A show about life, Linux, the universe, and everything in between.
Rank #1: Episode 63: Linux Without Borders.
Where bad feeling and rivalry in the FOSS world actually originates, what we should be teaching our kids, and the violence that underlies everything around us. Plus Joe is a lazy swine, and dodgy VPN providers. Follow the show on Twitter 00:00:33 FOSS Rivalry 00:10:27 #AskError: How often do you clean your tech and with what tools? 00:13:11 Teaching kids to code 00:24:09 #AskError: Are all VPN providers as shady as they seem? 00:32:43 All property is theft
Rank #2: Episode 77: Blinking Eye Patches.
Tech mistakes, communicating with spouses, and why you shouldn't let popey drive you anywhere. Plus patching humans as if they were code, back to basics web browsing, cold drinks, and conkers. 00:00:31 Is there anything you close your eyes while doing that other people might think is odd? 00:04:32 What's your biggest or most significant tech blunder? 00:11:09 What's your favorite thing about your least favorite season, and your least favorite thing about your favorite season? 00:16:55 If humans were code and you could patch a bug/feature/issue which exists in most humans, what would it be, and what would you "fix"? 00:23:29 If your preferred search engine offered a function to exclude all websites utilizing anything other than HTML and CSS - would you use it? 00:27:16 Somewhere there’s a sliding scale in your mind of when a partner deserves to be in on a choice. Where does that begin and why?
Every 2 weeks, Joe, Ell, and Drew talk about what they've discovered in the world of Linux and Open Source.
Rank #1: 3: Raspberry Pi and Retro Gaming.
Jason finally discovers the bottomless well of potential that is the Raspberry Pi, and talks about his first experience with Raspbian. Then Joe and Jason take a nostalgic deep dive into retro gaming on both the Raspberry Pi and the Pinebook. Plus some final thoughts on openSUSE Tumbleweed and Leap. Links:Raspberry Pi — A small and affordable computer that you can use to learn programmingRetroPie — RetroPie allows you to turn your Raspberry Pi, ODroid C1/C2, or PC into a retro-gaming machineLakka — Lakka is a lightweight Linux distribution that transforms a small computer into a full blown retrogaming console.Pinebook — An Affordable 64-bit ARM based Open Source NotebookopenSUSE — The makers' choice for sysadmins, developers and desktop users.
Rank #2: 4: Fedora Challenge And NextCloudPi.
The distro challenges roll on with Fedora Workstation. Jason shares his thoughts on getting it up and running, feeling at home with vanilla Gnome, and why Fedora may be perfect place for his Magic the Gathering addiction. Plus, the Raspberry Pi journey continues with NextCloudPi. Is creating a DropBox substitute really this easy? Links:The Fedora 29 Linux Community Challenge — By popular demand, we're moving into March by exploring another community-powered distro with a corporate shadow (in Red Hat), and one that people have passionately encouraged me to try: Fedora Workstation.Fedora Workstation — Fedora Workstation is a reliable, user-friendly, and powerful operating system for your laptop or desktop computer. It supports a wide range of developers, from hobbyists and students to professionals in corporate environments.Create A Personal Home Backup Server With Raspberry Pi 3 — NextCloudPi is a standalone, self-contained OS that runs on your Raspberry Pi. It lets you sync and manually back up files from practically any device (including your phone and its camera instantly), and serve files to those devices. NextCloudPi — NextCloudPi is a Nextcloud instance that is preinstalled and preconfigured, and includes a management interface with all the tools you need to self host your private data in a single package.This is an official open source community project that aims at making it easier for everyone to have control over their own data.Net Scan — Network scanning and discovery along with port scanner.Wonder Shaper — Wonder Shaper is a script that allow the user to limit the bandwidth of one or more network adapters. It does so by using iproute's tc command, but greatly simplifies its operation.
Systems, Network, and Administration Podcast. Every two weeks TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.
Rank #1: Episode 193: Don’t Fire IT | TechSNAP 193.
More and more data breaches are leading to blackmail but the stats don’t tell the whole story. We’ll explain. Plus the latest in the Sony hack, and the wider reaction. Plus a great batch of emails & much, much more!
Rank #2: Episode 203: TurboHax | TechSNAP 203.
Lenovo & Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them & how Turbotax profits from Cyber tax fraud! Plus a great batch of your questions, a fantastic round up & much, much more!
The Ask Noah Show is a weekly radio call in show where we take your tech questions or business in tech questions live on the air.The show airs Tuesdays at 6pm CST on asknoahshow.com and at KEQQ 88.3 FM in Grand Forks ND.It's a free call 1-855-450-NOAH so join us and start on your way to owning your operating system, your software, and technology.
Rank #1: Episode 30: Doin' Lines of WiFi.
Noah gives us the 30 second elevator pitch and then does a deep dive into this new attack that has plagued wifi. We talk about RedHat on it's way to a 5 billion dollar company and of course your calls. -- The Cliff Notes -- RedHat, 5 Billion Goal Krack Attack High DPI in Linux+Vox Tel Sys -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux Ask Noah Show Altispeed Technologies Jupiter Broadcasting
Rank #2: Episode 105: FreeNAS with Kris Moore.
Kris Moore joins us to discuss the latest release of FreeNAS and what we can expect down the road! Linux.org was defaced and Coraline's personal info was released. Emby, the open source competitor to Plex has announced that future versions will be closed source. -- The Cliff Notes -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard Phone Systems for Ask Noah provided by Voxtelesys Join us in our dedicated chatroom #AskNoahShow on Freenode! -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux Ask Noah Show Altispeed Technologies Links:Emby now closed-source!How To Setup WireGuard (Tutorial) — Want a secure way to remotely connect to your home or office network but don't have the time for the overhead?WireGuard is for you!WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. We'll walk you step-by-step setting WireGuard up on a fresh install of Ubuntu 18.04 LTS.iXsystems, Inc. - Enterprise Storage & ServersMullvad VPN — It is fundamental to a well-functioning society. It allows norms, ethics, and laws to be safely discussed and challenged. A free and open society, therefore, cannot flourish and develop nor exist without privacy.Kitlol5 Twitter StatusFreeNAS Storage Operating System | Open Source - FreeNAS - Open Source Storage Operating System
A podcast made by people who love running Linux.
Rank #1: Destination Linux EP86 – Interview with Matthew Miller of Fedora.
In this special episode of Destination Linux, we have an in-depth interview with Matthew Miller of Fedora. We are big fans of Fedora and Red Hat, especially Ryan :), so we are really excited about this episode! If you’ve never seen an interview episode of Destination Linux then you are in for a treat! Our in-depth interviews are totally unique because we dedicate the entire show to the interview so instead of 5-10 minutes, our interviews can last over an hour since we cover all of the questions we can think of. We also ask our Patrons to submit questions for our interview guests so if you’d like to ask questions to our next guest then please go to https://destinationlinux.org/patreon to become a Patron. Quick Links: Ryan, aka DasGeek = https://dasgeekcommunity.com Michael, with TuxDigital = https://tuxdigital.com Zeb, aka Zebedeeboss = https://youtube.com/zebedeeboss Want to Support the Show? Support on Patreon Order Destination Linux Apparel Want to follow the show and hosts on social media? You can find all of our social accounts at destinationlinux.org/contact
Rank #2: Destination Linux EP92 – Elementary My Dear Distro.
On this very special episode of Destination Linux, we are joined by 2 friends of the show. Unfortunately, Zeb was sick this week so we needed a last minute guest host, thankfully Gabriele Musco of TechPills stepped up to help out. If that wasn’t special enough, Daniel Foré from elementary joined us for a segment to discuss the latest release of elementary OS 5.0 (Juno). This episode we discuss a ton of hot topics in the Linux world including Microsoft making 60,000 patents available to the Open Invention Network (OIN), Plex joins the universal package format game with a new Snap, Google+ announces it is shutting down after a security bug debacle, there were some patches proposed to the Linux kernel’s new Code of Conduct. All that and much more including our Tips, Tricks and Software Spotlight picks! Host of Destination Linux: Ryan, aka DasGeek = https://dasgeekcommunity.com Michael of TuxDigital = https://tuxdigital.com Zeb, aka Zebedeeboss = https://youtube.com/zebedeeboss Special Guests: Gabriele Musco of TechPills (Special Guest Host) Daniel Foré of elementary OS Want to Support the Show? Support on Patreon Order Destination Linux Apparel Want to follow the show and hosts on social media? You can find all of our social accounts at destinationlinux.org/contact — Topics covered in this episode: elementary OS 5.0 – Juno – with special guest, Daniel Foré of elementary Microsoft Makes 60,000 Patents OpenSource Flatpaks Are A Security Nightmare Plex is now a SNAP Google+ Cover Up Uncovered Intel Launches 9th Gen Coffeelake – S CPU’s The Leading Linux Desktop Platform Issues Code Of Conduct Changes Proposed Gummy Life Out For Linux Hazelnut Bastille Linux Demo — Tips & Tricks: Handbrake – HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs. FFMPEG – A complete, cross-platform solution to record, convert and stream audio and video. (command-line tool) Software Spotlight: Remmina – Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travellers, who need to work with lots of remote computers in front of either large monitors or tiny netbooks.
Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros.The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
Rank #1: Episode 239: The Return To ptrace | BSD Now 239.
OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available. RSS Feeds: MP3 Feed | iTunes Feed | HD Vid Feed | HD Torrent Feed Become a supporter on Patreon: - Show Notes: - Headlines Preventing Windows 10 and untrusted software from having full access to the internet using OpenBSD Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds. Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls. Instead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here: 1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client. 2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction. 3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands. config -e -o /bsd /bsddisable acpidisable mpbios 4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a "Legacy Interface" because no guest additions are available. Then set up a virtual switch which is host only. 5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is "shared" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V "share" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising. 6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say "no internet available", it also does not assign an IP address which is fine. 7) Install the Squid proxy package on the OpenBSD guest and enable the daemon ``` pkg_add squid echo 'squid_flags=""' >> /etc/rc.conf.local /etc/rc.d/squid start ``` We will use this service for a limited selection of "safe and trusted" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally. 8) Configure the software you want to be able to access the external network with Firefox - go to the connection settings and specify the VMs IP address for the proxy. Subversion - modify the %HOME%\AppData\Roaming\Subversion\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward. Chromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow all of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags: --proxy-server="socks5://:"--host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE " 9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software "phoning home". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments. LLDB restoration and return to ptrace(2) I've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support. LLDB Since the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32. I've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application. Here is the commit message: ```We cannot call process_up->SetState() insidethe NativeProcessNetBSD::Factory::Launchfunction because it triggers a NULL pointerdeference. The generic code for launching a process in:GDBRemoteCommunicationServerLLGS::LaunchProcesssets the mdebuggedprocessup pointer aftera successful call to mprocessfactory.Launch().If we attempt to call processup->SetState()inside a platform specific Launch function weend up dereferencing a NULL pointer inNativeProcessProtocol::GetCurrentThreadID(). Use the proper call processup->SetState(,false)that sets notifydelegates to false.``` Sanitizers I suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers. I'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour. Userland changes I've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code. Some pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA). I thank the developers for improving the landed code in order to ship the best solutions for users. BSD collaboration in LLVM A One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD. I've landed most of the submitted and reviewed code to the mainstream LLVM tree. Part of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to "netbsd", similar to FreeBSD and Solaris. Prebuilt toolchain for testers I've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12: llvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2 Plan for the next milestone With the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD: Remove one unused feature from ptrace(2), PTSETSIGMASK & PTGETSIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.Finish the backport of UCMACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0. By popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10. Once done, I will return to ptrace(2) debugging and corrections. DigitalOcean Working with the NetBSD kernel Overview When working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals. Before delving into the details, this is the general outline of my environment: My host system runs Linux. My target system is a QEMU guest. I’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server. I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh. I use NFS to share the source tree and the build artifacts between the target and the host. I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags. For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace. Preparing the host system QEMU GDB NFS Exports Building NetBSD-current A word of warning Now is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options: -r Remove contents of TOOLDIR and DESTDIR before building. -u Set MKUPDATE=yes; do not run "make clean" first. Without this, everything is rebuilt, including the tools. Chance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect: On my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy. On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle. Acquiring the sources Compiling the sources Preparing the guest system Provisioning your guest Pkgin and NFS shares Tailoring the kernel for debugging Installing the new kernel Configuring DTrace Debugging the guest’s kernel News Roundup Add support for the experimental Internet-Draft "TCP Alternative Backoff” ```Add support for the experimental Internet-Draft "TCP Alternative Backoff withECN (ABE)" proposal to the New Reno congestion control algorithm module.ABE reduces the amount of congestion window reduction in response toECN-signalled congestion relative to the loss-inferred congestion response. More details about ABE can be found in the Internet-Draft:https://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn The implementation introduces four new sysctls: net.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero toenable ABE for ECN-enabled TCP connections. net.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.betaecn set themultiplicative window decrease factor, specified as a percentage, applied tothe congestion window in response to a loss-based or ECN-based congestionsignal respectively. They default to the values specified in the draft i.e.beta=50 and betaecn=80. net.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set tonon-zero to enable the use of standard beta (50% by default) when repairingloss during an ECN-signalled congestion recovery episode. It enables a moreconservative congestion response and is provided for the purposes ofexperimentation as a result of some discussion at IETF 100 in Singapore. The values of beta and betaecn can also be set per-connection by way of theTCPCCALGOOPT TCP-level socket option and the new CCNEWRENOBETA orCCNEWRENOBETA_ECN CC algo sub-options. Submitted by: Tom Jones firstname.lastname@example.orgTested by: Tom Jones email@example.com, Grenville Armitage firstname.lastname@example.orgRelnotes: YesDifferential Revision: https://reviews.freebsd.org/D11616``` Meltdown-mitigation syspatch/errata now available The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available. 6.1 ```Changes by: email@example.com 2018/02/26 05:36:18Log message:Implement a workaround against the Meltdown flaw in Intel CPUs.The following changes have been backported from OpenBSD -current. Changes by: firstname.lastname@example.org 2018/01/06 15:03:13Log message:Handle %gs like %[def]s and reset set it in cpu_switchto() instead of onevery return to userspace. Changes by: email@example.com 2018/01/06 18:08:20Log message:Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRsthat should help mitigate spectre. This is just the detection piece, thesefeatures are not yet used.Part of a larger ongoing effort to mitigate meltdown/spectre. i386 willcome later; it needs some machdep.c cleanup first. Changes by: firstname.lastname@example.org 2018/01/07 12:56:19Log message:remove all PG_G global page mappings from the kernel when running onIntel CPUs. Part of an ongoing set of commits to mitigate the Intel"meltdown" CVE. This diff does not confer any immunity to thatvulnerability - subsequent commits are still needed and are beingworked on presently.ok guenther, deraadt Changes by: email@example.com 2018/01/12 01:21:30Log message:IBRS -> IBRS,IBPB in identifycpu lines Changes by: firstname.lastname@example.org 2018/02/21 12:24:15Log message:Meltdown: implement user/kernel page table separation.On Intel CPUs which speculate past user/supervisor page permission checks,use a separate page table for userspace with only the minimum of kernel codeand data required for the transitions to/from the kernel (still marked assupervisor-only, of course):- the IDT (RO)- three pages of kernel text in the .kutext section for interrupt, trap,and syscall trampoline code (RX)- one page of kernel data in the .kudata section for TLB flush IPIs (RW)- the lapic page (RW, uncachable)- per CPU: one page for the TSS+GDT (RO) and one page for trampolinestacks (RW)When a syscall, trap, or interrupt takes a CPU from userspace to kernel thetrampoline code switches page tables, switches stacks to the thread's realkernel stack, then copies over the necessary bits from the trampoline stack.On return to userspace the opposite occurs: recreate the iretq frame on thetrampoline stack, switch stack, switch page tables, and return to userspace.mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosingissues on MP in particular, and drove the final push to completion.Many rounds of testing by naddy@, sthen@, and othersThanks to Alex Wilson from Joyent for early discussions about trampolinesand their data requirements.Per-CPU page layout mostly inspired by DragonFlyBSD.ok mlarkin@ deraadt@ Changes by: email@example.com 2018/02/22 13:18:59Log message:The GNU assembler does not understand 1ULL, so replace the constantwith 1. Then it compiles with gcc, sign and size do not matterhere. Changes by: firstname.lastname@example.org 2018/02/22 13:27:14Log message:The compile time assertion for cpu info did not work with gcc.Rephrase the condition in a way that both gcc and clang accept it. Changes by: email@example.com 2018/02/22 13:36:40Log message:Set the PG_G (global) bit on the special page table entries that are sharedbetween the u-k and u+k tables, because they're actually in all tables. OpenBSD 6.1 errata 037``` 6.2 ```Changes by: firstname.lastname@example.org 2018/02/26 05:29:48Log message:Implement a workaround against the Meltdown flaw in Intel CPUs.The following changes have been backported from OpenBSD -current. Changes by: email@example.com 2018/01/06 15:03:13Log message:Handle %gs like %[def]s and reset set it in cpu_switchto() instead of onevery return to userspace. Changes by: firstname.lastname@example.org 2018/01/06 18:08:20Log message:Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRsthat should help mitigate spectre. This is just the detection piece, thesefeatures are not yet used.Part of a larger ongoing effort to mitigate meltdown/spectre. i386 willcome later; it needs some machdep.c cleanup first. Changes by: email@example.com 2018/01/07 12:56:19Log message:remove all PG_G global page mappings from the kernel when running onIntel CPUs. Part of an ongoing set of commits to mitigate the Intel"meltdown" CVE. This diff does not confer any immunity to thatvulnerability - subsequent commits are still needed and are beingworked on presently. Changes by: firstname.lastname@example.org 2018/01/12 01:21:30Log message:IBRS -> IBRS,IBPB in identifycpu lines Changes by: email@example.com 2018/02/21 12:24:15Log message:Meltdown: implement user/kernel page table separation.On Intel CPUs which speculate past user/supervisor page permission checks,use a separate page table for userspace with only the minimum of kernel codeand data required for the transitions to/from the kernel (still marked assupervisor-only, of course):- the IDT (RO)- three pages of kernel text in the .kutext section for interrupt, trap,and syscall trampoline code (RX)- one page of kernel data in the .kudata section for TLB flush IPIs (RW)- the lapic page (RW, uncachable)- per CPU: one page for the TSS+GDT (RO) and one page for trampolinestacks (RW)When a syscall, trap, or interrupt takes a CPU from userspace to kernel thetrampoline code switches page tables, switches stacks to the thread's realkernel stack, then copies over the necessary bits from the trampoline stack.On return to userspace the opposite occurs: recreate the iretq frame on thetrampoline stack, switch stack, switch page tables, and return to userspace.mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosingissues on MP in particular, and drove the final push to completion.Many rounds of testing by naddy@, sthen@, and othersThanks to Alex Wilson from Joyent for early discussions about trampolinesand their data requirements.Per-CPU page layout mostly inspired by DragonFlyBSD. Changes by: firstname.lastname@example.org 2018/02/22 13:18:59Log message:The GNU assembler does not understand 1ULL, so replace the constantwith 1. Then it compiles with gcc, sign and size do not matterhere. Changes by: email@example.com 2018/02/22 13:27:14Log message:The compile time assertion for cpu info did not work with gcc.Rephrase the condition in a way that both gcc and clang accept it. Changes by: firstname.lastname@example.org 2018/02/22 13:36:40Log message:Set the PG_G (global) bit on the special page table entries that are sharedbetween the u-k and u+k tables, because they're actually in all tables. OpenBSD 6.2 errata 009``` syspatch iXsystems a2k18 Hackathon Report: Ken Westerback on dhclient and more Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon: YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ For those of you who don’t speak Airport code: Toronto -> Vancouver -> Melbourne -> Queenstown -> Christchurch -> Dunedin Then: Dunedin -> Wellington -> Auckland -> Sydney -> Brisbane -> Vancouver -> Toronto ``` Whew. Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.``` ```I worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request. More substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options. I tweaked softraid(4) to remove a handrolled version of duid_format(). I sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls. I continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon. I only locked myself out of my room once! Fueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins. Thanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible``` Poetic License I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember. I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-) ```Copyright (c) , All rights reserved. Redistribution and use in source and binary forms, with or withoutmodification, are permitted provided that the following conditionsare met:``` You may redistribute and use – as source or binary, as you choose, and with some changes or without – this software; let there be no doubt. But you must meet conditions three, if in compliance you wish to be. 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.3. Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. The first is obvious, of course – To keep this text within the source. The second is for binaries Place in the docs a copy, please. A moral lesson from this ode – Don’t strip the copyright on code. The third applies when you promote: You must not take, from us who wrote, our names and make it seem as true we like or love your version too. (Unless, of course, you contact us And get our written assensus.) THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOTLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESSFOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THECOPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVERCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICTLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING INANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THEPOSSIBILITY OF SUCH DAMAGE. One final point to be laid out (You must forgive my need to shout): THERE IS NO WARRANTY FOR THIS WHATEVER THING MAY GO AMISS. EXPRESS, IMPLIED, IT’S ALL THE SAME – RESPONSIBILITY DISCLAIMED. WE ARE NOT LIABLE FOR LOSS NO MATTER HOW INCURRED THE COST THE TYPE OR STYLE OF DAMAGE DONE WHATE’ER THE LEGAL THEORY SPUN. THIS STILL REMAINS AS TRUE IF YOU INFORM US WHAT YOU PLAN TO DO. When all is told, we sum up thus – Do what you like, just don’t sue us. Beastie Bits AsiaBSDCon 2018 Videos The January/February 2018 FreeBSD Journal is Here Announcing the pkgsrc-2017Q4 release (2018-01-04) BSD Hamburg Event ZFS User conference Unreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer Tarsnap ad Feedback/Questions Philippe - I heart FreeBSD and other questions Cyrus - BSD Now is excellent Architect - Combined Feedback Dale - ZFS on Linux moving to ZFS on FreeBSD Tommi - New BUG in Finland Send questions, comments, show ideas/topics, or stories you want mentioned on the show to email@example.com
Rank #2: Episode 261: FreeBSDcon Flashback | BSD Now 261.
Discover new software and hardware to get the best out of your network, control smart devices, and secure your data on cloud services. Self-Hosted is a chat show between Chris and Alex two long-time "self-hosters" who share their lessons and take you on the journey of their new ones. A Linux Academy podcast showcasing free and open source technologies you can host yourself.
Rank #1: 3: Home Network Under $200.
How far can you get with a Raspberry Pi 4? We go all in and find out. Plus our favorite travel router with WireGuard built in, and Chris kicks off Project Off-Grid. Meanwhile, Alex adopts proprietary software.Links:5.11 Taclite Trousers — Constructed using premium polyester and cotton mechanical stretch Taclite ripstop fabric with a triple-stitching built, this pair of pants is sturdy and flexible to ensure maximum performance in the field.Amazon.com: Gigabit Travel AC Router OpenWrt — Slate Comes with Pre-installed VPN server and client functions in WireGuard and OpenVPN.GL-AR750S - The SLATE Our favorite travel router — The first dual-band Gigabit AC travel router. We upgrade Ethernet ports (totally 3) to Gigabit ports so that it get faster speed in your travel. We also added 128MB Nand Flash to provide dual flash for more storage and faster operation speed. It has a MicroSD (TF) slot which increase your storage space up to 128GB.Raneto - A free, open, simple Markdown powered Knowledgebase — Raneto is an open source Knowledgebase platform that uses static Markdown files to power your Knowledgebase.raneto - Docker HubSmokePing — SmokePing keeps track of your network latency.smokeping - Docker HubFind the Containers Chris UsesMigrate qcow2 images from KVM to VMWare — I recently switched from Proxmox to ESXI for my primary Hypervisor due to better support for automation tools like Ansible and Terraform plus better integrations with Red Hat Satellite.Gotchas when migrating Fedora qcow2 images to vmware — My issue was that the initramfs didn't contain the necessary drivers for the emulated hardware and as such the VM refused to boot except into emergency mode.
Rank #2: 2: Why Self-Host? With Wendell from Level1techs.
We visit Wendell Wilson of Level1Techs and get a tour of his self-hosted setup, what he does and does not trust in the cloud, and we reminisce about the early days of computing and the internet. Plus we discuss craftsmanship in the Linux Kernel, and address the fundamental question of "why self-host."Links:Level One TechsChatting With Alex and Chris From The Self Hosted Podcast! - YouTubeSelf Hosted Pre-Launch Party | Meetup
Linux and open source headlines every weekday, in under 3 minutes.
Rank #1: 2019-12-20.
CERN eyes Kopano to replace its Exchange infrastructure, Apple open-sources its HomeKit Accessory Development kit with some caveats, and the GNU project releases a testing version of its GNUnet framework.Links:CERN to switch to Kopano mail server for its 40,000 users Where can I download Kopano software? Apple joins Amazon, Google, Zigbee Alliance and board members, to form working group to develop an open standard for smart home devices HomeKit Accessory Development Kit (ADK) GNUnet 0.12.0 released
Rank #2: 2019-12-19.
Canonical's Multipass virtual machine manager reaches its 1.0 milestone, the Django project releases a major security update out-of-band, Kdenlive receives major improvements, and Mozilla is replacing IRC for its community communications.Links:Multipass version 1.0.0 Multipass: Instant Ubuntu VMs Crossing the platforms: The Register checks in with Canonical's WSL alternative – Multipass Django security releases issued: 3.0.1, 2.2.9, and 1.11.27 Kdenlive 19.12 is out Synchronous Messaging at Mozilla: The Decision Mozilla comms: Forward Motion Welcoming Mozilla to Matrix!
Upbeat and family-friendly show including news, discussion, interviews and reviews from the Ubuntu, Linux and Open Source world.
Rank #1: S08E12 – Demon Island.
It’s Episode Twelve of Season Eight of the Ubuntu Podcast! Alan Pope, Laura Cowen, Mark Johnson, and Martin Wimpress are connected and speaking to your brain. In this week’s show: We discuss getting people to participate in your open source community… We share some Command Line Lurve, ntp, which we use every recording session: Make sure ntp is installed. This also starts the service automatically: apt-get install ntp Stop the ntp service: sudo service ntp stop Force a sync: sudo ntpd -gqx This will display the slew, something like and the clock is adjusted. ntpd: time slew +0.000244s Start the ntp daemon again: sudo service ntp start And we also chat about taking another 21 seconds off a PB (personal best time) at Parkrun, celebrating birthdays and wedding anniversaries, discovering the #systemau podcast, and paying for a software licence! That’s all for this week, please send your comments and suggestions to: firstname.lastname@example.org Join us on IRC in #ubuntu-podcast on Freenode Follow us on Twitter Find our Facebook Fan Page Follow us on Google+
Rank #2: S08E11- Blubberella.
It’s Episode Eleven of Season Eight of the Ubuntu Podcast! Alan Pope, Mark Johnson, Laura Cowen, and Martin Wimpress are connected and speaking to your brain. In this week’s show: We look at what’s been going on in the news: Canonical and GE’s FirstBuild collaborate on a smart refrigerator, ChillHub Meizu have announced the availability of the MX4 Ubuntu Edition in China 23 years remaining until 2038’s version of Y2K Security vulnerability in the virtual floppy drive code used by many computer virtualization platforms Firefox 38 arrives with tab-based preferences, responsive image support and content decryption module Official Syncthing Debian/Ubuntu repository released Interplanetary Society has launched a kickstarter to explore the universe with a spacecraft whose locomotion is light-powered Shutting down pirate sites is ineffective, European Commission finds MAME games emulator is going open-source We mention some community events: OpenTech – London, UK – Saturday 13th June PyCon UK – Coventry University Technology Centre, UK – Friday 18th – Monday 21st September That’s all for this week, please send your comments and suggestions to: email@example.com Join us on IRC in #ubuntu-podcast on Freenode Follow us on Twitter Find our Facebook Fan Page Follow us on Google+
New ideas, great interviews, events, and other content you will love. We bring you the Extras.
Rank #1: What is a Container?.
Containers changed the way the IT world deploys software. We give you our take on technologies such as docker (including docker-compose), Kubernetes and highlight a few of our favorite containers.Links:Docker HubPodmanPod Overview - Kubernetes — A Pod is the basic execution unit of a Kubernetes application–the smallest and simplest unit in the Kubernetes object model that you create or deploy. A Pod represents processes running on your Cluster.
Rank #2: Self-Hosted: Reverse Proxy Basics.
Chris, Alex, and Wes talk about reverse proxies, internal routing, and some popular methods to make it all work.Links:Duck DNSIP ChickenNamecheapCloudflareCockpitNextcloudCodiMDLinuxserver FleetHoverdns-lexicon · PyPIicanhazippfSenseWireGuardMoshTraefikNGINXKubernetesLet's EncryptLinuxserver Let's Encrypt Docker Image
The word's most popular Linux Podcast. A weekly show featuring the latest in the open source world, reviews, and howtos.
Rank #1: Linux Action News 2.
Ubuntu's Gnome plans start to form & they want your input. The Linux subsystem is coming to Windows Server & Mycroft is finally ready to ship. Plus the Tizen surprise, elementary OS' pay-what-you-want AppCenter & what's new Android O.
Rank #2: Windows Gets Bash-ed | LAS 411.
Microsoft & Ubuntu working together to bring you Bash & the Ubuntu userland on Windows 10. Is this the ultimate Win for Linux? Or is this Embrace, Extend, Extinguish at its finest? We share our thoughts on this historic announcement. Plus Red Hat wants to save you some money, TP-Link bans OSS firmwares, Edubuntu calls it quits, our new favorite note taking app for Linux & more!
Late Night Linux is a podcast that takes a look at what's happening with Linux and the wider tech industry. Every two weeks, Joe, Félim, Graham and Will discuss the latest news and releases, and the broader issues and trends in the world of free and open source software. Expect drinking, swearing, strong opinions and Will being told to shut up about Ubuntu.
Rank #1: Late Night Linux – Episode 75.
Will tells us why he left his job as Director of Ubuntu Desktop, KDE Korner, and a mixed bag of news. News The BBC has joined the dark web Startpage bought by an Ad Company Gitlab planned to introduce telemetry, then changed their minds GNOME fights patent troll Firefox 70 released KDE Korner Akademy vids are out, Plasma Mobile catchups, KItinerary extractors again & The cashew is no more Will leaves Canonical Will tells us why he has left his job as Director of Ubuntu Desktop and where he’s going next. Admin OggCamp panel recording Digital Ocean This episode is sponsored by Digital Ocean. Go to do.co/lnl and get started with $50 of credit. Digital Ocean provides virtual private servers all over the world with full root access starting at $5 per month, and other great features like block storage and load balancers. CDN77 This episode is sponsored by CDN77. Trusted by the European Space Agency, CDN77 supports the latest tech innovations and provides fast, secure and reliable content delivery solutions all around the world. See our contact page for ways to get in touch. RSS: Subscribe to the RSS feed.
Rank #2: Late Night Linux – Episode 57.
Librem 5 shipping when? Todd from Purism joins us to answer that question, as well as what’s going on with the dev kits. Plus KDE, Red Hat Satellite, and Windows X86 apps on Arm Linux in a brief news segment. News KDE Plasma 5.15 & Snaps Red Hat standardising to Postgres… no Mongo Wine Developers Release Hangover Alpha To Run Windows x86_64 Programs On 64-Bit ARM Todd Weaver from Purism A year on from his last appearance on the show, Todd joins us to discuss the progress of the Librem 5, and how things are going for Purism in general. Digital Ocean This episode is sponsored by Digital Ocean. Go to do.co/lnl and get started with $50 of credit. Digital Ocean provides virtual private servers all over the world with full root access starting at $5 per month, and other great features like block storage and load balancers. CDN77 This episode is sponsored by CDN77. Trusted by the European Space Agency, CDN77 supports the latest tech innovations and provides fast, secure and reliable content delivery solutions all around the world. Techmeme Ride Home Check out the Techmeme Ride Home Podcast See our contact page for ways to get in touch. RSS: Subscribe to the RSS feed.
Hang out with Chris and friends as they discuss a new take on life, tech, and open source.
Rank #1: Episode 1: Bitcoin Recession | Tech Talk Today 154.
Is the Bitcoin Foundation about to collapse or is the situation a bit overblown? We’ll discuss. OnLive finally gets a shutdown date & John Oliver helps refocus the surveillance debate. Plus what we suspect is behind the elementary OS countdown clock!
Rank #2: Episode 5: Microsoft Bumps, Bruises & Bribes | Tech Talk Today 158.
Microsoft suffers a few major set back today & one rather important win. We’ll break it all down and talk about the long-term impact. Plus Google and the EU get into a tussle & Ikea has the solution to your power hungry smart device.
A weekly talk show taking a pragmatic look at the art and business of Software Development and related technologies.
Rank #1: Go Go Golang | CR 203.
A little reflective & contemplative after a successful human forking, our hosts reflect on a well stated OO vs Functional rant, the bot frameworks that impress & the surprisingly great use case for Go. Plus the 800 pound snake in the room, a quick Linux switch update for Mike & more!
Rank #2: Skills to Pay the Bills | CR 267.
We solve some problems, and then go down the rat hole of self hacking to increase work, productivity & our health. Then we gleefully watch as Coding Bootcamps begin to collapse & discuss the misleading metric that led them to their doom. Plus Mike shares some straightforward code that solved a very annoying problem.