in .net development? When I looked online there are several different languages that can be used from C# ,F#, ASP.NEt among others. In your personal experience what is the easiest way to get started on this path?
Feedback: Questioning Rust — [...] The primary issue here is that most of the work to prove that safety (beyond "trust me" blocks) is pushed onto the developer instead of having the compiler insert protections surmised from uses of the data structures outlined in the source code. After all, it can only prove what it is shown, not what it assumes.
Feedback on Mike and Macros — I'd also love to hear more about what you dislike about macros. Personally, I view Rust's macro system as one of its biggest selling points. I've written more than a few macros myself and, every time, they've simplified my code in ways I couldn't have managed without them. Perhaps more importantly, I've also noticed that many of my favorite crates make heavy use of macros—and doing so lets them expose a much more ergonomic API.
The Imposter's Handbook by Rob Conery — You've had to learn on the job. New languages, new frameworks, new ways of doing things - a constant struggle just to stay current in the industry. This left no time to learn the foundational concepts and skills that come with a degree in Computer Science.
npm Bans Terminal Ads — After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans to ban such behavior in the future.
Apple wants to remove scripting languages from macOS — Scripting language runtimes such as Python, Ruby, and Perl are included in macOS for compatibility with legacy software. In future versions of macOS, scripting language runtimes won’t be available by default, and may require you to install an additional package. If your software depends on scripting languages, it’s recommended that you bundle the runtime within the app
Building Standalone Python Applications with PyOxidizer — Python hasn't ever had a consistent story for how I give my code to someone else, especially if that someone else isn't a developer and just wants to use my application.
Traveling Ruby: self-contained, portable Ruby binaries — Traveling Ruby lets you create self-contained Ruby app packages for Windows, Linux and OS X.
ruby-packer — Packing your Ruby application into a single executable.
fogus: Notes on Interactive Computing Environments — Your programming environments should be an active partner in the act of creating systems.
Tim Ewald - Clojure: Programming with Hand Tools — For most of human history, furniture was built by hand using a small set of simple tools. This approach connects you in a profoundly direct way to the work, your effort to the result. This changed with the rise of machine tools, which made production more efficient but also altered what's made and how we think about making it in in a profound way. This talk explores the effects of automation on our work, which is as relevant to software as it is to furniture, especially now that once again, with Clojure, we are building things using a small set of simple tools.
Things You Didn't Know About GNU Readline — GNU Readline is an unassuming little software library that I relied on for years without realizing that it was there. Tens of thousands of people probably use it every day without thinking about it. If you use the Bash shell, every time you auto-complete a filename, or move the cursor around within a single line of input text, or search through the history of your previous commands, you are using GNU Readline.
bpython — A fancy curses interface to the Python interactive interpreter
pry — Pry is a runtime developer console and IRB alternative with powerful introspection capabilities. Pry aims to be more than an IRB replacement. It is an attempt to bring REPL driven programming to the Ruby language.
Ammonite — Ammonite lets you use the Scala language for scripting purposes: in the REPL, as scripts, as a library to use in existing projects, or as a standalone systems shell.
rebel-readline — A terminal readline library for Clojure Dialects
litecli — A command-line client for SQLite databases that has auto-completion and syntax highlighting.

Linux Action News 121

1 september 2019 | min

Microsoft continues to prove how much it loves Linux while Google tries to eat their lunch, mixed news from Mozilla, and good stuff from GNOME.

Plus Telegram's cryptocurrency is definitely happening. Honest.

Special Guest: Wes Payne.

Links:

exFAT in the Linux kernel? Yes! — It’s important to us that the Linux community can make use of exFAT included in the Linux kernel with confidence. To this end, we will be making Microsoft’s technical specification for exFAT publicly available to facilitate development of conformant, interoperable implementations. We also support the eventual inclusion of a Linux kernel with exFAT support in a future revision of the Open Invention Network’s Linux System Definition, where, once accepted, the code will benefit from the defensive patent commitments of OIN’s 3040+ members and licensees.
The Initial exFAT Driver Queued For Introduction With The Linux 5.4 Kernel — Greg lived up to his talk and today committed the exFAT driver to staging-next. This nearly eleven thousand lines of new code did get the sign-off of Microsoft and with it being in the "-next" branch will be set for inclusion into the Linux 5.4 mainline code-base once Linux 5.3 is released.
Chris Beard to step down as Mozilla CEO — This is a good place to recruit our next CEO and for me to take a meaningful break and recharge before considering what’s next for me. It may be a cliché — but I’ll embrace it — as I’m also looking forward to spending more time with my family after a particularly intense but gratifying tour of duty.
Thunderbird 68 released — Thunderbird version 68.0 is only offered as direct download from thunderbird.net and not as upgrade from Thunderbird version 60 or earlier. A future version 68.1 will provide updates from earlier versions. Note that add-ons are only supported if add-on authors have adapted them.
What’s New in Thunderbird 68 — Thunderbird 68 focuses on polish and setting the stage for future releases. There was a lot of work that we had to do below the surface that has made Thunderbird more future-proof and has made it a solid base to continue to build upon. But we also managed to create some great features you can touch today.
Chrome OS gets first Chromebook Enterprise devices, faster Admin Console, and managed Linux environments — Google today announced a slew of Chrome Enterprise updates, including a faster Google Admin console and managed Linux environments. The company also unveiled the first Chromebook Enterprise laptops: Dell’s Latitude 5300 for $819 and Latitude 5400 for $699.
GNOME Firmware Updater — A few months ago, Dell asked if I’d like to co-mentor an intern over the summer. The task was to create a GTK “power user” application for managing firmware. The idea being that someone like Dell support could ask the user to run a little application and then read back firmware versions or downgrade to an older firmware version rather than getting them to use the command line.
GNOME Foundation launches Coding Education Challenge — The GNOME Foundation, with support from Endless, has announced the Coding Education Challenge, a competition aimed to attract projects that offer educators and students new and innovative ideas to teach coding with free and open source software. The $500,000 in funding will support the prizes, which will be awarded to the teams who advance through the three stages of the competition.
Telegram will launch its Gram cryptocurrency by October 31 or bust — Telegram’s cryptocurrency— the Gram — may be going public after all. The encrypted messaging app company plans to deliver “the first batches” of the coin in the next two months, according to a report at The New York Times.

Bunk Beds | Jupiter Extras 9

30 augusti 2019 | min

Stealing the Top Bunk | User Error 73

29 augusti 2019 | min

The Story Behind Self Hosted | Jupiter Extras 8

29 augusti 2019 | min

In-Kernel TLS | BSD Now 313

28 augusti 2019 | min

OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.

Headlines

OpenBSD on the Thinkpad X1 Carbon 7th Gen

Another year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.
The seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.
Gone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.
On my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, "X1 Carbon" branding from the bottom of the display, the power button LED, and the "ThinkPad" branding from the lower part of the keyboard deck.

See link for the rest of the article

How To Install FreeBSD On A MacBook 1,1 or 2,1

FreeBSD Setup For MacBook 1,1 and 2,1

FreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.

Installing

FreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:

A Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.
A blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.
An ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.
Burn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.
- See link for the rest of the guide

News Roundup

Patch for review: Kernel portion of in-kernel TLS (KTLS)

One of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections. There is a lot more detail in the review itself, so I will spare pasting a big wall of text here. However, I have posted the patch to add the kernel-side of KTLS for review at the URL below. KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits. Patches and reviews for the other bits will follow later.

https://reviews.freebsd.org/D21277

DragonFly Boot Enviroments

This is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.

See link for the rest of the details

Project Trident Updates

19.08 Available

This is a general package update to the CURRENT release repository based upon TrueOS 19.08.
Legacy boot ISO functional again
This update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.

PACKAGE CHANGES FROM 19.07-U1
- New Packages: 154
- Deleted Packages: 394
- Updated Packages: 4926
12-U3 Available

This is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.

PACKAGE CHANGES FROM STABLE 12-U2
- New Packages: 105
- Deleted Packages: 386
- Updated Packages: 1046

vBSDcon

vBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019. ***

Beastie Bits

The next NYCBUG meeting will be Sept 4 @ 18:45

Feedback/Questions

Tom - Questions
Michael - dfbeadm
Bostjan - Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Self Hosted Secrets | LINUX Unplugged 316

27 augusti 2019 | min

Meet Alex from Self Hosted | Jupiter Extras 7

27 augusti 2019 | min

Self Hosted Coming Soon | Self Hosted 0

27 augusti 2019 | min

Crystal Clear | Coder Radio 372

26 augusti 2019 | min

We're back and going crazy about Crystal, a statically typed language that's as fast as C and as slick as ruby.

Plus an update on Rails 6, Intel's growing adoption of Rust, and the challenge of making breaking changes.

Links:

Feedback: Academia and Industry — Do either of you have any insights as to how the software development community would view someone with a math PhD, but no industry coding experience as a job applicant? Any advice would be appreciated.
Feedback: Absurd Abstractions — FYI about wanting interface in Python: they are called abstract base classes. Check out the standard library module, abc for that and collections.abc some useful predefined container interfaces.
Feedback: Breaking Changes — I developed a niche Python package that has some user following in the network security realm. I’m at a crossroads though as a change I want to make will subtly break scripts that worked in previous/current versions. The end result of my pending change is good for the project but I fear I’ll ruin the workflow of my users. Other than my github page I don’t know how to query/inform my users of this pending change. What should I do?
Ruby on Rails 6.0 Release Notes — Make Webpacker the default JavaScript compiler for Rails 6
Intel and Rust: the Future of Systems Programming: Josh Triplett — Hear about how Intel is working to bring Rust to full parity with C, building the future of systems programming.
Altruism Still Fuels the Web. Businesses Love to Exploit It | WIRED — The original well-meaning, geeky architects of the web believed that there was an abundance of altruism in human nature—and they were more correct on this count, it turns out, than many esteemed social philosophers were. But they were too optimistic in overlooking the possibility that corporations would exploit and colonize this new realm. If only we had all seen it coming.
The Crystal Programming Language — Crystal is statically type checked, so any type errors will be caught early by the compiler rather than fail on runtime. Moreover, and to keep the language clean, Crystal has built-in type inference, so most type annotations are unneeded.

Linux Action News 120

25 augusti 2019 | min

More tools to keep your Linux box and cloud servers secure this week, OpenPOWER responds to Risc-V competition, and we ponder the year-long open-source supply chain attacks.

Plus our reaction to Android dropping dessert names, the Confidential Computing consortium, and more.

Links:

Today, 28 years ago Linus Torvalds announced Linux on comp.os.minix. — I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones.
System76 announce new firmware updater — We’ve been working on the Firmware Manager project, which we will be shipping to all Pop!_OS users, and System76 hardware customers on other Debian-based distributions. It supports checking and updating firmware from LVFS and system76-firmware services, is Wayland-compatible, and provides both a GTK application and library.
The Next Step in the OpenPOWER Foundation Journey — The OpenPOWER Foundation will now join projects and organizations like OpenBMC, CHIPS Alliance, OpenHPC and so many others within the Linux Foundation.
IBM is moving OpenPower Foundation to The Linux Foundation
Confidential Computing Consortium — Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network)but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data.
Confidential Computing Consortium Takes Shape
The year-long rash of supply chain attacks against open source is getting worse — Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.
Android to drop dessert names — So, this next release of Android will simply use the version number and be called Android 10. We think this change helps make release names simpler and more intuitive for our global community. And while there were many tempting “Q” desserts out there, we think that at version 10 and 2.5 billion active devices, it was time to make this change.

A Chat with Chz Bacon | Jupiter Extras 6

23 augusti 2019 | min

Epyc Encryption | TechSNAP 410

22 augusti 2019 | min

It's CPU release season and we get excited about AMD's new line of server chips. Plus our take on AMD's approach to memory encryption, and our struggle to make sense of Intel's Comet Lake line.

Also, a few Windows worms you should know about, the end of the road for EV certs, and an embarrassing new Bluetooth attack.

Links:

A detailed look at AMD’s new Epyc “Rome” 7nm server CPUs | Ars Technica — The short version of the story is, Epyc "Rome" is to the server what Ryzen 3000 was to the desktop—bringing significantly improved IPC, more cores, and better thermal efficiency than either its current-generation Intel equivalents or its first-generation Epyc predecessors.
AMD Rome Second Generation EPYC Review: 2x 64-core Benchmarked — Ever since the Opteron days, AMD's market share has been rounded to zero percent, and with its first generation of EPYC processors using its new Zen microarchitecture, that number skipped up a small handful of points, but everyone has been waiting with bated breath for the second swing at the ball. AMD's Rome platform solves the concerns that first gen Naples had, plus this CPU family is designed to do many things: a new CPU microarchitecture on 7nm, offer up to 64 cores, offer 128 lanes of PCIe 4.0, offer 8 memory channels, and offer a unified memory architecture based on chiplets.
AMD EPYC Rome Still Conquering Cascadelake Even Without Mitigations - Phoronix — Out of curiosity, I've run some unmitigated benchmarks for the various relevant CPU speculative execution vulnerabilities on both the Intel Xeon Platinum 8280 Cascadelake and AMD EPYC 7742 Rome processors for seeing how the performance differs.
Intel’s line of notebook CPUs gets more confusing with 14nm Comet Lake | Ars Technica — Going by Intel's numbers, Comet Lake looks like a competent upgrade to its predecessor Whiskey Lake. The interesting question—and one largely left unanswered by Intel—is why the company has decided to launch a new line of 14nm notebook CPUs less than a month after launching Ice Lake, its first 10nm notebook CPUs.
A look at the Windows 10 exploit Google Zero disclosed this week | Ars Technica — On Tuesday, Tavis Ormandy of Google's Project Zero released an exploit kit called ctftool, which uses and abuses Microsoft's Text Services Framework in ways that can effectively get anyone root—er, system that is—on any unpatched Windows 10 system they're able to log in to
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) – Microsoft Security Response Center — Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.
KNOB Attack — TL;DR: The specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real time.
Troy Hunt: Extended Validation Certificates are (Really, Really) Dead — With both browsers auto-updating for most people, we're about 10 weeks out from no more EV and the vast majority of web users no longer seeing something they didn't even know was there to begin with! Oh sure, you can still drill down into the certificate and see the entity name, but who's really going to do that? You and I, perhaps, but we're not exactly in the meat of the browser demographics.
Google wants to reduce lifespan for HTTPS certificates to one year | ZDNet — Scott Helme argues that the security benefits of shorter SSL certificate lifespans have nothing to do with phishing or malware sites, but instead with the SSL certificate revocation process. Helme claims that this process is broken and that bad SSL certificates continue to live on for years after being mississued and revoked.

The Enthusiast Trap - Office Hours with Chris | Jupiter Extras 5

22 augusti 2019 | min

PCLinuxOS + Hugo | Choose Linux 16

21 augusti 2019 | min

Why Package Managers | BSD Now 312

21 augusti 2019 | min

Headlines

The UNIX Philosophy in 2019

Today, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:

We write programs that do one thing and do it well
We write programs to work together
And we write programs that handle text streams, because that is a universal interface

Why Use Package Managers?

Valuable research is often hindered or outright prevented by the inability to install software. This need not be the case.

Since I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application. In most cases, they ultimately failed.

In many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.

Developer websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software. The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens. Many researchers are simply unaware that there are easier ways to install the software they need. Caveman installs are a colossal waste of man-hours. If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science. How many important discoveries are delayed by this?

The elite research institutions have ample funding and dozens of IT staff dedicated to research computing. They can churn out publications even if their operation is inefficient. Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs. The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone. If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.

Fortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves. Modern package managers perform all the same steps as a caveman install, but automatically. Package managers also install dependencies for us automatically.

News Roundup

Touchpad, Interrupted

For two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.

It's been a long journey and it's a technical tale, but here it is.

Porting wine to amd64 on NetBSD, second evaluation report

Summary

Presently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.

Enhancing Syzkaller Support for NetBSD, Part 2

As a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.

You can also take a look at the first report to learn more about the initial support that we added. : https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd

July Update: All about the Pinebook Pro

"So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available."

Killing a process and all of its descendants

Killing processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:

Unix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.

Sending signals to all processes in a session is not trivial with syscalls.

Child processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.

The answer to the “What happens with orphaned process groups” question is not trivial.

Fast Software, the Best Software

I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.

Software that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.

But why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.

A typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)

Beastie Bits

Feedback/Questions

Paulo - FreeNAS Question
Marc - Changing VT without function keys?
Caleb - Patch, update, and upgrade management

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Dell's New Ubuntu Hardware for Late 2019 | Jupiter Extras 4

21 augusti 2019 | min

Wayland Buddies | LINUX Unplugged 315

20 augusti 2019 | min

We spend our weekend with Wayland, discover new apps to try, tricks to share, and dig into the state of the project.

Plus System76's new software release, and Fedora's big decision.

Special Guests: Brent Gervais and Drew DeVore.

Links:

System76 Blog — The New Firmware Manager — we’re excited to announce that you can now check and update firmware through Settings on Pop!_OS, and through the firmware manager GTK application on System76 hardware running other Debian-based distributions.
pop-os/firmware-manager — Generic framework and GTK UI for firmware updates from system76-firmware and fwupd, written in Rust.
Richard Brown on Twitter — Today I’m stepping down as openSUSE Chairman, leaving the Project in the fine hands of the openSUSE board and it’s new Chair, @GeraldPfeifer.
Approved: Fedora 31 To Drop i686 Everything/Modular Repositories - Phoronix — The FESCo group gave their formal approval today for permitting these i686 repositories to be removed beginning with Fedora 31
Jupiter Extras: Chris and Wes React to LINUX Unplugged — Nothing is worse than your past self. So we play old clips of LINUX Unplugged and react.
Scan for network vulnerabilities w/ Nmap - Linux Academy YouTube — With data breaches becoming so common, it's vital to be proactive in finding and patching severe vulnerabilities on our system. One of the free/open-source ways you can scan for these vulnerabilities is by using Nmap.
How to copy directories with SCP recursively tutorial - Linux AcademyYouTube — When working with servers you will often find yourself in a situation where you need to copy files from one machine to another. You can package them into a tarball and then copy a tarball over to a remote machine and then unpack it there. This is not a bad option but you can also use SCP to copy the files as they are and preserve the directory structure, without the need for packaging.
Linux Archives – Linux Academy
What’s Taking Wayland So Long? » Linux Magazine — Over the years, the project’s goals have evolved, but more or less remained: the development of a simpler, more efficient, and more secure display server.
pp3345/gnome-with-patches Copr — This repo contains gnome-shell and mutter builds based on the official Fedora ones with some additional patches (mainly to improve performance).
rafaelmardojai/firefox-gnome-theme — A GNOME👣 theme for Firefox🔥
Tilix: A tiling terminal emulator — Tilix is an advanced GTK3 tiling terminal emulator that follows the Gnome Human Interface Guidelines.
GNOME 3.34 Works Out Refined XWayland Support For X11 Apps Run Under Sudo - Phoronix — This allows the X11 clients to now work from a different VT without any extra environment variables set besides the DISPLAY. In other words, the same user on the same system can now more easily run clients with XWayland thanks to this commit coming late in the 3.34 cycle.
The MATE Desktop Is Becoming Quite Usable On Wayland Via Mir - Phoronix — The MATE desktop is seeing Wayland support thanks to Mir doing the heavy lifting. This is also becoming one of the leading examples of Mir's use-case following Canonical engineers re-tooling their display server with Wayland support after pulling back from their original design goals around Ubuntu Touch and mobile/convergence.
Plasma/Wayland Showstoppers - KDE Community Wiki — This page tracks the Wayland showstoppers through out the stack .
Wayland misconceptions debunked | Drew DeVault’s Blog — This article has been on my backburner for a while, but it seems Wayland FUD is making the news again recently, so I’ve bumped up the priority a bit. For those new to my blog, I am the maintainer of wlroots, a library which implements much of the functionality required of a Wayland compositor and is arguably the single most influential project in Wayland right now; and sway, a popular Wayland compositor which is nearing version 1.0.
Flameshot — Powerful yet simple to use screenshot software.
Auto Move Windows - GNOME Shell Extensions — Move applications to specific workspaces when they create windows.
Ed Therriault on Twitter — @ChrisLAS I’ve been out of the loop for a bit as I’ve been focusing on work and family but I need to know what’s a good incremental backup solution that will use very little storage. I’ll be uploading them to google drive. Ubuntu server 19. Thank you for your time.
seemoo-lab/opendrop — An open Apple AirDrop implementation written in Python
anirudhajith/process-wallpaper — Shell and python scripts that set the desktop wallpaper to a word cloud of the most resource-hungry processes.
Huge Survey of Firmware Finds No Security Gains in 15 Years – The Security Ledger — A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.

Chris and Wes React to LINUX Unplugged | Jupiter Extras 3

20 augusti 2019 | min

Absurd Abstractions | Coder Radio 371

19 augusti 2019 | min

It’s a Coder Radio special all about abstraction. What it is, why we need it, and what to do when it leaks.

Plus your feedback, Mike’s next language challenge, and a functional ruby pick.

Links:

Feedback: Clojure, Racket, and Extempore — Thinking about the problem could take the form of leveraging the REPL to work out code to solve a problem or you could spend some time away from your computer screen (or in “Hammock Time”) working out problems. If I have learned anything from Clojure’s creator, “Rich Hickey” its “Programming is not about not about typing, it’s about thinking”.
Knuth's Sensitivity Conjecture One-Pager
Law Of Leaky Abstractions — All non-trivial abstractions, to some degree, are leaky.
The Law of Leaky Abstractions – Joel on Software — This is what I call a leaky abstraction. TCP attempts to provide a complete abstraction of an underlying unreliable network, but sometimes, the network leaks through the abstraction and you feel the things that the abstraction can’t quite protect you from.
Forget about Leaky Abstractions — Even if an abstraction is leaky it can still be useful. Sometimes you cannot escape it (uniform memory) and sometimes the workaround is costly to implement (TCP, SQL). So you accept the technical debt for now. Hope the debt does not kill the project. Maybe there will come a time where it is worthwhile to pay off the debt.
All Abstractions Are Failed Abstractions — It's our job as modern programmers not to abandon abstractions due to these deficiencies, but to embrace the useful elements of them, to adapt the working parts and construct ever so slightly less leaky and broken abstractions over time.
Appropriate Levels of Abstraction — Instead of aspiring to higher levels of abstraction, we should instead seek to work at the appropriate level of abstraction for the problem at hand. The appropriate level is sometimes very high and sometimes very low. It varies for different situations even in the same software project. Just as other engineering disciplines require different tools for different situations, software development also requires tools and languages that support our work at multiple levels of abstraction.
Choosing The Proper Level of Abstraction — In software development, choosing the right abstraction can be tricky. If you make it too simple, it won’t let you create a model to satisfy even the immediate requirements. If you make it restricted to the urgent needs, you might have to change it almost immediately to implement the next iteration of the model. However, if you make your abstraction too generic and all-encompassing, modeling solutions might get so complicated that you’ll go out of business before you are finished.
The Crystal Programming Language — Crystal is statically type checked, so any type errors will be caught early by the compiler rather than fail on runtime. Moreover, and to keep the language clean, Crystal has built-in type inference, so most type annotations are unneeded.
affect: Algebraic effects for Ruby — Affect is a tiny Ruby gem providing a way to isolate and handle side-effects in functional programs. Affect implements algebraic effects in Ruby, but can also be used to implement patterns that are orthogonal to object-oriented programming, such as inversion of control and dependency injection.
Algebraic Effects for the Rest of Us — Imagine that you’re writing code with goto, and somebody shows you if and for statements. Or maybe you’re deep in the callback hell, and somebody shows you async / await. Pretty cool, huh? If you’re the kind of person who likes to learn about programming ideas several years before they hit the mainstream, it might be a good time to get curious about algebraic effects. Don’t feel like you have to though. It is a bit like thinking about async / await in 1999.
MinIO — The 100% Open Source, Enterprise-Grade, Amazon S3 Compatible Object Storage

Forever Friday | The Friday Stream 13

19 augusti 2019 | min

Linux Action News 119

16 augusti 2019 | min

Ell's Trip to Hacker Summer Camp | Jupiter Extras 2

16 augusti 2019 | min

Sliding Politics | User Error 72

15 augusti 2019 | min

Conference Gear Breakdown | BSD Now 311

15 augusti 2019 | min

NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.

Headlines

NetBSD 9.0 release process has started

If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:

New AArch64 architecture support:

Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)

Support for running 32-bit binaries

UEFI and ACPI support

Support for SBSA/SBBR (server-class) hardware.

The FDT-ization of many ARM boards:

the 32-bit GENERIC kernel lists 129 different DTS configurations

the 64-bit GENERIC64 kernel lists 74 different DTS configurations

All supported by a single kernel, without requiring per-board configuration.

Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.

ZFS has been updated to a modern version and seen many bugfixes.

New hardware-accelerated virtualization via NVMM.

NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.

NVMe performance improvements

Optional kernel ASLR support, and partial kernel ASLR for the default configuration.

Kernel sanitizers:

KLEAK, detecting memory leaks

KASAN, detecting memory overruns

KUBSAN, detecting undefined behaviour

These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.

The removal of outdated networking components such as ISDN and all of its drivers

The installer is now capable of performing GPT UEFI installations.

Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.

Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.

We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.

Binaries are available at https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/

xargs wtf

xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.
I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.
xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.
It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:
This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.

News Roundup

PkgSrc: A Tale of Two Spellcheckers

This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.
The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.

Adapting TriforceAFL for NetBSD, Part 2

I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.
For work done during the first coding period, check out this post.

Summary > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation. > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!

Exploiting a no-name freebsd kernel vulnerability

A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions. > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.

[Allan and Benedicts Conference Gear Breakdown]

Benedict’s Gear:

GlocalMe G3 Mobile Travel HotSpot and Powerbank
Mogics Power Bagel
Charby Sense Power Cable
Allan’s Gear:

Huawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro
AOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries
All my devices charge from USB-C, so that is great
More USB thumb drives than strictly necessary
My Lenovo X270 laptop running FreeBSD 13-current
My 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work

Beastie Bits

Feedback/Questions

JT - Congrats

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Bigger. Faster. Harder to Maintain. | LINUX Unplugged 314

13 augusti 2019 | min

It's huge, and it's getting bigger every month. How do you test the Linux Kernel? Major Hayden from Red Hat joins us to discuss their efforts to automate Kernel bug hunting.

Plus our honest conversation about which Linux works best for us.

Special Guests: Alan Pope, Alex Kretzschmar, Brent Gervais, Drew DeVore, Ell Marquez, Major Hayden, and Neal Gompa.

Links:

Unpatched KDE vulnerability disclosed on Twitter — When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction.
KDE rips out ability for KConfig to run shell code — KDE responded on Wednesday by removing the feature to have shell commands as values in the KConfig files, which was described as an intentional feature that allowed for flexibility.
First modern coreboot server platform — This platform is the first modern upstream coreboot server platform on the market with an Intel Xeon E3-1200 v6 processor also known as Kabylake-DT.
Open-source firmware is the future - Blog | Mullvad VPN — This is the first time a modern off-the-shelf server platform gains coreboot support, and it is an integral part of realizing our vision of transparent and independently auditable VPN servers.
Adder WS - System76
System76 Preparing To Roll Out Their First Coreboot-Enabled Laptop - Phoronix — Ahead of this year's Open-Source Firmware Conference (OSFC) being held from 3 to 6 September at the Google and Facebook offices in Mountain View, System76 announced the Darter Pro OSFC Edition that ships with Coreboot.
System76 Granted A Thunderbolt License To Integrate Into Their Open Firmware - Phoronix — System76 has been granted a Thunderbolt license, meaning that we can now integrate Thunderbolt compatibility into our open firmware.
Jupiter Extras — New ideas, great interviews, events, and other content you will love. We bring you the Extras.
Free Courses at Linux Academy — August 2019 – Linux Academy
major.io — words of wisdom from a systems engineer
Continuous integration testing for the Linux kernel | Opensource.com — The call for continuous integration (CI) grows for more and more projects, the Continuous Kernel Integration (CKI) team forges ahead with a single mission: prevent bugs from being merged into the kernel.
Major's Continuous Kernel Integration Talk at Texas Linuxfe 2019
CKI Project — Continuous Kernel Integration
Continuous Kernel Integration project on GitHub
CKI hackfest agenda for Plumbers
0-Day Continuous Integration (CI) Test Service from Intel — With so much code contributed to each release, it’s impossible to avoid potential regressions. To eliminate them, you must first find the bugs that cause them, which can be like finding a needle in the proverbial haystack. This is what makes the 0-Day Continuous Integration (CI) Test Service so important. 0-Day delivers comprehensive, automated and continuous integration testing that monitors the Linux mainline and 800+ developer trees for regressions, helping find bugs before they reach the Linux kernel so problems can be fixed before they impact users. Simply put, 0-Day helps ensure Linux kernel quality in a highly complex development environment.
Snowpatch: continuous-integration testing for the kernel — The Linux kernel project lags many others in its use of CI testing for a number of reasons, including a fundamental mismatch with how kernel developers tend to manage their workflows. At linux.conf.au 2019, Russell Currey described a CI system called Snowpatch that, he hopes, will bridge the gap and bring better testing to the kernel development process.
Kernel CI Dashboard — FAQ
Linux Test Project — Linux Test Project is a joint project started by SGI, OSDL and Bull developed and maintained by IBM, Cisco, Fujitsu, SUSE, Red Hat, Oracle and others. The project goal is to deliver tests to the open source community that validate the reliability, robustness, and stability of Linux.
patchwork — Patchwork is a web-based patch tracking system designed to facilitate the contribution and management of contributions to an open-source project.
Kernel Patch-Evaluated Testing — KPET is a framework which will execute targeted testing based on changes introduced in the patch, e.g. a network driver or similar would trigger network related testing to be invoked, or a filesystem change would invoke filesystem testing.
Beaker lab automation project — Beaker is open-source software for managing and automating labs of test computers.
google/syzkaller — syzkaller is an unsupervised, coverage-guided kernel fuzzer
openQA | Introduction to the heart of openSUSE's automated testing — OpenSUSE is way too versatile for humans to test even the most common configurations. Therefore openQA was introduced and became an indispensable part of the openSUSE development and release processes. openQA is an automated test tool for operating systems. It allows to test the whole installation process of an operating system in a wide range of software and hardware configurations by leveraging qemu. This talk gives an introduction to openQA and explains how openQA works to help understand what it's output means.
OpenQA - Fedora Project Wiki — Fedora uses the openQA automated testing system as a significant part of the release validation testing process, and for testing updates. On this page you can find more information about openQA, how Fedora uses it, and how to install your own instance of openQA so you can try it out and contribute to test development.
AppImage by probonopd · Pull Request #72 · JupiterBroadcasting/CasterSoundboard — This PR, when merged, will compile this application on Travis CI upon each git push, and upload an AppImage to your GitHub Releases page.
TeleCast with popey — An experiment in lean audio delivery via Telegram. TeleCast with popey is an informal short-form audio podcast-like show
LINUX Unplugged 202: Halls of Endless Linux — Michael Hall from Endless joins us to discuss his new role, Endless’ involvement with Gnome & the unique approach they are taking with EndlessOS.
End of life - Fedora Project Wiki — Fedora Project maintains each release of Fedora according to the Fedora Release Life Cycle. The following releases have reached End of Life, and are no longer maintained and do not receive any updates.
quicktile — Adds window-tiling keybindings to any X11-based desktop.

F'ing # | Coder Radio 370

12 augusti 2019 | min

Things get heated when it’s time for Wes to check-in on Mike’s functional favorite, F#, and share his journey exploring modern .NET on Linux.

Plus your feedback, combining ruby and rust, and the latest scandal with JEDI.

Links:

Emacs Feedback from DJ — Another point for the show is a soft intro to functional programming. Wes mentioned Emacs because of the packages supporting Clojure development when he started with that. Elisp seems to be fairly intuitive and well documented, as a little functional language its own right (correct me if I'm wrong)--this makes for a soft intro to FP. Most of my coding has been in the space of embedded systems and low-level languages--not much functional programming to be had. This show has gotten me curious about FP, which is quite old in concept, and getting implemented nicely in modern languages. For me, I still rely heavily on special Vim keys that are not mapped in evil-mode, which causes some paper cuts. However, elisp makes it easy to customize the desired UI functionality with very short programs/elisp statements in a config file. It's quite a refreshing exercise for someone like me.
artichoke/artichoke: Artichoke is a Ruby made with Rust — Artichoke is a platform for building MRI-compatible Ruby implementations. Artichoke provides a Ruby runtime implemented in Rust that can be loaded into many VM backends.
AP Sources: Boeing changing Max software to use 2 computers — Boeing is working on new software for the 737 Max that will use a second flight control computer to make the system more reliable, solving a problem that surfaced in June with the grounded jet, two people briefed on the matter said Friday.
In Pentagon Contract Fight, Amazon Has Foes in High Places - The New York Times — Experts thought the contract for the Joint Enterprise Defense Infrastructure, known by the cinematic acronym JEDI, would go to Amazon Web Services, the dominant player in the field of cloud computing. They did not count on two developments: an extraordinarily aggressive public relations and lobbying campaign by Oracle, one of Amazon’s competitors, and the hostility of Mr. Trump to Amazon and its founder, Jeff Bezos.
The Early History of F# (pdf)
Use F# on Linux | The F# Software Foundation
Ionide - Crossplatform F# Editor Tools — A Visual Studio Code package suite for cross platform F# development.
The Problem With F# Evangelism — There seems to be a constant struggle to convince seasoned C# developers to give F# a try. Which is a pity because language and concepts deserve better.
TopShell — Purely functional, reactive scripting language.

Linux Action News 118

9 augusti 2019 | min

Privacy Perspectives | TechSNAP 409

8 augusti 2019 | min

OBS Studio + Endless OS | Choose Linux 15

7 augusti 2019 | min

Thomas Cameron Texas LinuxFest Keynote | Jupiter Extras 1

7 augusti 2019 | min

My New Free NAS | BSD Now 310

7 augusti 2019 | min

OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more.

Headlines

OPNsense 19.7.1

We do not wish to keep you from enjoying your summer time, but this
is a recommended security update enriched with reliability fixes for the
new 19.7 series. Of special note are performance improvements as well
as a fix for a longstanding NAT before IPsec limitation.

Full patch notes:

system: do not create automatic copies of existing gateways
system: do not translate empty tunables descriptions
system: remove unwanted form action tags
system: do not include Syslog-ng in rc.freebsd handler
system: fix manual system log stop/start/restart
system: scoped IPv6 "%" could confuse mwexecf(), use plain mwexec() instead
system: allow curl-based downloads to use both trusted and local authorities
system: fix group privilege print and correctly redirect after edit
system: use cached address list in referrer check
system: fix Syslog-ng search stats
firewall: HTML-escape dynamic entries to display aliases
firewall: display correct IP version in automatic rules
firewall: fix a warning while reading empty outbound rules configuration
firewall: skip illegal log lines in live log
interfaces: performance improvements for configurations with hundreds of interfaces
reporting: performance improvements for Python 3 NetFlow aggregator rewrite
dhcp: move advanced router advertisement options to correct config section
ipsec: replace global array access with function to ensure side-effect free boot
ipsec: change DPD action on start to "dpdaction = restart"
ipsec: remove already default "dpdaction = none" if not set
ipsec: use interface IP address in local ID when doing NAT before IPsec
web proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen
plugins: os-acme-client 1.24[1]
plugins: os-bind 1.6[2]
plugins: os-dnscrypt-proxy 1.5[3]
plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]
plugins: os-google-cloud-sdk 1.0[5]
ports: curl 7.65.3[6]
ports: monit 5.26.0[7]
ports: openssh 8.0p1[8]
ports: php 7.2.20[9]
ports: python 3.7.4[10]
ports: sqlite 3.29.0[11]
ports: squid 4.8[12]

Stay safe and hydrated, Your OPNsense team

ZFS on Linux still has annoying issues with ARC size

One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.

Linux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)

This is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).

The net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).

News Roundup

Hammer2 is now default

commit a49112761c919d42d405ec10252eb0553662c824
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Mon Jun 10 17:53:46 2019 -0700

    installer - Default to HAMMER2

    * Change the installer default from HAMMER1 to HAMMER2.

    * Adjust the nrelease build to print the location of the image files
      when it finishes.

Summary of changes:
 nrelease/Makefile                          |  2 +-
 usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------
 2 files changed, 11 insertions(+), 11 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824

NetBSD audio – an application perspective

NetBSD audio – an application perspective ... or, "doing it natively, because we can"

audio options for NetBSD in pkgsrc
- Use NetBSD native audio (sun audio/audioio.h)
- Or OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff
Many many abstraction layers available:
- OpenAL-Soft
- alsa-lib (config file required)
- libao, GStreamer (plugins!)
- PortAudio, SDL
- PulseAudio, JACK
- ... lots more!? some obsolete stuff (esd, nas?)
Advantages of using NetBSD audio directly
- Low latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)
- Query device information: Is /dev/audio1 a USB microphone or another sound card?
- Avoid bugs from excessive layering
- Nice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]
- Your code might work on illumos too
[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]

New FreeNAS Mini

Two new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:

FreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.

FreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.

Beastie Bits

Feedback/Questions

Jeff - OpenZFS Port Testing Feedback
Malcolm - Best Practices for Custom Ports
Michael - Little Correction

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

I Spy With My Little Pi | LINUX Unplugged 313

6 augusti 2019 | min

Old Man Embraces Cloud | Coder Radio 369

5 augusti 2019 | min

Chris finally gets excited about Docker just as Wes tells him it’s time to learn something new.

Plus the state of browser extension development, the value of non-technical advice, and your feedback.

Links:

Feedback: good mic for voice recording? — I'm looking for a good mic for voice recording since I will be a guest on a podcast soon. Since you sound good in your shows, can you share what mics you are using?
Amazon.com: Audio-Technica ATR2500-USB Cardioid Condenser USB Microphone: Musical Instruments — Side-address condenser microphone with USB output for easy connection to your computer.
Google and Mozilla are failing to support browser extension developers · Armin Sebastian — We are witnessing the failure of browser vendors to recognize the value of our labor and the important role it plays in a healthy browser ecosystem.
Half of all Google Chrome extensions have fewer than 16 installs — All in all, about 50% of all Chrome extensions have fewer than 16 installs, meaning that half of the Chrome extension ecosystem is actually more of a ghost town, according to a recent scan of the entire Chrome Web Store conducted by Extension Monitor.
All the best engineering advice I stole from non-technical people — As I focus on becoming a better manager of engineers, I have been reflecting more and more on the advice that produced a 10X boost in my abilities at that same stage. More often than not the best advice, the things that stuck with me, came from people who had no background at all in software.
Overview of Docker Compose | Docker Documentation — Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
Podman — What is Podman? Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode. Simply put: alias docker=podman.

Storage Heartbreak | The Friday Stream 12

5 augusti 2019 | min

We share stories from a time when computer storage was very precious, and the types of storage were still battling it out for the standard.

Plus our proposals to do away with time zones, and a special guest helps give away some games.

Special Guests: Brent Gervais and Jackie DeVore.

Links:

The radical plan to destroy time zones - The Washington Post — The plan was strikingly simple. Rather than try to regulate a variety of time zones all around the world, we should instead opt for something far easier: Let's destroy all these time zones and instead stick with one big "Universal Time."
How India's single time zone is hurting its people - BBC News — The sun rises nearly two hours earlier in the east of India than in the far west. Critics of the single time zone have argued that India should move to two different standard times to make the best use of daylight in eastern India, where the sun rises and sets much earlier than the west. People in the east need to start using their lights earlier in the day and hence use more electricity.
Sirens of Scream Podcast — Three lady geeks explore the dark side of comics, games, film and tv. The spooky and sinister, the gory and gross; nothing is off limits.
SirensPodcast on Twitter
Time Capsule For The Year 2957 Discovered at MIT — As we’ve seen time and again, most time capsules are incredibly boring. But MIT recently discovered a time capsule filled with some amazing materials from 1957 inside. It’s not supposed to be opened until the year 2957, and thankfully MIT is honoring that wish.
A Moment in Time: Time capsule found during construction at MIT — Back in the early stages of construction for MIT.nano, members of the crew stumbled upon something that clearly didn't belong: A time capsule buried in 1957 as part of the dedication to the Compton Laboratories.
Relic from last century | MIT News — During excavation for MIT.nano, the Department of Facilities unearthed an unexpected relic between buildings 12 and 26: a time capsule buried on June 5, 1957, to commemorate the opening of the Karl Taylor Compton Laboratories.
A partially disassembled IBM 350 (RAMAC)
Iomega Jaz (1996 – 2002) | Museum of Obsolete Media — Introduced by Iomega in 1996, the Jaz disk was a removable hard-disk storage system, that initially had a capacity of 1 GB (a 2 GB version was released in 1998).
Jaz drive - Wikipedia — Following the success of the Iomega Zip drive, which stored data on removable magnetic cartridges with 100MB nominal capacity, the company developed and released the Jaz drive. Initially the drive featured 1GB capacity per removable disk; this was increased to 2GB in 1998.
MiniDisc - Wikipedia — MiniDisc (MD) is a magneto-optical disc-based data storage format offering a capacity of 60, 74 minutes and, later, 80 minutes, of digitized audio or 1 gigabyte of Hi-MD data. Sony brand audio players were on the market in September 1992.
PocketZip - Wikipedia — It was known as the "Clik!" drive until the click of death class action lawsuit regarding mass failures of Iomega's Zip drives. Thenceforth, it was renamed to PocketZip.
Music | AKAW! — Intro: Bird Brain Outro: El Guapo

Linux Action News 117

4 augusti 2019 | min

Duvets Are Not Tech | User Error 71

1 augusti 2019 | min

Get Your Telnet Fix | BSD Now 309

31 juli 2019 | min

DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.

Headlines

DragonFlyBSD Project Update - colo upgrade, future trends

For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.

The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.

Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.

Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get.

The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.

Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.

Resuming ZFS send

One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?

For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.

In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.

News Roundup

Realtime bandwidth terminal graph visualization

If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.

The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.

fixing telnet fixes

There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.

The first line is indented with spaces while the others use tabs.

The correct type for string length is size_t not unsigned int.

sizeof(char) is always one. There’s no need to multiply by it.

If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)

Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.

Return value of malloc is not checked for NULL.

No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?

The whole operation could be simplified by using asprintf.

Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.

A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln

Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I got an interesting but unexpected responsive record:

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

What Modern Linux Looks Like | LINUX Unplugged 312

30 juli 2019 | min

Manjaro takes significant steps to stand out, and the shared problem major distributions are trying to solve, and why it will shape the future of Linux.

Plus macOS apps on Linux, and our first impressions of the Raspberry Pi 4.

Special Guests: Alex Kretzschmar, Drew DeVore, Martin Wimpress, Neal Gompa, and Philip Muller.

Links:

ThinkTiny — The ThinkTiny is a miniature laptop computer with a 0.96 inch display and a design that’s heavily inspired by Lenovo/IBM ThinkPad style. There’s even a TrackPoint-like pointing nub.
Darling Picks Up New Contributors For Its macOS Compatibility Layer On Linux — Darling is the long-standing (albeit for some years idling) effort to allow macOS binaries to run on Linux that is akin to Wine but focused on an Apple macOS layer rather than Windows. This summer it's been moving along and seeing some new developer contributions.
Darling Progress Report Q2 2019 — We are very excited to say that in Q2 2019 (April 1 to June 30) we saw more community involvement than ever before. Many pull requests were submitted that spanned from bug fixes for our low level assembly to higher level modules such as the AppKit framework. Thanks to everyone for your contributions and we hope for this level of engagement to continue.
Raspberry Pi 4 Desktop Kit — Full desktop computer kit - just connect to HDMI display(s)
Raspberry Pi 4 on sale now from $35 — A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)
Raspberry Pi 4 Ubuntu Server 18.04.2 Install / Config Guide — Right now there is a memory limitation of 1 GB in 64 bit mode on the Raspberry Pi 4. This is apparently due to the SD card driver breaking when more than 1 GB of RAM is present. This will all be solved eventually but until then I recommend using the 32 bit version of Ubuntu or waiting until the Raspberry Pi 4 support catches up. If you want to run the 64 bit one now anyway it works fine other than the memory limitation.
Raspberry Pi 4 on Arch Linux ARM
Fedora 30 - Rasbberry Pi 4 support - arm - Fedora Mailing-Lists
Manjaro announces partnership, will start shipping closed source FreeOffice suite by default — Additionally we ship FreeOffice 491 by default. This is possible since we partnered up with Softmaker 70.
[Testing Update] 2019-07-29 - Kernels, XFCE 4.14-pre3, Haskell - Announcements / Testing Updates - Manjaro Linux Forum
Phil's GitHub
Ubucon Europe 2019 – Sintra, 10th-13th October — Ubucon is an event organized by the Ubuntu Communities from all around the world. The focus of the event is Ubuntu, an open source, community-driven and free linux distribution, and other free and open source technologies. This year, this event will be organized in Sintra, Portugal, in October 2019. We are preparing four full days of sprints, workshops, conferences, talks and social events for all participants.
AWS Cloud Practitioner Study Group — RSVP to this study group created to help you pass the AWS Cloud Practitioner Certification starting on Wednesday July 31st at 11am Pacific.
Introducing Fedora CoreOS — Fedora CoreOS is built to be the secure and reliable host for your compute clusters. It’s designed specifically for running containerized workloads without regular maintenance, automatically updating itself with the latest OS improvements, bug fixes, and security updates
Fedora CoreOS - Getting Started — Fedora CoreOS has no install-time configuration. Every Fedora CoreOS system begins with a generic, unconfigured disk image. On first boot Ignition will read the supplied config and configure the system. Ignition configs are usually supplied via the cloud’s userdata mechanism, or, in the case of bare metal, injected at install time. This guide will show you how to launch Fedora CoreOS on AWS, QEMU, and bare metal as well as how to create Ignition configs.
Podman — What is Podman? Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode. Simply put: alias docker=podman.
Buildah, Podman, and Skopeo – the BIT that matters — Still doing all your Linux container management using an insecure, bloated daemon? Well, don’t feel bad. I was too until very recently. Now I’m finding myself slowly saying goodbye to my beloved Docker daemon and saying hello to Buildah, Podman, and Skopeo. In this article, I explore the exciting new world of rootless and daemon-less Linux container tools.
Replacing Docker with Podman — Yeah, you read it right… while Docker is a buzzword in the tech industry now. we will see the consequences of using it and how we can solve the problem with Podman. Replacing Docker with Podman
etcd: Distributed reliable key-value store for the most critical data of a distributed system — etcd is a distributed reliable key-value store for the most critical data of a distributed system
Ubuntu Core — We redesigned the entire system from first boot to create the most secure embedded Linux for devices and connected things.

Clojure Clash | Coder Radio 368

29 juli 2019 | min

Mike and Wes debate the merits, and aesthetics, of Clojure in this week's rowdy language check-in.

Plus why everyone's talking about the sensitivty conjecture, speedy TLS with rust, and more!

Links:

Feedback: Which Language To Use And Why? — There are so many languages out there, and I just don’t understand when or why you would want to use a language over another.
Mathematician Solves Computer Science Conjecture in Two Pages | Quanta Magazine — This “sensitivity” conjecture has stumped many of the most prominent computer scientists over the years, yet the new proof is so simple that one researcher summed it up in a single tweet.
ELI5: The Sensitivity Conjecture has been solved. What is it about? — Think of it like a Buzzfeed quiz. You answer a bunch of multiple-choice input questions about seemingly random topics ('What's your favourite breakfast cereal?', 'What's your favourite classic movie?', 'What did you want to be when you grew up?', and so on), and you get a response back at the end: usually which Hogwarts house you belong in.
Sensitivity Conjecture resolved — Paul Erdös famously spoke of a book, maintained by God, in which was written the simplest, most beautiful proof of each theorem. The highest compliment Erdös could give a proof was that it “came straight from the book.” In this case, I find it hard to imagine that even God knows how to prove the Sensitivity Conjecture in any simpler way than this.
arXiv: Induced subgraphs of hypercubes and a proof of the Sensitivity Conjecture
GitHub starts blocking developers in countries facing US trade sanctions — There's a debate over free speech taking place after Microsoft-owned GitHub "restricted" the account of a developer based in the Crimea region of Ukraine, who used the service to host his website and gaming software.
GitHub blocked my account and they think I’m developing nuclear weapons
1995parham/github-do-not-ban-us: Github do not ban us from open source world — GitHub restricted our access to private repositories suddenly, but at the very least we wanted GitHub to warn us before limiting our access.
A Rust-based TLS library outperformed OpenSSL in almost every category | ZDNet — The findings are the result of a recent four-part series of benchmarks carried out by Joseph Birr-Pixton, the developer behind the Rustls library.
TLS performance: rustls versus OpenSSL — A TLS library will represent separate sessions in memory while they are in use. How much memory these sessions use will dictate how many sessions can be concurrently terminated on a given server.

IT's a Support Trap! | The Friday Stream 11

29 juli 2019 | min

Linux Action News 116

28 juli 2019 | min

Apollo's ARC | TechSNAP 408

25 juli 2019 | min

We take a look at the amazing abilities of the Apollo Guidance Computer and Jim breaks down everything you need to know about the ZFS ARC.

Plus an update on ZoL SIMD acceleration, your feedback, and an interesting new neuromorphic system from Intel.

Links:

ZFS On Linux Has Figured Out A Way To Restore SIMD Support On Linux 5.0+ — Those running ZFS On Linux (ZoL) on post-5.0 (and pre-5.0 supported LTS releases) have seen big performance hits to the ZFS encryption performance in particular. That came due to upstream breaking an interface used by ZFS On Linux and admittedly not caring about ZoL due to it being an out-of-tree user. But now several kernel releases later, a workaround has been devised.
ZFS On Linux Runs Into A Snag With Linux 5.0
NixOS Takes Action After 1.2GB/s ZFS Encryption Speed Drops To 200MB/s With Linux 5.0+ — A NixOS developer reports that the functions no longer exported by Linux 5.0+ and previously used by ZoL for AVX/AES-NI support end up dropping the ZFS data-set encryption performance to 200MB/s where as pre-5.0 kernels ran around 1.2GB/s
Linux 5.0 compat: SIMD compatibility · zfsonlinux/zfs@e5db313 — Restore the SIMD optimization for 4.19.38 LTS, 4.14.120 LTS, and 5.0 and newer kernels. This is accomplished by leveraging the fact that by definition dedicated kernel threads never need to concern themselves with saving and restoring the user FPU state. Therefore, they may use the FPU as long as we can guarantee user tasks always restore their FPU state before context switching back to user space.
no SIMD acceleration · Issue #8793 · zfsonlinux/zfs — 4.14.x, 4.19.x, 5.x all have no SIMD acceleration, it is like a turtle. very slow.
Chris's Wiki :: ZFS on Linux still has annoying issues with ARC size — One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.
Software woven into wire, Core rope and the Apollo Guidance Computer — One of the first computers to use integrated circuits, the Apollo Guidance Computer was lightweight enough and small enough to fly in space. An unusual feature that contributed to its small size was core rope memory, a technique of physically weaving software into high-density storage.
Virtual Apollo Guidance Computer (AGC) software — Since you are looking at this README file, you are in the "master" branch of the repository, which contains source-code transcriptions of the original Project Apollo software for the Apollo Guidance Computer (AGC) and Abort Guidance System (AGS), as well as our software for emulating the AGC, AGS, and some of their peripheral devices (such as the display-keyboard unit, or DSKY).
The Underappreciated Power of the Apollo Computer - The Atlantic — Without the computers on board the Apollo spacecraft, there would have been no moon landing, no triumphant first step, no high-water mark for human space travel. A pilot could never have navigated the way to the moon, as if a spaceship were simply a more powerful airplane. The calculations required to make in-flight adjustments and the complexity of the thrust controls outstripped human capacities.
Brains scale better than CPUs. So Intel is building brains | Ars Technica — Neuromorphic engineering—building machines that mimic the function of organic brains in hardware as well as software—is becoming more and more prominent. The field has progressed rapidly, from conceptual beginnings in the late 1980s to experimental field programmable neural arrays in 2006, early memristor-powered device proposals in 2012, IBM's TrueNorth NPU in 2014, and Intel's Loihi neuromorphic processor in 2017. Yesterday, Intel broke a little more new ground with the debut of a larger-scale neuromorphic system, Pohoiki Beach, which integrates 64 of its Loihi chips.
Dancing Demon - YouTube — Written in 1979 by Leo Christopherson for the Radio Shack TRS-80 Model I computer. This is the best game ever for at that time.

Endeavour OS + Pisi Linux | Choose Linux 14

24 juli 2019 | min

Mumbling with OpenBSD | BSD Now 308

24 juli 2019 | min

Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.

Headlines

Replacing a (silently) failing disk in a ZFS pool

Maybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.
What? there’s a shitton of docs on this topic! Are you stupid?
I don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.

OPNsense 19.7 RC1 released

Hi there,
For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.
Download links, an installation guide[1] and the checksums for the images can be found below as well.

News Roundup

Implementation of DRM ioctl Support for NetBSD kernel

What is DRM ioctl ?

Ioctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission & fencing, suspend/resume support, and DMA services.

Native DRM ioctl calls

NetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.

High quality / low latency VOIP server with umurmur/Mumble on OpenBSD

Discord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.
Why not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!
Mumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.

TMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix

Unix — going back to the roots

From time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.
I’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux & macOS — I understand the concepts behind the system architecture, know a lot of command line tools & navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.
Recently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files & directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces & tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.
The book also talks about networking, surfing the web & working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!
I can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!

ThePDP-7 Where Unix Began

In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.
V0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.

LLDB: watchpoints, XSTATE in ptrace() and core dumps

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.
In June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

32 Hours of Outrage | LINUX Unplugged 311

23 juli 2019 | min

Keynote presenter from Texas LinuxFest and established industry expert Thomas Cameron joins us to discuss the end of the distro wars, the future of Linux jobs, his personal take on IBM's acquisition of Red Hat, some really great Linux job tips, and much more.

Plus we catch up on some community news from old friends, complain about a few Linux bugs, and share a "magical" app pick.

Special Guests: Alex Kretzschmar, Brent Gervais, Martin Wimpress, and Thomas Cameron.

Links:

Hiding Data In Music Might Be The Key To Ditching Coffee Shop WiFi Passwords | Hackaday — By encoding data into the audible range of music, coffee shops could broadcast their WiFi passwords inside their Sia-heavy playlists. (Why is it always Sia?) Cell phones could then detect the password and automatically connect.
Dropbox added support for zfs, eCryptFS, xfs, and btrfs filesystems — The latest version 77.3.127 Dropbox added support for zfs (on 64-bit systems only), eCryptFS, xfs (on 64-bit systems only), and btrfs filesystems.
Fedora To Stop Providing i686 Kernels, Might Also Drop 32-Bit Modular/Everything Repos - Phoronix — Under this secondary proposal, Fedora 31 would stop producing and distributing Modular and Everything i686 repositories.
Changes/Noi686Repositories - Fedora Project Wiki — Stop producing and distributing the Modular and Everything i686 repositories.
Kernel 5.2 KVM VFIO Bug
LinuxServer Joins Open Collective
Download – Endeavour OS — We’re proud to present you our very first stable release
Passing the AWS Cloud Practitioner Exam — Whether you need the Cloud Practitioner certification for work or as a personal goal, studying and staying on track is hard because life gets in the way. Join this study group and we’ll help you pass the exam by meeting on a bi-weekly basis and going over the main topics covered in the certification exam.
Free Cloud Courses at Linux Academy
Thomas Cameron at Texas Linux Fest 2019 — Thomas Cameron has been an IT Professional since 1993. He's worked with Linux at multinational financial services companies, transportation companies, manufacturing, and more. He's a Red Hat Certified Architect, and was a regional chief architect at Red Hat. He's currently on the Amazon Linux team at Amazon.
Serverbuilds.net
The Perfect Media Server - 2019 Edition — There's a ton of resources on serverbuilds but you should definitely take a few minutes to browse the excellent CPU spreadsheet before buying a new CPU. You'll probably think twice about that Sandy Bridge chip now (in a good way).
croc: Easily and securely send things from one computer to another — croc is a tool that allows any two computers to simply and securely transfer files and folders.

10x Evilgineers | Coder Radio 367

22 juli 2019 | min

Mike rekindles his youthful love affair with Emacs and we debate what makes a "10x engineer".

Plus the latest Play store revolt and some of your feedback.

Links:

Feedback on Coder Radio 366 — As a C++ developer working on a large, primarily OO codebase, I’ve been writing ever more C++ as “just a pipeline of data transformations.” As you guys mentioned, you can get a lot of benefit even in an OO situation from wrapping a functional “core” up in an object “package.”
Functional Core, Imperative Shell — In this screencast we look at one method for crossing this divide. We review a Twitter client whose core is functional: managing tweets, syncing timelines to incoming Twitter API data, remembering cursor positions within the tweet list, and rendering tweets to text for display. This functional core is surrounded by a shell of imperative code: it manipulates stdin, stdout, the database, and the network, all based on values produced by the functional core.
Postmodern immutable data structures — We are presenting Immer, a C++ library implementing modern and efficient data immutable data structures.
Mike on Twitter — So when I just was getting started I was an #emacs user but had that beaten out of me. I’m thinking of looking back at it on #macOS and #Linux under GNOME any recommendations?
Spacemacs: Emacs advanced Kit focused on Evil — Spacemacs is a new way to experience Emacs -- a sophisticated and polished set-up focused on ergonomics, mnemonics and consistency.
Tinder Bypasses Google Play, Revolt Against App Store Fee — Tinder joined a growing backlash against app store taxes by bypassing Google Play in a move that could shake up the billion-dollar industry dominated by Google and Apple Inc.
EmacsWiki: Evil — Evil is an extensible vi layer for Emacs. It provides Vim features like Visual selection and text objects.
A personal story about 10× development — The "×ness" of any developer does not exist in a vacuum but depends on many organizational things. The most obvious one is tooling.
Shekhar Kirani on Twitter — 10x engineers. Founders if you ever come across this rare breed of engineers, grab them. If you have a 10x engineer as part of your first few engineers, you increase the odds of your startup success significantly.
The mythical 10x programmer - — The following is a list of qualities that I believe make the most difference in programmers productivity.
rubocop — RuboCop is a Ruby static code analyzer and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

Problematic Privileges | TechSNAP 407b

22 juli 2019 | min

Linux Action News 115

21 juli 2019 | min

Old and Insecure | User Error 70

18 juli 2019 | min

Twitching with OpenBSD | BSD Now 307

18 juli 2019 | min

FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.

Headlines

FreeBSD 11.3-RELEASE Announcement

The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.

Some of the highlights:
- The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.
- The ELF Tool Chain has been updated to version r3614.
- OpenSSL has been updated to version 1.0.2s.
- The ZFS filesystem has been updated to implement parallel mounting.
- The loader(8) has been updated to extend geli(8) support to all architectures.
- The pkg(8) utility has been updated to version 1.10.5.
- The KDE desktop environment has been updated to version 5.15.3.
- The GNOME desktop environment has been updated to version 3.28.
- The kernel will now log the jail(8) ID when logging a process exit.
- Several feature additions and updates to userland applications.
- Several network driver firmware updates.
- Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.
- Warnings have been added for IPSec algorithms deprecated in RFC 8221.
- Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.
- And more...

OpenBSD Is Now My Workstation

Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).

I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.

Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.

A Bit About Me and OpenBSD

I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.

I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.

News Roundup

Write your own fuzzer for NetBSD kernel! [Part 1]

How Fuzzing works? The dummy Fuzzer.

The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.

The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.

Coverage and Fuzzing

What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.

However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.

Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.

For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution

vBSDcon - CFP - Call for Papers ends July 19th

You can submit your proposal at https://easychair.org/conferences/?conf=vbsdcon2019

The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.

If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal.

Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.

Both users and developers are encouraged to share their experiences.

Exploiting FreeBSD-SA-19:02.fd

In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.

Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.

What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.

The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.

The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.

In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.
After that, the bug trigger is addressed.
It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.
In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.
The last section wraps everything up in a conclusion and points out further steps and challenges.

The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.

Streaming to Twitch using OpenBSD

Introduction

If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.

The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.

You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.

These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.
There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.

Beastie Bits

Feedback/Questions

Sebastian - ZFS setup toward ESXi
Christopher - Questions
Ser - Bhyve and Microsoft SQL

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

All Roads Lead to Linux | LINUX Unplugged 310

16 juli 2019 | min

Functional First | Coder Radio 366

16 juli 2019 | min

It’s a Coder Radio special as Mike and Wes dive into functional programming in the real world and share their tips for applying FP techniques in any language.

Links:

Porting Redis to WebAssembly with Clang/WASI — In this post, we share our experience of porting an existing open-source software package — the data structure server Redis — to WebAssembly. While this is not the first time that Redis has been ported to Wasm (see this port by Sergey Rublev), it is the first time to our knowledge that the obtained port can be run deterministically.
Solving Problems the Clojure Way - Rafal Dittwald — It is said that Clojure is a "functional" programming language; there's also talk of "data-driven" programming. What are these things? Are they any good? Why are they good? In this talk, Rafal attempts to distill the particular blend of functional and data-driven programming that makes up "idiomatic Clojure", clarify what it looks like in practise (with real-world examples), and reflect on how Clojure's conventions came to be and how they continue to evolve.
The Value of Values with Rich Hickey — In this keynote speech from JaxConf 2012, Rich Hickey, creator of Clojure and founder of Datomic gives an awesome analysis of the changing way we think about values.
Clojure Made Simple by Rich Hickey — In the seven years following its initial release, Clojure has become a popular alternative language on the JVM, seeing production use at financial firms, major retailers, analytics companies, and startups large and small. It has done so while remaining decidedly alternative—eschewing object orientation for functional programming, C-derived syntax for code-as-data, static typing for dynamic typing, REPL-driven development, and so on. Underpinning these differences is a commitment to the principle that we should be building our systems out of fundamentally simpler materials. This session looks at what makes Clojure different and why.
Effective Programs: 10 Years of Clojure by Rich Hickey
sparklemotion/mechanize — Mechanize is a ruby library that makes automated web interaction easy.
How to write idempotent Bash scripts — It happens a lot, you write a bash script and half way it exits due an error. You fix the error in your system and run the script again. But half of the steps in your scripts fail immediately because they were already applied to your system. To build resilient systems you need to write software that is idempotent.

Young and the Wreckless | The Friday Stream 10

15 juli 2019 | min

Linux Action News 114

12 juli 2019 | min

Comparing Hammers | BSD Now 306

11 juli 2019 | min

Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.

Headlines

Polprog's Am5x86 based retro UNIX build log

I have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!

I began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically

There is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.

Originally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...

However the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.

Having used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.

See the article for the rest of the writeup

Setting up services in a FreeNAS Jail

This piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands.

This example shows creating a jail, installing an Apache web server, and setting up a simple web page.

NOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.

News Roundup

First taste of DragonflyBSD

Last week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.

I mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.

Furthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.

Streaming Netflix on NetBSD

Here's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.

Heads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!

“Sudo Mastery 2nd Edition” cover art reveal

I’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)

But the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.

NetBSD on the last G4 Mac mini

I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.

Recently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the "secret" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.

Hammer vs Hammer2

With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0.

With a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing.

And then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.

Beastie Bits

Feedback/Questions

Moritz - ARM Builds
Dave - Videos
Chris - Raspberry Pi4

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Qubes OS + Plex vs Kodi | Choose Linux 13

10 juli 2019 | min

Old School Outages | TechSNAP 407

10 juli 2019 | min

The Future is Open | LINUX Unplugged 309

9 juli 2019 | min

Open Source has taken over the world, as IBM's purchase of Red Hat closes. We reflect on this historic moment.

Plus Mozilla's been labeled an Internet Villian, we deep dive into the tech behind all the controversy and how you can self-host secure DNS.

Special Guests: Alex Kretzschmar, Brent Gervais, and Drew DeVore.

Links:

Red Hat, Inc. on Twitter — As #RedHat's acquisition by @IBM closes, Red Hat will maintain independence and neutrality to give customers freedom, choice and flexibility.
IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future — Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility.
Ubuntu-Maker Canonical’s GitHub Account Gets Hacked — An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories.
Ubuntu Security on Twitter — We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities.
Raspberry Pi admits to faulty USB-C design on the Pi 4 — After reports started popping up on the Internet, Raspberry Pi cofounder Eben Upton admitted to TechRepublic that "A smart charger with an e-marked cable will incorrectly identify the Raspberry Pi 4 as an audio adapter accessory and refuse to provide power." Upton went on to say, "I expect this will be fixed in a future board revision, but for now users will need to apply one of the suggested workarounds. It's surprising this didn't show up in our (quite extensive) field testing program."
Firefox 68.0, See All New Features, Updates and Fixes — Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
Linux Millionaire Question Form — Jupiter Broadcasting wants to create a fun game for Linux enthusiasts to test their knowledge on the depths of technology and Linux history. Please help by providing us your thoughtful questions and suggested answers!
Linux Academy on Twitter — The AWS #DevOps Professional certification exam has just been updated with new emphasis on the AWS #Developer Tools suite.
Choose Linux 12: Regolith, Rosa, and Antsy Alien Attack — Two new hosts join Joe to talk about a nice i3 implementation and an amazing arcade game written in Bash.
Linux Academy is Hiring!
Passing the AWS Cloud Practitioner Exam — Whether you need the Cloud Practitioner certification for work or as a personal goal, studying and staying on track is hard because life gets in the way. Join this study group and we’ll help you pass the exam by meeting on a bi-weekly basis and going over the main topics covered in the certification exam.
Emma on Twitter — Hey @system76 fans! I'm looking for a few people to join the HAPPINESS TEAM at System76!
Understanding Burnout Study Group
ISPA announces finalists for 2019 Internet Heroes and Villains: Trump and Mozilla lead the way as Villain nominees — Mozilla, for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.
How to enable DNS-over-HTTPS (DoH) in Firefox | ZDNet — The DNS-over-HTTPS (DoH) protocol is currently the talk of the town, and the Firefox browser is the only one to support it.
DNS-over-HTTPS (DoH) | Public DNS | Google Developers — Google Public DNS provides two distinct DoH APIs
Public recursive name server - Wikipedia — List of public DNS service operators
DNS Over HTTPS Proxy — A set of python 3 scripts that supports proxying DNS over HTTPS as specified in the IETF Draft draft-ietf-doh-dns-over-https.
DNS Privacy Project
dnscrypt-proxy 2 — A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS.
Running a DNS over HTTPS Client — There are several DNS over HTTPS (DoH) clients you can use to connect to 1.1.1.1 in order to protect your DNS queries from privacy intrusions and tampering.
curl/doh — A libcurl-using application that resolves a host name using DNS-over-HTTPS (DOH).
RFC 7858 — Specification for DNS over Transport Layer Security
DNS Security with DNSCrypt — While OpenDNS has provided world-class security using DNS for years, and OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort.
DNSSEC – What Is It and Why Is It Important? - ICANN — Engineers in the Internet Engineering Task Force (IETF), the organization responsible for the DNS protocol standards, long realized the lack of stronger authentication in DNS was a problem. Work on a solution began in the 1990s and the result was the DNSSEC Security Extensions (DNSSEC).
DNS Security and Privacy — Choosing the right provider — However, with all great options out there (eg: 1.1.1.1, 8.8.8.8, 9.9.9.9), come great responsibilities. Which provider to choose? Which protocol to choose? DNSCrypt? DNS over HTTPS or TLS? What about DNSSEC? …
pi-hole/pi-hole: A black hole for Internet advertisements — Those who want to get started quickly and conveniently may install Pi-hole using the following command
Configuring DNS-Over-HTTPS on Pi-hole - Pi-hole documentation — DNS-Over-HTTPS is a protocol for performing DNS lookups via the same protocol you use to browse the web securely: HTTPS.
Segmentation fault on raspberry pi 2 model b · Issue #38 · cloudflare/cloudflared
DevilsPie — A totally crack-ridden program for freaks and weirdos who want precise control over what windows do when they appear. If you want all XChat windows to be on desktop 3, in the lower-left, at 40% transparency, you can do it.
Devilspie2 — Devilspie2 is a window matching utility, allowing the user to perform scripted actions on windows as they are created.

Objectively Old | Coder Radio 365

8 juli 2019 | min

Wes turns back the clock and explores the message passing mania of writing Objective-C without a Mac, and we wax-poetic about programming language history.

Plus Mike gets real about the Windows Subsystem for Linux, and our take on the new MacBook keyboard leak.

Links:

Apple is reportedly giving up on its controversial MacBook keyboard - The Verge — Apple is planning to ditch the controversial butterfly keyboard used in its MacBooks since 2015, according to a new report from analyst Ming-Chi Kuo. 9to5Mac notes that Apple will reportedly move to a new scissor-switch design, which will use glass fiber to reinforce its keys. According to Kuo’s report, the first laptop to get the new keyboard will be a new MacBook Air model due out this year, followed by a new MacBook Pro in 2020.
Objective-C - History - Wikipedia — After acquiring NeXT in 1996, Apple Computer used OpenStep in its then-new operating system, Mac OS X. This included Objective-C, NeXT's Objective-C-based developer tool, Project Builder, and its interface design tool, Interface Builder, both now merged into one application, Xcode. Most of Apple's current Cocoa API is based on OpenStep interface objects and is the most significant Objective-C environment being used for active development.
A Short History of Objective-C — While most programmers discovered Objective-C only during the iPhone app revolution, Objective-C has been around for over 30 years. Objective-C has been the foundation of Apple’s desktop operating system, Mac OS X, since its debut in 2001, and was also the basis for NEXTSTEP — OS X’s immediate ancestor — created by Steve Jobs’ NeXT Computer Inc. However, Objective-C was created neither by Apple nor NeXT. Its origin was a small Connecticut startup in the early 1980s called Stepstone.
GNUstep — GNUstep is a mature Framework, suited both for advanced GUI desktop applications as well as server applications. The framework closely follows Apple's Cocoa (formerly NeXT's OpenStep) APIs but is portable to a variety of platforms and architectures.
GNUstep: Fun with Objective-C — Objective-C is a language based upon C, with a few additions that make it a complete, object-oriented language. Why do I think Objective-C is fun? Precisely because of this emphasis on simplicity
Beginners Guide to Objective-C Programming
Installing and Using GNUstep and Objective-C on Linux - Techotopia — The basics of Objective-C are supported by the GNU compiler collection. In order to utilize the full power of Objective-C together with the Cocoa /openStep environments on Linux, and to work with many of the examples covered in this book, it is necessary to install gcc, the gcc Objective-C support package and the GNUstep environment.
Objective-C Compiler and Runtime FAQ - GNUstepWiki — The history of Objective-C in GCC is somewhat complicated. Originally, NeXT was forced to release the original Objective-C front end in order to comply with the GPL. This code was not quite compatible with the GNU runtime and so it was modified. NeXT did not adopt these modifications and so each release of GCC by NeXT, and then Apple, contained changes that needed back-porting to the main branch of GCC.
For a long time, GCC was the only compiler that worked with GNUstep. Unfortunately, the GCC team has not invested much effort in Objective-C in the last few years and it currently lags behind Apple's version by a significant amount.

From Zero to Murder | The Friday Stream 9

8 juli 2019 | min

Linux Action News 113

7 juli 2019 | min

Partner Password Policy | User Error 69

4 juli 2019 | min

Changing face of Unix | BSD Now 305

3 juli 2019 | min

Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.

Headlines

Website protection with OPNsense

with nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)

The OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.
In old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)

See the article for the rest of the writeup

FreeBSD Support Pull Request against the ZFS-on-Linux repo

This pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo > Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux > Refactor tree to separate out Linux and FreeBSD specific code > import FreeBSD's SPL > add ifdefs in common code where it made more sense to do so than duplicate the code in separate files > Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF
The plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th
Video of Leadership Meeting
Meeting Agenda and Notes
This will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms
For example, mav@’s recent work:
Add wakeup_any(), cheaper version of wakeup_one() for taskqueue(9) > As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.

News Roundup

Episode 5 Notes - How much has UNIX changed?

UNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?
So, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf) is from November 1971, predating v1 of the system.
I think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like ls, cp, mv, du, and df function the same. So are mount and umount. But, there are some key differences. For instance, cd didn't exist, yet instead chdir filled its place. Also, chmod is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.

See the article for the rest of the writeup

Porting Wine to amd64 on NetBSD

I have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.
Initially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.
I suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.

See the article for the rest of the writeup

FreeBSD Enterprise 1 PB Storage

Today FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.
Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.
This project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.

See the article for the rest of the writeup

The death watch for the X Window System (aka X11) has probably started

Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.
I have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

The One About GPU Passthrough | LINUX Unplugged 308

2 juli 2019 | min

Our crew walks you through their PCI Passthrough setups that let them run Windows, macOS, and distro-hop all from one Linux machine.

Forget multiple partitions, dual booting, and Hackintoshes; you can do it all with Linux and KVM.

Near-native VM performance doesn't have to be painful. You only need a few prerequisites and a little help.

Special Guest: Alex Kretzschmar.

Links:

Windows VirtIO Drivers — 64-bit versions of Windows Vista and newer require the drivers to be digitally signed.
Alex's arch-vfio-ovmf scripts — Arch Linux installation and VFIO setup scripts
Looking Glass - Quickstart Guide — These guides are designed to help you get Looking Glass up and running on an already configured QEMU KVM Virtual Machine that has a VGA PCI Passthrough device.
duncanthrax/scream — Scream is a virtual device driver for Windows that provides a discrete sound device. Audio played through this device is published on your local network as a PCM multicast stream.
ACS patch COPR — Fedora kernels with add-acs-overrides patch from Arch AUR
ACS Override Kernel Builds — This page contains links to the latest kernel builds with the ACS override patch applied for PCI devices.
natalie-/fedora-acs-override — Using the ACS override patch for Fedora
VFIO tips and tricks: IOMMU Groups, inside and out — Sometimes VFIO users are befuddled that they aren't able to separate devices between host and guest or multiple guests due to IOMMU grouping and revert to using legacy KVM device assignment, or as is the case with may VFIO-VGA users, apply the PCIe ACS override patch to avoid the problem. Let's take a moment to look at what this is really doing.
"Error 43: Driver failed to load" on Nvidia GPUs passed to Windows VMs — Since version 337.88, Nvidia drivers on Windows check if an hypervisor is running and fail if it detects one, which results in an Error 43 in the Windows device manager. Starting with QEMU 2.5.0 and libvirt 1.3.3, the vendor_id for the hypervisor can be spoofed, which is enough to fool the Nvidia drivers into loading anyway.
Mac OS Adds Early Support for VirtIO, Qemu - The Passthrough POST — In a new development uncovered by Qemu developer Gerd Hoffmann, Apple has apparently added early support for VirtIO and framebuffer graphics in a later Mac OS Mojave release.
New and Improved Mac OS Tutorial, Part 1 (The Basics) - The Passthrough POST — Due to certain recent developments, It’s become clear to us that it’s necessary to update and improve our OSX VM guide. A lot’s changed since we wrote it, and rolling in those changes will make the process much more user friendly and accessible to newer VFIO users.
Mac OS VM Guide Part 2 (GPU Passthrough and Tweaks) - The Passthrough POST — We’ve made every attempt to make this as straightforward as possible, but there’s a lot more ground to cover here than in the first part of the guide
UGREEN USB 3.0 Sharing Switch Selector 4 Port 2 Computers Peripheral Switcher Adapter Hub for PC, Printer, Scanner, Mouse, Keyboard with One Button Swapping — This USB Switch 4 Port device allows up to 2 users to share 4 USB 3.0 peripheral devices, such as printer,scanner,mouse,keyboard or usb disk etc without the need to constantly swap cables or set up complicated network sharing software. It's a great for use at home if you have multiple PCs or Macs.
How to setup VFIO GPU passthrough using OVMF and KVM on Arch Linux — This article will detail the steps required to passthrough your GPU to a guest VM which will in our case be a Windows 10 VM used for gaming. Yes, this is the exact same technology made popular by Linus on his LinusTechTips YouTube channel in the seven gamers, one CPU video.
Lenovo G0A10170UL Thunderbolt 3 Graphics Dock — Amplify your ultrabook’s graphics performance with the integrated NVIDIA GeForce GTX 1050 graphics card.
Mantiz Venus MZ-02 External Graphic Enclosure eGPU — Connects Full High Full Length 120" Width 2.5 PCIE Desktop Power GPU to computer WITH an Intel Certified Thunderbolt 3 port.
Synergy — Synergy is a software download that shares one mouse and one keyboard between multiple computers. Simply move your mouse between your computers effortlessly
barrier: Open-source KVM software — Barrier is KVM software forked from Symless's synergy 1.9 codebase. Synergy was a commercialized reimplementation of the original CosmoSynergy written by Chris Schoeneman.
foxlet/macOS-Simple-KVM — Documentation to set up a simple macOS VM in QEMU, accelerated by KVM.

Gabbing About Go | Coder Radio 364

1 juli 2019 | min

Mike and Wes burrow into the concurrent world of Go and debate where it makes sense and where it may not.

Plus gradual typing for Ruby, a new solution for Python packaging, and the real story behind Jony Ive's exit.

Links:

Goroutines - Concurrency in Golang — Goroutines are functions or methods that run concurrently with other functions or methods. Goroutines can be thought of as light weight threads. The cost of creating a Goroutine is tiny when compared to a thread.
Why build concurrency on the ideas of CSP? — One of the most successful models for providing high-level linguistic support for concurrency comes from Hoare's Communicating Sequential Processes, or CSP. Occam and Erlang are two well known languages that stem from CSP. Go's concurrency primitives derive from a different part of the family tree whose main contribution is the powerful notion of channels as first class objects.
Jony Ive ‘dispirited’ by Tim Cook’s lack of interest in product design — To many, Jony Ive’s announced departure from Apple last week felt very sudden. But a narrative is forming to suggest that he’s been slowly exiting for years as the company shifted priorities from product design to operations.
CSP Paper
A Tour of Go — These example programs demonstrate different aspects of Go. The programs in the tour are meant to be starting points for your own experimentation.
GoLand: A Clever IDE to Go by JetBrains — GoLand is cross-platform IDE built specially for Go developers.
Google I/O 2013 - Advanced Go Concurrency Patterns — Concurrency is the key to designing high performance network services. This talk expands on last year's popular Go Concurrency Patterns talk to dive deeper into Go's concurrency primitives, and see how tricky concurrency problems can be solved gracefully with simple Go code.
Michael Dominick on Twitter — Ok, so this is cool I have a fully working #rails dev environment up under #Windows usign #WSL and @PengwinLinux. Using @code for the editor. So far so good!
Pengwin by Whitewater Foundry — Pengwin is a Linux environment for Windows 10 built on work by Microsoft Research and the Debian project.
Open-sourcing Sorbet — Sorbet is a fast, powerful type checker designed for Ruby. It scales to codebases with millions of lines of code and can be adopted incrementally.
Sorbetting a gem, or the story of the first adoption — After reading about Brandon's first impression (highly recommend to check it out), I decided to give Sorbet a try and integrate it into one of my gems.
Gradual typing of Ruby at Scale — This talk shares experience of Stripe successfully been building a typechecker for internal use, including core design decisions made in early days of the project and how they withstood reality of production use
Building Standalone Python Applications with PyOxidizer — PyOxidizer's marquee feature is that it can produce a single file executable containing a fully-featured Python interpreter, its extensions, standard library, and your application's modules and resources. In other words, you can have a single .exe providing your application.
Packaging Your Code — The Hitchhiker's Guide to Python
An Overview of Packaging for Python
pex — pex is a library for generating .pex (Python EXecutable) files which are executable Python environments in the spirit of virtualenvs.
shiv — shiv is a command line utility for building fully self-contained Python zipapps as outlined in PEP 441, but with all their dependencies included!

Linux Action News 112

30 juni 2019 | min

Prospering with Vulkan | BSD Now 304

26 juni 2019 | min

DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.

Headlines

DragonflyBSD 5.6 is out

Version 5.6.0 released 17 June 2019
Version 5.6.1 released 19 June 2019
Big-ticket items
Improved VM
- Informal test results showing the changes from 5.4 to 5.6 are available.
- Reduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).
- Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.
- Add a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.
- Change vm_hold() and vm_unhold() semantics to not require any spin-locks.
- Change vm_page_wakeup() to not require any spin-locks.
- Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.
- Refactor the handling of fictitious pages.
- Remove m->md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).
- Refactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.
- pmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.
- Simplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.
DRM
- Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.
- Improve UEFI framebuffer support.
- A major deadlock has been fixed in the radeon/ttm code.
- Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.
- Add DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.
- Fix excessive wired memory build-ups.
- Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.
- Fix idr_*() API bugs.
HAMMER2
- The filesystem sync code has been rewritten to significantly improve performance.
- Sequential write performance also improved.
- Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.
- Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.
- Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.
- Improve umount operation.
- Fix an allocator race that could lead to corruption.
- Numerous other bugs fixed.
- Improve verbosity of CHECK (CRC error) console messages.

OpenBSD Vulkan Support

Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.
This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.
This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source.

A note: The BSDs are no longer that far behind.

FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)

OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34 ***

News Roundup

Bad utmp implementations in glibc and freebsd

I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.
In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).
I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.
Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.

A good find

On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk. ***

OpenSSH gets an update to protect against Side Channel attacks

Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.
SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.
However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.
In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”

ZFS vs OpenZFS

You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue.
From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.
Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.

There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here ***

Beastie Bits

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected] ***

Regolith, Rosa, and Antsy Alien Attack | Choose Linux 12

26 juni 2019 | min

What's your NextCloud? | LINUX Unplugged 307

25 juni 2019 | min

Find Your Off-Ramp | Coder Radio 363

24 juni 2019 | min

We take on the issues of burnout, work communication culture, and keeping everything in balance.

Plus Wes asks 'Why Not Kotlin' and breaks down where it fits in his toolbox.

Links:

Kotlin overview — Kotlin is an open-source, statically-typed programming language that supports both object-oriented and functional programming. Kotlin provides similar syntax and concepts from other languages, including C#, Java, and Scala, among many others. Kotlin does not aim to be unique—instead, it draws inspiration from decades of language development. It exists in variants that target the JVM (Kotlin/JVM), JavaScript (Kotlin/JS), and native code (Kotlin/Native).
Kotlin/Native — Kotlin/Native is a technology for compiling Kotlin code to native binaries, which can run without a virtual machine. It is an LLVM based backend for the Kotlin compiler and native implementation of the Kotlin standard library.
Kotlin for JavaScript — Kotlin provides the ability to target JavaScript. It does so by transpiling Kotlin to JavaScript. The current implementation targets ECMAScript 5.1 but there are plans to eventually target ECMAScript 2015 as well.
My favorite examples of functional programming in Kotlin — One of the great things about Kotlin is that it supports functional programming. Let’s see and discuss some simple but expressive functions written in Kotlin.
Arrow: Functional companion to Kotlin's Standard Library — Arrow aims to provide a lingua franca of interfaces and abstractions across Kotlin libraries. For this, it includes the most popular data types, type classes and abstractions such as Option, Try, Either, IO, Functor, Applicative, Monad to empower users to write pure FP apps and libraries built atop higher order abstractions.
Awesome Kotlin Resources — The ultimate resource list for your most loved coding language.
awesome-kotlin — A curated list of awesome Kotlin frameworks, libraries, documents and other resources
Reddit Co-Founder Alexis Ohanian Warns Always-On Work Culture Creating ‘Broken’ People - WSJ — “I’ve spoken out quite a bit about things like ‘hustle porn,’ and this ceremony of showing off on social [media] about how hard you’re working,” said Mr. Ohanian, who previously co-founded online discussion forum Reddit. “Y’all see it on Instagram and you certainly see it in the startup community, and it becomes really toxic.”
Thread by @mwseibel — I’ve noticed that many people compete in games they don’t understand because they are modeling the behavior of people around them. Most common is the competition for wealth as a proxy for happiness.
Understanding Burnout Meetup — You may not know it yet, but IT is not easy. Breakdowns in people, processes, and technology leads to frustrating times for all of us. As it spirals out of control, we often meet the final boss: burnout.
Linux Academy is Hiring!

Random Access Memories | The Friday Stream 8

24 juni 2019 | min

We share the stories of our very first computers, and reminisce about the bad old days of the PC.

Plus we solve another world problem, explain Amazon Flex, and our cheap home studio build.

Links:

Music - NewRetroWave
Horse Blood - NewRetroWave
End of The Night - NewRetroWave
Angela Fisher on Instagram — Here we are! Last day of school!!!
What It's Like To Be An Amazon Flex Delivery Driver — Amazon has offered free two-day shipping for Prime members since 2005. As Amazon rolls out a one-day shipping guarantee for its 100 million Prime members, Amazon Flex drivers help solve the company's last mile problem. CNBC spoke to these on-demand contract workers all over the country to find out what it's really like to deliver for Amazon.
The Computer Chronicles - Pentium PCs (1993)
V.92 - Wikipedia — V.92 is an ITU-T recommendation, titled Enhancements to Recommendation V.90, that establishes a modem standard allowing near 56 kb/s download and 48 kb/s upload rates. With V.92 PCM is used for both the upstream and downstream connections; previously 56K modems only used PCM for downstream data.
Paratrooper DOS Game — Paratrooper is a 1982 computer game, written by Greg Kuperberg and published by Orion Software. Paratrooper is one of the three games written by Greg Kuperberg when the IBM-PC was still very new.
Floppy disk - Wikipedia — A floppy disk, also known as a floppy, diskette, or simply disk, is a type of disk storage composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic enclosure lined with fabric that removes dust particles.
Macintosh SE/30, start and format a floppy disk - Sounds Of Changes — The Macintosh SE/30 is a personal computer that was designed, manufactured and sold by Apple Computer, Inc. from 1989 until 1991.
No, Your Kid Isn't Growing Horns Because Of Cellphone Use | Techdirt — This week, the Washington Post grabbed plenty of attention for a story that claimed that kids are actually growing "horns" because of cell phone use. The story, which leans on 2016 and 2018 research out of Australia, was cribbing off of this more nuanced piece by the BBC on how skeletal adaptation to modern living changes are kind of a thing.
Australian researchers find 'horns' growing on young people's skulls from phone overuse - The Washington Post
Yes Kids are Growing Horns - But the Solution is Simple - YouTube — Recently this has become big news with many media outlets reporting on it. It may sound sensationalist, but it really isn't. This is a serious symptom of the augmented lifestyle young people are living involving their phones and media devices.

Linux Action News 111

23 juni 2019 | min

Ubuntu sets the Internet on fire, new Linux and FreeBSD vulnerabilities raise concern, while Mattermost raises $50M to compete with Slack.

Plus we react to Facebook's Libra confirmation and the end of Google tablets.

Links:

Ubuntu to drop i386 architecture — he Ubuntu engineering team has reviewed the facts before us and concluded that we should not continue to carry i386 forward as an architecture. Consequently, i386 will not be included as an architecture for the 19.10 release, and we will shortly begin the process of disabling it for the eoan series across Ubuntu infrastructure.
Proposal: Let's drop i386 May 9th 2018
Proposal: Let's drop i386 May 14th 2018
Wine devs worried — "I think not building packages for Ubuntu 19.10 would be the only practical option. It would probably be good to have a small explanation on the download page though. As I understand it, it would still be possible to run 32-bit executables on the Ubuntu 19.10 kernel, but we'd have to build and ship all our dependencies ourselves. I don't think we want to go there just yet."
At least some games not working without 32-bit — Further to the recent announcement and subsequent discussion, I did a little testing over lunch on eoan 19.10 with all i386 packages removed and the i386 part of the repo disabled.
Ubuntu NOT “dropping support for i386 applications” — What we are dropping is updates to the i386 libraries, which will be frozen at the 18.04 LTS versions. But there is every intention to ensure that there is a clear story for how i386 applications (including games) can be run on versions of Ubuntu later than 19.10.
Petition · Dont remove 32 bit support in the next version of Ubuntu
Test and run multiple instances of snaps
OpenMandriva also dropping 32-bit
New vulnerabilities may let hackers remotely SACK Linux and FreeBSD systems — Netflix researchers discovered 4 flaws that could wreak havoc in data centers.
Linux devices vulnerable to ping of death attack
Red Hat's take on TCP SACK PANIC
Mattermost raises $50M — The capital infusion follows a $20 million series A in February and a $3.5 million seed round in February 2017 and brings the Palo Alto, California-based company’s total raised to roughly $70 million.
Google says it’s done making tablets — The Pixel Slate won’t get a sequel, but the Pixelbook will
Facebook's Libra confirmed — Facebook is planning to launch a cryptocurrency it hopes will “transform the global economy.”

SACK Attack | TechSNAP 406

23 juni 2019 | min

A new vulnerability may be the next 'Ping of Death'; we explore the details of SACK Panic and break down what you need to know.

Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it's a great time to be a ZFS user.

Links:

SACK Panic Security Bulletin — Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the Maximum Segment Size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.
Ubuntu SACK Panic Guidance — You should update your kernel to the versions specified below in the Updates section and reboot. Alternatively, Canonical Livepatch updates will be available to mitigate these two issues without the need to reboot.
Red Hat SACK Panic Advisory — Red Hat customers running affected versions of these Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the available updates immediately and enable the mitigations as they feel appropriate.
RFC 2018 - TCP Selective Acknowledgment Options — TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can only learn about a single lost packet per round trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments may have already been successfully received. A Selective Acknowledgment (SACK) mechanism, combined with a selective repeat retransmission policy, can help to overcome these limitations.
Ping of Death — In a nutshell, it is possible to crash, reboot or otherwise kill a large number of systems by sending a ping of a certain size from a remote machine.
Firefox zero-day was used in attack against Coinbase employees, not its users | ZDNet — A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users.
Mozilla fixes second Firefox zero-day exploited in the wild | ZDNet — Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations.
RAMBleed — RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key.
Digging into the new features in OpenZFS post-Linux migration | Ars Technica — One of the most important new features in 0.8 is Native ZFS Encryption. Until now, ZFS users have relied on OS-provided encrypted filesystem layers either above or below ZFS. While this approach does work, it presented difficulties.
Allan Jude on Twitter — Once the FreeBSDs are upstreamed, everything is changing to 'OpenZFS', including the github organization currently know as 'zfsonlinux'.
ZFS on Linux Releases
Linux Academy is hiring!

Delete Your Community | User Error 68

20 juni 2019 | min

OpenZFS in Ports | BSD Now 303

19 juni 2019 | min

Headlines

ZFSonFreeBSD ports renamed OpenZFS

The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod
The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)
With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf: > zfs_load=”YES”
or > openzfs_load=”YES”
To load traditional or the newer version of ZFS
The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.
We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)
For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.
For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.
Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.
Please test and provide feedback.

How to use blacklistd(8) with NPF as a fail2ban replacement

About blacklistd(8)

blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen

News Roundup

[WIP] raidz expansion, alpha preview 1

Motivation and Context > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks). > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video

Rant: running audio VU-meter increases my CO2 footprint

A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.
I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.
After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.

See the article for the rest...

XSAVE and compat32 kernel work for LLDB

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.
In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.

Some things about where icons for modern X applications come from

If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.
Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).
How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.

Beastie Bits

Feedback/Questions

Johnny - listener feedback
Brian - Questions
Mark - ZFS Question

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Flipping FreeNAS for Fedora | LINUX Unplugged 306

18 juni 2019 | min

We attempt something you never should, we live flip our FreeNAS ZFS install to a Fedora server.

Plus a REALLY weird PC, and our command line picks.

Special Guests: Alan Pope, Brent Gervais, Martin Wimpress, and Neal Gompa.

Links:

Netflix Uncovers TCP Bugs Within The Linux & FreeBSD Kernels - Phoronix — As Netflix's first security bulletin for 2019, they warned of TCP-based remote denial of service vulnerabilities affecting both Linux and FreeBSD. These vulnerabilities are rated "critical" but already being corrected within the latest Git code.
Initial Benchmarks Of Microsoft's WSL2 - Phoronix — Since the release of WSL2 as a Windows 10 Insider Preview update this week, we've been putting the new Windows Subsystem for Linux 2 under some benchmarks compared to WSL1 and bare metal Linux. While WSL2 has improved the I/O performance thanks to the new Hyper-V-based virtualization approach employed by WSL2, the performance has regressed in other areas for running Linux binaries on Windows 10.
The Future of Docker Desktop for Windows - Docker Engineering Blog — ith WSL 2 integration, you will still experience the same seamless integration with Windows, but Linux programs running inside WSL will also be able to do the same. This has a huge impact for developers working on projects targeting a Linux environment, or with a build process tailored for Linux. No need for maintaining both Linux and Windows build scripts anymore! As an example, a developer at Docker can now work on the Linux Docker daemon on Windows, using the same set of tools and scripts as a developer on a Linux machine
Check Out the Snap Store's New Distro Install Pages - OMG! Ubuntu! — In an effort to improve the experience for users wishing to install Snap apps on non-Ubuntu distributions, the Snapcraft team have launched distro-specific store pages for Snap apps.
Call for testing: chromium-browser deb to snap transition - Desktop - Ubuntu Community Hub — The chromium browser has been available as a deb package for all supported Ubuntu releases and as a snap since version 60, and the time has come to start transitioning away from the debs.
Atari VCS goes on $250 pre-order with Linux running on Ryzen R1000 — Atari has opened $250 pre-orders for its Atari VCS retro game console, which will run Linux on the new AMD Ryzen R1000 SoC. Indiegogo backers are set for a December release while new orders will be fulfilled in Mar. 2020.
A EALLY Weird PC… - System76 Thelio Review — There’s more than one company that makes its own operating system and hardware, and today, we’re taking a look at System76’s Thelio, an open source design you can build yourself.
Fedora · zfsonlinux/zfs Wiki — Only DKMS style packages can be provided for Fedora from the official zfsonlinux.org repository. This is because Fedora is a fast moving distribution which does not provide a stable kABI. These packages track the official ZFS on Linux tags and are updated as new versions are released.
Replacing a failed drive in ZFS on FreeBSD – Dan Langille's Other Diary — One of my new hard 3TB drives was acting up. I removed it and sent it off to be replaced. In the meantime, I received some 5TB drives and I added one of them into the existing vdev of the zpool.
Sharing ZFS Datasets Via NFS | Programster's Blog — The great thing about ZFS is that it is very easy to split your "pool" into as many datasets as you like. Each dataset is treated like its own filesystem, with its own rules and settings, which means with regards to sharing over NFS, that you can share more securely as client's will not be able to reach out of the bounds of that dataset/filesystem that you decided to share.
How to easily configure WireGuard - Stavros' Stuff — At its core, all WireGuard does is create an interface from one computer to another. It doesn’t really let you access other computers on either end of the network, or forward all your traffic through the VPN server, or anything like that. It just connects two computers, directly, quickly and securely.
Use Public Key Authentication with SSH — Password authentication is the default method most SSH (Secure Shell) clients use to authenticate with remote servers, but it suffers from potential security vulnerabilities, like brute-force login attempts. An alternative to password authentication is public key authentication, in which you generate and store on your computer a pair of cryptographic keys and then configure your server to recognize and accept your keys
rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc. - phiresky's blog — rga is a line-oriented search tool that allows you to look for a regex in a multitude of file types. rga wraps the awesome ripgrep and enables it to search in pdf, docx, sqlite, jpg, zip, tar.*, movie subtitles (mkv, mp4), etc.
pindexis/marker: The terminal command palette — Marker is a command palette for the terminal. It lets you bookmark commands (or commands templates) and easily retreive them with the help of a real-time fuzzy matcher.

It Crashes Better | Coder Radio 362

17 juni 2019 | min

It's a Coder three-way as Chris checks-in with an eGPU update, and Mike shares his adventures with ReasonML.

Plus the state of linux application packaging, and Chris' ultimate mobile workflow.

Links:

Mantiz Venus MZ-02 External Graphic Enclosure — Connects Full High Full Length 120" Width 2.5 PCIE Desktop Power GPU to computer WITH an Intel Certified Thunderbolt 3 port.
Reason Homepage — Reason lets you write simple, fast and quality type safe code while leveraging both the JavaScript & OCaml ecosystems.
What & Why · Reason — Reason can almost be considered as a solidly statically typed, faster and simpler cousin of JavaScript, minus the historical crufts, plus the features of ES2030 you can use today, and with access to both the JS and the OCaml ecosystem!
BuckleScript · Write safer and simpler code in OCaml & Reason, compile to JavaScript. — BuckleScript is backed by OCaml. Decades of type system research and compiler engineering.
Null, Undefined & Option · Reason — Reason itself doesn't have the notion of null or undefined. This is a great thing, as it wipes out an entire category of bugs. No more undefined is not a function, and cannot access foo of undefined!
Variant! · Reason — Behold, the crown jewel of Reason data structures!
Most data structures in most languages are about "this and that". A variant allows us to express "this or that".
Ken Wheeler - ReasonML is Serious Business
Syntax Cheatsheet · Reason — We've worked very hard to make Reason look like JS while preserving OCaml's great semantics & types. Hope you enjoy it!
OCaml Homepage — OCaml is an industrial strength programming language supporting functional, imperative and object-oriented styles.
ReasonReact · All your ReactJS knowledge, codified. — It's Just Reason. We leverage the existing type system to create a library that types just right. Plus lightweight, first-class support for the ReactJS community idioms you've been using.
ReasonML - React as first intended — ReasonML is the new tech that Facebook is using to develop React applications and promoting as a futuristic version of JavaScript
Create your first snap | Ubuntu tutorials — The snapcraft tool is the preferred way to build snaps. It reads a simple, declarative file and runs the build for us.
Creating a snap - Snap documentation — A snap can be created from apps you’ve already built and zipped, or from your preferred programming language or framework.
Snapcraft Summit, Montreal 2019 - Day 1, 2 & 3
Similar projects · AppImage/AppImageKit Wiki — This page compares various similar systems to AppImage. Of course, each system was built toward its own specific objectives. This page is intended to illustrate the points that were important in the AppImage design, and similarities as well as differences to other systems.

Take it for Granite | The Friday Stream 7

17 juni 2019 | min

Linux Action News 110

16 juni 2019 | min

Zorin OS 15 + LineageOS | Choose Linux 11

12 juni 2019 | min

Contention Reduction | BSD Now 302

12 juni 2019 | min

Headlines

DragonFlyBSD's Kernel Optimizations Are Paying Off

DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.
The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)
With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.

What are the differences between OpenBSD and Linux?

Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"
I've also been there at some point in the past and these are my conclusions.
They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.
This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.
Please bear with me.

A terminal is a terminal is a terminal
Practical differences
Security and system administration
Why philosophical differences matter
So what do I choose?
How to try OpenBSD ***

News Roundup

NetBSD 2019 Google Summer of Code

We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:

Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing
Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration
Siddharth Muralee - Enhancing Syzkaller support for NetBSD
Surya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel
Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD
Saurav Prakash - Porting NetBSD to HummingBoard Pulse
Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD

The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.
Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!

Reducing that contention

The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!

State of affairs

Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).
I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.

Next steps

In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical.

See the Article for the rest of the post

fnaify 1.3 released - more games are "fnaify & run" now

This release finally addresses some of the problems that prevent simple running of several games.
This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no.

Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.
This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam.

vmctl(8): command line syntax changed

The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax.
For example, the old syntax looked like this:

# vmctl create disk.qcow2 -s 50G

The new syntax specifies the command options before the argument:

# vmctl create -s 50G disk.qcow2

Something that Linux distributions should not do when packaging things

Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.
For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).
Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.
Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.

Beastie Bits

Feedback/Questions

John - A segment idea
Johnny - Audio only format please don't
Alex - Thanks and some Linux Snaps vs PBI feedback

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected] ***

Resilience Is Futile | LINUX Unplugged 305

11 juni 2019 | min

Is Resilient Linux truly an indestructible distro? Or is this our toughest distro challenge yet?

Plus why openSUSE is looking at a renaming, and if we’d pay for Firefox Premium.

Special Guest: Brent Gervais.

Links:

VLC 3.0.7 and security - Yet another blog for JBKempf — We just released VLC 3.0.7, a minor update of VLC branch 3.0.x. This release is a bit special, because it has more security issues fixed than any other version of VLC.
Renaming openSUSE — The primary motivation for a name change is, as described by openSUSE board chair Richard Brown, trademarks. Since "openSUSE" contains "SUSE", the company will have to retain a significant amount of control over what the foundation can do with its own name, which "makes such things rather complicated".
openSUSE:Board election rules - openSUSE Wiki — The openSUSE board has currently six seats: Five members get elected by the community and an appointed chairperson.
Introducing Matrix 1.0 and the Matrix.org Foundation — This means that after just over 5 years since the initial work on Matrix began, we are proud to have finally exited beta!
Firefox Premium Coming Later This Year, But Will You Pay for It? — “We will probably launch some new services first and then we will think carefully about which model makes the most sense, while ensuring the best user safety. Firefox and many security features and services, like ETP [Enhanced Tracking Protection], will still be free.”
Mozilla working on Firefox premium subscription offering — Mozilla is looking into options that would result in the launch of a paid-for version of Firefox this autumn. It has been reported that Mozilla CEO, Chris Beard, said that the company is aiming to launch the premium offering by October, with features like a VPN and secure cloud storage built-in - justifying a subscription fee.
LINUX Unplugged - Blog - BSides San Antonio 2019 — I’m writing this post the day after BsidesSATX and it’s almost like the day after Christmas. BsidesSATX is the conference I look forward to all year because I get to see all of my Infosec family.
JediMammoth on Twitter
LinuxAcademy.com on Twitter — The AWS #DevOps Professional certification exam has just been updated with new emphasis on the AWS #Developer Tools suite.
BSD Now 301 — GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.
FOSS Talk Live 2019
The Friday Stream Episode 6: Mic And Coke — The funniest 17 seconds from Texas Linux Fest and we learn some remarkable things about our crew’s past.
UnOfficial Hacker Family Dinner - Bsides San Antonio
Back to the Basics: Linux Permissions 101 — Join Alex Juarez (Rackspace) and Ell Marquez for an introduction to Linux permissions! Whether you are brand new or have been doing Linux for a while or even professionally there will be something for you.
New Mobile Video Player Experience and Fire TV - Linux Academy Blog
Jupiter Broadcasting Sticker Pack
swlistener/M6CIH on Twitter — @ChrisLAS @wespayne one for the JB team to have a look at for the tinfoil hat brigade?
Resilient Linux – A resilient Debian GNU/Linux derivative for indestructible installations — A Debian GNU/Linux (Stretch) derivative with a unique partitioning scheme crafted for maximizing the strength against filesystem corruption: ISO9660 system partition is read-only by design at filesystem-level.
Resilient Linux on GitHub
marco-buratto/resilientlinux-usb-installer — Resilient Linux USB Installer is the deployment system for writing Resilient Linux onto a USB key.
liveng — liveng 1.0 documentation — A live operating system allows booting from a removable medium, such a USB key, without the need of being installed to the hard drive.
MuhammedKpln/chob: An universal app search tool for Linux — Chob is an helper tool for searching application accross platforms (Flathub, Snapcraft and AppImage)
Only 5.5% of all vulnerabilities are ever exploited in the wild — The research -- considered the most extensive of its type to date -- found that only 4,183 security flaws from the total of 76,000 vulnerabilities discovered between 2009 and 2018 had been exploited in the wild.

Update Uncertainty | TechSNAP 405

11 juni 2019 | min

ZEEEE Shell! | Coder Radio 361

10 juni 2019 | min

Apple is shaking up the foundations of UI development with SwiftUI and raising developer eyebrows with a new default shell on MacOS.

Plus feedback with a FOSS dilemma and an update on our 7 languages challenge.

Links:

Feedback: Lance’s FOSS Quandary — I was working on an open source project for school that we (4 members) submitted. Myself and another did 98% of the work the others contributed to the documentation (outside of the codebase). Class is over now for many months and nobody has touched the code but one other member and I wish to keep it going.
Feedback: Developer, have money for a new Mac Pro? Buy these instead. — The recently unveiled Mac Pro is no doubt a gorgeous machine, engineered for a very particular group of people. While it will likely be a great machine for those who live and breathe within Finalcut and work with ProRes files, it’s overkill for a good developer machine.
Apple makes fancy zsh default in forthcoming macOS 'Catalina' — "zsh is highly compatible with the Bourne shell (sh) and mostly compatible with bash, with some differences," Apple explained in a support document posted on Monday in conjunction with the announcement of macOS Catalina, which ships this fall.
Oh My Zsh - a delightful & open source framework for Z-Shell — Oh My Zsh is a delightful, open source, community-driven framework for managing your Zsh configuration. It comes bundled with thousands of helpful functions, helpers, plugins, themes, and a few things that make you shout... “Oh My ZSH!”
Zsh · macOS Setup Guide
zsh-apple-touchbar: Make your touchbar more powerful.
Mike's Blog: Converting to SwiftUI Steps[0] — SwiftUI is the next paradigm in iOS and macOS user interface development. However, if you’re like me you already have Xcode projects that are using the now legacy storyboard technology. Luckily, it possible to update your existing projects to use SwiftUI and the process is very straightforward.
Mike's Blog: Converting to SwiftUI Steps[1] — Continuing my journey into SwiftUI, I am taking a look at re-using existing UIViews and UIViewControllers in SwiftUI. The primary advantage here is not having to rewrite your existing code from scratch, however, it’s probably best to create any new views in SwiftUI directly rather than UIView.
SwiftUI for React Native Developers — Developers with React Native experience may notice some similarities to the philosophies Apple has imbued into their new UI framework. Utilizing structs as immutable value types for view modeling, a declarative syntax, and with their new async event library Combine, a reactive architecture.
SwiftUI - Apple Developer — SwiftUI is an innovative, exceptionally simple way to build user interfaces across all Apple platforms with the power of Swift.

Mic And Coke | The Friday Stream 6

10 juni 2019 | min

Linux Action News 109

9 juni 2019 | min

Mind the Apps | User Error 67

7 juni 2019 | min

GPU Passthrough | BSD Now 301

5 juni 2019 | min

GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.

Headlines

GPU Passthrough Reported Working on Bhyve

Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve. For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards. However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:

https://twitter.com/michael_yuji/status/1127136891365658625

All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start. As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers. The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process. It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.

Confusion with used/free disk space in ZFS

I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.

The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!

News Roundup

OmniOS Community Edition

The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030. OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details. This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details. If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28. The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.

pfSense 2.4.4 Release p3 is available

We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades! pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release. pfSense 2.4.4-RELEASE-p3 updates and installation images are available now! To see a complete list of changes and find more detail, see the Release Notes. We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.

Upgrade Notes

Due to the significant nature of the changes in 2.4.4 and later, warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2. Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade. Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade. The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.

NetBSD 8.1 RC1 is out

The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.

Some highlights of the 8.1 release are:

x86: Mitigation for INTEL-SA-00233 (MDS)
Various local user kernel data leaks fixed.
x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading
Various network driver fixes and improvements.
Fixes for thread local storage (TLS) in position independent executables (PIE).
Fixes to reproducible builds.
Fixed a performance regression in tmpfs.
DRM/KMS improvements.
bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.
Various sh(1) fixes.
mfii(4) SAS driver added.
hcpcd(8) updated to 7.2.2
httpd(8) updated.

FreeNAS as your Server OS

What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS? FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores. FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service. Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.

Beastie Bits

Feedback/Questions

Anthony - Question
Guntbert - Podcast
Guillaume - Another suggestion for Ales from Serbia

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Losing My Religion | LINUX Unplugged 304

4 juni 2019 | min

Adopting a distro like it’s a religion is stupid. That’s one of many hard lessons we take away from Texas Linux Fest this week; we’ll share some of the best.

Plus some old friends visit the show, reading eBooks on Linux, and a new Ryzen handheld.

Special Guests: Alan Pope, Alex Kretzschmar, Brent Gervais, and Martin Wimpress.

Links:

Ctrl Shift Face - YouTube — Now, here’s another reminder that the tools to craft deepfakes are widely available for just about anyone with the right skills to use: the manipulated videos posted on YouTuber Ctrl Shift Face are particularly creepy.
The Smach Z AMD+Linux Gaming Handheld Might Actually Ship This Year - Phoronix — Smach Z is expected to make its formal debut next week at the E3 gaming conference next week. The Smach Z in its current form is using an AMD Ryzen Embedded V1605B SoC with Vega graphics and still appears to be running Linux. The base model has 4GB of RAM and 64GB of storage for $629~699 USD but goes up to around $989~1099 for 16GB RAM / 256GB storage.
PeerTube Release v1.3.0 — Be part of a network of multiple small federated, interoperable video hosting providers. Follow video creators and create videos. No vendor lock-in. All on a platform that is community-owned and ad-free.
Phoronix Turns 15 Years Old Next Week So Here's Something Special — The 5th of June marks 15 years since the start of Phoronix.com and 11 years since the Phoronix Test Suite 1.0 release, so let's celebrate!
Jim Kopps on Twitter — I would be interested in @ChrisLAS and the Jupiter crew's opinion of this. For the record, it has been my opinion since the first "year of the Linux desktop" what seems like fifty years ago:
"The current situation with dozens of distributions, each with different rules, each with different versions of different libraries, some with certain libraries missing, each with different packaging tools and packaging formats ... that basically tells app developers "go away, focus on platforms that care about applications."
The Linux desktop's last, best shot | ZDNet — Sure, Linux will continue to dominate the end-user experience, thanks largely to Android and Chrome OS, but the traditional desktop? I fear only Linux power users, developers, and engineers will continue to be its users.
FOSS Talk Live 2019 — FOSS Talk Live is back for 2019! It is happening on the 8th June at The Harrison near King's Cross in London.
The Friday Stream Episode 5: Junk Yard Sale — Chris and Brent are back from their buddies trip to Portland and share a few stories, but the big surprise comes when Chris’ wife joins to share big life-changing news.
Redesigned Hands-On Labs Interface & 2 New Courses – Linux Academy Weekly Update — After returning from the holiday weekend, we are ready to show off the new Hands-On Labs interface along with a ton of new hands-on labs and two new courses.
UnOfficial Hacker Family Dinner - Bsides San Antonio | Meetup — Join us for a meet and greet with fellow Bsides San Antonio attendees. There will be good food, good friends, and we hope some good conversation.
Back to the Basics: Linux Permissions 101 | Meetup — Join Alex Juarez (Rackspace) and Ell Marquez for an introduction to Linux permissions! Whether you are brand new or have been doing Linux for a while or even professionally there will be something for you.
New Mobile Video Player Experience and Fire TV — A new video player and all the new features that come with it. While they’re not ready for release yet, I’m happy to be able to share more details about all of the exciting work going on!
LINUX Unplugged Article - Texas Linuxfest 2019 — Our journey to Texas Linuxfest (TXLF) began Friday afternoon with a five-hour drive from the Texas coast north to the hill country. The plan was to rendezvous at Hard Eights BBQ from 6:30 to 8:00. Since we had to make a five-hour journey it had us arriving a little later to the meetup. As soon as we pulled into the parking lot that smell of slow-smoked Texas BBQ slapped me right in the face, and I knew I had arrived; Google did not even have to tell me.
Thomas Cameron on Twitter — Cloud dude. Linux advocate. Open Source evangelist. Amazonian.
Foliate — A simple and modern eBook viewer

Swift Kick In The UI | Coder Radio 360

3 juni 2019 | min

We react to Apple's big news at WWDC, check in with Mike's explorations of Elixir, and talk some TypeScript.

Plus Mike's battles with fan noise, and why he's doubling down on the eGPU lifestyle.

Links:

Thelio Fan Noise Hack - Mike's Blog — I’ve had a System 76 Thelio for a little over four months now and a consistent issue that I’ve been experiencing is persistent fan noise even when the machine is idle.
Advent of Code 2015
Elixir — Elixir leverages the Erlang VM, known for running low-latency, distributed and fault-tolerant systems, while also being successfully used in web development and the embedded software domain.
Mike on Twitter — Someone tell @wespayne that I hate him ;) He introduced me to @elixirlang and it's like fast #Ruby. I think I might be hooked. Totally failed to get anything done though lol
Elixir vs. Ruby and Phoenix vs. Rails: Detailed Comparison and Use Cases — If you are facing the Elixir vs. Ruby/Phoenix vs. Rails dilemma, the best way to decide is to cater to the needs of your project. In fact, it is even possible to use both technologies in one project by choosing which of them works best for each individual feature. For example, you can implement chats with Elixir Phoenix, and the rest of the code can be written in Ruby on Rails.
TypeScript - JavaScript that scales. — TypeScript is a typed superset of JavaScript that compiles to plain JavaScript.
Why TypeScript · TypeScript Deep Dive — Types have proven ability to enhance code quality and understandability. However, types have a way of being unnecessarily ceremonious. TypeScript is very particular about keeping the barrier to entry as low as possible.
Basic Types · TypeScript Handbook
TypeScript Playground
microsoft/TypeScript-New-Handbook — Incubation repository for the new TypeScript handbook.
Introduction - fp-ts — fp-ts provides developers with popular patterns and reliable abstractions from typed functional languages in TypeScript.
Purify — Functional programming library for TypeScript
piotrwitek/utility-types — Collection of utility types, complementing TypeScript built-in mapped types and aliases (think "lodash" for static types).
Solving Problems the Clojure Way - Rafal Dittwald — After overcoming a fear of brackets, the next challenge for would-be Clojurians is less superficial: to stop writing Java (or Javascript, or Haskell...) with Clojure's syntax, and actually start "thinking" in Clojure. It is said that Clojure is a "functional" programming language; there's also talk of "data-driven" programming. What are these things? Are they any good? Why are they good? In this talk, Rafal attempts to distill the particular blend of functional and data-driven programming that makes up "idiomatic Clojure", clarify what it looks like in practise (with real-world examples), and reflect on how Clojure's conventions came to be and how they continue to evolve.

Linux Action News 108

2 juni 2019 | min

BTW, I installed Arch | Choose Linux 10

30 maj 2019 | min

The Big Three | BSD Now 300

30 maj 2019 | min

FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more.

Headlines

FreeBSD 11.3-b1 is out

BSDCan 2019 Recap

We’re back from BSDCan and it was a packed week as always.
It started with bhyvecon on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.
On Wednesday, tutorials for BSDCan started as well as the FreeBSD Developer Summit. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending. Devsummit presentation slides can be found on the wiki page and video recordings done by ScaleEngine are available on FreeBSD’s youtube channel.
The conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track.
Photos from the event are available on Ollivier Robert’s talegraph and Diane Bruce’s website for day 1, day 2, conference day 1, and conference day 2.
Thanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.

OpenIndiana 2019.04 is out

We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:

Firefox was updated to 60.6.3 ESR
Virtualbox packages were added (including guest additions)
Mate was updated to 1.22
IPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming
Some OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3
Quick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg

News Roundup

Overview of ZFS Pools in FreeNAS

FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.

SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.

The following vdev layout options are available when creating a pool:
- Stripe data is shared on two drives, similar to RAID0)
- Mirror copies data on two drives, similar to RAID1 but not limited to 2 disks)
- RAIDZ1 single parity similar to RAID5
- RAIDZ2 double parity similar to RAID6
- RAIDZ3 which uses triple parity and has no RAID equivalent

Why OpenSource Firmware is Important for Security

Roots of Trust

The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source. Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor. It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five.

OPNsense

This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.

Here are the full patch notes:
system: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)
system: /etc/hosts generation without interfacehasgateway()
system: show correct timestamp in config restore save message (contributed by nhirokinet)
system: list the commands for the pluginctl utility when n+ argument is given
system: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly
system: use absolute path in widget ACLs (reported by Netgate)
system: RRD-related cleanups for less code exposure
interfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)
interfaces: replace legacygetallinterface_addresses() usage
firewall: fix port validation in aliases with leading / trailing spaces
firewall: fix outbound NAT translation display in overview page
firewall: prevent CARP outgoing packets from using the configured gateway
firewall: use CARP net.inet.carp.demotion to control current demotion in status page
firewall: stop live log poller on error result
dhcpd: change rule priority to 1 to avoid bogon clash
dnsmasq: only admins may edit custom options field
firmware: use insecure mode for base and kernel sets when package fingerprints are disabled
firmware: add optional device support for base and kernel sets
firmware: add Hostcentral mirror (HTTP, Melbourne, Australia)
ipsec: always reset rightallowany to default when writing configuration
lang: say "hola" to Spanish as the newest available GUI language
lang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese
network time: only admins may edit custom options field
openvpn: call openvpnrefreshcrls() indirectly via plugin_configure() for less code exposure
openvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)
openvpn: remove custom options field from wizard
unbound: only admins may edit custom options field
wizard: translate typehint as well
plugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)
plugins: os-nginx 1.12[2]
plugins: os-theme-cicada 1.17 (contributed by Team Rebellion)
plugins: os-theme-tukan 1.17 (contributed by Team Rebellion)
src: timezone database information update[3]
src: install(1) broken with partially matching relative paths[4]
src: microarchitectural Data Sampling (MDS) mitigation[5]
ports: carootnss 3.44
ports: php 7.2.18[6]
ports: sqlite 3.28.0[7]
ports: strongswan custom XAuth generic patch removed

wiregaurd on OpenBSD

Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current. Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here. The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.

Conclusion

WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguardgo service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkgadd libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.

Beastie Bits

Feedback/Questions

Paulo - Laptops
A Listener - Thanks
Bostjan - Extend a pool and lower RAM footprint

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Stateless and Dateless | LINUX Unplugged 303

28 maj 2019 | min

We visit Intel to figure out what Clear Linux is all about and explain a few tricks that make it unique.

Plus Wes and Ell are back from KubeCon in Barcelona and return with some great news for open source.

Special Guests: Alex Kretzschmar and Brent Gervais.

Links:

Assigning GPU Devices - Red Hat Customer Portal — To assign a GPU to a guest virtual machine, you must enable the I/O Memory Management Unit (IOMMU) on the host machine, identify the GPU device by using the lspci command
Ubuntu 19.10 To Bundle NVIDIA's Proprietary Driver — The open-source NVIDIA "Nouveau" drivers will remain the default for NVIDIA graphics on new Ubuntu installations, but this change is positioning the mainline and legacy NVIDIA proprietary drivers onto the Ubuntu ISO so that they can be easily obtained locally post-install.
ZFS On Linux 0.8 Released With Native Encryption and TRIM — ZFS On Linux 0.8 adds native encryption support as well as raw encrypted ZFS send/receive support.
Please don’t theme our apps — An open letter from independent app developers to the wider GNOME community
Leave the themes alone — If you don't like our themes, create your own Linux distribution, where Adwaita theme will be installed, which cannot be changed, or close source code of GNOME.
Texas Linux Fest 2019 — Texas Linux Fest is an annual Linux and open source software event for Texas and the surrounding region. We are excited to bring you two days of general sessions and vendor sessions this year along with two full days of expo floor! Texas Linux Fest is for the business and home Linux user, and for the experienced developer and newcomer alike.
The Friday Stream Episode 5: Junk Yard Sale — Chris and Brent are back from their buddies trip to Portland and share a few stories, but the big surprise comes when Chris’ wife joins to share big life-changing news.
Linux Academy Redesigned Hands-On Labs UI — After returning from the holiday weekend, we are ready to show off the new Hands-On Labs interface along with a ton of new hands-on labs and two new courses.
Mobile Apps Now Open to Community Edition students — Starting with today’s release (3.0), Community Edition students will be able to log in and use the our mobile apps
Ell's KubeCon + CloudNativeCon Europe 2019 ARTICLE — Great pictures and more details from KubeCon + CloudNativeCon Europe 2019.
Barcelona '19: KubeCon + CloudNativeCon - YouTube — KubeCon talks posted on their YouTube Channel.
More Pictures from KubeCon + CloudNativeCon Europe 2019
Brent's Clear Linux OS 2019 ARTICLE — The part of the story that can only be told in pictures.
phmccarty (Patrick McCarty)
Clear Linux OS - Architecture Overview — Describes how Clear Linux OS is designed, highlighting core features, operating models, and foundational tools that are key to understanding how the distro operates.
Clear Linux OS MeetUp: An Introduction and Beyond Source - YouTube — We had the Intel Clear Linux OS MeetUp last night in Oregon and it was a success!

Junk Yard Sale | The Friday Stream 5

28 maj 2019 | min

7 Languages | Coder Radio 359

28 maj 2019 | min

Wes is back and Mike's got a few surprises in store, including a new view on Electron, a hot take on titles, and a programming challenge for the both of them.

Plus when it's okay to lie to the compiler, what GitHub's Sponsors program means for open source, and your feedback.

Links:

Coder Radio 343: Say My Functional Name — Mike breaks down the drama around nullable reference types in C# 8.0, and we debate what it means for the future of the language.
Coder Radio 358 Feedback — In the discussion of Marzipan and Electron I think the answer is WKWebView, which just arrived in macOS 10.10.
Show Content Poll — What Do You Want More of on #CoderRadio @CoderRadioShow this is your chance to give me some feedback for the next few months!
Why Computer Programmers Should Stop Calling Themselves Engineers — The respectability of engineering, a feature built over many decades of closely controlled, education- and apprenticeship-oriented certification, becomes reinterpreted as a fast-and-loose commitment to craftwork as business.
About GitHub Sponsors — Anyone with a GitHub account can sponsor anyone with a sponsored developer profile through a recurring monthly payment. You can choose from multiple sponsorship tiers, with monthly payment amounts and benefits that are set by the sponsored developer.
Lying to the compiler | Jon Skeet's coding blog — I’m lying to the compiler to get it to stop it emitting a warning. The reason is that in the case where the value is null, it won’t matter that it’s null.
Programming Language Tourism | Bushido Codes — I am attracted to this book precisely because it is impractical. You don’t gain mastery of any programming languages. Rather, you get the chance to explore and complete a series of coding katas to expand your mind about the art of programming.
Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages by Bruce A. Tate | The Pragmatic Bookshelf — You should learn a programming language every year, as recommended by The Pragmatic Programmer. But if one per year is good, how about Seven Languages in Seven Weeks? In this book you’ll get a hands-on tour of Clojure, Haskell, Io, Prolog, Scala, Erlang, and Ruby.
Uno Platform — The only platform for building native mobile, desktop and WebAssembly with C#, XAML from single codebase. Open source and professionally supported.
Uno.QuickStart — This repository is a basic sample for an Uno application which cross-targets UWP, iOS, Android and WebAssembly.

Linux Action News 107

26 maj 2019 | min

Firefox has a new speed trick, openSUSE Leap has a time-traveling kernel while the project plans for the future, and we react to Antergros coming to an end.

Plus the ghost of Firefox OS lives on in the well-financed KaiOS, GitHub launches sponsors, and obvious uses for the new Google Glass 2.

Links:

Latest Firefox Release is Faster than Ever — We applied many of the same principles of time management just like you might prioritize your own urgent needs.
Firefox 67 - Dark Mode CSS, WebRender, and more
Smooth video playback with AV1 decoder
It's not all beer and skittles for Firefox 67
openSUSE Leap 15.1 released — The release of Leap 15.1 improves YaST functionality and the installer.
openSUSE considers governance options — The relationship between SUSE and the openSUSE community is currently under discussion as the community considers different options for how it wants to be organized and governed in the future.
Antergos Linux Project Ends — We came to this decision because we believe that continuing to neglect the project would be a huge disservice to the community. Taking this action now, while the project’s code still works, provides an opportunity for interested developers to take what they find useful and start their own projects.
Endeavour, Antergos community's next stage — We are proud to announce our project, code name Endeavour! This is going to be a distro with you, the community in mind.
Manjaro claim >1M downloads so far this year
Google Glass Enterprise Edition 2 drops to $999 — Google is today ready to officially unveil Google Glass Enterprise Edition 2, a followup with a faster processor, improved camera, and new Smith Optics frames.
KaiOS raises $50M, hits 100M handsets — The funding takes the total raised by KaiOS — which has now shipped 100 million devices across 100 countries — to $72 million.
Announcing GitHub Sponsors — We’re thrilled to announce the beta of GitHub Sponsors, a new way to financially support the developers who build the open source software you use every day.

Prefork Pitfalls | TechSNAP 404

25 maj 2019 | min

We turn our eye to web server best practices, from the basics of CDNs to the importance of choosing the right multi-processing module.

Plus the right way to setup PHP, the trouble with benchmarking, and when to choose NGiNX.

Links:

Jim's Blog: Installing WordPress on Apache the modern way — It’s been bugging me for a while that there are no correct guides to be found about using modern Apache 2.4 or above with the Event or Worker MPMs. We’re going to go ahead and correct that lapse today, by walking through a brand-new WordPress install on a new Ubuntu 18.04 VM.
Apache Performance Tuning — Apache 2.x is a general-purpose webserver, designed to provide a balance of flexibility, portability, and performance. Although it has not been designed specifically to set benchmark records, Apache 2.x is capable of high performance in many real-world situations.
Tuning Your Apache Server
worker - Apache HTTP Server Version 2.4 — This Multi-Processing Module (MPM) implements a hybrid multi-process multi-threaded server. By using threads to serve requests, it is able to serve a large number of requests with fewer system resources than a process-based server.
event - Apache HTTP Server Version 2.4 — The event Multi-Processing Module (MPM) is designed to allow more requests to be served simultaneously by passing off some processing work to the listeners threads, freeing up the worker threads to serve new requests.
PHP-FPM — PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.
FastCGI overview — FastCGI is a way to have CGI scripts execute time-consuming code (like opening a database) only once, rather than every time the script is loaded. In technical terms, FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs.
Alexa Top 500 Global Sites
What Is a CDN? How Does a CDN work? — A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content.
W3 Total Cache – WordPress plugin — W3 Total Cache improves the SEO and user experience of your site by increasing website performance, reducing load times via features like content delivery network (CDN) integration and the latest best practices.
krakjoe/apcu: APCu - APC User Cache — APCu is an in-memory key-value store for PHP. Keys are of type string and values can be any PHP variables.
PHP: APCu - Manual
Introduction to Varnish — Varnish HTTP Cache — Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architectur
ab - Apache HTTP server benchmarking tool — ab is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server. It is designed to give you an impression of how your current Apache installation performs. This especially shows you how many requests per second your Apache installation is capable of serving.
HTTP(S) Benchmark Tools
jimsalterjrs/network-testing — This is a small collection of GPLv3-licensed tools to assist an intrepid researcher in testing the performance of networks, wired or wireless.

Cross Desktop | User Error 66

24 maj 2019 | min

The NAS Fleet | BSD Now 299

22 maj 2019 | min

Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.

Headlines

Running AiX on QEMU on Linux on Windows

YES it’s real! I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base. first thing first, you need to get your system with the needed pre-requisites to compile Great with those in place, now clone Artyom Tarasenko’s source repository Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build. Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them. Now you can build Qemu. Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!

See article for rest of walkthrough.

Take Command of Your NAS Fleet with TrueCommand

Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems. Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand. TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems. The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support. TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.

News Roundup

Unleashed 1.3 Released

This is the fourth release of Unleashed - an operating system fork of illumos. For more information about Unleashed itself and the download links, see our website. As one might expect, this release removes a few things. The most notable being the removal of ksh93 along with all its libs. As far as libc interfaces are concerned, a number of non-standard functions were removed. In general, they have been replaced by the standards-compliant versions. (getgrentr, fgetgrentr, getgrgidr, getgrnamr, ttynamer, getloginr, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo) Additionally, wordexp and wordfree have been removed from libc. Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them. The default compilation environment now includes XOPENSOURCE=700 and EXTENSIONS. Additionally, all applications now use 64-bit file offsets, making use of LARGEFILESOURCE, LARGEFILE64SOURCE, and FILEOFFSET_BITS unnecessary. Last but not least, nightly.sh is no more. In short, to build one simply runs 'make'. (See README for detailed build instructions.)

Why Unleashed

Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.

LLDB: extending CPU register inspection support

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages. In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report. In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.

Future plans

My work continues with the two milestones from last month, plus a third that's closely related: Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64. Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64. Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64. The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then. Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.

V7 Unix programs are often not written the way you would expect

Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.

Sidebar: An interesting undocumented ed feature

Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:

In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.

This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.

Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.

Beastie Bits

Feedback/Questions

DJ - Feedback
Fabian - ZFS ARC
Caleb - Question
A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Dark Style Rises | LINUX Unplugged 302

21 maj 2019 | min

Can the Free Desktop avoid being left behind in the going dark revolution? Cassidy from elementary OS joins us to discuss their proposal.

Plus we complete our Red Hat arc by giving Silverblue the full workstation shakedown, Drew shares his complete review, and we discuss the loss of Antergros.

Special Guests: Alex Kretzschmar, Cassidy James Blaede, and Drew DeVore.

Links:

Antergos Linux Project Ends — Today, we are announcing the end of this project. As many of you probably noticed over the past several months, we no longer have enough free time to properly maintain Antergos.
The Need for a FreeDesktop Dark Style Preference — OS-wide dark styles are hard. For ages you’ve been able to forcibly change out the system style on GTK, KDE, Android and Windows with something that’s dark by default instead of light, but this causes issues when apps don’t expect it
WireGuard in NetworkManager — NetworkManager 1.16 got native support for WireGuard VPN tunnels
GDC 2019 Developer Session: First Light - Bringing DOOM to Stadia — The inside story of how DOOM came to life on Stadia.
System Builder - Ryzen 5 2600X 3.6 GHz 6-Core, Radeon RX 580 8 GB ARMOR OC, P300 ATX Mid Tower
User Error
The Friday Stream Episode 4: The Techxorcist — Chris tries to convince Brent to take a buddies trip, we try to get the audience a discount chicken deal, and Ell’s trying to get out of a locked server room.
Texas Linux Fest 2019 — Texas Linux Fest is an annual Linux and open source software event for Texas and the surrounding region.
Mobile Apps Now Open to Community Edition students - Linux Academy Blog — Starting with today’s release (3.0), Community Edition students will be able to log in and use the our mobile apps
Team Silverblue — Before we chose the name Team Silverblue, the team was the Fedora Atomic Workstation SIG, and the Atomic Workstation is what we are producing, now under its new name, Silverblue. At its core, it is a variant of the Fedora Workstation which uses rpm-ostree to provide an immutable OS image with reliable updates and easy rollbacks.
MineTime — MineTime is part of a research project to build a modern, multi-platform, AI-powered calendar application.
New Guake Drop-Down Terminal PPA (Ubuntu And Linux Mint Installation) - Linux Uprising Blog — Guake is a drop-down terminal for the GNOME desktop which includes split terminal functionality, session save/restore, support for transparency, and many other features.

Batteries are Leaking | Coder Radio 358

20 maj 2019 | min

The Techxorcist | The Friday Stream 4

20 maj 2019 | min

Chris tries to convince Brent to take a buddies trip, we try to get the audience a discount chicken deal, and Ell’s trying to get out of a locked server room.

Plus we dig into the WhatsApp spyware, prove that robots will replace podcasters, and call a higher power for some help because no problem is too small, too big, or too weird.

Special Guest: Brent Gervais.

Links:

Flavor of the day by GoFetch — Special thanks to Planet Java in Pioneer Square for allowing us to film in your restaurant!
Gofetch Band Page
Ell on Twitter — So we are locked in the server room. Send help!
WhatsApp vulnerability exploited to infect phones with Israeli spyware | Ars Technica — Exploits worked by calling either a vulnerable iPhone or Android device using the WhatsApp calling function. Targets need not have answered a call, and the calls often disappeared from logs, the publication said. The WhatsApp vulnerability was fixed in updates released on Friday.
We Talked to a Witch Who Casts Viruses Out of Computers With Magic — To excise such entities out of a machine, she uses a variety of techniques—she might place stones on top of the computer, clear the dark energy by setting an intention with her mind, or cleanse the area around the computer by burning sage. The time it takes to clear these viruses depends on the nefariousness of the entity, she says: sometimes it takes just an hour, other times it can take up to four.
Reverend Joey Talley — "When nasty viruses infect the computers of folks up in Northern California, Reverend Joey Talley is on it. “No problem is too small, too big, or too weird” is Talley’s motto. Sure, she can do a love spell, but she’d rather face off with ghosts and demons.."
We Recreated Joe Rogan's Voice Using Artificial Intelligence
Faux Rogan — Our deep learning engineers at Dessa built a model to replicate Joe Rogan's voice to showcase current AI techniques.
Firefox Multi-Account Containers — Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

Linux Action News 106

19 maj 2019 | min

Intel’s Clear Linux + The FOSS Contribution Project | Choose Linux 9

16 maj 2019 | min

BSD On The Road | BSD Now 298

15 maj 2019 | min

36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.

Headlines

36+ year old bug in FFS/UFS discovered and patched

This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk.

When the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created. This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed. It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now. This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running. Submitted by: David G. Lawrence [email protected]

So a patched kernel will no longer leak this data, and running the fsck_ffs -z command will erase any leaked data that may exist on your system

OpenBSD commit with additional detail on mitigations The impact on OpenBSD is very limited: 1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions. 2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly. read(2) was changed to return 0 (EOF). Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes. 3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format. As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible. There will be no errata or syspatch issued. I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ...

NomadBSD, a BSD for the Road

As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD. NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.” This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD. Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.

Version 1.2 Released

NomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images.

Thoughts on NomadBSD

I first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi. Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly.

News Roundup

[OpenBSD automatic

upgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/)

OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances. I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.

Extra notes

There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually. This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection. I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.

FreeBSD Dtrace ext2fs Support

Which logs were replaced by dtrace-probes:
- Misc printf's under DEBUG macro in the blocks allocation path.
- Different on-disk structures validation errors, now the filesystem will silently return EIO's.
- Misc checksum errors, same as above.

The only debug macro, which was leaved is EXT2FSPRINTEXTENTS.

It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.

The user still be able to see mount errors in the dmesg in case of:
- Filesystem features incompatibility.
- Superblock checksum error.

Create a dedicated user for ssh tunneling only

I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client. The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports. This is done very easily on OpenBSD. The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.

That was easy. Some info on upgrading VMM VMs to 6.5

We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs. OpenBSD 6.5 is released! There are two ways you can upgrade your VM. Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).

Upgrade yourself

To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host. When this is done you can use vmctl(8) to manage your VM. The options you have are:

```$ vmctl start id [-c]```

$ vmctl stop id [-fw]```

```-w Wait until the VM has been terminated.```

-c Automatically connect to the VM console.```

See the Article for the rest of the guide

Beastie Bits

Feedback/Questions

Quentin - Organize an Ada/BSD interview
DJ - Update
Patrick - Bhyve frontends
A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Peak Red Hat | LINUX Unplugged 301

14 maj 2019 | min

We scale the Red Hat Summit and come back with a few stories to share.

Plus some big community news, finding threats on the command line, and our reaction to Microsoft shipping the Linux kernel in Windows.

Special Guests: Alex Kretzschmar, Brent Gervais, Cassidy James Blaede, Ell Marquez, and Neal Gompa.

Links:

Scientists Develop Software That Simulates Sound Of Stars — A team of astronomers from University of Wisconsin-Madison successfully developed a software called GYRE that can simulate the complex vibrations that stars produce.
GitHub Package Registry: Your packages, at home with their code — Discover and publish public and private packages in one place. Then seamlessly use and reuse any package as a dependency in a project by downloading it straight from GitHub.
About GitHub Package Registry — GitHub Package Registry is a software package hosting service, similar to npmjs.org, rubygems.org, or hub.docker.com, that allows you to host your packages and code in one place.
Package hello-world-npm — This is a simple npm package that demonstrates the GitHub Package Registry.
Lenovo adds AMD Ryzen Pro-powered laptops to its ThinkPad family — The biggest differences between these laptops and Intel-powered ThinkPads are performance and ports. According to Lenovo, the second-gen AMD Ryzen 7 Pro processors combined with integrated Vega graphics should provide an 18-percent improvement in performance over previous generations
Clear Linux Further Enhances Its Desktop Installer, Launches Help Forums — This week I was pleased to find they have further improved the graphical interface for making their desktop Linux installation on-par with other Linux installers. If you recall, it was only towards the end of last year that they rolled out a new desktop installer and now with their latest design improvements, their latest installer looks much better off than their previous version.
It's Time To Pay Attention To Intel's Clear Linux OS Project — This is neither a review nor an endorsement of Clear Linux at this stage, but it is an open invitation to be curious about it. To explore it. Maybe to even actively contribute to it. Especially as we edge closer to Intel's assault on the dedicated GPU market.
Install Clear Linux* OS from the live desktop — The live desktop allows you to boot Clear Linux* OS in a GNOME desktop without modifying the host system, offering the chance to explore developing on Clear Linux OS. Better yet, launch the Clear Linux OS installer to install on your target system.
Clear Linux* OS - An Introduction and Beyond — We invite you to join us for the first in a series of Intel Clear Linux OS MeetUps. The aim of this initial MeetUp is to introduce you to the Clear Linux* project and help you learn how to better use the Clear Linux OS in your everyday job. Light refreshments and dinner provided.
Ulauncher is migrating to Python 3. Changes to Extension API and more — It's been a while since the last significant update in Ulauncher. One of the reasons was the migration from Python 2 to 3. For a regular user it may not mean a lot, but Python 2 end of life is coming very soon so that had to be done.
2019 Is the Year of Linux on the Desktop — Traditional Linux distributions may not be taking over the world, but Linux is becoming even more pervasive than ever.
The Friday Stream Episode 3: Fluffle of Fools — Back from Boston and we have a few stories to share, the best 39 seconds from Red Hat Summit, and the protest we found our selves in the middle of.
Texas Linux Fest 2019 — Texas Linux Fest is an annual Linux and open source software event for Texas and the surrounding region. We are excited to bring you two days of general sessions and vendor sessions this year along with two full days of expo floor! Texas Linux Fest is for the business and home Linux user, and for the experienced developer and newcomer alike.
Can I get a RHEL yeah? Version 8 arrives at last as IBM given go-ahead to wolf down Red Hat • The Register — Distributed with the Linux 4.18 kernel, the OS supports AMD and Intel 64-bit architectures, as one would expect, as well as 64-bit Arm, IBM Power Systems and IBM Z.
Introducing the Red Hat Universal Base Image — With the release of the Red Hat Universal Base Image (UBI), you can now take advantage of the greater reliability, security, and performance of official Red Hat container images where OCI-compliant Linux containers run - whether you’re a customer or not.
Azure Red Hat OpenShift, a Kubernetes service jointly managed by Microsoft and Red Hat, is now available — The two companies announced Azure Red Hat OpenShift at last year’s Red Hat Summit. OpenShift is available on other public clouds, but Microsoft and Red Hat will jointly manage and support this service on Azure and customers will be able to pay for it through a single unified bill from Azure under a revenue-sharing agreement.
Red Hat Summit 2019 — Are cloud and culture alive and well at Red Hat? If I've taken away anything from this year's Red Hat Summit (my first), it's the two simple words "cloud and culture." Two words echoed several times this past week which to me is obviously by design. Red Hat and IBM want us to know they are ready for the cloud, hybrid-cloud, other person's Linux box, and its culture is still alive and well despite grumbling in the community about the IBM acquisition.
Red Hat Summit 2019 Recap
Command Line Threat Hunting — That viruses and malware are Windows problems is a misnomer that is often propagated through the Linux community and it's an easy one to believe until you start noticing strange behaviour on your system. What do you do next? Join Ell Marquez (Jupiter Broadcasting/Linux Academy) and Tony Lambert (redcanary.com) in discussing a common sense approach to threat detection using only command line tools.

3 OSes 1 GPU | Coder Radio 357

13 maj 2019 | min

Microsoft catches Mike’s eye with WSL 2, Google gets everyone's attention with their new push for Kotlin, and we get a full eGPU report.

Links:

QA Feedback from Lewis — I thought I was going to be in a big rush to get out of the basement and up to a developer position, but after listening to the show I really feel like my contribution to this team is going to be important and necessary from the get go.
Request: Subreddit recommendations — Anyone know any linux and/or programming subs aren't full of mindless circlejerking? Most seem to be afflicted with mindless circlejerking, free software extremism and other indiscretions.
Feedback on Tools for Docs — One idea is a mind map tool (like Freeplane). This can provide a free-form way to show at a high level how all the parts link together, and attach as much details as needed
Kotlin is now Google’s preferred language for Android app development — “Android development will become increasingly Kotlin-first,” Google writes in today’s announcement. “Many new Jetpack APIs and features will be offered first in Kotlin. If you’re starting a new project, you should write it in Kotlin; code written in Kotlin often mean much less code for you–less code to type, test, and maintain.”
Flutter and Chrome OS: Better Together — Flutter initially focused on providing a UI toolkit for building apps for mobile devices, which typically feature touch input and small screens. However, we’ve been building keyboard and mouse support into Flutter since before our 1.0 release last December. And today, we’re pleased to announce that Flutter for Chrome OS is now stronger with scroll wheel support, hover management, and better keyboard event support.
How Windows and Chrome quietly made 2019 the year of Linux on the desktop — The cleverly named Windows Subsystem for Linux 2, announced at Microsoft’s Build event this week, shakes things up by shipping a full Linux kernel (version 4.19) within Windows itself as a lightweight virtual machine. Doing so should supercharge performance for developers who use the tool.
Ubuntu 19.04 – Easy-to-use setup script for your EGPU — I have created a script which automatically detects your (E)GPUs and creates the needed X-Server configuration files. You won't have to mess around with finding the correct BUS-IDs and convert them from dec to hex or anything like that, the script takes care of it.
Linux Action News 105 — RHEL 8 is released, we report from the ground of the big announcement, Microsoft announces WSL 2 with a real Linux kernel at the core, and details on their new open source terminal.

Fluffle of Fools | The Friday Stream 3

13 maj 2019 | min

Linux Action News 105

12 maj 2019 | min

Keeping Systems Simple | TechSNAP 403

10 maj 2019 | min

We’re back from LinuxFest Northwest with an update on all things WireGuard, some VLAN myth busting, and the trade-offs of highly available systems.

Links:

TechSNAP Episode 390: What’s Up with WireGuard
WireGuard Sent Out Again For Review — WireGuard lead developer Jason Donenfeld has sent out the ninth version of the WireGuard secure network tunnel patches for review. If this review goes well and lands in net-next in the weeks ahead, this long-awaited VPN improvement could make it into the mainline Linux 5.2 kernel.
CloudFlare announces Warp VPN — Using Cloudflare’s existing network of servers, Internet users all over the world will be able to connect to Warp VPN through the 1.1.1.1 app. In the same vein, Warp VPN will not significantly increase battery usage by using an efficient protocol called WireGuard.
CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation - Phoronix — CloudFlare took to creating BoringTun as they wanted a user-space solution as not to have to deal with kernel modules or satisfying certain kernel versions. They also wanted cross platform support and for their chosen implementation to be very fast, these choices which led them to writing a Rust-based solution.
cloudflare/boringtun — BoringTun is an implementation of the WireGuard® protocol designed for portability and speed.
VPN protocol WireGuard now has an official macOS app — You can already download the WireGuard app on Android and iOS, but today’s release is all about macOS.
WireGuard Windows Pre-Alpha — I've been mostly absent these last weeks, due to being completely absorbed in Windows programming. I think we're finally getting to the state where we might really benefit from testing of the "pre-alpha".
Wintun – Layer 3 TUN Driver for Windows — Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets. It is akin to Linux's /dev/net/tun and BSD's /dev/tun.
WireGuard for Kubernetes: Introducing Gravitational Wormhole — Wormhole is a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
gravitational/wormhole: Wireguard based overlay network CNI plugin for kubernetes
NetworkManager 1.16 — NetworkManager 1.16 is a big feature release bringing support for WireGuard VPN tunnels
Portal Cloud - Subspace — Subspace is an open source WireGuard® VPN server that supports connecting all of your devices to help secure your internet access.
subspacecloud/subspace — A simple WireGuard VPN server GUI
jimsalterjrs/wg-admin — Simple CLI utilities to manage a WireGuard server
5 big misconceptions about virtual LANs — In the real world, VLANs are anything but simple.
High Availability vs. Fault Tolerance vs. Disaster Recovery — You need IT infrastructure that you can count on even when you run into the rare network outage, equipment failure, or power issue. When your systems run into trouble, that’s where one or more of the three primary availability strategies will come into play: high availability, fault tolerance, and/or disaster recovery.
High Availability: Concepts and Theory — Running server operations using clusters of either physical or virtual computers is all about improving both reliability and performance over and above what you could expect from a single, high-powered server.
RPO and RTO: Understanding the Differences — Recovery time objective refers to how much time an application can be down without causing significant damage to the business. Recovery point objectives refer to your company’s loss tolerance: the amount of data that can be lost before significant harm to the business occurs.
JupiterBroadcasting/Talks — Public repository of crew talks, slides, and additional resources.
Command Line Threat Hunting — That viruses and malware are Windows problems is a misnomer that is often propagated through the Linux community and it's an easy one to believe until you start noticing strange behavior on your system. What do you do next? Join Ell Marquez and Tony Lambert in discussing a common sense approach to threat detection using only command line tools.
Fear the Man in the Middle? This company wants to sell quantum key distribution — For now, Quantum XChange has only said about a dozen companies are part of the pilot. But with the appetite for quantum solutions in the US increasing—the National Quantum Initiative was just signed into law at the end of 2018 to advance the tech—this could be an opportune time to enter the market, so long as the service lives up to its billing.

Dungeons and Distros | User Error 65

10 maj 2019 | min

Dragonfly In The Wild | BSD Now 297

8 maj 2019 | min

FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.

Headlines

FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference

With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS. Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices. FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out. Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.

DragonFlyBSD 5.4.2 is out

Upgrading guide

```The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely.  I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon.  This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.```

If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.```

```> cd /usr/src ```

git pull ```

```And then rebuild: (in /usr/src ) ```

```

```> make buildkernel ```

make installkernel ```

```> make upgrade ```

```

``` ```

(reboot) ```

```> make initrd ```

```

``` ```

pkg update> pkg upgrade```

News Roundup

Containing web services with iocell

I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛 If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U

Getting started

There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.

To start, you'll need the following:
- A FreeBSD install (we'll be using 11.0)
- The iocell package (available as a package, also in the ports tree)
- A ZFS pool for hosting the jails

Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing iocell activate $POOLNAME. Iocell will create a few datasets.

As you can imagine, your jails are contained within the /iocell/jails dataset. The /iocell/releases dataset is used for storing the next command we need to run, iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.

See Article for the rest of the walkthrough.

Oracle Solaris 11.4 SRU8

Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.

This SRU introduces the following enhancements:

Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.

UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4

Re-introduction of the service fc-fabric.

ibus has been updated to 1.5.19

The following components have also been updated to address security issues:
- NTP has been updated to 4.2.8p12
- Firefox has been updated to 60.6.0esr
- BIND has been updated to 9.11.6
- OpenSSL has been updated to 1.0.2r
- MySQL has been updated to 5.6.43 & 5.7.25
- libxml2 has been updated to 2.9.9
- libxslt has been updated to 1.1.33
- Wireshark has been updated to 2.6.7
- ncurses has been updated to 6.1.0.20190105
- Apache Web Server has been updated to 2.4.38
- perl 5.22
- pkg.depot

The Problem with SSH Agent Forwarding

After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].” Here’s what man ssh_config has to say about ForwardAgent: "Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent."" Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine! Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.

[OpenBSD Upgrade Guide: 6.4 to 6.5

Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u. Alternatively, you can use the manual upgrade process. You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.

Before rebooting into the install kernel
Configuration and syntax changes
Files to remove
Special packages
Upgrade without the install kernel

Beastie Bits

Feedback/Questions

Casey - Oklahoma City & James
Michael - Question on SAS backplane (camcontrol?)
Ales - OpenBSD, FreeNAS, OpenZFS questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Fear, Uncertainty, and .NET | Coder Radio 356

8 maj 2019 | min

.NET 5 has been announced and brings a new unified future to the platform. We dig in to Microsoft's plans and speculate about what they might mean for F#.

Plus the value of manual testing, Visual Studio Code Remote, and Conway's Game of Life in Rust.

Links:

Feedback: Testing as a Career
Feedback: Keeping up with Documentation
ruby/rdoc — RDoc produces HTML and command-line documentation for Ruby projects.
Javadoc — Javadoc is a documentation generator created by Sun Microsystems for the Java language for generating API documentation in HTML format from Java source code.
Literate programming — Literate programming is a programming paradigm introduced by Donald Knuth in which a program is given as an explanation of the program logic in a natural language, such as English, interspersed with snippets of macros and traditional source code, from which a compilable source code can be generated.
Literate Programming — Writing a literate program is a lot more work than writing a normal program. After all, who ever documents their programs in the first place!? Moreover, who documents them in a pedagogical style that is easy to understand? And finally, who ever provides commentary on the theory and design issues behind the code as they write the documentation?
A tutorial that implements Conway's Game of Life in Rust and WebAssembly. — This tutorial is for anyone who already has basic Rust and JavaScript experience, and wants to learn how to use Rust, WebAssembly, and JavaScript together.
JupiterBroadcasting/Talks — Public repository of crew talks, slides, and additional resources.
Visual Studio Code Remote Development — Visual Studio Code Remote Development allows you to use a container, remote machine, or the Windows Subsystem for Linux (WSL) as a full-featured development environment.
Remote Development - Visual Studio Marketplace
Introducing .NET 5 — There will be just one .NET going forward, and you will be able to use it to target Windows, Linux, macOS, iOS, Android, tvOS, watchOS and WebAssembly and more.
The Friday Stream — Our crew from all over the world share stories, make new friends, and give each other a hard time live.

Ultimate Fedora Test | LINUX Unplugged 300

7 maj 2019 | min

Is Fedora 30 the peak release of this distribution? We put it through the ultimate test, live on the air, and put everything on the line.

Plus Red Hat’s new logo, Dell’s new Linux workstations, and meet a new member of our crew.

Special Guests: Alex Kretzschmar, Brent Gervais, and Neal Gompa.

Links:

I made a smart watch from scratch — I decided sometime last year that I wanted to make a smart watch from scratch. I am an electrical engineer and product designer by day, so this was a fun side project that had been rolling around in my head for a while now.
smarchWatch_PUBLIC on GitHub
We’ve launched new corporate brand and logo system - Red Hat
New hat, same vision video — We are Red Hat. We believe that transparency, sharing, and collaboration are the best ways to create better technology..and logos. See the transformation of the Red Hat logo.
Canonical Releases "WLCS" Wayland Conformance Suite 1.0 — As part of their Wayland interests and namely as part of developing Mir now with Wayland support, for a while they have been working on the "Wayland Conformance Suite" for testing the Wayland protocols for conformance to the specifications. This is for ensuring Wayland compositors behave correctly against the intentions of the protocols.
Wayland Conformance Test Suite on GitHub — wlcs aspires to be a protocol-conformance-verifying test suite usable by Wayland compositor implementors.
L4T Ubuntu - A fully featured linux on your switch — L4T Ubuntu is a version of Linux based on nvidia's linux for tegra project. It uses a different kernel compared to previous releases which allows it to use features not yet in mainline. Such as audio, docking support and vulkan.
JoyCon Jig on Amazon
JupiterBroadcasting/Talks: Public repository of crew talks, slides, and additional resources. — We'll be updating this with slides and additional audio files as they become available.
Changes/FlickerFreeBoot - Fedora Project Wiki — Make Fedora Workstation boot graphically smooth, without the display briefly turning off and without any abrupt graphical transitions.
Releases/30/ChangeSet - Fedora Project Wiki — These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 30 Release as System Wide Changes.
Security Lab — The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
Fedora LXQt Desktop — Fedora LXQt provides a lightweight, well-integrated LXQt desktop environment. In addition to LXQt itself it provides a small, well selected collection of applications like the QupZilla browser, which combines Chromium's rendering engine with a nice Qt experience.
Fedora Silverblue Documentation — Fedora Silverblue is an immutable desktop operating system. Aiming at good support for container-focused workflows, this variant of Fedora Workstation targets developer communities.
My 30 days with Fedora 29 Silverblue — Silverblue is a Fedora variant that uses OStree and Flatpak instead of dnf. So basically you've got an immutable (read-only) system image built with OStree.
Fedora Python Classroom — The Python Classroom lab is shipped as a live operating system. It's everything you need to try out Fedora's Python Classroom - you don't have to erase anything on your current system to try it out, and it won't put your files at risk.
Buku: Browser-independent bookmark manager — buku is a powerful bookmark manager written in Python3 and SQLite3.
Sysctl Explorer — Sysctl Explorer is an initiative to facilitate the access of Linux' sysctl reference documentation. This is a work in progress and you may consider this increment as a Minimum viable product (MVP) version.
termshark: A terminal UI for tshark, inspired by Wireshark — If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Upgrading Fedora 29 to Fedora 30

The Eggquisition | The Friday Stream 2

7 maj 2019 | min

Linux Action News 104

5 maj 2019 | min

OpenBSD 6.5 | BSD Now 296

3 maj 2019 | min

OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.

Headlines

OpenBSD 6.5 Released

Changelog
Mirrors
6.5 Includes
- OpenSMTPD 6.5.0
- LibreSSL 2.9.1
- OpenSSH 8.0
- Mandoc 1.14.5
- Xenocara
- LLVM/Clang 7.0.1 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Many pre-built packages for each architecture:
- aarch64: 9654
- amd64: 10602
- i386: 10535

Mount your ZFS datasets anywhere you want

ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility. When you create zpool maintank, the default mountpoint is /maintank. You might be happy with that, but you don’t have to be content. You can do magical things.

Some highlights are:
- mount point can be inherited
- not all filesystems in a zpool need to be mounted
- each filesystem (directory) can have different ZFS characteristics
- In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.

News Roundup

Branch for netbsd 9 upcoming, please help and test -current

Folks, once again we are quite late for branching the next NetBSD release (NetBSD 9). Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that. On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later. On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:

please test -current, on all the various machines you have

especially interesting would be test results from uncommon architectures or strange combinations (like the sparc userland on sparc64 kernel issue I ran in yesterday) Please test, report success, and file PRs for failures! We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may. We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go. Our goal is to have an unprecedented short release cycle this time. But.. we always say that upfront.

LibreSSL 2.9.1 Released

We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release from the 2.9 series, which is also included with OpenBSD 6.5

It includes the following changes and improvements from LibreSSL 2.8.x:

API and Documentation Enhancements
- CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility.
- Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
- Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.
- Added more OPENSSLNO* macros for compatibility with OpenSSL.
- Partial port of the OpenSSL ECKEYMETHOD API for use by OpenSSH.
- Implemented further missing OpenSSL 1.1 API.
- Added support for XChaCha20 and XChaCha20-Poly1305.
- Added support for AES key wrap constructions via the EVP interface.

Compatibility Changes
- Added pbkdf2 key derivation support to openssl(1) enc.
- Changed the default digest type of openssl(1) enc to sha256.
- Changed the default digest type of openssl(1) dgst to sha256.
- Changed the default digest type of openssl(1) x509 -fingerprint to sha256.
- Changed the default digest type of openssl(1) crl -fingerprint to sha256.

Testing and Proactive Security
- Added extensive interoperability tests between LibreSSL and OpenSSL 1.0 and 1.1.
- Added additional Wycheproof tests and related bug fixes.

Internal Improvements
- Simplified sigalgs option processing and handshake signing algorithm selection.
- Added the ability to use the RSA PSS algorithm for handshake signatures.
- Added bnrandinterval() and use it in code needing ranges of random bn values.
- Added functionality to derive early, handshake, and application secrets as per RFC8446.
- Added handshake state machine from RFC8446.
- Removed some ASN.1 related code from libcrypto that had not been used since around 2000.
- Unexported internal symbols and internalized more record layer structs.
- Removed SHA224 based handshake signatures from consideration for use in a TLS 1.2 handshake.

Portable Improvements
- Added support for assembly optimizations on 32-bit ARM ELF targets.
- Added support for assembly optimizations on Mingw-w64 targets.
- Improved Android compatibility

Bug Fixes
- Improved protection against timing side channels in ECDSA signature generation.
- Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability.
- Ensure transcript handshake is always freed with TLS 1.2.

The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

FreeBSD Mastery: Jails – Bail Bond Denied Edition

I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.) I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly. I downgraded my expectations and tried again. And again. And again. I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition! This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort. But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character. Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile. As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough. And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.

One reason ed(1) was a good editor back in the days of V7 Unix

It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does. The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented. This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.

Beastie Bits

Feedback/Questions

Brad - iocage
Frank - Video from Level1Tech and a question
Niall - Revision Control

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Family Reunion - The FRIDAY Stream

2 maj 2019 | min

F# Shill | Coder Radio 355

2 maj 2019 | min

Mike and Wes dive into Bosque, Microsoft’s new research language, and debate if it represents the future of programming languages, or if we should all just be using F#.

Plus some Qt license clarity, a handy new Rust feature, and your feedback.

Links:

Feedback: ChromeOS vs Windows
Feedback: Hardware Coverage
Complying with the Requirements of the GPL/LGPL v3 License — With the discontinuation of our continued support for Qt 5.6 also ends our support for the last Qt version licensed under LGPL v2.1. Moving forward, versions 5.7 and beyond will be subject to LGPL v3. This webinar is a great opportunity to gain a better understanding of the differences in rights and obligations between the two licensing versions.
Rust Pinning — The Rust team is happy to announce a new version of Rust, 1.33.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.
Regularized Programming with the BOSQUE Language — We believe that, just as structured programming did years ago, this regularized programming model will lead to massively improved developer productivity, increased software quality, and enable a second golden age of developments in compilers and developer tooling.
All That You Need to Know About Microsoft's New Programming Language: Bosque — The Bosque programming language is a Microsoft Research project that is investigating language designs for writing code that is simple, obvious, and easy to reason about for both humans and machines
Bosque Language Overview
Microsoft debuts Bosque – a new programming language with no loops, inspired by TypeScript
The Mad Botter INC on Twitter — Happy #EarthDay! We are awarding a free @system76 #DarterPro to the middle or high school student that can send our CEO @dominucco an innovative idea to fight climate change using #Linux. To submit please write up a report and diagram & email it to [email protected].
git-secrets — Prevents you from committing secrets and credentials into git repositories.
git-hound — Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions.
truffleHog — Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

Ubuntu MATE on the Pi + The Linux Community | Choose Linux 8

1 maj 2019 | min

Shame as a Service | LINUX Unplugged 299

30 april 2019 | min

Fresh back from LinuxFest Northwest we share a few of our favorite stories and memories.

Plus our concerns with Pursim's new subscription services, Fedora 30 is released, and we spin up the Distro Hoppers.

Special Guests: Alex Kretzschmar, Brent Gervais, and Ell Marquez.

Links:

What's new in Fedora 30 Workstation — Fedora 30 Workstation includes the latest release of the simple, beautiful GNOME 3.32 desktop environment.
Librem One by Purism — A growing bundle of ethical services.
Librem One Campaign Wants to Help De-Google Your Life — Purism, perhaps best known for the Librem 5 Linux phone crowdfunding campaign, has launched a new initiative offering “privacy protecting, no-track, no-ads” apps and services for mobile users.
Apps/Geary - GNOME Wiki
Android Apps by Purism on Google Play
Red Hat Summit 2019 — Red Hat Summit 2019 will feature executives, open source leaders, and some of our most innovative customers discussing trends, telling stories, and anticipating the future.
DockerCon San Francisco 2019 — Whether you’re just getting started with containers or consider yourself an expert, DockerCon enables you to advance your technical expertise with hands-on learning and expert-led sessions.
Linux Academy Sale! — Last chance to get the #1 Cloud Training Platform for 33% OFF!
LinuxFest Northwest 2019 Reflections — As the mountains shrink in the distance the realization that LinuxFest Northwest (LFNW) has actually come to a close begins to sink in. I don’t think anyone would argue that this year’s LFNW was a fantastic success. Being that this was my first LFNW to attend I was pleasantly surprised how this event felt more like a large family reunion than a Linux conference. With friends traveling from as far away as the United Kingdom and Shanghai, this event was truly a unique experience that I'll never forget.
Smart RGB LED strips with Home Assistant — 2019 is the year I am taking back control of my smart devices by bringing as much 'smarts' back inside my LAN as possible.
Linuxfest Northwest 2019 - Day 1 Complete — Full unedited stream from GeekGamer.TV coverage of LinuxFest Northwest 2019
LinuxFest Northwest 2019: Fifty years of Unix, Internet and more — Besides 1969 being a year of landmarks, it was the start of a unique operating system and (later) a free operating system that captured people's minds.
Linux Lite, A Free Operating System — Linux Lite is a 'gateway operating system'. It was created to make the transition from Windows to a linux based operating system, as smooth as possible.

Linux Action News 103

28 april 2019 | min

Abandoned Support | User Error 64

25 april 2019 | min

Snapshot Sanity | TechSNAP 402

25 april 2019 | min

Fun with funlinkat() | BSD Now 295

25 april 2019 | min

Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.

Headlines

Introducing funlinkat

It turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition

One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove. The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:

We will remove an entry in the directory with the filename.

We will decrease a file reference count (in inode).

If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself. Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time. The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.

When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete. We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.

Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it. In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel. This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file. After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor. int funlinkat(int dfd, const char *path, int fd, int flags); The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it. The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat. As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.

Using an OpenBSD Router with AT&T U-Verse

I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over. Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.

News Roundup

How to use NetBSD on a Raspberry Pi

Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered "yes" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi. BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix. Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.

ZFS Encryption is still under development (as of March 2019)

One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.

CFT for FreeBSD + ZoL

Tutorial On Rump Kernel Servers and Clients

The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server "mini-operating systems". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand. This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.

Installing Snort on OpenBSD 6.4

As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network. Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it. Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest & greatest version of Snort available! Thanks devs!!! I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running. I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance. Here’s hoping that my title is good enough “SEO” to get you here!

Beastie Bits

Feedback/Questions

Malcolm - Laptop Experience : Dell XPS 13
DJ - Feedback
Alex - GhostBSD and Wifi : FIXED

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

A Life of Learning | Coder Radio 354

25 april 2019 | min

We celebrate the life of Erlang author Dr Joe Armstrong by remembering his many contributions to computer science and unique approach to lifelong learning.

Plus some code to read, your feedback, and more!

Links:

Elastic Beanstalk Retirement — Feedback from Sekhar
Professional development — Question from Ashetyn
Francesco Cesarini on Twitter — It is with great sadness that I share news of Joe Armstrong's passing away earlier today. Whilst he may no longer be with us, his work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all.
Goodbye Joe — One of the amazing things Joe mentioned in his texts that was out of the ordinary compared to everything I had read before is that developers would make mistakes and we could not prevent them all. Instead, we had to be able to cope with them. He did not just tell you about a language, he launched you on a trail that taught you how to write entire systems
Goodbye Joe in r/programming — About two weeks ago I came across Armstrong's blog for the first time and poked around at a few posts. I noticed he had recently (in the past year was my impression) discovered TiddlyWiki and rewritten his blog in it. His post talking about his eureka moment with TiddlyWiki had the feel of a very young, excited writer, so I was very surprised to later discover his age. I didn't know about him for very long, but the character described in this post really shined through.
Joe the office mate — Joe would get wildly excited by one "big idea" for weeks at a time. This could be a new idea of his own or a "well known" idea of somebody else's: the Rsync algorithm; public key cryptography; diff algorithms; parsing algorithms; etc. He would take an idea off the shelf, think (and talk!) about it very intensely for a while, and then put it back for a while and dive into the next topic that felt ripe.
Why OO Sucks — Note that this is an older post.
Erlang/OTP 21.3 — Welcome to Erlang/OTP, a complete development environment for concurrent programming.
One secret to becoming a great software engineer: read code — Similarly, seeing diverse coding practices lets you expand your palette when it comes time to write your own code. Reading others’ code exposes you to new language functionality and different coding styles.
djblue/tetris — An almost complete tetris in clojurescript
Animated guide to building tetris with Clojurescript
The Mad Botter INC on Twitter — Happy #EarthDay! We are awarding a free @system76 #DarterPro to the middle or high school student that can send our CEO @dominucco an innovative idea to@fight climate change using #Linux. To submit please write up a report and diagram & email it to [email protected]

Blame Joe | LINUX Unplugged 298

23 april 2019 | min

This week we discover the good word of Xfce and admit Joe was right all along. And share our tips for making Xfce more modern.

Plus a new Debian leader, the end of Scientific Linux, and behind the scenes of Librem 5 apps.

Special Guests: Alex Kretzschmar, Brent Gervais, and Ell Marquez.

Links:

Pepsi drops plans to use orbital billboard — “This was a one-time event; we have no further plans to test or commercially use this technology at this time.”
Ataris VCS Delayed, But Does Anyone Even Care? — There’s no prototype (yet). There’s no Ubuntu-based OS (yet). There’s not even a convincing demo of any of the games which will run on it (yet).
Announcing my Contract with Purism for an Adaptive Fractal UI — Overall, I’m very excited that Purism accepted my proposal and that I get to work on this. I have been looking forward to the day where I can run Fractal on my phone, and I’m glad to be bringing that closer.
Scientific Linux Discontinued — Fermilab will continue to support Scientific Linux 6 and 7 through the remainder of their respective lifecycles. Thank you to all who have contributed to Scientific Linux and who continue to do so.
Debian Project Leader Elections 2019
DPL Platform for Sam Hartman — One of my key roles as DPL will be to make sure Debian is a community where we can be heard, and where we have the opportunity to reach understanding regardless of whether our ideas are chosen. I will do this by personally participating in such mediation and recruiting others to these mediation efforts. Eventually, I hope many of us will get better at seeking to understand and avoiding escalating discussions on our own.
Red Hat Summit 2019
DockerCon San Francisco 2019
Linux Academy Sale!
Manjaro XFCE Stable Edition — This edition is supported by the Manjaro team and comes with XFCE, a lightweight and reliable desktop with high configurability.
Xubuntu — Xubuntu is a community developed operating system that combines elegance and ease of use.
I Can't Believe I'm Writing This Linux Article About Loving The Xfce Desktop Environment — At this point, my Xfce desktop looks just as good or better than the Gnome DE I'm accustomed to.
Ulauncher - The Linux Desktop Application Launcher — It has a minimal design, searches fast and uses less system resources, which makes it one of the best desktop launcher for Linux.
OpenAudible — An open-source cross-platform audible audiobook manager. Download, view, convert to MP3, and manage all your audible.com content with our easy-to-use desktop application.
Subspace: A simple WireGuard VPN server GUI
Subspace by Portal Cloud — Subspace is an open source WireGuard® VPN server that supports connecting all of your devices to help secure your internet access.
Dunst: Lightweight and customizable notification daemon
ARandR: Another XRandR GUI — ARandR is designed to provide a simple visual front end for XRandR. Relative monitor positions are shown graphically and can be changed in a drag-and-drop way.
Wavebox — The best of the web, in one focused place.
nativefier — Make any web page a desktop application
pop-os/icon-theme — System76 Pop icon theme for Linux

Linux Action News 102

21 april 2019 | min

Ang Takes a Punch - The Friday Stream

19 april 2019 | min

The SSH Tarpit | BSD Now 294

18 april 2019 | min

A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.

Headlines

A Pi-Powered Plan 9 Cluster

Plan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research O/S — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further. In this post, we take a quick look at the Plan 9 O/S and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.

Endlessh: an SSH Tarpit

I’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resources that might otherwise be spent attacking another host. When done well, a tarpit imposes more cost on the attacker than the defender. The Internet is a very hostile place, and anyone who’s ever stood up an Internet-facing IPv4 host has witnessed the immediate and continuous attacks against their server. I’ve maintained such a server for nearly six years now, and more than 99% of my incoming traffic has ill intent. One part of my defenses has been tarpits in various forms.

News Roundup

rdist(1) – when Ansible is too much

The post written about rdist(1) on johan.huldtgren.com sparked us to write one as well. It's a great, underappreciated, tool. And we wanted to show how we wrapped doas(1) around it. There are two services in our infrastructure for which we were looking to keep the configuration in sync and to reload the process when the configuration had indeed changed. There is a pair of nsd(8)/unbound(8) hosts and a pair of hosts running relayd(8)/httpd(8) with carp(4) between them. We didn't have a requirement to go full configuration management with tools like Ansible or Salt Stack. And there wasn't any interest in building additional logic on top of rsync or repositories. > Enter rdist(1), rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing.

Falling in love with OpenBSD again

I was checking the other day and was appalled at how long it has been since I posted here. I had been working a job during 2018 that had me traveling 3,600 miles by air every week so that is at least a viable excuse. So what is my latest project? I wanted to get something better than the clunky old T500 “freedom laptop” that I could use as my daily driver. Some background here. My first paid gig as a programmer was on SunOS 4 (predecessor to Solaris) and Ultrix (on a DEC MicroVAX). I went from there to a Commodore Amiga (preemptive multitasking in 1985!). I went from there to OS/2 (I know, patron saint of lost causes) and then finally decided to “sell out” and move to Windows as the path of least resistance in the mid 90’s. My wife bought me an iPod literally just as they started working with computers other than Macs and I watched with fascination as Apple made the big gamble and moved away from PowerPC chips to Intel. That was the beginning of the Apple Fan Boi years for me. My gateway drug was a G4 MacMini and I managed somehow to get in on the pre-production, developer build of an Intel-based Mac. I was quite happy on the platform until about three years ago.

How I Created My First FreeBSD Port

I created my first FreeBSD port recently. I found that FreeBSD didn't have a port for GoCD, which is a continuous integration and continuous deployment (CI/CD) system. This was a great opportunity to learn how to build a FreeBSD port while also contributing back to the community

The Tilde Institute of OpenBSD Education

Welcome to tilde.institute! This is an OpenBSD machine whose purpose is to provide a space in the tildeverse for experimentation with and education of the OpenBSD operating system. A variety of editors, shells, and compilers are installed to allow for development in a native OpenBSD environment. OpenBSD's httpd(8) is configured with slowcgi(8) as the fastcgi provider and sqlite3 available. This allows users to experiment with web development using compiled CGI in C, aka the BCHS Stack. In addition to php7.0 and mysql (mariadb) by request, this provides an environment where the development of complex web apps is possible.

Beastie Bits

SoloBSD 19.03-STABLE
WireGuard for NetBSD
[NetBSD - Removing PF](https://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html )
What does the N in nmake stand for?
A Map of the Internet from May 1973
NSA-B-Gone : A sketchy hardware security device for your x220

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

The Xfce Surprise + Entroware Ares Review | Choose Linux 7

17 april 2019 | min

A Week with WSL | Coder Radio 353

17 april 2019 | min

Release the Dingo | LINUX Unplugged 297

16 april 2019 | min

Ubuntu's new release is here, and this one might be one of the most important in a while. But is it worth upgrading from an LTS? We review and debate just that.

Plus some great picks, community news, and more.

Special Guests: Alan Pope, Brent Gervais, Ell Marquez, and Martin Wimpress.

Links:

Announcing the evolution of the Red Hat Certified Engineer program — In the updated program, we are shifting the focus to automation of Linux system administration tasks using Red Hat Ansible Automation and will be changing the requirements for achieving an RHCE credential.
Linux for Chromebooks: Secure Development - Google I/O 2019 — Learn how Chrome OS gives you a secure, safe sandbox for the Web, Android, and Linux through Chrome OS design principles, Sandboxing Chrome, ARC++, and Linux (Crostini). This session will also cover ways to handle challenges to high performance and tradeoffs with safety.
Pop!_OS featured on Linus Tech Tips Linux gaming episode as preferred Linux distribution
The first Devuan Conference - report, videos and interviews — The submarine looking building gave home to an event gathering open source super heroes and all sorts of magical creatures because to quote the first Devuan docsprint in December 2016 from a booklet called ‘Software freedom your way’ : “We must apply thought and attention to software development and we share responsibility, as users and developers of software systems, to foster values of cooperation in the spirit of science, human cultures, and the diversity of life.”
Ubuntu Still Working On ZFS Install Support, But Not In Time For 19.04 — For the past number of months we've seen Canonical developers working on ZFS support in the Ubuntu desktop and ZFS root partition support so that the Ubuntu desktop could (optionally) be installed to a ZFS On Linux partition.
TechSNAP Episode 401: Everyday ZFS — Jim and Wes sit down to bust some ZFS myths and share their tips and tricks for getting the most out of the ultimate filesystem.
Plus when not to use ZFS, the surprising way your disks are lying to you, and more!
Linux Academy Limited Time Sale!
LFNW Telegram Group
Simplot Careers
Our Trip to Dell | LAS 464 — Is Dell’s new hardware a sign of serious commitment to Linux or a large company’s hedge against market changes? We go inside Dell, get exclusive access to the teams & people behind many of Dell’s products that run Linux & find out.
Plus we discuss Ubuntu dropping Unity for Gnome, Lightworks’ latest release & more!
DiscoDingo ReleaseSchedule — Final release on April 18th, 2019.
Ubuntu Releases
Ubuntu 19.04 (Disco Dingo) Beta
PartyLoud — PartyLoud is a tool to create fake internet traffic in order to mitigate tracking on local networks.
Wes' PartyLoud Demo
ncspot — Cross-platform ncurses Spotify client written in Rust, inspired by ncmpc and the likes.
iwd — iwd (iNet wireless daemon) is a wireless daemon for Linux written by Intel that aims to replace WPA supplicant.
Xfce Blog
ElectronPlayer — An Electron Based Web Video Services Player. Supporting Netflix, Youtube, Twitch, Floatplane And More.
ElectronPlayer on GitHub
spotifyd: A spotify daemon — An open source Spotify client running as a UNIX daemon.

Linux Action News 101

14 april 2019 | min

Linux Without Borders | User Error 63

11 april 2019 | min

Everyday ZFS | TechSNAP 401

11 april 2019 | min

Booking Jails | BSD Now 293

11 april 2019 | min

Defining Desktop Linux | LINUX Unplugged 296

9 april 2019 | min

Self Driving Disaster | Coder Radio 352

9 april 2019 | min

Linux Action News 100

7 april 2019 | min

Manjaro 18 + Starting Your Journey | Choose Linux 6

4 april 2019 | min

AsiaBSDcon 2019 Recap | BSD Now 292

4 april 2019 | min

FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.

##Headlines
###AsiaBSDcon 2019 recap

Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.
Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.
On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.
On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.
Benedict attended

Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel
Vadot

powerpc64 architecture support in FreeBSD ports by Piotr Kubaj
Managing System Images with ZFS by Allan Jude
FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz
Security Fantasies and Realities for the BSDs by George V.
Neville-Neil
ZRouter: Remote update of firmware by Hiroki Mori
Improving security of the FreeBSD boot process by Marcin Wojtas

Allan attended

Adventures in DRMland by Emmanuel Vadot
Intel HAXM by Kamil Rytarowski
BSD Solutions in Australian NGOs
Container Migration on FreeBSD by Yuhei Takagawa
Security Fantasies and Realities for the BSDs by George Neville-Neil

ZRouter: Remote update of firmware by Hiroki Mori
Improving security of the FreeBSD boot process by Marcin Wojtas

When not in talks, time was spent in the hallway track and conversations would often continue over dinner.
Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.

###FreeBSD Quarterly Status Report - Fourth Quarter 2018

Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:
i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.
Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.
We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.

###GhostBSD: A Solid Linux-Like Open Source Alternative

The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.
GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.
I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.
In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.
GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.
Keep reading to find out what piqued my excitement about Linux-like GhostBSD.

##News Roundup
###SPARCbook 3000ST - The coolest 90s laptop

A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).
Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.

###OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys

OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.

https://twitter.com/damienmiller/status/1111416334737244160

Better Security
Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it:
“The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”

Interesting new features

ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.

###Project Trident : 18.12-U8 Available

Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.
To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release

##Beastie Bits

##Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Stay and Compile a While | LINUX Unplugged 295

2 april 2019 | min

Riding the Rails | Coder Radio 351

1 april 2019 | min

Mike explores the state of Xamarin.Android development on Linux, and we talk frameworks versus libraries and what Rails got right.

Plus adventures with rust on MacOS, your feedback, and more!

Links:

Feedback from Eric — I like Python as well but since I spend most of my day in .Net Framework/Core I tend to prefer dotnet-script.
dotnet-script — Run C# scripts from the .NET CLI.
Feedback from Tom — I haven't tried Rust yet, but it seems to have a lof of momentum. Maybe there are issues with it, but I'm not going to take advice from someone who "really doesn't care" that Rust produces safer and more secure code.
Mike's fork of stl-thumb — Stl-thumb is a fast lightweight thumbnail generator for STL files.
Why I miss Rails — In the transition to the modern web stack we’ve unsolved some of what tools like Rails made easy 10 years ago. I don’t think it needs to be that way.
Luminus — Luminus is a Clojure micro-framework based on a set of lightweight libraries. It aims to provide a robust, scalable, and easy to use platform. With Luminus you can focus on developing your app the way you want without any distractions.
Phoenix — A productive web framework that does not compromise speed or maintainability. Phoenix leverages the Erlang VM ability to handle millions of connections alongside Elixir's beautiful syntax and productive tooling for building fault-tolerant systems.
Phoenix LiveView: Interactive, Real-Time Apps. No Need to Write JavaScript. — LiveView powered applications are stateful on the server with bidrectional communication via WebSockets, offering a vastly simplified programming model compared to JavaScript alternatives.
How to develop Xamarin.Android applications on Linux with Rider – JetBrains Rider Support — Please note that Xamarin.Android on Linux is officially unsupported. However, it is possible to manually install Xamarin.Android and configure Rider so that it can build and run Xamarin.Android apps on Linux.
Can not create Xamarin Application in Rider (Linux platform) – JetBrains Rider Support
Careers – Linux Academy

Linux Action News 99

31 mars 2019 | min

Emergency Condiments | User Error 62

28 mars 2019 | min

Supply Chain Attacks | TechSNAP 400

28 mars 2019 | min

We break down the ASUS Live Update backdoor and explore why these kinds of supply chain attacks are on the rise.

Plus an update from the linux vendor firmware service, your feedback, and more!

Links:

Joren Verspeurt on Twitter — The explanation you gave for unsupervised wasn't correct, that was just using a net that was trained in a supervised way. Unsupervised learning doesn't involve labels at all. A good example: clustering. You say "there are x clusters" and it learns a way of grouping similar items.
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers — The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
Malicious updates for ASUS laptops — A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels.
Asus Live Update Patch Now Availabile — Asus has emitted a non-spyware-riddled version of Live Update for people to install on its notebooks, which includes extra security features to hopefully detect any future tampering.
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups — ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
The Messy Truth About Infiltrating Computer Supply Chains — The Defense Intelligence Agency believed that China’s capability at exploiting the BIOS “reflects a qualitative leap forward in exploitation that is difficult to detect”
Inside the Unnerving CCleaner Supply Chain Attack — Security researchers at Cisco Talos and Morphisec made a worst nightmare-type disclosure: the ubiquitous computer cleanup tool CCleaner had been compromised by hackers for more than a month. The software updates users were downloading from CCleaner owner Avast—a security company itself—had been tainted with a malware backdoor. The incident exposed millions of computers and reinforced the threat of so-called digital supply chain attacks, situations where trusted, widely distributed software is actually infected by malicious code.
ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World — ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component.
Gaming industry still in the scope of attackers in Asia — Yet again, new supply-chain attacks recently caught the attention of ESET Researchers. This time, two games and one gaming platform application were compromised to include a backdoor.
Microsoft Security Intelligence Report Volume 24 is now available — Software supply chain attacks are another trend that Microsoft has been tracking for several years. One supply chain tactic used by attackers is to incorporate a compromised component into a legitimate application or update package, which then is distributed to the users via the software. These attacks can be very difficult to detect because they take advantage of the trust that users have in their software vendors. The report includes several examples, including the Dofoil campaign, which illustrates how wide-reaching these types of attacks are and what we are doing to prevent and respond to them.
Microsoft Security Intelligence Report Volume 24
Supply Chain Attacks Spiked 78 Percent in 2018
Supply Chain Security: A Talk by Bunnie Huang — I recently gave an invited talk about supply chain security at BlueHat IL 2019. I was a bit surprised at the level of interest it received, so I thought I’d share it here for people who might have missed it.
Attack inception: Compromised supply chain within a supply chain poses new risk — The plot twist: The app vendor’s systems were unaffected. The compromise was traceable instead to a second software vendor that hosted additional packages used by the app during installation. This turned out be an interesting and unique case of an attack involving “the supply chain of the supply chain”.
Supply Chain Attacks and Secure Software Updates — In general, a supply chain attack involves first hacking a trusted third party who provides a product or service to your target, and then using your newly acquired, privileged position to compromise your intended target.
Bad USB, Very Bad USB — The best defense for this type of attack is to only use devices that do not have reprogrammable firmware. Outside of this, it is important to only use USB drives that you trust completely, because after plugging in an untrusted device, you will never know if there is an invisible threat running on your computer.
Reflections on Trusting Trust by Ken Thompson
LVFS Project Announcement - The Linux Foundation — The Linux Foundation welcomes the Linux Vendor Firmware Service (LVFS) as a new project. LVFS is a secure website that allows hardware vendors to upload firmware updates. It’s used by all major Linux distributions to provide metadata for clients, such as fwupdmgr, GNOME Software and KDE Discover.
LVFS: Vendor Status
Two new supply-chain attacks come to light in less than a week — Called “Colourama,” the package looked similar to Colorama, which is one of the top-20 most-downloaded legitimate modules in the Python repository. The doppelgänger Colourama package contained most of the legitimate functions of the legitimate module, with one significant difference: Colourama added code that, when run on Windows servers, installed a Visual Basic script.
Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

Storage Changes Software | BSD Now 291

28 mars 2019 | min

Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.

##Headlines

###Tracking a storage issue led to software change

Early last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.
This migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.
Currently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.

Problem

While migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.

###What Makes Unix Special

Ever since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.

What Makes Unix Special?

It is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.
So what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)

##News Roundup
###What you need may be “pipeline +Unix commands” only

I came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.
The IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.
BTW, if your data set can be disposed by an awk script, it should not be called “big data”.

Taco Bell Programming

###Running a bakery on Emacs and PostgreSQL

Just over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.
One of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.
And that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.

###The Ultimate Guide To Memorable Tech Talks

Imagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.
That was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.
I think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.

The Ultimate Guide
1: Introduction
2: Choosing a Topic
3: Writing a Conference Proposal (or CFP)
4: Tools of the Trade
5: Planning and Time Estimation
6: Writing a Talk
7: Practice and Delivery

###Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)

Abstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).
lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”

##Beastie Bits

##Feedback/Questions

Mike - FreeBSD Update and Erased EFI files
Charles - Volunteer work
Jake - Bhyve Front Ends
We’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Rusty Stadia | Coder Radio 350

26 mars 2019 | min

We debate Rust’s role as a replacement for C, and share our take on the future of gaming with Google's Stadia.

Plus Objective-C's return to grace, Mike’s big bet on .NET, and more!

Links:

The RedMonk Programming Language Rankings: January 2019 — The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends.
Hello .Net Foundation - dominickm.com — I am pleased to share that I have joined the .Net Foundation.
Avalonia: A multi-platform .NET UI framework — Avalonia is a WPF-inspired cross-platform XAML-based UI framework providing a flexible styling system and supporting a wide range of OSs: Windows (.NET Framework, .NET Core), Linux (GTK), MacOS, Android and iOS.
Google’s Stadia looks like an early beta of the future of gaming — “The future of gaming is not a box,” according to Google. “It’s a place.” Just like how humans have built stadiums for sports over hundreds of years, Google believes it’s building a virtual stadium, aptly dubbed Stadia, for the future of games to be played anywhere.
Stadia — Push the envelope of game development with Stadia.
Rust is not a good C replacement | Drew DeVault’s Blog — The kitchen sink approach doesn’t work. Rust will eventually fail to the “jack of all trades, master of none” problem that C++ has. Wise languages designers start small and stay small. Wise systems programmers extend this philosophy to designing entire systems, and Rust is probably not going to be invited. I understand that many people, particularly those already enamored with Rust, won’t agree with much of this article. But now you know why we are still writing C, and hopefully you’ll stop bloody bothering us about it.
Introduction to Python Development at Linux Academy — This course is designed to teach you how to program using Python. We'll cover the building blocks of the language, programming design fundamentals, how to use the standard library, third-party packages, and how to create Python projects. In the end, you should have a grasp of how to program.

Tainted Love | LINUX Unplugged 294

26 mars 2019 | min

Why we sometimes go too far with our Linux advocacy, and a few humble strategies to switch people to Linux.

Plus an update to the most important text editor in the world, the new distro causing controversy, and what is a tainted kernel.

Special Guests: Brent Gervais, Ell Marquez, and Neal Gompa.

Links:

Could ‘alcosynth’ provide all the joy of booze – without the dangers? — David Nutt has long been developing a holy grail of molecules – also referred to as “alcarelle” – that will provide the relaxing and socially lubricating qualities of alcohol, but without the hangovers, health issues and the risk of getting paralytic.
Happy 21st, curl — We estimate that there are now roughly 6 billion curl installations world-wide. In phones, computers, TVs, cars, video games etc. With 4 billion internet users, that’s like 1.5 curl installation per Internet connected human on earth.
nano 4.0 has been released — An overlong line is no longer automatically hard-wrapped, smooth scrolling (one line at a time) has become the default, and more!
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard — The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
Malicious updates for ASUS laptops — The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one.
Shadow Hammer APT MAC Check — Check if your device has been targeted by the ShadowHammer cyberattack
SigintOS: A Linux Distro for Signal Intelligence — SigintOS is an Ubuntu based distribution with a number of built in signal intelligence applications for software defined radios such as RTL-SDRs and other TX capable SDRs like the HackRF, bladeRF and USRP radios.
SigintOS — SigintOS; as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. This distribution is based on Ubuntu Linux. It has its own software called SigintOS. With this software, many SIGINT operations can be performed via a single graphical interface.
Careers – Linux Academy — Ruby on Rails Dev? Maybe some angular love or willing to learn? Linux Academy is hiring RIGHT NOW
LFNW: T-shirt preorder closes on 3/31 — While we will have some for sale on site during LFNW2019, the only way to guarantee that you get a shirt is to register for the event, and buy an Individual Sponsorship.
Virtual Linux Ansible Fundamentals Study Group | Meetup — Join us before Linux Unplugged for an introduction to Ansible.
Call for Proposals - DebConf19 — The DebConf Content team would like to call for proposals in the DebConf 19 conference, which will take place in Curitiba, Brazil, between July 21th and 28th.
Fedora 29 Wifi Warning Bug
Tainted kernels — The Linux Kernel documentation — The primary reason for the ‘Tainted: ‘ string is to tell kernel debuggers if this is a clean kernel or if anything unusual has occurred.
What is a tainted kernel in Linux? — The feature is intended to identify conditions which may make it difficult to properly troubleshoot a kernel problem. For example, the loading of a proprietary module can make kernel debug output unreliable because kernel developers don't have access to the module's source code and therefore cannot determine what the module may have done to the kernel. Likewise, if the kernel had previously experienced an error condition or if a serious hardware error had occurred, the debug information generated by the kernel may not be reliable.
Install Fests - Free Software Foundation — My new idea is that the install fest could allow the devil to hang around, off in a corner of the hall, or the next room. (Actually, a human being wearing sign saying “The Devil,” and maybe a toy mask or horns.) The devil would offer to install nonfree drivers in the user's machine to make more parts of the computer function, explaining to the user that the cost of this is using a nonfree (unjust) program.
NexDock 2 by Nex Computer — Kickstarter — Turn your Smartphone or Pi into a laptop.

Linux Action News 98

24 mars 2019 | min

Timestamped Notes | BSD Now 290

21 mars 2019 | min

FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.

##Headlines
###ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)

While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.
While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.

###Looking at NetBSD from an OpenBSD user perspective

I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.

What I liked (pros)
Things I didn’t like (cons)
Conclusion

So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.
That said, I’ll keep using my Puffy OS.

##News Roundup
###Using Vim to take time-stamped notes

I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.
My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.
This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.

John Baldwin’s notes on bhyve meetings

###OpenBSD 6.5-beta has been tagged

It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.

CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/02/26 15:24:41

Modified files:
etc/root : root.mail
share/mk : sys.mk
sys/conf : newvers.sh
sys/sys : ktrace.h param.h
usr.bin/signify: signify.1
sys/arch/macppc/stand/tbxidata: bsd.tbxi

Log message:
crank to 6.5-beta

###The NetBSD Foundation participating in Google Summer of Code 2019

For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!
If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.
You can find a list of projects in Google Summer of Code project proposals in the wiki.
Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!

###SecBSD: an UNIX-like OS for Hackers

SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.
A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.

##Beastie Bits

##Feedback/Questions

Russell - BSD Now Question :: ZFS & FreeNAS
Alan - Tutorial, install ARM *BSD with no other BSD box pls
Johnny - New section to add to the show

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Linux Gaming Report and Purism Librem 15 | Choose Linux 5

20 mars 2019 | min

Netflix's Gift to Linux | LINUX Unplugged 293

19 mars 2019 | min

Developers at Netflix are creating the next set of super powers for Linux, we'll get the details straight from the source.

Plus some good Debian news, our tips for better battery life, and we play a little Hot SUSE Potato.

Special Guests: Brent Gervais and Ell Marquez.

Links:

Google Stadia announced, a game streaming service for Chrome, Android, and TVs — Powered by Linux, it supports the Vulkan graphics API and Google partnered with Unreal to fully support the Stadia platform.
Chris on Instagram — We found a great spot to work for the day, great signal. Just one problem. We sorta got taken hostage for a few hours.
Debian Project Leader Elections 2019: Candidates — We're now into the campaigning period. We have 5 candidates.
Linux Laptop Battery Optimization Tool TLP 1.2 Released — TLP 1.2 was released today after being in development for more than a year, and it brings support for NVMe, and removable drives like USB and IEEE1394 devices, support for multi queue I/O schedulers (blk-mq), and other significant enhancements.
TLP – Configuration
Suse is once again an independent company — Few companies have changed hands as often as Suse and yet remained strong players in their business. Suse was first acquired by Novell in 2004. Novell was then acquired by Attachmate in 2010, which Micro Focus acquired in 2014. The company then turned Suse into an independent division, only to then announce its sale to EQT in the middle of 2018.
SUSE is now an independent company after being acquired by EQT for $2.5 billion | Packt Hub — As the company has been owned by EQT, so according to few users it’s still not independent. One of the users commented on HackerNews, “Being owned by a Private Equity fund can really not be described as being “independent”.
MATE 1.22 released — Wanda the Fish now works properly on HiDPI displays
Albert Vaca Cintora on Twitter — KDE Connect has been removed from @GooglePlay for violating their new policy on apps that access SMS. The policy has an explicit exception for companion apps (like KDE Connect), but it was removed anyway and there's no way to talk to Google
Use of SMS or Call Log permission groups - Play Console Help
Full-system dynamic tracing on Linux using eBPF and bpftrace — What if you want to trace what happens inside a system call or library call? What if you want to do more than just logging calls, e.g. you want to compile statistics on certain behavior? What if you want to trace multiple processes and correlate data from multiple sources?
In 2019, there's finally a decent answer to that on Linux: bpftrace, based on eBPF technology.
Learn eBPF Tracing: Tutorial and Examples — eBPF can be used for many things: network performance, firewalls, security, tracing, device drivers, and more!
IO Visor Project — The IO Visor Project is an open source project and a community of developers to accelerate the innovation, development, and sharing of virtualized in-kernel IO services for tracing, analytics, monitoring, security and networking functions. It builds on the Linux community to bring open, flexible, distributed, secure and easy to operate technologies that enable any stack to run efficiently on any physical infrastructure.
IO Visor Project on GitHub — Organization that hosts the repos for bpftrace, bcc, and other tools.
BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.
bpftrace: High-level tracing language for Linux eBPF
Install bpftrace for Linux using the Snap Store
BCC Tool Diagram — Diagram that breaks down useful tools in BCC
eBPF Perf Tools 2019: Slides
eBPF Perf Tools 2019: Video

Their Rules, Your Choice | Coder Radio 349

18 mars 2019 | min

We join the fight between Apple and Spotify, and debate the meaning of 'fair play' in the App Store and the browser wars.

Plus some thoughts on the lessons learned from the 737 MAX, an Elastic Beanstalk PSA, and more!

Links:

Microsoft proves the critics right: We’re heading toward a Chrome-only Web | Ars Technica — Last week, Microsoft made a major update to the Web version of its Skype client, bringing HD video calling, call recording, and other features already found on the other clients. And as if to prove a point, the update works only in Edge and Chrome. Firefox, Safari, and even Opera are locked out.
The 737Max and Why Software Engineers Might Want to Pay Attention — What is different here is: the MCAS commands the trim in this condition without notifying the pilots AND to override the input, the pilots must deactivate the system via a switch on a console, NOT by retrimming the aircraft via the yoke, which is a more common way to manage the airplane’s trim.
How a 50-year-old design came back to haunt Boeing with its troubled 737 Max jet - Los Angeles Times — The crisis comes after 50 years of remarkable success in making the 737 a profitable workhorse. Today, the aerospace giant has a massive backlog of more than 4,700 orders for the jetliner and its sales account for nearly a third of Boeing’s profit. But the decision to continue modernizing the jet, rather than starting at some point with a clean design, resulted in engineering challenges that created unforeseen risks.
Trevor Sumner on Twitter: — Some people are calling the 737MAX tragedies a #software failure. Here's my response: It's not a software problem.
Timeline - Time to Play Fair — Apple’s behavior isn’t new. In fact, there are countless times over the years that demonstrate that they don’t play fair.
Addressing Spotify’s Claims - Apple — At its core, the App Store is a safe, secure platform where users can have faith in the apps they discover and the transactions they make. And developers, from first-time engineers to larger companies, can rest assured that everyone is playing by the same set of rules.
Introduction to Python Development at Linux Academy — This course is designed to teach you how to program using Python. We'll cover the building blocks of the language, programming design fundamentals, how to use the standard library, third-party packages, and how to create Python projects. In the end, you should have a grasp of how to program.
AWS Elastic Beanstalk Platform Support Policy — Elastic Beanstalk is retiring these platform versions containing Nginx 1.12 or earlier, which are marked end of life by its supplier. We recommend that you migrate your environments to the latest supported platform version as soon as possible. Here is a complete list of your environments in the us-west-2 Region running on platform versions with a retirement date of March 01, 2020.
TechSNAP Episode 399: Ethics in AI — Machine learning promises to change many industries, but with these changes come dangerous new risks. Join Jim and Wes as they explore some of the surprising ways bias can creep in and the serious consequences of ignoring these problems.
User Error Episode 61: Faith in Microsoft — Maybe it's finally time to cut Microsoft some slack, the pace of technological change, and what a couple of common terms actually mean.

Linux Action News 97

17 mars 2019 | min

We try out the latest GNOME 3.32 release, and why it might be the best release ever. New leader candidates for Debian emerge, we experience foundation inception, and NGINX is getting acquired.

Plus Android Q gets an official Desktop Mode, the story behind the new Open Distro for Elasticsearch, and more!

Links:

GNOME 3.32 Released — Version 3.32 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features.
Leaderless Debian — What would happen if Debian were to hold an election and no candidates stepped forward? The Debian project has just found itself in that situation and is trying to figure out what will happen next.
Debian project leader candidates emerge
Foundations galore — The merger is supported by 30 corporate and end user members including Google, Microsoft, IBM, PayPal, GoDaddy, and Joyent.
New Red Team Project — The Linux Foundation has launched the Red Team Project, which incubates open source cybersecurity tools to support cyber range automation, containerized pentesting utilities, binary risk quantification, and standards validation and advancement.
CommunityBridge — The Linux Foundation today announced CommunityBridge – a new platform created to empower open source developers – and the individuals and organizations who support them – to advance sustainability, security, and diversity in open source technology.
Funded by Github
Understanding LF's New “Community Bridge” - Conservancy Blog
NGINX to be acquired — I’m incredibly excited that today we announced NGINX has signed a definitive agreement to be acquired by F5.
Open Distro for Elasticsearch — We have therefore decided to partner with others such as Expedia Group and Netflix to create a new open source distribution of Elasticsearch named “Open Distro for Elasticsearch.”
Jeff Barr – Open Distro for Elasticsearch
Android finally getting desktop mode — The AOSP Launcher has a new component that, when launched, brings up a new Android desktop interface.
Here are the new Android Q features

Ethics in AI | TechSNAP 399

15 mars 2019 | min

Machine learning promises to change many industries, but with these changes come dangerous new risks. Join Jim and Wes as they explore some of the surprising ways bias can creep in and the serious consequences of ignoring these problems.

Links:

Microsoft’s neo-Nazi sexbot was a great lesson for makers of AI assistants — What started out as an entertaining social experiment—get regular people to talk to a chatbot so it could learn while they, hopefully, had fun—became a nightmare for Tay’s creators. Users soon figured out how to make Tay say awful things. Microsoft took the chatbot offline after less than a day.
Microsoft's Zo chatbot is a politically correct version of her sister Tay—except she’s much, much worse — A few months after Tay’s disastrous debut, Microsoft quietly released Zo, a second English-language chatbot available on Messenger, Kik, Skype, Twitter, and Groupme.
How to make a racist AI without really trying | ConceptNet blog — Some people expect that fighting algorithmic racism is going to come with some sort of trade-off. There’s no trade-off here. You can have data that’s better and less racist. You can have data that’s better because it’s less racist. There was never anything “accurate” about the overt racism that word2vec and GloVe learned.
Microsoft warned investors that biased or flawed AI could hurt the company’s image — Notably, this addition comes after a research paper by MIT Media Lab graduate researcher Joy Buolamwini showed in February 2018 that Microsoft’s facial recognition algorithm’s was less accurate for women and people of color. In response, Microsoft updated its facial recognition models, and wrote a blog post about how it was addressing bias in its software.
AI bias: It is the responsibility of humans to ensure fairness — Amazon recently pulled the plug on its experimental AI-powered recruitment engine when it was discovered that the machine learning technology behind it was exhibiting bias against female applicants.
California Police Using AI Program That Tells Them Where to Patrol, Critics Say It May Just Reinforce Racial Bias — “The potential for bias to creep into the deployment of the tools is enormous. Simply put, the devil is in the data,” Vincent Southerland, executive director of the Center on Race, Inequality, and the Law at NYU School of Law, wrote for the American Civil Liberties Union last year.
A.I. Could Worsen Health Disparities — A recent study found that some facial recognition programs incorrectly classify less than 1 percent of light-skinned men but more than one-third of dark-skinned women. What happens when we rely on such algorithms to diagnose melanoma on light versus dark skin?
Responsible AI Practices — These questions are far from solved, and in fact are active areas of research and development. Google is committed to making progress in the responsible development of AI and to sharing knowledge, research, tools, datasets, and other resources with the larger community. Below we share some of our current work and recommended practices.
The Ars Technica System Guide, Winter 2019: The one about the servers — The Winter 2019 Ars System Guide has returned to its roots: showing readers three real-world system builds we like at this precise moment in time. Instead of general performance desktops, this time around we're going to focus specifically on building some servers.
Introduction to Python Development at Linux Academy — This course is designed to teach you how to program using Python. We'll cover the building blocks of the language, programming design fundamentals, how to use the standard library, third-party packages, and how to create Python projects. In the end, you should have a grasp of how to program.

Faith in Microsoft | User Error 61

15 mars 2019 | min

Microkernel Failure | BSD Now 289

14 mars 2019 | min

Cheese on the SCaLE | LINUX Unplugged 292

12 mars 2019 | min

A new voice joins the show, and we share stories from our recent adventures at SCaLE 17x.

Plus we look at the Debian project's recent struggles, NGINX's sale, and Mozilla's new service.

Special Guests: Alex Kretzschmar, Brent Gervais, and Ell Marquez.

Links:

On 30th anniversary of web, Amazon shares first homepage, Google keeps doodling and more – GeekWire
The Web Foundation on Twitter — In 1989, @timberners_lee submitted a proposal that would change the world.
To celebrate #Web30, for the next 30 hours we're asking everyone to contribute to a crowdsourced timeline of web milestones.
Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private - The Mozilla Blog — Send makes it easy for your recipient, too. No hoops to jump through. They simply receive a link to click and download the file. They don’t need to have a Firefox account to access your file.
F5 Acquires NGINX to Bridge NetOps & DevOps, Providing Customers with Consistent Application Services Across Every Environment - NGINX — F5 is committed to continued innovation and increasing investment in the NGINX open source project to empower NGINX’s widespread user communities.
NGINX to Join F5: Proud to Finish One Chapter and Excited to Start the Next
Announcing the release of sway 1.0 | Drew DeVault’s Blog — 1,315 days after I started the sway project, it’s finally time for sway 1.0! I had no idea at the time how much work I was in for, or how many talented people would join and support the project with me. In order to complete this project, we have had to rewrite the entire Linux desktop nearly from scratch. Nearly 300 people worked together, together writing over 9,000 commits and almost 100,000 lines of code, to bring you this release.
xyproto/wallutils: Utilities for handling monitors, resolutions, wallpapers and timed wallpapers — Detect monitor resolutions and set the desktop wallpaper, for any window manager.
Winding down my Debian involvement — When I joined Debian, I was still studying, i.e. I had luxurious amounts of spare time. Now, over 5 years of full time work later, my day job taught me a lot, both about what works in large software engineering projects and how I personally like my computer systems. I am very conscious of how I spend the little spare time that I have these days.
The following sections each deal with what I consider a major pain point, in no particular order. Some of them influence each other—for example, if changes worked better, we could have a chance at transitioning packages to be more easily machine readable.
A (Partial) Defense of Debian | The Changelog — I was sad to read on his blog that Michael Stapelberg is winding down his Debian involvement. In his post, he outlined some critiques of Debian. In his post, I want to acknowledge that he is on point with some of them, but also push back on others.
Leaderless Debian - LWN.net — One of the traditional rites of the (northern hemisphere) spring is the election for the Debian project leader. Over a six-week period, interested candidates put their names forward, describe their vision for the project as a whole, answer questions from Debian developers, then wait and watch while the votes come in. But what would happen if Debian were to hold an election and no candidates stepped forward? The Debian project has just found itself in that situation and is trying to figure out what will happen next.
Chris Fisher on Twitter — Went hands on with @Azure Spehere dev kits. I would not be surprised if @linuxacademyCOM students start asking for courses in this stuff. They keep the #Linux based OS up to date for 10 years, no subscription.
System76 on Twitter — Jupiter Broadcasting meetup photo! It’s always a guaranteed great time with @ChrisLAS and @jupitersignal!
Why snaps? - Popey’s talk at SCaLE 17x
Jupiter Broadcasting Meetup Page
Trying out software? - Feedback from Ken — I'm intrigued by and curious about much of the software you mention regularly. I'm tempted to try some of it, but I don't have a good sense of how easy it is to delete or clean off installed programs in a way that ensures a stable system without a lot of left over junk.
Can you give some insight about how you usually handle this. I'd rather not have to nuke-and-pave the OS over and over to insure a stable system.
Home automation tips from Paul — I have only recently started to use node-red on my ubuntu box at home. Connected it easily to Alexa and also my Broadlink IR/RF blaster. But I am hardly scraping the surface.

Dependency Dangers | Coder Radio 348

11 mars 2019 | min

Mike has salvaged a success story from the dumpster fire of the Google+ shutdown, and Wes shares his grief about brittle and repetitive unit tests.

Plus Mike reviews the System76 Darter Pro, our tool of the week, and some fantastic audience feedback.

Links:

TechSNAP Episode 388: The One About eBPF — eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.
Feedback from Tom — I don't think people need to worry about Google's/Chrome's dominance the way we did about IE6. It's not just that Chrome is cross-platform and open-source, and (with Chrome Web Apps well behind us) sticks to the standards in a way that IE did not. Practically speaking, we must keep in mind that the browser is locked down on iOS in a way that didn't exist (and wouldn't have been tolerated) back then. This means that no matter how popular Chrome becomes, an importnat portion of mobile users must use Apple's browser (engine). But also, now matter how much effort, money Google puts into their web initiatives and in spite of their browser share dominance, they can lose big as they did with web components and webasm. That's the beauty of a standards based platform.
How to publish iOS apps to the App Store with GitLab and fastlane — See how GitLab, together with fastlane, can build, sign, and publish apps for iOS to the App Store.
Inside Clojure: Journal 2019.10 — Some tests I wrote were posted on Reddit this week, which was unexpected. The one thing in there that I think is worth thinking about is how to write tests that validate returns while also being open to accretion.
QuickCheck: Automatic testing of Haskell programs — QuickCheck is a library for random testing of program properties. The programmer provides a specification of the program, in the form of properties which functions should satisfy, and QuickCheck then tests that the properties hold in a large number of randomly generated cases.
Darter Pro Review - dominickm.com — My continuing adventures in Linux hardware and working on Linux as a software developer has lead me to check out the System 76 Darter Pro.
Google+ API Shutdown — Legacy Google+ APIs have been shut down as of March 7, 2019.
omniauth-google-oauth2: Oauth2 strategy for Google — A ruby gem for Oauth2 with Google.
Mention removal of Google+ API usage in CHANGELOG by stanhu · Pull Request #350 · zquestz/omniauth-google-oauth2
code-server: Run VS Code on a remote server. — Code on your Chromebook, tablet, and laptop with a consistent dev environment, take advantage of large cloud servers to speed up tests, compilations, downloads, and preserve battery life when you're on the go.

Linux Action News 96

10 mars 2019 | min

Fedora Challenge And NextCloudPi | Choose Linux 4

7 mars 2019 | min

Turing Complete Sed | BSD Now 288

7 mars 2019 | min

Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.

##Headlines
###Google: Software is never going to be able to fix Spectre-type bugs

Spectre is here to stay: An analysis of side-channels and speculative execution

Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.
The discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.
Specifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.

###A proof that Unix utility sed is Turing complete

Many people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.
I first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.
Christophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.

Christophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:

##News Roundup
###Bastille helps you quickly create and manage FreeBSD Jails.

Bastille helps you quickly create and manage FreeBSD Jails.
Jails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.
Bastille provides an interface to create, manage and destroy these secure virtualized environments.

Current version: 0.3.20190204-beta.
Shell Script Source here: https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille

###netdata v1.12 released

Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.
Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).
Netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.

Patch release 1.12.1 contains 22 bug fixes and 8 improvements.

###Using grep with /dev/null, an old Unix trick

Every so often I will find myself writing a grep invocation like this:

find .... -exec grep <something> /dev/null '{}' '+'

The peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.

###USING GMAIL WITH MUTT

I recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.
This tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.
If you would just like to skip to the end, my mutt configuration file can be found here.

##Beastie Bits

##Feedback/Questions

Pablo - Topic suggestion: FreeBSD on a Laptop as daily driver
Ron - ZFS on the fly compression and seek
Dave - two zpool, or not two zpool, that is the question

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Dirty Home Directories | LINUX Unplugged 291

5 mars 2019 | min

We reveal all and look at the mess that is our home directories. How we keep them clean, back them up, and organize our most important files.

Plus Gnome lands a long awaited feature, Firefox gets a bit more clever, and the big money being made on Open Source.

Special Guests: Alan Pope, Anthony James, Brent Gervais, Daniel Fore, Dustin Krysak, and Martin Wimpress.

Links:

systemd-nspawn - ArchWiki — systemd-nspawn may be used to run a command or OS in a light-weight namespace container.
Transparently running binaries from any architecture in Linux with QEMU and binfmt_misc
QemuUserEmulation - Debian Wiki — This page describes how to setup and use QEMU user emulation in a "transparent" fashion, allowing execution of non-native target executables just like native ones.
Firefox 67: automatically unload unused tabs to improve memory — If things go as planned, Firefox 67 will introduce a new feature to unload unused tabs to improve memory. The initial bug report dates back eight years but work on the feature began in earnest just a short while ago.
Chrome OS 74 dev channel brings Linux app improvements (Crostini) — There’s now support for audio playback when using Linux apps. Up until now if you wanted to use Linux software to watch videos, listen to music, or do anything else that requires sound, you were out of luck.
GNOME 3.32 Lands Long-Awaited Fractional Scaling Support — Fractional scaling allows for greater control over the UI scaling than the previous integer based scaling of 2, 3, etc, to instead support fractions like 3/2 (1.5) increase in user-interfaces. Fractional scaling is primarily to improve the user experience with modern HiDPI displays.
Systemd-Free Debian "Devuan" Planning Their First Developer Gathering This Spring — Taking place in Amsterdam from 5 to 7 April will be the first Devuan conference for "init freedom lovers".
Canonical adds containerd to Ubuntu Kubernetes — Enabling Kubernetes to drive containerd directly reduces the number of moving parts, reduces latency in pod startup times, and improves CPU and memory usage on every node in the cluster.
Jupiter Broadcasting Meetups
Ubuntu Podcast Listener Get Together — We're having a Get Together in Reading, UK on Saturday March 16th. We'll meet at Breddog in Reading!
Dotfile madness — To those of you reading this: I beg you. Avoid creating files or directories of any kind in your user's $HOME directory in order to store your configuration or data. This practice is bizarre at best and it is time to end it. I am sorry to say that many (if not most) programs are guilty of doing this while there are significantly better places that can be used for storing per-user program data.
More home directory pollution — I looked in my home directory and now see (in addition to 26 dot-files) directories named go, snap and systems.
Steve Reaver on Twitter — There is so much junk in my home dir I had to ls it in column format. I've just about given up using ~ because of all the crap that application put in there!
“Please move the “$HOME/snap” directory to a less o...” : Ubuntu Bug #1575053
Why do hidden files in Unix begin with a dot? — The answer is very simple, because it's extremely easy to test if a file is hidden or not by simply testing the first character of the filename.
Yet Another Dotfiles Manager — When you live in a command line, configurations are a deeply personal thing. They are often crafted over years of experience, battles lost, lessons learned, advice followed, and ingenuity rewarded. When you are away from your own configurations, you are an orphaned refugee in unfamiliar and hostile surroundings. You feel clumsy and out of sorts. You are filled with a sense of longing to be back in a place you know. A place you built. A place where all the short-cuts have been worn bare by your own travels. A place you proudly call… $HOME.
Lyft to spend $300 million on Amazon Web Services by 2022 — Notably, Lyft said that if its usage of Amazon's cloud doesn't hit or exceed that $300 million threshold, it'll have to pay the difference. Lyft committed to spending at least $80 million in each of the three years of the deal, with the stipulation that it will spend $300 million in aggregate overall
MongoDB shares plunge on concerns that Lyft is moving to AWS
Flowblade — Flowblade is a multitrack non-linear video editor released under GPL3 license. From beginners to masters, Flowblade helps make your vision a reality of image and sound.
Shotcut — Shotcut is a free, open source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

Rusty Rubies | Coder Radio 347

5 mars 2019 | min

Linux Action News 95

3 mars 2019 | min

Disturbing Messages | User Error 60

1 mars 2019 | min

Proper Password Procedures | TechSNAP 398

28 februari 2019 | min

We reveal the shady password practices that are all too common at many utility providers, and hash out why salts are essential to proper password storage.

Plus the benefits of passphrases, and what you can do to keep your local providers on the up and up.

Links:

Plain wrong: Millions of utility customers’ passwords stored in plain text | Ars Technica — In September of 2018, an anonymous independent security researcher (who we'll call X) noticed that their power company's website was offering to email—not reset!—lost account passwords to forgetful users. Startled, X fed the online form the utility account number and the last four phone number digits it was asking for. Sure enough, a few minutes later the account password, in plain text, was sitting in X's inbox.
The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords | — LinkedIn stated that after the initial 2012 breach, they added enhanced protection, most likely adding the “salt” functionality to their passwords. However, if you have not changed your password since 2012, you do not have the added protection of a salted password hash. You may be asking yourself–what on earth are hashing and salting and how does this all work?
How Developers got Password Security so Wrong — As time has gone on; developers have continued to store passwords insecurely, and users have continued to set them weakly. Despite this, no viable alternative has been created for password security.
Adding Salt to Hashing: A Better Way to Store Passwords — A salt is added to the hashing process to force their uniqueness, increase their complexity without increasing user requirements, and to mitigate password attacks like rainbow tables.
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study — We were interested in exploring two particular aspects: Firstly, do developers get things wrong because they do not think about security and thus do not include security features (but could if they wanted to)? Or do they write insecure code because the complexity of the task is too great for them? Secondly, a common suggestion to increase security is to offer secure defaults.
OWASP Password Storage Cheatsheet — This article provides guidance on properly storing passwords, secret question responses, and similar credential information.
Secure Salted Password Hashing - How to do it Properly — If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.
Plain Text Offenders — We’re tired of websites abusing our trust and storing our passwords in plain text, exposing us to danger. Here we put websites we believe to be practicing this to shame.
Cybersecurity 101: Why you need to use a password manager | TechCrunch — Think of a password manager like a book of your passwords, locked by a master key that only you know.
On the Security of Password Managers - Schneier on Security — There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory?
LinuxFest Northwest 2019 — It's the 20th anniversary of LinuxFest Northwest! Come join your favorite Jupiter Broadcasting hosts at the Pacific Northwest's premier Linux event.
SCALE 17x — The 17th annual Southern California Linux Expo – will take place on March. 7-10, 2019, at the Pasadena Convention Center. SCaLE 17x expects to host 150 exhibitors this year, along with nearly 130 sessions, tutorials and special events.
Jupiter Broadcasting Meetups — The best place to find out when Jupiter Broadcasting has a meetup near you! Also stay tuned for upcoming virtual study groups.

rc.d in NetBSD | BSD Now 287

28 februari 2019 | min

Proper Pi Pedigree | LINUX Unplugged 290

26 februari 2019 | min

We head to the Raspberry Pi corner and pick the very best open source home automation system.

Plus some great news for Gnome users, OBS studio has a new funding model, and a nostalgic chat with our study buddy Kenny.

Special Guests: Alex Kretzschmar, Brent Gervais, and Martin Wimpress.

Links:

More GNOME Shell / Mutter Performance Optimizations & Latency Reductions Still Coming - Phoronix — Specifically on the Ubuntu front, Daniel has released a fix for Ubuntu 19.04 Disco and Ubuntu 18.04 Bionic to deal with 144/120Hz displays where GNOME's Mutter caps the rendering to 60 FPS. The fix for Ubuntu 18.10 is still being in the process of SRU'ed.
OBS Studio 23.0 Released With VA-API Video Encoding, New Audio Filters - Phoronix — OBS Studio 23.0 also has several new audio filters, batch remuxing support, multi-track audio support to FFmpeg output, and a variety of other alterations.
Open Broadcaster Software | New Ways to Support OBS Development — It’s amazing to think that the first version of OBS was publicly released over six years ago. What started out as a small side project by Hugh “Jim” Bailey to make a free and open source program to stream StarCraft 2 has grown into a powerful force in the streaming and video production industry. Hundreds of thousands of people use OBS Studio every day not just for video gaming, but also for broadcasting everything from conferences to sports competitions to school announcements. It’s a tool that can be used freely by anyone, from large studios with big budget productions to individuals who just want to engage with a community online.
Available Now: New GeForce-Optimized OBS — We have collaborated with OBS, the industry-leading streaming application, to help them release a new version with improved support for NVIDIA GPUs. The new OBS Studio, version 23.0, reduces the FPS impact of streaming by up to 66% compared to the previous version, meaning higher FPS for your games.
Jupiter Broadcasting Meetup
What’s Free at Linux Academy — March 2019 - Linux Academy Blog — Each month, we will kick off our community content with a live study group, allowing members of the Linux Academy community to come together and share their insights in order to learn from one another.
LiNUX Courses - Linux Operating System Fundamentals — Kenny first encountered Solaris UNIX while I was in the military, and found out about Linux through the grapevine. He has worked with Linux in local government, fortune 500 companies, educational institutions, and by providing training. I have received Linux certifications from LPI, CompTIA, and Red Hat. Kenny has been working with Linux for nearly two decades and is passionate about sharing his knowledge with others about the system, and strives to learn more about the operating system every day.
Raspberry Pi Updates Devices to Linux 4.19
Martin Wimpress on Twitter — This week I am working on @ubuntumate 18.04.2 images for the @RaspberryPi models 2 and 3/3+
Nothing exciting to report just yet, build system is configured and the root file system is being generated. Next up is adding the kernel and boot loader.
Python Wheels for the Raspberry Pi — piwheels is a Python package repository providing Arm platform wheels (pre-compiled binary Python packages) specifically for the Raspberry Pi, making pip installations much faster.
StableReleaseUpdates - Ubuntu Wiki — Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure called a "stable release update" or SRU.
OpenHab vs Home Assistant vs Domoticz - Best Open Source Home Automation
Awesome Home Assistant — Awesome Home Assistant is a curated list of awesome Home Assistant resources.
Home Assistant — Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
openHAB — a vendor and technology agnostic open source automation software for your home.
Domoticz — Domoticz is a Home Automation system design to control various devices and receive input from various sensors.
IronicBadger: Home Assistant configuration files — This repository contains all configuration used to configure my home automation setup using Home Assistant. This is a living and breathing repository and as such is subject to change.
Linux Action Show special about Home Assistant — Our founder Paulus Schoutsen is interviewed by Chris Fisher for a Linux Action Show special about home automation, Hass.io and the new Home Assistant podcast.
smacke/subsync: Automagically synchronize subtitles with video.
Podcast Generator — Podcast Generator is an open source Content Management System written in PHP and specifically designed for podcast publishing. It provides the user with the tools to easily manage all of the aspects related to the publication of a podcast, from the upload of episodes to its submission to the iTunes store.

Serverless Squabbles | Coder Radio 346

26 februari 2019 | min

Linux Action News 94

24 februari 2019 | min

Old Machine Revival | BSD Now 286

21 februari 2019 | min

Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more.

##Headlines
###Adding Glue To a Desktop Environment

In this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.
With that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.

The tools we’ll talk about fall into one of those categories:
Debugging
Window manipulation
Simulation of interaction
Extended manipulation
Hotkey daemon
Layout manager

###Flashing the BIOS on the PC Engines APU4c4

I absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls. Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.
What prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.
It also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.
Though I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.
SPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)
VERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.

##News Roundup
###Revive a Cisco IDS into a capable OpenBSD computer!

Even though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.
Apparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.
I’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.

###An OpenBSD desktop using WindowMaker

Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.
This configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.
And here it is, the NeXT OpenBSD Desktop!

###RealTime Data Compression

In a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.
Sometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.
The previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.
Fortunately, static opaque types are possible.
The main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.
For safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.

###For the Love of Pipes

My top used shell command is |. This is called a pipe.
In brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.
According to doc.cat-v.org/unix/pipes/, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964

##Beastie Bits

##BUG Calendar

ChiBUG, Chicago, USA: Tuesday, February 26th 18:00 at the Oak Park Library
CharmBUG, Baltimore, USA: Wednesday, February 27, 2019
19:30 at Columbia Ale House
NYC*BUG, New York, USA: Wednesday, March 6, 2019 18:45 at Suspenders
KnoxBUG, Knoxville, USA: Monday, February 25, 2019 - 18:00 at iX Systems offices
BSDPL, Warsaw, Poland: February 28, 2019 18:15 - 21:00 at Wheel Systems Office

##Feedback/Questions

Sam - Customizing OpenBSD ports source code
Frank - Rivalry Linux & BSD
Zach - mysql/mariadb tuning

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Raspberry Pi and retro gaming | Choose Linux 3

21 februari 2019 | min

The Meat Factor | LINUX Unplugged 289

19 februari 2019 | min

Will there ever be another "big" Linux distro, or has that time passed?

Plus two popular Linux desktop apps see a big upgrade, and Wes explains to Chris why he should care a lot more about cgroups.

Special Guests: Brent Gervais and Neal Gompa.

Links:

MX-18.1 Continuum Official Release — MX-18.1 is a refresh of our MX-18 release, consisting of bugfixes and application updates since our original release of MX-18.
Bootstrap Your Snap | Snapcraft — The goal of Snapcraft Live is to bootstrap developers in building snaps and publishing them in the Snap Store
Shoreline Firewall Maintainer Retires — Shorewall 5.2.3 will be my last Shorewall release. If you find problems with that release, I will attempt to resolve them. But, I am now departing on an extended trip to visit some of the places in the world that I have always dreamed of seeing.
Shoreline Firewall — Shorewall is a gateway/firewall configuration tool for GNU/Linux.
Geary 0.13.0 released! — This is a major new release, featuring a number of new features — including a new user interface for creating and managing email accounts, integration with GNOME Online Accounts (which also provides OAuth login support for some services), improvements in displaying conversations, composing new messages, interacting with other email apps, reporting problems as they occur, and number of important bug fixes, server compatibility fixes, and security fixes.
digiKam 6.0.0 is released — Dear digiKam fans and users, following the long stage of integrating a lots of work from students during the Summer of Code, and after 2 years of intensive developement, we hare proud to announce the new digiKam 6.0.0.
Fedora 31 Planning To Use Cgroups V2 By Default - Phoronix — Enabling Cgroups V2 by default will allow systemd and the various Linux container technologies along with libvirt and friends to make use of the new features and improvements over the original Cgroups like offering a unified hierarchy.
CGroupsV2 Changes - Fedora Project Wiki — The world will eventually move to CGroupsV2 and Fedora should lead the way.
Why Clear Linux OS? - YouTube — A quick introduction to why and what the Clear Linux OS is about.
Pi MusicBox - A Spotify, SoundCloud, Google Music player for the Raspberry Pi, with remote control — Welcome to the Swiss Army Knife of streaming music using the Raspberry Pi.
eta: Generic tool for monitoring ETA and progress of an arbitrary process. — A tool for monitoring progress and ETA of an arbitrary process.
netdata, the open-source real-time performance and health monitoring, released v1.12 ! : linux — Introducing netdata.cloud, the free netdata service for all netdata users High performance plugins with go.d.plugin (data collection orchestrator written in Go) 7 new data collectors and 11 rewrites of existing data collectors for improved performance A new management API for all netdata servers Bind different functions of the netdata APIs to different ports Improved installation and updates

F# Envy | Coder Radio 345

19 februari 2019 | min

The guys discuss the real last bastion of scratch your own itch, and debate the merits of recent C# functional programing fads that are transforming the language.

Plus Mike’s swimming in hardware, and a new movement sweeping the web that starts right here.

Special Guest: Wes Payne.

Links:

Yo, Thelio! - dominickm.com — Overall, I am very happy with Thelio and if you’re interesting in running Linux on a desktop full-time, I recommend you consider it.
Michael Dominick on Twitter — 10 minutes in and the #DarterPro has the best non-Mac trackpad I’ve ever used.
Michael Dominick on Twitter — Yeah, so @ChrisLAS I have fallen hard off the old man sleep wagon and it's deeply sub-optimal.
SCaLE 17x — SCaLE is the largest community-run open-source and free software conference in North America. It is held annually in the greater Los Angeles area.
C# 8: The switch expression — C# 8 delivers a few new C# features to developers, and it is nice to see the language improving, but today I would like to talk about only one and it is "switch expressions".
Don’t Get Clever with Login Forms | Brad Frost — Let’s walk through some login patterns and why I think they’re not ideal. And then let’s look at some better ways of tackling login.
Canonical Announces Latest Ubuntu Core for IoT » Linux Magazine — Canonical has announced Ubuntu Core 18, their open source platform for IoT devices. Ubuntu Core 18 is based on Ubuntu 18.04 LTS code-base and will be supported for 10 years.
Andrew Madsen on Twitter — It’s weird how the iOS community has shifted so much from “iOS development” to “Swift”. 5 years on, and a huge part of what everyone’s doing revolves around the language, not how to create great apps. Why is that?
Michael Dominick on Twitter — Thinking more about this conversation about how the #iOSDev #macOs scene has changed online, it occurs to me that there’s a platform where that past ethos of “just build cool things” lives — desktop #Linux and @elementary in particular #CoderRadio @ChrisLAS
16-Inch MacBook Pro With All-New Design Expected in 2019 — Kuo also says Apple may add a 32GB RAM option to the 13-inch MacBook Pro, without providing further details.

Linux Action News 93

17 februari 2019 | min

Google scrambles to repurpose Android Things, Microsoft wants to protect your Linux install really bad, and the first bank backed Crypto-coin makes a splash.

Plus Void Linux issues a warning, running Linux on ARM laptops built for Windows, and more.

Links:

Google refocuses Android Things as a ‘platform for OEM partners’ — When Google announced Android Things at its 2015 I/O developer conference, it pitched it as a versatile, embedded, and open operating system designed to run on low-power and memory-constrained internet of things (IoT) devices with support for Bluetooth Low Energy, Wi-Fi, and the Weave protocol.
Android Developers Blog: An Update on Android Things
Now you can run Linux on (some) ARM laptops designed for Windows 10 on ARM — The folks behind the AArch64 Laptops open source project on github have come up with a way to install Ubuntu 18.04 LTS on some of the first Windows 10 on ARM laptops.
aarch64-laptops
Microsoft Developer: You Still Should Have Anti-Virus With Windows Subsystem For Linux — In CPU/system benchmarks we routinely see Windows 10 WSL with Ubuntu and other distributions performing very well, but when it comes to disk reads/writes, it's drastically slower than bare metal Linux installs and in some cases much slower still than dedicated virtual machines.
What’s new for WSL in Windows 10 version 1903? – Windows Command Line Tools For Developers — The next Windows update is coming soon and we’re bringing exciting new updates to WSL with it. These include accessing the Linux file system from Windows, and improvements to how you manage and configure your distros in the command line.
Red Hat Satellite to standardize on PostgreSQL backend — We are going to consolidate and use a single database, PostgreSQL. We began investigating a move to a single database upstream in Pulp as early as 2016.
[Pulp-dev] Transition from Mongo to Postgre — MongoDB is great at what it does and a good fit for some use cases, but we learned that it's not the best fit for Pulp.
(Red Hat dropped MongoDB in January)
Digitalocean launches Managed Databases for PostgreSQL — Starting with support for PostgreSQL, Managed Databases enables developers of all skill levels to quickly and easily spin up a high-performance database cluster that is worry-free and scalable
Void Linux loses control of .eu domain — We would like to warn people of a domain name that is no longer under Void Linux control. voidlinux.eu lapsed in its original registration, and was purchased by an unknown 3rd party before Void Linux could regain ownership.
J.P. Morgan Creates Digital Coin for Payments — J.P. Morgan this month became the first U.S. bank to create and successfully test a digital coin representing a fiat currency. The JPM Coin is based on blockchain-based technology enabling the instantaneous transfer of payments between institutional accounts.
JPMorgan is creating a cryptocurrency pegged to the dollar — The new cryptocurrency will be built atop JPMorgan's Quorum blockchain technology, a variant of Ethereum that has been modified to serve the needs of a major financial institution like JPMorgan.
Don’t Call JP Morgan Chase’s New ‘JPM Coin’ a Cryptocurrency

Data Conspiracy RISC | User Error 59

15 februari 2019 | min

Quality Tools | TechSNAP 397

14 februari 2019 | min

BSD Strategy | BSD Now 285

14 februari 2019 | min

Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.

##Headlines
###Strategic thinking, or what I think what we need to do to keep FreeBSD relevant

Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.
Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.
This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.
FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.
I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.

###Reflecting on The Soul of a New Machine

Long ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.
Since reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.
Excited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.

See Article for rest…

##News Roundup

###Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12

Last week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.
Tested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.
All of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.
Originally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.

###Integration of the LLVM sanitizers with the NetBSD base system

Over the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:
ASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.
In all supported variations and modes that are supported by the original LLVM compiler-rt package.

###Distrowatch FreeNAS 11.2 review

The project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”

##Beastie Bits

##Feedback/Questions

Jake - C Programming
Farhan - Explanation of rtadvd
Nelson - Bug Bounties on Open-Source Software

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

We're Gonna Need a Bigger Repo | LINUX Unplugged 288

12 februari 2019 | min

Cupertino's King Makers | Coder Radio 344

12 februari 2019 | min

The gangs all together and cover your poignant feedback right out of the gate. Then we jump into the psychological trap of freelancing, and imagine a world where app stores are a true level playing field.

Plus some really fun picks, a bit of hoopla, and more.

Special Guest: Wes Payne.

Links:

Feedback from Steve: Employment vs self-employment — Just a comment regarding an episode a few weeks back regarding being an employee or working for oneself.
Emma on Twitter — Keep @dominucco away and make sure all beverages are in a separate room!
Why Freelancing Creates Anxiety About Money — But once I started freelancing, things changed. I became hyperconscious of how much money I could (or should) charge for my time, and this made me unhappy and mean when my nonworking hours didn’t measure up to the same value. It was akin to the rage of watching cab fare tick up while you’re sitting in traffic, minutes and dollars dribbling away before your eyes.
What Hooks Mean for Vue — You may read through this and wonder what Hooks have to offer in Vue. It seems like a problem that doesn’t need solving. After all, Vue doesn’t predominantly use classes. Vue offers stateless functional components (should you need them), but why would we need to carry state in a functional component?
Hooks at a Glance – React — Hooks are functions that let you “hook into” React state and lifecycle features from function components. Hooks don’t work inside classes — they let you use React without classes.
Making Sense of React Hooks – Dan Abramov — Unlike patterns like render props or higher-order components, Hooks don’t introduce unnecessary nesting into your component tree. They also don’t suffer from the drawbacks of mixins.
Create Your Own AI Family Portraits — This week NVIDIA's research engineers open-sourced StyleGAN, the project they've been working in for months as a Style-based generator architecture for Generative Adversarial Networks.
A Style-Based Generator Architecture for Generative Adversarial Networks
StyleGAN GitHub — This repository contains the official TensorFlow implementation
Python Developers Survey 2018 Results — In the fall of 2018, the Python Software Foundation together with JetBrains conducted the official annual Python Developers Survey for the second time.
miniC — What is it? A simple stack-based virtual machine that runs C (missing features below) in the browser and the beginning of an interactive tutorial that covers C, how the VM works, and how the language is compiled.
MiniC Online Demo
Make all videos fun to watch — Our project Laff track is a plugin to Chrome, which adds this craziness to all Youtube videos. It simply detects when people are not talking, and adds in a bit of laughter.

Linux Action News 92

10 februari 2019 | min

FOSDEM 2019 | BSD Now 284

7 februari 2019 | min

We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.

##Headlines

###FOSDEM 2019 Recap

Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.
On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the notes on the wiki page.
Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch BSDNow.tv every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day BSD devroom, with a variety of talks that were well attended.
In the main conference track, Allan held a talk explaining how the ZFS ARC works. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about Netflix and FreeBSD.
Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.
Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.

###FreeBSD Foundation Update, January 2019

Dear FreeBSD Community Member,
Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.
Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!
Happy reading!!
Deb

###OPNsense 19.1 released

For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.

These are the most prominent changes since version 18.7:
fully functional firewall alias API
PIE firewall shaper support
firewall NAT rule logging support
2FA via LDAP-TOTP combination
WPAD / PAC and parent proxy support in the web proxy
P12 certificate export with custom passwords
Dpinger is now the default gateway monitor
ET Pro Telemetry edition plugin[2]
extended IPv6 DUID support
Dnsmasq DNSSEC support
OpenVPN client export API
Realtek NIC driver version 1.95
HardenedBSD 11.2, LibreSSL 2.7
Unbound 1.8, Suricata 4.1
Phalcon 3.4, Perl 5.28
firmware health check extended to cover all OS files, HTTPS mirror default
updates are browser cache-safe regarding CSS and JavaScript assets
collapsible side bar menu in the default theme
language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian
API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins
Here are the full changes against version 19.1-RC2:
ipsec: add firewall interface as soon as phase 1 is enabled
ipsec: phase 1 selection GUI JavaScript compatibility fix
monit: widget improvements and bug fix (contributed by Frank Brendel)
ui: fix regression in single host or network subnet select in static pages
plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)
plugins: os-telegraf 1.7.4 fixes packet filter input
plugins: os-theme-rebellion 1.8.2 adds image colour invert
plugins: os-vnstat 1.1[3]
plugins: os-zabbix-agent now uses Zabbix version 4.0
src: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support
src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]
src: import tzdata 2018h, 2018i[5]
src: avoid unsynchronized updates to kn_status[6]
ports: ca_root_nss 3.42
ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)
ports: sudo patch to fix listpw=never[7]

##News Roundup
###The hardware-assisted virtualization challenge

Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).
Today, I am here to report: Mission Accomplished!
It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.

###ZFS and GPL terror: How much freedom is there in Linux?

ZFS – the undesirable guest

ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.
For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.
There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:
The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.

###ClonOS 19.01-RELEASE

ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.
ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.

Features:
easy management via web UI interface
live Bhyve migration [coming soon, roadmap]
Bhyve management (create, delete VM)
Xen management (create, delete VM) [coming soon, roadmap]
connection to the “physical” guest console via VNC from the browser or directly
Real time system monitoring
access to load statistics through SQLite3 and beanstalkd
support for ZFS features (cloning, snapshots)
import/export of virtual environments
public repository with virtual machine templates
puppet-based helpers for configuring popular services
ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:
FreeBSD OS as hoster platform
bhyve(8) as hypervisor engine
Xen as hypervisor engine
vale(4) as Virtual Ethernet Switch
jail(8) as container engine
CBSD Project as management tools
Puppet as configuration management

##Beastie Bits

##Feedback/Questions

Casey - Cool new Digital Ocean Feature
Morgan - Jail w/differnet version of FreeBSD
Brad - FreeBSD Installer

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

Anyone Can Benchmark + openSUSE Challenge | Choose Linux 2

7 februari 2019 | min

Clean up After Yourself | LINUX Unplugged 287

5 februari 2019 | min

Why FOSDEM might be the quintessential community event, and our thoughts after playing with Pi-Hole.

Plus community news for everyone’s favorite video player, GNOME Shell gets a major speed boost, and why cryptocurrency might truly be dead.

Special Guests: Alan Pope, Brent Gervais, Daniel Fore, and Martin Wimpress.

Links:

Rename some references to GTK+ to GTK
VLC 4.0 Plans — VLC lead developer Jean-Baptiste Kempf talked about their plans for version 4.0, codenamed Otto Chriek. For VLC 4.0 they want a new playlist, a redone user-interface, a new video output architecture that supports VR/3D content, and removal of old platforms.
GNOME Shell Gets a Major Speed Boost — Anyone who’s tried the latest GNOME builds on the bleeding edge can attest: these are real, perceptible improvements that give GNOME Shell the peppiness and responsiveness that users have been longing for.
Crypto Exchanges Experience Lowest Trading Since 2017 — The Bitcoin market reduced by more than 40 percent in comparison to December 2018.
JupiterDev Telegram Group
JupiterBroadcasting/fm — Simple script to receive an RTMP stream and re-stream to Icecast.
Linux Academy Study Group Survey — What course should our next study group cover?
Fifty years of Unix and Linux advances - Jon 'maddog' Hall at FOSDEM — 2019 marks the fiftieth anniversary of Unix, but it is also the fiftieth anniversary of the ArpaNet/Internet, and people walking on the moon.
Good Will Snapping - Alan Pope at FOSDEM — Thousands of users, millions of downloads, dozens of distributions. Numbers going up and down and sideways. A look behind the scenes of Snapcraft, the highly popular universal app store for Linux.
LINUX Unplugged - Blog - Playing with Pi-hole
Pi-hole Patreon
Pi-hole v4.2 Available — In preparation of the new API we are working on, FTLDNS will now store its data in a shared-memory space, so that the API can come in and read from that memory to fulfill requests.
Prerequisites - Pi-hole documentation
PiHole-Panel — PiHole-Panel is a control panel and real-time statistics for the Pi-hole Adblocker.
Easily Overclock NVIDIA GPUs on Linux with This New App — It’s called “Green with Envy” and is a tool designed to let you manage fans of, view info on, or overclock a NVIDIA GPU on Linux.
Open Source Event Manager — An event management tool tailored to Free and Open Source Software conferences.

Say My Functional Name | Coder Radio 343

5 februari 2019 | min

Mike breaks down the drama around nullable reference types in C# 8.0, and we debate what it means for the future of the language.

Plus a fresh reminder of Apple's absolute App Store authority, and the state of Mike's relationship with the rust compiler.

Special Guest: Wes Payne.

Links:

RustPython: A Python Interpreter written in Rust
Apple bans Facebook’s Research app that paid users for data
Apple restores Google’s own internal iPhone apps after privacy brouhaha — For less than a day, Apple had briefly revoked Google’s iOS certificate that enabled those private apps to conduct various internal business such as company shuttles, food menus, as well as pre-release beta testing, and more.
Apple Developer Enterprise Program — Get tools and resources to transform your mobile workforce with enterprise-class apps, distributed seamlessly and securely within your organization.
Apple Is Fighting a Good Fight Against Facebook and Google — The implication that Apple is exhibiting some monopolistic urge to gutshot Facebook and Google makes close to zero sense. The events of this week will not affect their bottom lines, and Apple could have taken much more drastic action to lock down iOS — as it has before.
Nilay Patel on Twitter — Hi, I'm the nagging voice in the back of your head pointing out that it's pretty intense that Apple can simply decide to prevent people from running code on their phones.
Essential .NET - C# 8.0 and Nullable Reference Types — Nonetheless, as it currently stands, and even after 7 versions of C#, we still don’t have a perfect language.
Make your next C# project non-nullable — The naming is a bit confusing, because reference types have always been nullable, and that’s the whole problem. The novelty is that they can now also be non-nullable.
Switch to errors instead of warnings for nullable reference types in C# 8 — Nullable reference types coming in C# 8 are a great addition to anyone’s toolbox. But if you tried it you probably know “just” warnings are produced. And sometimes you’d like to have errors instead of warnings, so the build fails hard or something like that. It’s surprisingly easy to do so.

Linux Action News 91

3 februari 2019 | min

Stranger Distro Danger | User Error 58

1 februari 2019 | min

Floating Point Problems | TechSNAP 396

31 januari 2019 | min

Jim and Wes are joined by OpenZFS developer Richard Yao to explain why the recent drama over Linux kernel 5.0 is no big deal, and how his fix for the underlying issue might actually make things faster.

Plus the nitty-gritty details of vectorized optimizations and kernel preemption, and our thoughts on the future of the relationship between ZFS and Linux.

Special Guest: Richard Yao.

Links:

LinuxFest Northwest 2019 — Join a bunch of JB hosts and community celebrating the 20th anniversary!
Choose Linux — The show that captures the excitement of discovering Linux.
Linux 5.0: kernelfpu{begin,end} no longer exported — The latest kernels removed the old compatibility headers.
ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support — So while these symbols are important for SIMD vectorized checksums for ZFS in the name of performance, with Linux 5.0+ they are not going to be exported for use by non-GPL modules. ZFS On Linux developer Tony Hutter has now staged a change that would disable vector instructions on Linux 5.0+ kernels.
Re: x86/fpu: Don't export __kernelfpu{begin,end}() — My tolerance for ZFS is pretty non-existant. Sun explicitly did not want their code to work on Linux, so why would we do extra work to get their code to work properly?
The future of ZFS in FreeBSD — This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD's ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly so that we might all have a singleshared code base.
Dephix: Kickoff to The Future — OpenZFS has grown over the last decade, and delivering our application on Linux provides great OpenZFS support while enabling higher velocity adoption of new environments.
The future of ZFS on Linux [zfs-discuss] — Do you realize that we don’t actually need the symbols that the kernel removed. It All they do is save/restore of register state while turning off/on preemption. Nothing stops us from doing that ourselves. It is possible to implement our own substitutes using code from either Illumos or FreeBSD or even write our own.
Honestly, I am beginning to think that my attempt to compromise with mainline gave the wrong impression. I am simply tired of this behavior by them and felt like reaching out to put an end to it. In a few weeks, we will likely be running on Linux 5.0 as if those symbols had never been removed because we will almost certainly have our own substitutes for them. Having to bloat our code because mainline won’t give us access to trivial functionality is annoying, but it is not the end of the world.
LINUX Unplugged Episode 284: Free as in Get Out
BSD Now 279: Future of ZFS
BSD Now 157: ZFS, The “Universal” File-system

Graphical Interface-View | BSD Now 283

31 januari 2019 | min

Ell is for Linux | LINUX Unplugged 286

29 januari 2019 | min

Webs Assemble! | Coder Radio 342

28 januari 2019 | min

Linux Action News 90

27 januari 2019 | min

Debian has a big fix, Chromium might block ads, Valve makes another big investment in Linux, and Google gets serious about bringing Fuchsia to market.

Plus we announce a new Linux podcast, and run down the many ways to run Ubuntu on Windows.

Links:

Choose Linux - New JB Show — The show that captures the excitement of discovering Linux.
Steam For Linux Now Lets You Play Windows Games From Other Stores — Users can now launch Windows games purchased on platforms outside of Steam from inside the Steam for Linux client.
Looks like it’s still using Wine 3.16
Wine 4.0 Released — This release represents a year of development effort and over 6,000 individual changes.
Microsoft Employee Hints at Windows Core OS Open Source Components — The Security Program Manager then said that he "improved the security posture of Windows Open Source Components through initiatives that investigate vulnerabilities found and establish a process for remediation.”
Multipass for Win10 public beta — Multipass, at its core, is a service to manage Linux (in this case, Ubuntu) virtual machines in Windows 10 without the overhead of faffing about with Hyper-V (although Hyper-V is most definitely required to make the thing work).
Ubuntu Core 18 gets 10 years of support — Dell has been working closely with Canonical over the past three years to certify Ubuntu Core on all our Edge Gateway platforms.
Debian releases new images with apt fix — This point release incorporates the recent security update for APT, in order to help ensure that new installations of stretch are not vulnerable. No other updates are included.
It might be harder to block ads in Chromium — Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including ad blockers.
Google poaches 14-year Mac veteran from Apple to bring Fuchsia to market — Stevenson started at Apple in 2004 as a Product Release Engineer for OS X. In this role, he “triaged and diagnosed” application and framework issues, while also working with third-party developers.

Open the Rsync | BSD Now 282

24 januari 2019 | min

Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.

##Headlines

###AsiaBSDCon 2019 Call for Papers

You have until Jan 30th to submit
Full paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.
Send a message to [email protected] with your proposal. Could be either for a talk or a tutorial.
Two days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan
The conference is also looking for sponsors
If accepted, flight and hotel is paid for by the conference

###Project Trident 18.12 Released

###Building Spotifyd on NetBSD

These are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).

##News Roundup

###OPNsense 18.7.10 released

2019 means 19.1 is almost here. In the meantime accept this small
incremental update with goodies such as Suricata 4.1, custom passwords
for P12 certificate export as well as fresh fixes in the FreeBSD base.
A lot of cleanups went into this update to make sure there will be a
smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2
weeks and the final 19.1 on January 29.

###Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation

A few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.

###OpenRsync

This is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.
This project is still very new and very fast-moving.
It’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.
Many have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.

###The first report on LLD porting

LLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).
The first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.
In this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.

###Ring in the new

It’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.
For the big ticket items of KDE on FreeBSD, you should read this blog instead.

In ports this week (mostly KDE, some unrelated):
KDE Plasma has been updated to the latest release, 5.14.5.
KDE Applications 18.12.1 were released today, so we’re right on top of them.
Marble was fixed for FreeBSD-running-on-Power9.
Musescore caught up on 18 months of releases.
Phonon updated to 4.10.1, along with its backends.
And in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.

##Beastie Bits

##Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]

elementary OS and OpenMediaVault | Choose Linux 1

23 januari 2019 | min

Too Late for Jenkins? | Coder Radio 341

23 januari 2019 | min

Pain the APT | LINUX Unplugged 285

22 januari 2019 | min

The ACME Era | TechSNAP 395

20 januari 2019 | min

Linux Action News 89

20 januari 2019 | min

Almost Time | TechSNAP 394

18 januari 2019 | min

Free To Succeed? | User Error 57

18 januari 2019 | min

EPYC Server Battle | BSD Now 281

17 januari 2019 | min

Free as in Get Out | LINUX Unplugged 284

15 januari 2019 | min

The Optional Option | Coder Radio 340

15 januari 2019 | min

Linux Action News 88

13 januari 2019 | min

FOSS Clothing | BSD Now 280

10 januari 2019 | min

All About Azure | TechSNAP 394

10 januari 2019 | min

The Premiere Shell | LINUX Unplugged 283

8 januari 2019 | min

Joe joins Wes to discuss the state of Adobe's Creative Cloud on Linux and why the Fish shell might be your favorite new tool.

Plus community news, a reality check on Linux gaming, and some shiny new hardware.

Special Guests: Jason Evangelho and Peter Ammon.

Links:

Pretty much every recent Windows Phone is now hackable
Fedora 31 Isn't Expected To Be Delayed After All — Since November the developers behind Fedora Linux had been discussing whether to significantly delay or even cancel Fedora 31 so they could spend around one year working on re-tooling how the distribution is crafted and work on other fundamental changes. But it turns out now they have decided against this big shake-up delay
Fedora Planning A Per-System Unique Identifier For DNF — The proposal is quick to acknowledge the intent isn't for tracking users but only counting and this UUID wouldn't be re-used by other systems.
Linux 5.0 is on the way — The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0
Track Chris and Lady Jups
GNU ed 1.15 released
Bash 5.0 release available
Fish Shell 3.0.0 — Fish 3 is a major release, which introduces some breaking changes alongside improved functionality.
Peter (@ridiculous_fish) | Twitter
"Would totally skip Linux." — We shipped Planetary Annihilation on Win, Mac, and Linux. Linux uses we're a big vocal part of the Kickstarter and forums.
In the end they accounted for <0.1% of sales but >20% of auto reported crashes and support tickets
Game dev: Linux users were only 0.1% of sales but 20% of crashes and tickets | Hacker News
Jason Evangelho on Twitter — Re: Adobe Premiere on Linux. I have a call next week with both Bill Roberts (Sr. Director Product Management) & Patrick Palmer (Principal Product Manager). They reached out to ME. I think a genuine effort is being made here to listen to & understand various perspectives.
Jason Evangelho @ Forbes
Entroware Apollo 14"

One Week at a Time | Coder Radio 339

7 januari 2019 | min

Linux Action News 87

6 januari 2019 | min

A Good Walled Garden | User Error 56

4 januari 2019 | min

Future of ZFS | BSD Now 279

3 januari 2019 | min

Back to our /roots | TechSNAP 393

3 januari 2019 | min

Wishing Upon a Kernel | LINUX Unplugged 282

2 januari 2019 | min

sleep(jesus); | Coder Radio 338

1 januari 2019 | min

Linux Action News 86

30 december 2018 | min

2018's Deal Channels | Coder Radio 337

27 december 2018 | min

The Real McCoy | BSD Now 278

27 december 2018 | min

2019 Predictions | LINUX Unplugged 281

26 december 2018 | min

Nmap Level Up | BSD Now 277

24 december 2018 | min

Linux Action News 85

23 december 2018 | min

It’s been a huge year for Linux and FOSS news, and we take a look at some of the major stories that shaped the industry over the last 12 months.

Acquisitions, solid releases, a revolution for gaming, politics in the kernel community, Chrome OS coming of age, and more.

Links:

IBM to Acquire Red Hat — Most significant tech acquisition of 2018 will unlock true value of cloud for business
Red Hat to Acquire CoreOS — The world's leading provider of open source solutions, today announced that it has signed a definitive agreement to acquire CoreOS, Inc.
Welcome to Fedora CoreOS — This new thing will be “Fedora CoreOS” and serve as the upstream to Red Hat CoreOS.
Red Hat's Stratis Storage Project Reaches 1.0 — Stratis 1.0 was quietly released last week with the 1.0 version marking its initial stable release and where also the on-disk meta-data format has been stabilized.
Microsoft to acquire GitHub — Microsoft Corp. on Monday announced it has reached an agreement to acquire GitHub
Microsoft joins OIN — Microsoft is joining the Open Invention Network (“OIN”), a community dedicated to protecting Linux and other open source software programs from patent risk.
Microsoft’s Linux powered dev boards, Azure Sphere for sale — Azure Sphere is a solution for creating highly-secured, connected Microcontroller (MCU) devices, providing you with the confidence and the power to reimagine your business and create the future.
Ubuntu 18.04 released — The 'main' archive of Ubuntu 18.04 LTS will be supported for 5 years until April 2023.
Ubuntu 18.04 will be supported for 10 years — At OpenStack Summit in Berlin, Canonical and Ubuntu founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years.
Valve’s “Steam Play” uses Vulkan to bring more Windows games to Linux — Valve announced today a beta of Steam Play, a new compatibility layer for Linux, to provide compatibility with a wide range of Windows-only games.
Steam Machines disappear from Valve's site — Valve is no longer highlighting Steam Machine hardware through the front page of its online Steam store, seemingly putting a final nail in the coffin of Valve's partnership with third-party PC builders.
Steam Link box discontinued — According to Valve, the inventory of Steam Links has fully depleted, meaning this one’s apparently gone for good.
Meltdown and Spectre — Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.
Linus takes a break and a new CoC for kernel devs — The revamped Linux code of conduct encourages behaviors like accepting constructive criticism gracefully, using inclusive language, and being respectful of “differing viewpoints and experiences.”
Linux apps on Chrome OS confirmed — Support for Linux will enable you to create, test and run Android and web app for phones, tablets and laptops all on one Chromebook. Run popular editors, code in your favorite language and launch projects to Google Cloud with the command-line. Everything works directly on a Chromebook.
Chrome OS tablet launched — The Pixel Slate is a Chrome OS tablet with a detachable keyboard cover that turns it into something very closely resembling a laptop.
Chrome OS 70 brings native network file share support — Mr. Beaufort points to a Chromium Gerrit commit that gives details of the feature that shows M70 of Chrome OS will have its NativeSmb flag to set to enabled by default.

Great News, We Lied | User Error 55

21 december 2018 | min

Handmade Desktop Linux | LINUX Unplugged 280

18 december 2018 | min

It's The Culture Stupid | Coder Radio 336

18 december 2018 | min

Linux Action News 84

16 december 2018 | min

Ho, Ho, Ho - 12.0 | BSD Now 276

13 december 2018 | min

Keeping up with Kubernetes | TechSNAP 392

12 december 2018 | min

WireGuardians of the Galaxy | LINUX Unplugged 279

11 december 2018 | min

Everyone’s Going Chrome | Coder Radio 335

11 december 2018 | min

Linux Action News 83

9 december 2018 | min

Time Crisis | Coder Radio 334

9 december 2018 | min

OpenBSD in Stereo | BSD Now 275

9 december 2018 | min

Backup to the Moon | User Error 54

7 december 2018 | min

Shell in a Handbasket | LINUX Unplugged 278

4 december 2018 | min

Linux Action News 82

2 december 2018 | min

Clear Linux doubles down on the desktop, Fedora 31 is likely canceled or delayed, and why Firecracker is being called the new "Docker killer".

Plus AMP's new governance model kicks in, and the Necuno Mobile Plasma tease.

Links:

Clear Linux now easier to try and to install — The addition of the desktop-live image itself is also certainly a welcome addition for those planning a desktop install rather than first having to install the basic Clear Linux without any desktop environment, especially if you first want to verify your system's hardware support/compatibility before proceeding with the installation. From their downloads area the new images are the "live-desktop-beta" images.
Fedora 31 Will Likely Be Cancelled Or Significantly Delayed — Following the release of Fedora 30 in May, there might not be another major Fedora Linux release for about one year's time.
Fedora may move to annual releases — Not formally drafted besides a mailing list thread, there is a new proposal about moving Fedora to an annual platform release following Fedora 30. This was suggested by Red Hat's RHEL development coordinator, Brendan Conoboy.
AMP Project’s new governance model now in effect — Two key features of AMP’s new governance model are the Technical Steering Committee (TSC) and the Advisory Committee (AC). We have endeavored to ensure that these committees consist of people who bring a wide variety of perspectives, with representatives from different AMP constituencies.
Necuno Mobile: An open phone with Plasma Mobile — With a focus on openness, security and privacy, the Necuno Mobile is built around an ARM® Cortex®-A9 NXP i.MX6 Quad and a Vivante GPU. According to Necuno, none of the closed firmware has access to the memory.
Linux Foundation and RISC-V Foundation Announce Joint Collaboration — This partnership with the Linux Foundation will enable the RISC-V Foundation to grow the RISC-V ecosystem with improved support for the development of new applications and architectures across all computing platforms.
Firecracker mini VMs tipped to the next big thing — Firecracker can launch user space or application code in less than 125ms and microVMs at a rate of 150 per second per host. It churns out fairly compact microVMs too, with each requiring less than 5MiB of memory overhead, so thousands can co-exist on a single server.

Firecracker Fundamentals | TechSNAP 391

29 november 2018 | min

We break down Firecracker Amazon’s new open source kvm powered, virtual machine monitor, and explore what makes it different from the options on the market now.

Plus some good news for OpenBGP and the wider internet community, and a handy tool for inspecting docker images.

Links:

Firecracker – Lightweight Virtualization for Serverless Computing — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
Firecracker — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
Firecracker Design Docs
Firecracker Roadmap
QEMU — QEMU is a generic and open source machine emulator and virtualizer.
Qemu : Security vulnerabilities
VENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.
s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
OpenBGPD - Adding Diversity to the Route Server Landscape — Thanks to the RIPE NCC Community Project Fund we were able to revive the OpenBGPD daemon and bring more diversity to the Route Server landscape.
OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.
LSI Questions from Anton
ServeTheHome
Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store. To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.
evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
dive: A tool for exploring each layer in a docker image

Language: Assembly | BSD Now 274

29 november 2018 | min

Skipping Fedora 31 | LINUX Unplugged 277

27 november 2018 | min

Space Gray Handcuffs | Coder Radio 333

27 november 2018 | min

Linux Action News 81

25 november 2018 | min

Deconstructed Dialog | User Error 53

23 november 2018 | min

A Thoughtful Episode | BSD Now 273

23 november 2018 | min

What’s Up with WireGuard | TechSNAP 390

22 november 2018 | min

Very Long Term Support | LINUX Unplugged 276

20 november 2018 | min

Linux Action News 80

18 november 2018 | min

Detain the bhyve | BSD Now 272

15 november 2018 | min

The Future of HTTP | TechSNAP 389

15 november 2018 | min

Year of the Relevant Desktop | LINUX Unplugged 275

13 november 2018 | min

Christian F.K. Schaller from Red Hat joins us to discuss seamless Linux upgrades, replacing PulseAudio, some of the recent desktop Projects Red Hat’s been working on... And the value they get from them.

Plus a big batch of important community news, Wimpy’s Thunderbolt Dock experiments, and way to run pacman on any Linux distribution.

Special Guests: Alan Pope, Christian F.K. Schaller, and Martin Wimpress.

Links:

Radio Garden
PlayStation Classic relies on open source emulator for its 20 games - SlashGear — Kotaku got some early hands-on time with the PlayStation Classic and discovered that it uses the PCSX ReARMed emulator.
snes9x — For those packaging the GTK+ port, note that building with GTK+ 3 is now highly recommended over GTK+ 2 and should have no regressions. Also note that Wayland compatibility is implemented, which, if enabled, also requires GTK+ to have been compiled with Wayland support.
Canonical’s Mark Shuttleworth says he has no plans to sell anytime soon — “I value my independence,” he told me during a brief chat on the outskirts of the OpenStack Summit in Berlin today. In part, that’s because he simply doesn’t personally need the money but also because he’d like to see through to the end his vision for Canonical and Ubuntu
Open Invention Network Expands Linux Definition — The expansion includes 151 new packages, bringing the total number of protected packages to 2,873. “With this update to the Linux System definition, OIN continues with its well-established process of carefully maintaining a balance between stability and innovative core open source technology,” stated Mirko Boehm, OIN’s director for the Linux System definition. “While the majority of the new additions are widely used and found in most devices, the update includes a number of key open source innovations such as Kubernetes, Apache Cassandra and packages for Automotive Grade Linux.”
Bitwarden Completes Third-party Security Audit — We are pleased to announce that Bitwarden has completed a thorough security audit and cryptographic analysis from the security experts at Cure53.
Adding an optional install duration to LVFS firmware — We’ve just added an optional feature to fwupd and the LVFS that some people might find useful: The firmware update process can now tell the user how long in seconds the update is going to take.
Help wanted - SuperTuxKart networking testers
Supertuxkart
PipeWire Hackfest — The event kicked off with Wim Taymans presenting on current state of PipeWire and outlining the remaining issues and current thoughts on how to resolve them. Most of the first day was spent on a roadtable discussion about what are and should be the goals of PipeWire and what potential tradeoffs there would be going forward.
Thunderbolt 3 GPU Dock — Integrated NVIDIA GeForce GTX 1050 graphics card.
Automation System Name Poll — Vote on the Automation System name.
Junest — The lightweight Arch Linux based distro that runs upon any Linux distros without root access.

Linux Action News 79

11 november 2018 | min

Ubuntu on select Samsung devices goes into beta, we cover the technicalities of Linux on the new Macs, one of our favorite desktop projects gets a big update, and the Librem 5 slips.

Plus it's the end of the line for the Nexus devices, and more!

Links:

Booting Linux on new Macs — Apple's T2 security chip being embedded into their newest products provides a secure enclave, APFS storage encryption, UEFI Secure Boot validation, Touch ID handling, a hardware microphone disconnect on lid close, and other security tasks. The T2 restricts the boot process quite a bit and verifies each step of the process using crypto keys signed by Apple.
WSL gets new features — A slate of improvements to the Windows Subsystem for Linux (WSL) feature in the Windows 10 October 2018 Update.
Samsung announce Linux on DeX — Samsung is announcing the beta launch of Linux on DeX which extends the value of Samsung DeX to Linux developers. Linux on DeX empowers developers to build apps within a Linux development environment by connecting their Galaxy device to a larger screen for a PC-like experience.
Linux on Dex
KDE Connect Updated — Android Oreo introduced some restrictions in regard to apps running in the background. In the future in order to be able to run in the background KDE Connect needs to show a persistent notification. The good news is that you can hide the notification. The (slightly) bad news is that we cannot do it by default. To hide the notification you need to long-press it and switch it off. Other notifications from KDE Connect are unaffected by this.
GSConnect updated — The GNOME Shell UI has been rewritten to better conform to design guidelines. Appearance is important to everyone and work will continue to improve usability for touchscreens, HiDPI and users requiring accessibility features.
Librem 5 slips again — I am reluctant to give a new timeline for shipping the dev kits… What we know is that our new PCB fabrication here in the USA will be 11 business days. We will make over 300 of these boards, which are pretty complex—we have over 160 different parts and more than 500 components in total per board. This takes some time, even with the amazing SMT machines placing tiny parts.
Nexus devices finally dead — An over-the-air (OTA) update, which is based on Android 8.1 Oreo, is now rolling out to both the Nexus 5X and the Nexus 6P (as well as to the Pixel/Pixel XL, the Pixel 2/Pixel 2 XL, and Pixel 3/Pixel 3 XL), bumping up both phones to the latest November security patches. But if Google’s update policies are to be followed here, then this will be the last update to be released to both Nexus phones, meaning that the Nexus 5X and Nexus 6P have now officially reached end-of-life (EOL) status. Furthermore, online and phone support for both devices is also being discontinued.

Little Packages of Joy | User Error 52

9 november 2018 | min

Automatic Drive Tests | BSD Now 271

8 november 2018 | min

Before Coder | Coder Radio 332

7 november 2018 | min

Celebrating 100 | Ask Noah Show 100

7 november 2018 | min

ArcoLinux with Erik Dubois | Ask Noah Show 99

7 november 2018 | min

Stump The Linux Chumps | Ask Noah Show 98

7 november 2018 | min

Open Source by Default | LINUX Unplugged 274

6 november 2018 | min

Microsoft Joins OIN with Patrick McBride | Ask Noah Show 97

6 november 2018 | min

Linux Action News 78

4 november 2018 | min

SQLite with Richard Hipp | Ask Noah Show 96

3 november 2018 | min

Community Night! | Ask Noah Show 95

2 november 2018 | min

Ghostly Releases | BSD Now 270

1 november 2018 | min

Blue Is The New Red | Coder Radio 331

31 oktober 2018 | min

International Hat Machines | LINUX Unplugged 273

31 oktober 2018 | min

IBM Buys Red Hat | Ask Noah Show 94

30 oktober 2018 | min

Linux Action News 77

28 oktober 2018 | min

The Open Source Broadcast Appliance | Ask Noah Show 93

27 oktober 2018 | min

Linus is Back! | Ask Noah Show 92

26 oktober 2018 | min

Universal Basic Disruption | User Error 51

26 oktober 2018 | min

The One About eBPF | TechSNAP 388

25 oktober 2018 | min

Tiny Daemon Lib | BSD Now 269

24 oktober 2018 | min

Business Backup Tips | Ask Noah Show 91

23 oktober 2018 | min

Prepare for Pipewire | LINUX Unplugged 272

23 oktober 2018 | min

Vinny's Unit Tests | Coder Radio 330

23 oktober 2018 | min

Linux Action News 76

21 oktober 2018 | min

Netcat Demystified | BSD Now 268

17 oktober 2018 | min

Juno Jubilation | LINUX Unplugged 271

16 oktober 2018 | min

Building a WISP and CCTV | Ask Noah Show 90

16 oktober 2018 | min

OpenJDK or Death | Coder Radio 329

15 oktober 2018 | min

Linux Action News 75

14 oktober 2018 | min

Understand The Hype | User Error 50

12 oktober 2018 | min

Private Cloud Building Blocks | TechSNAP 387

11 oktober 2018 | min

Absolute FreeBSD | BSD Now 267

10 oktober 2018 | min

Stratis Pulls it All Together | LINUX Unplugged 270

9 oktober 2018 | min

Privacy Matters | Ask Noah Show 89

9 oktober 2018 | min

In Testing We Trust | Coder Radio 328

8 oktober 2018 | min

Linux Action News 74

7 oktober 2018 | min

What Makes Google Cloud Different | TechSNAP 386

4 oktober 2018 | min

File Type History | BSD Now 266

3 oktober 2018 | min

Alternate Desktop Universe | LINUX Unplugged 269

2 oktober 2018 | min

Kubernetes & Containers | Ask Noah Show 88

2 oktober 2018 | min

Smoked Laptops | Coder Radio 327

1 oktober 2018 | min

Linux Action News 73

30 september 2018 | min

Not Dead Yet | User Error 49

28 september 2018 | min

3 Things to Know About Kubernetes | TechSNAP 385

27 september 2018 | min

Software Disenchantment | BSD Now 265

27 september 2018 | min

Elementary, My Dear Plasma | LINUX Unplugged 268

25 september 2018 | min

This is How You Should Store Your Data | Ask Noah Show 87

25 september 2018 | min

I'm A Stakeholder Now | Coder Radio 326

24 september 2018 | min

Linux Action News 72

23 september 2018 | min

Interplanetary Peers | TechSNAP 384

21 september 2018 | min

Optimized-out | BSD Now 264

20 september 2018 | min

People Patches | LINUX Unplugged 267

19 september 2018 | min

Linus Takes a Break | Ask Noah Show 86

18 september 2018 | min

Linux Action News 71

16 september 2018 | min

Living The Dream | User Error 48

14 september 2018 | min

The Power of Shame | TechSNAP 383

14 september 2018 | min

Encrypt That Pool | BSD Now 263

12 september 2018 | min

From Jupiter to Beyond | LINUX Unplugged 266

11 september 2018 | min

Does This Make FOSS Better or Worse | Ask Noah Show 85

11 september 2018 | min

Linux Action News 70

9 september 2018 | min

Clojure Calisthenics | Coder Radio 325

7 september 2018 | min

Domestic Disappointments | TechSNAP 382

7 september 2018 | min

OpenBSD Surfacing | BSD Now 262

6 september 2018 | min

Privacy Priorities | LINUX Unplugged 265

4 september 2018 | min

Better Than Google Titan | Ask Noah Show 84

4 september 2018 | min

Linux Action News 69

2 september 2018 | min

Rage Against The Beer | CR 324

31 augusti 2018 | min

FreeBSDcon Flashback | BSD Now 261

30 augusti 2018 | min

Here Comes Cloud DNS | TechSNAP 381

30 augusti 2018 | min

Reacting to React Native | CR 323

30 augusti 2018 | min

Proton, Electron for Games! | LUP 264

28 augusti 2018 | min

How to Get Hired at Red Hat | Ask Noah Show 83

28 augusti 2018 | min

Linux Action News 68

26 augusti 2018 | min

Hacking Tour of Europe | BSD Now 260

23 augusti 2018 | min

Updates from the Source | Linux Unplugged 263

22 augusti 2018 | min

Should We Care About Libre? | Ask Noah Show 82

21 augusti 2018 | min

Linux Action News 67

19 augusti 2018 | min

Terminal Fault | TechSNAP 380

16 augusti 2018 | min

Long Live Unix | BSD Now 259

16 augusti 2018 | min

Jupiter Broadcasting's Focus

16 augusti 2018 | min

Tribes of Init | LUP 262

14 augusti 2018 | min

Firefox Made This More Secure | Ask Noah Show 81

14 augusti 2018 | min

Not so QT | CR 322

14 augusti 2018 | min

Linux Action News 66

12 augusti 2018 | min

SegmentSmack is Whack | TechSNAP 379

10 augusti 2018 | min

The Truth About Southeast Linuxfest | Ask Noah Show 80

9 augusti 2018 | min

Ending On a High Note | Unfilter 290

8 augusti 2018 | min

OS Foundations | BSD Now 258

8 augusti 2018 | min

GNOME, GNOME on the Range | LUP 261

7 augusti 2018 | min

What You Need to Know about WireGuard | Ask Noah Show 79

7 augusti 2018 | min

Qt & Me | CR 321

6 augusti 2018 | min

Linux Action News 65

5 augusti 2018 | min

Two-Factor Fraud | TechSNAP 378

2 augusti 2018 | min

The Big Bezos | CR 320

2 augusti 2018 | min

Great NetBSD 8 | BSD Now 257

2 augusti 2018 | min

Trump Tower Tales | Unfilter 289

1 augusti 2018 | min

Linux Under Pressure | TechSNAP 377

1 augusti 2018 | min

Homeless to Web Developer Overnight | Ask Noah Show 78

31 juli 2018 | min

Thinkpad as a Service | LUP 260

31 juli 2018 | min

Nadella Stamp | CR 319

31 juli 2018 | min

Linux Action News 64

29 juli 2018 | min

Google Don’t Front | TechSNAP 376

26 juli 2018 | min

Trump Tape Troubles | Unfilter 288

25 juli 2018 | min

Proprietary Action News | LUP 259

25 juli 2018 | min

Because Computers | BSD Now 2^8

25 juli 2018 | min

These Apps Make Linux Usable Now | Ask Noah Show 77

24 juli 2018 | min

Linux Action News 63

22 juli 2018 | min

Surprise Root Access | TechSNAP 375

19 juli 2018 | min

Bob’s Dozen Russians | Unfilter 287

18 juli 2018 | min

What Are You Pointing At | BSD Now 255

18 juli 2018 | min

The Future of Retro | LUP 258

18 juli 2018 | min

Should You Ditch Linux for FreeBSD | Ask Noah Show 76

17 juli 2018 | min

Losing the Anaconda | CR 318

17 juli 2018 | min

Linux Action News 62

15 juli 2018 | min

Quantum Resistant Encryption | TechSNAP 374

13 juli 2018 | min

Bare the OS | BSD Now 254

12 juli 2018 | min

A Chat with Uno | CR 317

11 juli 2018 | min

Gangster Government | Unfilter 286

11 juli 2018 | min

Security Amateur Hour | LUP 257

11 juli 2018 | min

Dell Precision 5510 Review

10 juli 2018 | min

Linux Action News 61

8 juli 2018 | min

When Clouds Go Dark | CR 316

5 juli 2018 | min

Silence of the Fans | BSD Now 253

5 juli 2018 | min

FreeBSD Already Does That | TechSNAP 373

5 juli 2018 | min

Gowdy Gettin' Rowdy | Unfilter 285

4 juli 2018 | min

Peering Into the Future | LUP 256

4 juli 2018 | min

Serving Customers Well | Ask Noah Show 74

3 juli 2018 | min

Tech Talk Today 281

2 juli 2018 | min

Chicken Farmers | CR 315

2 juli 2018 | min

Linux Action News 60

1 juli 2018 | min

Goes to 11.2 | BSD Now 252

28 juni 2018 | min

Team America, Space Police | Unfilter 284

27 juni 2018 | min

Fedora to the Core | LUP 255

27 juni 2018 | min

What You Need to Know about WPA3 | Ask Noah Show 73

26 juni 2018 | min

Microsoft’s Electron Future | CR 314

26 juni 2018 | min

Linux Action News 59

24 juni 2018 | min

Crypto HAMMER | BSD Now 251

21 juni 2018 | min

Don’t Link to This | LUP 254

20 juni 2018 | min

Talking Over IP | Ask Noah Show 72

19 juni 2018 | min

Linux Action News 58

17 juni 2018 | min

GitLab’s CEO | CR 313

15 juni 2018 | min

Logs and Metrics and Traces, Oh My! | TechSNAP 372

14 juni 2018 | min

BSDCan 2018 Recap | BSD Now 250

14 juni 2018 | min

Personalities Happen | LUP 253

13 juni 2018 | min

CopperheadOS Takeover Explained | Ask Noah Show 71

12 juni 2018 | min

Linux Action News 57

10 juni 2018 | min

Small Business Theme Hour | Ask Noah Show 70

9 juni 2018 | min

When You're Ready to Scale So is Linux | Ask Noah Show 69

9 juni 2018 | min

They Never Learn | TechSNAP 271

8 juni 2018 | min

Router On A Stick | BSD Now 249

6 juni 2018 | min

Pardon Me, Mr. President | Unfilter 283

6 juni 2018 | min

Github Hubbub | LUP 252

6 juni 2018 | min

Microsoft Buys GitHub | Ask Noah Show 68

5 juni 2018 | min

Git with Microsoft | Coder Radio 312

5 juni 2018 | min

Linux Action News 56

3 juni 2018 | min

Hidden in Plain Sight | TechSNAP 370

1 juni 2018 | min

Kremlin Script Kiddies | Unfilter 282

30 maj 2018 | min

The Qt and the Ugly | LUP 251

30 maj 2018 | min

Show Me The Mooney | BSD Now 248

29 maj 2018 | min

Ask Noah Show 67 | A New Way to Rag Chew

29 maj 2018 | min

Google AI For The Win | CR 311

28 maj 2018 | min

Linux Action News 55

27 maj 2018 | min

Interning for FreeBSD | BSD Now 247

24 maj 2018 | min

Tech Talk Today 280

24 maj 2018 | min

The Illusion of the Institution | Unfilter 281

23 maj 2018 | min

Another Pass at Bypass | TechSNAP 369

23 maj 2018 | min

Only The Best | LUP 250

23 maj 2018 | min

Ask Noah Show 66 | We Found Another Spectre Meltdown Flaw

22 maj 2018 | min

ECMATakeover | CR 310

21 maj 2018 | min

Linux Action News 54

20 maj 2018 | min

Tech talk Today 279

17 maj 2018 | min

Properly Coordinated Disclosure | BSD Now 246

17 maj 2018 | min

Mutually Assured Manipulation | Unfilter 280

16 maj 2018 | min

EFail Explained | TechSNAP 368

16 maj 2018 | min

Home Grown FUD | LUP 249

15 maj 2018 | min

Ask Noah Show 65 | Can This Be Virtualized?

15 maj 2018 | min

Tech Talk Today 278

14 maj 2018 | min

Best of Both Worlds | CR 309

14 maj 2018 | min

Linux Action News 53

13 maj 2018 | min

Tech Talk Today 277

11 maj 2018 | min

FreeNAS Uber Build | TechSNAP 367

10 maj 2018 | min

ZFS User Conf 2018 | BSD Now 245

10 maj 2018 | min

Iran Pullout | Unfilter 279

9 maj 2018 | min

Contain All The Things | LUP 248

9 maj 2018 | min

Ask Noah Show 64 | Should I Buy a Chromebook?

8 maj 2018 | min

Tech Talk Today 276

7 maj 2018 | min

The Nicheing Down Fallacy | CR 308

7 maj 2018 | min

Linux Action News 52

6 maj 2018 | min

Tech Talk Today 275

3 maj 2018 | min

System.Evolution | CR 307

3 maj 2018 | min

C is a Lie | BSD Now 244

3 maj 2018 | min

Catching up with Allan | TechSNAP 366

2 maj 2018 | min

Year of the Linux Desktop | LUP 247

2 maj 2018 | min

Ask Noah Show 63 | The Next Chromebooks

1 maj 2018 | min

Live From LFNW 2018 | Ask Noah Show 62

1 maj 2018 | min

Tech Talk Today 274

30 april 2018 | min

Progressive Webbie Things | CR 306

30 april 2018 | min

Linux Action News 51

29 april 2018 | min

Calculated Comey | Unfilter 278

25 april 2018 | min

The Bionic Bet | LUP 246

25 april 2018 | min

Understanding The Scheduler | BSD Now 243

25 april 2018 | min

The Unfixable Exploit | TechSNAP 365

25 april 2018 | min

This Guy Hates Encryption | Ask Noah Show 61

24 april 2018 | min

Tech Talk Today 273

23 april 2018 | min

Linux Action News 50

22 april 2018 | min

Microsoft Linux | Ask Noah Show 60

20 april 2018 | min

Tech Talk Today 272

19 april 2018 | min

Linux Takes The Fastpath | BSD Now 242

18 april 2018 | min

Bomb First Ask Later | Unfilter 277

18 april 2018 | min

The Case for Monitoring | TechSNAP 364

18 april 2018 | min

Microsoft of Things | LUP 245

18 april 2018 | min

Podcasting 101 | Ask Noah Show 59

17 april 2018 | min

Tech Talk Today 271

16 april 2018 | min

Perpetual Beta Tester | CR 305

16 april 2018 | min

Linux Action News 49

15 april 2018 | min

Tips from the Top | TechSNAP 363

13 april 2018 | min

Bowling in the LimeLight | BSD Now 241

12 april 2018 | min

Saving Syria Now | Unfilter 276

11 april 2018 | min

Plasma Predicament | LUP 244

10 april 2018 | min

Has Apple Given Up on The Macbook? | Ask Noah Show 58

10 april 2018 | min

No Bad Guys Only Survivors | CR 304

9 april 2018 | min

Linux Action News 48

8 april 2018 | min

Rebuilding it Better | TechSNAP 362

5 april 2018 | min

It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.

Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun.

The Under Armour Hack Was Even Worse Than It Had To Be

Under Armour Inc (UAA.N) (UA.N) said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

Panerabread.com Leaks Millions of Customer Records

The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com.

No, Panera Bread Doesn’t Take Security Seriously

tl;dr: In August 2017, I reported a vulnerability to Panera Bread that allowed the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card to be accessed in bulk for any user that had ever signed up for an account. This includes my own personal data! Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months. When Brian Krebs publicly broke the news, other news outlets emphasized the usual “We take your security very seriously, security is a top priority for us” prepared statement from Panera Bread. Worse still, the vulnerability was not fixed at all — which means the company either misrepresented its actual security posture to the media to save face or was not competent enough to determine this fact for themselves. This post establishes a canonical timeline so subsequent reporting doesn’t get confused.

Total Meltdown?

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.

Terraform

HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Terraforming 1Password

Compared to the JSON or YAML files used by CloudFormation, Terraform HCL is both a more powerful and a more readable language. Here is a small example of a snippet that defines a subnet for the application servers. As you can see, the Terraform code is a quarter of the size, more readable, and easier to understand.

Feedback

Whonow: A malicious DNS server for executing DNS Rebinding attacks on the fly

Testing Russia's Nerves | Unfilter 275

4 april 2018 | min

TCP Blackbox Recording | BSD Now 240

4 april 2018 | min

What's Coming Next | Ask Noah Show 57

3 april 2018 | min

The Stallman Directive | LUP 243

3 april 2018 | min

Weapons of Mass Data | CR 303

2 april 2018 | min

Pen is Mightier | User Error 47

2 april 2018 | min

Linux Action News 47

1 april 2018 | min

The Return To ptrace | BSD Now 239

29 mars 2018 | min

Staring into Sun | CR 302

29 mars 2018 | min

It’s All in the Logs | TechSNAP 361

29 mars 2018 | min

Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.

Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

Links:

Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app

It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name “SEKRET”. (The new class images have a WarGames theme, hence the shout-outs to classic video games!)

Thousands of servers found leaking 750MB worth of passwords and keys

Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to access MySQL and PostgreSQL databases, content management systems, and other types of production servers.

Atlanta city government systems down due to ransomware attack

FBI called in as some city services are interrupted, employees told to turn off PCs.

Android malware found inside apps downloaded 500,000 times

The malware was sneaked onto the Google Play store disguised as seven different apps -- six QR readers and one 'smart compass' -- and bypassed security checks by hiding its true intent with a combination of clever coding and delaying its initial burst of malicious activity.

From hacked client to 0day discovery

We will discover in this article how a recent incident response to a customer was handled and how we discovered an otherwise publicly unknown vulnerability that was never reported by the manufacturer which left thousands of users unprotected from this security flaw.

Feedback

The Bolton Bomb | Unfilter 274

28 mars 2018 | min

Debian on the Fly | LUP 242

27 mars 2018 | min

Tech That Kills You | Ask Noah 56

27 mars 2018 | min

Season of Change | T3 270

25 mars 2018 | min

Linux Action News 46

24 mars 2018 | min

The Slice Age | T3 269

22 mars 2018 | min

VLAN-Zezes-ki in Hardware | BSD Now 238

21 mars 2018 | min

AMD Flaws Explained | TechSNAP 360

21 mars 2018 | min

Analytica Aftermath | Unfilter 273

20 mars 2018 | min

Getting Started with Chef | Ask Noah 55

20 mars 2018 | min

Snitching on SCaLE | LUP 241

19 mars 2018 | min

We’re playing just one interview from SCaLE this year, tons of community news, and two handy app picks.

Plus webOS returns, some fundamental Linux plumping upgrades, and Private Internet Access goes Open Source.

Links

LG Announces webOS Open-Source Edition

LG in cooperation with South Korea's NIPA government agency are working on making webOS suitable as a more open platform with open connectivity. They are still looking to commercialize it as an open-source platform, LG announced this morning.

GNOME 3.28 Release Notes

GNOME 3.28 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 25832 changes, made by approximately 838 contributors.

Bolt Will Tackle Thunderbolt 3 Security on Linux

TING

**Ting - mobile that makes sense

New Major GStreamer Release

The GStreamer team is proud to announce a new major feature release of your favourite cross-platform multimedia framework!

Firefox 59 released, these are the key changes

Performance enhancements to the Firefox Home page mean it should now load quicker than before. The speed up comes by leveraging cache files.

Off-Main-Thread Painting - https://t.co/3MllKmqOaO

On Linux it has to be enabled manually: set “layers.omtp.enabled” to true.
— Adam Brodziak (@AdamBrodziak) March 19, 2018

Private Internet Access goes Open Source

Today marks the start of an exciting shift over here at Private Internet Access. As long-time supporters of the Free and Open Source Software community, we have started the process of open sourcing our software, and over the next six months we will be releasing the source code for all our client-side applications, as well as libraries and extensions.

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

OpenSnitch

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.

Spotifyd: A spotify daemon

An open source Spotify client running as a UNIX daemon. Spotifyd streams music just like the official client, but is more lightweight, and supports more platforms. Spotifyd also supports the Spotify Connect protocol, which makes it show up as a device that can be controlled from the official clients.

Spotifyd requires a Spotify Premium account.

Linux Academy

Linux Academy | Linux and AWS Online Training

SCaLE16x Report
Ilan Rabinovitch (@irabinovitch) | Twitter

VP, Product & Technical Community at @datadoghq, recovering SysAdmin, SCALE Conference Chair, and other FL/OSS fun.

Unethical Data Experiment | T3 268

19 mars 2018 | min

Cambridge Analytica's use of Facebook data was a 'grossly unethical experiment' coming to light thanks to a whistleblower. We'll play his story, and discuss what they did with the data.

Plus Google, Target, and Walmart's unholy alliance to battle Amazon and Twitter's Cryptocoin crackdown.

Links

Uber Halts Autonomous-Car Testing After Fatal Arizona Crash --- The 49-year-old woman, Elaine Herzberg, was crossing the road outside of a crosswalk when the Uber vehicle operating in autonomous mode under the supervision of a human safety driver struck her, according to the Tempe Police Department.
Google plans to boost Amazon competitors in search shopping ads --- Google made the announcement on its AdWords blog this morning, detailing an initiative called Shopping Actions. Through this feature, retailers can leverage a "universal cart" that allows customers to easily shop across mobile, desktop and voice-controlled devices. Basically, Google says this will make it much easier for you to shop by voice or with a phone/computer from a number of stores.
Cambridge Analytica harvested data from millions of unsuspecting Facebook users --- Cambridge Analytica, a company that profiled voters for Donald Trump's campaign, allegedly harvested private information from more than 50 million Facebook profiles, which they used to influence and wage a "culture war" during the 2016 election.
New York professor sues Cambridge Analytica to find out what it knows about him
Facebook wants more video creators to compete with YouTube, so it's rolling out a subscription feature - Recode --- Facebook will soon let you subscribe to your favorite creator for $5 a month.
GrayKey iPhone unlocker poses serious security concerns --- According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs.
Twitter Will Ban Most Cryptocurrency-Related Ads --- Twitter plans to ban most cryptocurrency-related ads in the next few weeks, as Sky News first reported and a source confirms to Axios. Why it matters: The recent boom in cryptocurrencies and digital tokens has unsurprisingly attracted some fraudsters. Twitter is following in the footsteps of Facebook and Google, though it's been having its own problems with accounts promoting scams.

Being David | Coder Radio 301

18 mars 2018 | min

Linux Action News 45

16 mars 2018 | min

Episode Links

GNOME 3.28 Released --- One major new feature for this release is automatic downloading of operating systems in Boxes, which takes the work out of creating and running virtual machines -- just pick the operating system that you want to create a virtual machine of, and Boxes will now download and install it for you.
GNOME 3.28 Release Notes
Firefox 59 released --- We launched an entirely new engine in November, made significant improvements to graphics rendering in January, and are continuing to post performance gains and add features with this release. On Firefox for desktop, we've improved page load times, added tools to annotate and crop your Firefox Screenshots, and made it easier to arrange your Top Sites on the Firefox Home page. On Firefox for Android, we've added support for sites that stream video using the HLS protocol. * Firefox is a Snap* Raspberry Pi 3 Model B+ --- Alongside a 200MHz increase in peak CPU clock frequency, we have roughly three times the wired and wireless network throughput, and the ability to sustain high performance for much longer periods.* US city bans new Bitcoin mining --- Plattsburgh, New York has imposed an 18-month moratorium on Bitcoin mining to prevent miners from using all the city's cheap electricity.
Let's Encrypt rolls out wildcard certs --- Free "wildcard" certificates to enable secure HTTP connections for entire domains. In addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.
TechSNAP Episode 359* Eric Raymond's open source UPS --- Last week, ESR opened up the work-in-progress on GitLab: the Upside project is currently defining requirements and developing a specification for a "high quality UPS that can be built from off-the-shelf parts in any reasonably well-equipped makerspace or home electronics shop".
Wil Wheaton runs Linux --- But about a week ago, something went wrong. Everything started slowing down like crazy, Chrome just quit working entirely, and even Firefox ran so slow, I felt like I was using a 386.

All Jupiter Broadcasting Shows

Every potential audio release of a Jupiter Broadcasting production will get published here.

Om podden

Avsnitt

2024 Tuxies | LINUX Unplugged 594

Mikestrodamus | Coder Radio 600

Zen and the Art of Kernel Preempting | LINUX Unplugged 593

ODROID and Chill | Self-Hosted 138

GPU Game Theory | Coder Radio 599

Chris' Netboot Nonsense | LINUX Unplugged 592

No Code is just Other People's Code | Coder Radio 598

KDE Goes Banana | LINUX Unplugged 591

Mechanically Compatible | Self-Hosted 137

Make Google Great Again | Coder Radio 597

Self-Host Before You're Toast | LINUX Unplugged 590

Chrome For Sale | Coder Radio 596

6 Reasons to Love Linux 6.12 | LINUX Unplugged 589

Google is Done | Self-Hosted 136

Year of the Snake | Coder Radio 595

Clearing out the Tumbleweeds | LINUX Unplugged 588

Smart Contracts for Dumb People | Coder Radio 594

Triple Fedora Taste-Test | LINUX Unplugged 587

Rebuilding For the Last Time | Self-Hosted 135

Bake Your Own Linux Cake | Coder Radio 593

Kexec with Determination | LINUX Unplugged 586

Choosy Moms Choose Ubuntu | LINUX Unplugged 585

YouTube Unplugged | Self-Hosted 134

FOSS does what Nintendont | Coder Radio 591

Captain Meshtastic and the Solar Cowboy | LINUX Unplugged 584

Google’s Loss is Our Win | Coder Radio 590

Nix on Easy Mode | LINUX Unplugged 583

No Google October | Self-Hosted 133

Blame the Tools using the Tools | Coder Radio 589

On the CUPS of Disaster | LINUX Unplugged 582

A Coder PSA | Coder Radio

The Linux Escape Hatch | LINUX Unplugged 581

Uploading at the Speed of Light | Self-Hosted 132

Hulk Smash “PUNY DEVS” | Coder Radio 588

Brent's Boogie Bus Broadcast Bash | LINUX Unplugged 580

Surfing the WSL Wave | Coder Radio 587

Lost & Found | LINUX Unplugged 579

The Value of Community | Self-Hosted 131

Mike's Clone Army | Coder Radio 586

Young and the Rustless | LINUX Unplugged 578

From Ops to Dev and Back Again | Coder Radio 585

Summer Kernel Corn Roast | LINUX Unplugged 577

Make it or Break it | Self-Hosted 130

Google’s Poisoned Apple | Coder Radio 584

The Secret Server | LINUX Unplugged 576

A Shekel for Every Click | Coder Radio 583

Brent's Busted Builds | LINUX Unplugged 575

Forged Alliance | Self-Hosted 129

Intel: It Hurts Inside | Coder Radio 582

COSMIC Encounter | LINUX Unplugged 574

Lunacy Lake | Coder Radio 581

Universal Blue Man Group | LINUX Unplugged 573

To Update, or Not to Update? | Self-Hosted 128

Error Lake | Coder Radio 580

Data Security Only a Maniac Could Love | LINUX Unplugged 572

The Insufferable Small Business | Coder Radio 579

Multi-Machine Lifestyle | LINUX Unplugged 571

Texas LinuxFest Day 2 | Jupiter Extras 92

Texas LinuxFest Day 1 | Jupiter Extras 91

Nostr Workshop | Jupiter Extras 90

The protocol is very promising

How Nostr could be useful for Podcasting

Help us test, learn a little Nostr.

Can't Fix What You Don't Track | Self-Hosted 127

Cancel the 100X | Coder Radio 578

RegreSSHion Strikes | LINUX Unplugged 570

Holy Order of the Admins | Coder Radio 577

Our Plasma Panacea | LINUX Unplugged 569

Smart But Not Cloudy | Self-Hosted 126

The New 800-pound Gorilla | Coder Radio 576

All Your Silos are Broken | LINUX Unplugged 568

The Omakub Directive | Coder Radio 575

So Long sudo | LINUX Unplugged 567

Tiny Mini Micro Systems FTW | Self-Hosted 125

Craig Stans Unite | Coder Radio 574

Chef's Choice Ubuntu | LINUX Unplugged 566