All Jupiter Broadcasting Shows

We review our predictions and own up to what we got wrong, and what we got right in 2019.Special Guests: Alex Kretzschmar and Brent Gervais.Links:Q&A with Sam K - Acquisition Announcement Follow Up Keep the conversation going join us on Telegram Jupiterbroadcasting.com/telegram My recent Plasma Basic to Brilliant video is out Mac Pro case clone No More Secrets - This project provides a command line tool called nms that recreates the famous data decryption effect seen on screen in the 1992 hacker movie Sneakers. hollywood - launch Byobu, open a random number of splits with random sizes, in each split run a noisy text app cool-retro-term: A good looking terminal emulator which mimics the old cathode display

Brent sits down with Jackie DeVore, co-host of horror podcast Sirens of Scream and multi-disciplinary artist. Our in-person chat explores the origins of her podcasting, creativity as a lifestyle, women in tech, art, and gaming, and her co-founding and recent launch of Hell Bunny Independents Club, a women's inclusive and supportive digital safe space.Special Guest: Jackie DeVore.Links:Sirens of ScreamHell Bunny Independents Club (HBIC)Jackie DeVore - Useless ProgressBrunch with Brent: Alex KretzschmarSelf-Hosted PodcastBrunch with Brent: Drew DeVoreSirens of Scream 62: Rob Sheridan / HIGH LEVELWarm Bodies - IMDbShaun of the Dead - IMDbTucker and Dale vs Evil - IMDbSirens of Scream Episode 66(6): The Soska Sisters, RABID, and the State of Horror as We Know It!Safety Not Guaranteed - IMDbRoom 104 (TV Series) - IMDbFour Rooms - IMDbNerds in BabelandJupiter Extras 27: Happy Halloween, 2019!Neil Gaiman - WikipediaCoraline - IMDbUser ErrorBrunch with Brent: Ell MarquezBrunch with Brent: Emma MarshallBrunch with Brent: Jill Bryant RynikerQueer Corners, Ottawa, Ontariowhiprsnapr brewing co. craft brewery - Ottawa, OntarioGhosts in the BurbsGhosts in the Burbs - MerchPortal 2 - SteamRedditgiftsJackie DeVore - @jackietherobot on TwitterJackie DeVore - @jackietherobot on InstagramBrent Gervais - @brentgervais on Twitter

We review the major moments of the year's news, and discuss how they impacted our world.Links:Amazon takes aim at MongoDB with launch of Mongo-compatible DocumentDBMongoDB "open-source" Server Side Public License rejectedRedis Labs raises $60 million for its NoSQL databaseRedis Labs changes its open-source license — againKeeping Open Source Open – Open Distro for ElasticsearchChef goes 100% open sourceGoogle jumps into gaming with Google Stadia streaming serviceGoogle Stadia will be missing many features for Monday’s launchSupporting choice and competition in EuropePresenting search app and browser options to Android users in EuropeAndroid Developers Blog: Welcoming Android 10!Project Mainline is Google’s new way to speed up security updates in Android QAdiantum: encryption for the low endAll Chromebooks will also be Linux laptops going forwardGoogle gives most Chromebooks an extra year of software supportGoogle and fwupd sitting in a treePhoenix joins the LVFSPlease welcome HP to the LVFSLVFS Project AnnouncementAnnouncing the Open Sourcing of Windows CalculatorIntroducing Windows TerminalMicrosoft Will Release Their Edge Web Browser For LinuxMicrosoft Teams is now available on LinuxAnnouncing WSL 2Ubuntu 19.04 'Disco Dingo' Released with New FeaturesIntel 32bit packages on Ubuntu from 19.10 onwardsStatement on 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTSEnhancing our ZFS support on Ubuntu 19.10Ubuntu 19.10 ReleasedWill Cooke, the Director of Engineering for the Ubuntu desktop, has left CanonicalCanonical announces Ubuntu Pro for Amazon Web ServicesRed Hat Opens the Linux Experience to Every Enterprise, Every Cloud and Every Workload with Red Hat Enterprise Linux 8Red Hat crosses US$3b annual revenue for first timeAnnouncing the release of Fedora 30IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud FutureIntroducing Fedora CoreOSPresenting CentOS StreamFedora 31 is officially here!

From classifying cats to colorizing old photos we share our top tips and tools for starting your machine learning journey. Plus, learn why Nebula is our favorite new VPN technology, and how it can help simplify and secure your network.Links:Introducing Nebula, the open source global overlay network from Slack nebula: A scalable overlay networking tool with a focus on performance, simplicity and security Nebula VPN routes between hosts privately, flexibly, and efficiently How to set up your own Nebula mesh VPN, step by step LINUX Unplugged 329: Flat Network Truthers Cloudy with a chance of neurons: The tools that make neural networks work Welcome To Colaboratory ImageColorizer Notebook DeOldify: A Deep Learning based project for colorizing and restoring old images (and video!)

Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more. Headlines Authentication vulnerabilities in OpenBSD We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms. From the manual page of login.conf: OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are: > passwd Request a password and check it against the password in the master.passwd file. See login_passwd(8). > skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See login_skey(8). > yubikey Authenticate using a Yubico YubiKey token. See login_yubikey(8). > For any given style, the program /usr/libexec/auth/login_style is used to > perform the authentication. The synopsis of this program is: > /usr/libexec/auth/login_style [-v name=value] [-s service] username class This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways. login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based). This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed. Case study: smtpd Case study: ldapd Case study: radiusd Case study: sshd Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team. First release candidate for NetBSD 9.0 available! Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed! This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface. We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year). Here are a few highlights of the new release: > Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA) > Enhanced hardware support for Armv7-A > Updated GPU drivers (e.g. support for Intel Kabylake) > Enhanced virtualization support > Support for hardware-accelerated virtualization (NVMM) > Support for Performance Monitoring Counters > Support for Kernel ASLR > Support several kernel sanitizers (KLEAK, KASAN, KUBSAN) > Support for userland sanitizers > Audit of the network stack > Many improvements in NPF > Updated ZFS > Reworked error handling and NCQ support in the SATA subsystem > Support a common framework for USB Ethernet drivers (usbnet) More information on the RC can be found on the NetBSD 9 release page News Roundup Running FreeNAS on a Digitalocean droplet ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead. I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :) Before we begin, here's the gist of what we're going to do: > Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device. Part 1: re-image our boot block device to boot FreeNAS install media. Part 2: Install FreeNAS on the second block-device Part 3: Re-image the boot block device using the FreeNAS-installed block device NomadBSD 1.3 is now available From the release notes: > The base system has been changed to FreeBSD 12.1-RELEASE-p1 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse The GPT layout has been changed to MBR. This prevents problems with Lenovo systems that refuse to boot from GPT if "lenovofix" is not set, and systems that hang on boot if "lenovofix" is set. Support for ZFS installations has been added to the NomadBSD installer. The rc-script for setting up the network interfaces has been fixed and improved. Support for setting the country code for the wlan device has been added. Auto configuration for running in VirtualBox has been added. A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead. NVIDIA driver version 440 has been added. nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the default user and autologin has been added. nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added. Martin Orszulik added Czech translations to the setup and installation wizard. The NomadBSD logo, designed by Ian Grindley, has been changed. Support for localized error messages has been added. Support for localizing the password prompts has been added. Some templates for starting other DEs have been added to ~/.xinitrc. The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved. A script that helps users to configure a multihead systems has been added. The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting". /proc has been added to /etc/fstab A D-Bus session issue has been fixed which prevented thunar from accessing samba shares. DSBBg which allows users to change and manage wallpapers has been added. The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed. Support for multiple keyboard layouts has been added. www/palemoon has been removed. mail/thunderbird has been removed. audio/audacity has been added. deskutils/orage has been added. the password manager fpm2 has been replaced by KeePassXC mail/sylpheed has been replaced by mail/claws-mail multimedia/simplescreenrecorder has been added. DSBMC has been changed to DSBMC-Qt Many small improvements and bug fixes. At e2k19 nobody can hear you scream After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut. I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow. Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy. Our next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab). I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse. In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement! Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut. Beastie Bits FOSDEM 2020 BSD Devroom schedule Easy Minecraft Server on FreeBSD Howto stats(3) framework in the TCP stack 4017 days of uptime sysget - A front-end for every package manager PlayOnBSD’s Cross-BSD Shopping Guide Feedback/Questions Pat asks about the proper disk drive type for ZFS Brad asks about a ZFS rosetta stone Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag. Special Guest: Mariusz Zaborski.

Ultimate privacy in Distrohoppers, and the best ways to run other operating systems within your current Linux distro.Links:Tails — Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD. It aims at preserving your privacy and anonymity.Installing KVM on UbuntuVirtual machine manager — The virt-manager application is a desktop user interface for managing virtual machines through libvirt.Boxes — Boxes is an application that gives you access to virtual machines, running locally or remotely. It also allows you to connect to the display of a remote computer.LINUX Unplugged episode about virtualization — Our crew walks you through their PCI Passthrough setups that let them run Windows, macOS, and distro-hop all from one Linux machine.

Open source won the last decade, but what if it hadn’t? We look back at some major milestones and reflect on a world where they never existed.Special Guests: Alex Kretzschmar and Brent Gervais.Links:Introducing netboot.xyz Docker Network Boot Server Image (PXE) Tails - Celebrating 10 years of Tails! Ten Years Past GNOME’s 10x10 Goal, The Linux Desktop Is Still Far From Having A 10% Marketshare - Phoronix Linux Headlines Jupiter Extras - NOW ON YouTube Keep the conversation going join us on Telegram! Container History in an Image Shuttleworth’s grand vision for Ubuntu on phones, tablets, TV’s and smart screens everywhere in October 2011 Ubuntu Touch 1.0 in October 2013 BQ Aquaris E4.5 Ubuntu Edition in April 2015 Ubuntu phone killed in April 2017 UBports released first stable OTA in June 2017 Librem 5 crowdfunder in August 2017 Librem 5 starts shipping in December 2019 PinePhone announced at FOSDEM 2019 PinePhone Braveheart edition opens for pre-orders November 2019 Xdg-app becomes Flatpak in May 2016 Launched in December 2014 Skype snapped in February 2018 Chrome OS announced in July 2009 First widely available Chromebooks arrive June 2011 Chromebook Pixel in February 2013 Android apps arrive in September 2014 Network file share support arrives in September 2018 Linux apps beta arrives in stable channel in October 2018 In May 2019 it was announced that all new Chromebooks would support Linux apps In Q4 of 2018, Chromebooks made up 21% of all notebooks sold in the US Feedback: Aaarghhhhh!! (Chris’ Pronunciation)

Brent sits down with Catherine Kretzschmar, professional music teacher, coding bootcamp enlistee, and humanist celebrant, for an in-person connective chat on the relationship between music and coding, the quality-of-life implications of ever-evolving home automation, an intro to humanist celebrancy, and more. Catherine is a good friend of the Jupiter Broadcasting family and wife of Alex Kretzschmar, co-host of Self-Hosted.Special Guest: Catherine Kretzcschmar.Links:Brunch with Brent: Alex KretzschmarSelf-Hosted PodcastHarmony Remotes - LogitechBeyond Sudoku - PuzzlerHumanist Celebrant - WikipediaBrent Gervais - @brentgervais on Twitter

Canonical releases a "mini-cloud" on your workstation, the KDE ecosystem has some big news, and the smart home might have just become more open. Plus Firefox's new DoH partner, and signs of life from the Atari VCS.Links:Firefox adds 2nd DoH partner — Program Committing to Data Retention and Transparency Requirements that Respect User PrivacyApple, Google, and Amazon are teaming up to develop an open-source smart home standardAmazon, Apple, Google, and the Zigbee Alliance to develop connectivity standardIkea previews its improved 2020 smart home experienceZ-Wave is making a huge change so it doesn’t get left behind in the smart home wars - The Verge — It’s turning into a fully open standard, according to Silicon Labs.Canonical Releases Multipass 1.0 As "A Mini-Cloud On Your Workstation" — "a mini-cloud on your workstation using native hypervisors of all the supported plaforms (Windows, macOS and Linux), it will give you an Ubuntu command line in just a click ("Open shell") or a simple multipass shell command, or even a keyboard shortcut."Krita Receives Epic MegaGrant — Epic, the makers of the Unreal game engine, have supported Krita with a $25,000 MegaGrantA Kubuntu-Powered Laptop Is Launching In 2020 For High-End KDE Computing — A Kubuntu laptop is launching soon that is aiming for a high-end Linux laptop experience atop the KDE flavor of Ubuntu.KDE Launch Video & Wallpaper Competitions with Linux PCs as PrizesGuidance for Atari VCS Content Developers — Initial procedures announced for more independent game and app developers to start creating and planning now for earning a place in the Atari VCS storefront.

Brent sits down with Jason Spisak, professional voice actor, actor, producer, and co-founder of multiple Linux-related projects including Lycoris, Symphony OS, and Symple PC. In Part 2 we explore Jason's various voice acting roles, his approach to embodying roles like The Joker, the setup in his Linux-only audio recording studios, the power in collaborative innovation, examining yourself through meditation, and more.Special Guest: Jason Spisak.Links:Brunch with Brent: Jason Spisak Part 1Jason Spisak - IMDbGears Tactics - Gears of WarDC Super Hero GirlsYoung Justice (DC Comics) - WikipediaYoung Justice (DC Comics) - IMDbMel Blanc - WikipediaJupiter BroadcastingRaspberry PiKDE neonFocusrite Scarlett 2i2 Audio InterfaceComic-Con International: San DiegoMark Hamill - WikipediaBatman: HushSuperpowers vs Spoony - LEGO Justice League Gotham City Breakout - YouTubeCesar Romero - WikipediaSam HarrisThe Art of Happiness by Dalai Lama XIV - GoodreadsWaking Up App - Sam HarrisJason SpisakBrent Gervais - @brentgervais on Twitter