Linux distribution based on free and open-source software
POPULARITY
2 episodes with debian linux
2 episodes with debian linux
2 episodes with debian linux
3 episodes with debian linux
2 episodes with debian linux
Because nothing says "professional, quality software engineering" quite like virtue signaling about gender diversity.More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe
Want to be a paid intern for Debian? Everyone is welcome! (Except Straight White Men. And Asians. Debian really doesn't want Asians.)More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe
Linux Lugcast - https://linuxlugcast.com/ Hacker Public Radio - https://hackerpublicradio.org/ Reichsmark - https://en.wikipedia.org/wiki/Reichsmark 7-11 convenience store - https://www.7-eleven.com/ 7-11 pizza - https://www.7-eleven.com/products/pizza Peanut butter sandwich - https://www.foodnetwork.com/recipes/photos/pb-and-yay- Cereal - https://en.wikipedia.org/wiki/Cereal https://en.wikipedia.org/wiki/List_of_breakfast_cereals Medicaid - https://www.medicaid.gov/ Raspberry Pi - https://www.raspberrypi.com/ MX Linux - https://mxlinux.org/ MX Linux Pi OS Respin - https://mxlinux.org/blog/mx-23-1-raspberry-pi-os-respin/ Raspberry Pi OS - https://www.raspberrypi.com/software/ Chromium Browser - https://www.chromium.org/chromium-projects/ Firefox Browser - https://www.mozilla.org/en-US/firefox/new/ Raspberry Pi 400 - https://www.raspberrypi.com/products/raspberry-pi-400/ How Many Open Browser Tabs Is Too Many Open Browser Tabs? - https://lifehacker.com/does-having-too-many-tabs-open-really-slow-down-your-br-1848554140 HDMI - https://www.lifewire.com/hdmi-facts-high-definition-multimedia-interface-1847337 VGA - https://www.howtogeek.com/821620/what-is-vga/ RCA Connectors - https://www.cablethis.com/demystifying-rca-connectors-how-they-impact-your-audio-quality/ Composite Video - https://www.lifewire.com/composite-video-the-basics-1846869 CDC Pascal - https://standardpascal.org/CDC6000pascal.html https://exhibits.stanford.edu/stanford-pubs/catalog/sz874xb6118 Xerox - https://www.xerox.com/en-us IBM - https://www.ibm.com/us-en Thailand Death Train - https://www.bordersofadventure.com/death-railway-kanchanaburi-thailand/ https://www.thaitrainguide.com/death-railway/ West Virginia - https://www.wv.gov/Pages/default.aspx https://wvtourism.com/ Mining Effects On Fishing - https://fisheries.org/policy-media/policy-statements/afs-policy-statement-13/ Mining Land Remediation/Reclamation - https://www.epa.gov/remedytech/green-remediation-best-management-practices-mining-sites https://en.wikipedia.org/wiki/Mine_reclamation Kwai River - https://www.tripadvisor.com/Attraction_Review-g297924-d554151-Reviews-River_Kwai-Kanchanaburi_Kanchanaburi_Province.html Cassava - https://plants.usda.gov/DocumentLibrary/plantguide/pdf/pg_maes.pdf https://codycovefarm.com/plant-profile-cassava-manihot-esculenta/ Sugar Cane - https://en.wikipedia.org/wiki/Sugar_Kane Rice - https://en.wikipedia.org/wiki/Rice https://www.foodnetwork.com/how-to/articles/how-to-make-perfect-rice-a-step-by-step-guide The story of the great Polish train hack - https://www.railway-technology.com/news/the-story-of-the-great-polish-train-hack/?cf-view CompuServe Headquarters turns 50 - https://abc6onyourside.com/news/local/historical-status-given-to-central-ohio-building-that-once-housed-compuserve Compuserve - https://www.compuserve.com/ https://en.wikipedia.org/wiki/CompuServe PDP-10 Computer - http://www.columbia.edu/cu/computinghistory/pdp10.html Linear Power Supply - https://www.tek.com/en/documents/application-note/understanding-linear-power-supply-specifications Switching Power Supply - https://www.eleccircuit.com/what-switching-power-supply-how-does-it-work/ Asperger's Syndrome - https://www.autismspeaks.org/types-autism-what-asperger-syndrome DietPi - https://dietpi.com/ Debian Linux - https://www.debian.org/ XFCE - https://www.xfce.org/ Systemd - https://www.digitalocean.com/community/tutorials/what-is-systemd MX-23 XFCE (Bookworm) - https://forums.raspberrypi.com/viewtopic.php?t=362478 Thorium Web Browser - https://thorium.rocks/ Waterfox Web Browser - https://www.waterfox.net/ Group Speed Dial (FIrefox) - https://addons.mozilla.org/en-US/firefox/addon/groupspeeddial/ Raspberry Pi 5 - https://www.raspberrypi.com/products/raspberry-pi-5/ PDP-6 - http://pdp-6.net/ MIT - https://web.mit.edu/ MIT Early AI works - https://dspace.mit.edu/handle/1721.1/5460 ZULU Time - https://www.timeanddate.com/worldclock/timezone/zulu Daylight Savings Time - https://www.reuters.com/world/us/what-is-us-daylight-saving-time-why-was-it-created-2023-10-31/ Truck Driver Rules & Regulations - https://truckstop.com/blog/understanding-truck-driving-hours-and-regulations/ Amphetamine - https://en.wikipedia.org/wiki/Amphetamine Men In Black - https://www.imdb.com/title/tt0119654/ Cold War - https://www.britannica.com/event/Cold-War Pershing Ballastic Missle - https://www.lockheedmartin.com/en-us/news/features/history/pershing.html Pershing M26 Tank - https://tanks-encyclopedia.com/ww2/us/m26_pershing.php C4 Plastic Explosive - https://www.military.com/video/ammunition-and-explosives/explosives/c4-explained/1367499806001 Battleship New Jersey - https://www.battleshipnewjersey.org/ B-52 - https://stratofortress.org/history/ Wagner Military Group - https://en.wikipedia.org/wiki/Wagner_Group John Ringo - https://www.simonandschuster.com/authors/John-Ringo/1875432 Ghost (John Ringo book) - https://www.kirkusreviews.com/book-reviews/john-ringo/ghost-3/ Battleship Wisconsin - https://nauticus.org/explore/battleship-exhibits/about-the-battleship/ Jules Verne - https://www.biography.com/authors-writers/jules-verne M28/M29 Davy Crockett Tactical Nuclear Weapon - https://armyhistory.org/the-m28m29-davy-crockett-nuclear-weapon-system/ PTSD - https://www.psychiatry.org/patients-families/ptsd/what-is-ptsd Autistic Spectrum - https://www.cdc.gov/ncbddd/autism/signs.html Dyslexia - https://www.mayoclinic.org/diseases-conditions/dyslexia/symptoms-causes/syc-20353552 Boston - https://www.boston.gov/visiting-boston Clinical Depression - https://www.nimh.nih.gov/health/topics/depression Maine - https://visitmaine.com/ Spread Spectrum Communications - https://www.edn.com/what-is-spread-spectrum-technology/ Israeli Army Unit that recruits autistic teens - https://www.theatlantic.com/health/archive/2016/01/israeli-army-autism/422850/ Open Source - https://opensource.com/resources/what-open-source New Years Resolution - https://www.newsweek.com/new-years-resolution-2022-meaning-origin-ideas-1662947 Mini HDMI Cable - https://www.howtogeek.com/745530/hdmi-vs-mini-hdmi-vs-micro-hdmi-whats-the-difference/ LibreOffice Impress - https://www.libreoffice.org/discover/impress/ Powerpoint - https://www.microsoft.com/en-us/microsoft-365/powerpoint Google Drive - https://www.google.com/drive/ GPD Win 4 - https://www.gpd.hk/gpdwin4 Coreboot - https://www.coreboot.org/ Libreboot - https://libreboot.org/ FOSDEM - https://fosdem.org/2024/ BIOS - https://computer.howstuffworks.com/bios.htm X11 - https://www.baeldung.com/linux/x11 Wayland - https://wayland.freedesktop.org/ Gnome 3 - https://www.gnome.org/getting-gnome/ Mate - https://mate-desktop.org/ Xorg - https://wiki.archlinux.org/title/Xorg Open Suse - https://www.opensuse.org/ KDE - https://kde.org/ Unity - https://unityd.org/ Chromebook - https://www.google.com/chromebook/ ASUS EEE PC 901 - https://www.laptopmag.com/reviews/laptops/asus-eee-pc-901 ASUS EEE PC X101CH - https://www.cnet.com/reviews/asus-eee-pc-x101ch-review/ Star Labs - https://us.starlabs.systems/?shpxid=fc6f3491-925e-4b6c-aba5-4477924fc432 Pulse Audio - https://www.freedesktop.org/wiki/Software/PulseAudio/ Obsessive Compulsive Disorder (OCD) - https://www.nimh.nih.gov/health/topics/obsessive-compulsive-disorder-ocd STEM (Science, Technology, Engineering, & Math) - https://www.lifewire.com/what-is-stem-4150175
Ralph Hempel spoke with us about the development of Lego Mindstorms from hacking the initial interface to running Debian Linux as well as programming Mindstorms in Python. Happy 25th birthday to Lego Mindstorms! Pybricks is a MicroPython based coding environment that works across all Lego PoweredUp hubs and on the latest Mindstorms elements. The creators are David Lechner and Laurens Valk. Ralph was the first person to boot a full Debian Linux distro on the brick, see EV3Dev, a Debian Linux for Lego Mindstorms EV3. BrickLink was originally a site for third party resellers of new and used Lego sets and elements. The site was purchased by the Lego Group a few years ago. It's still a great place to buy individual parts - for example a 4 port PoweredUp hub to run the new PyBricks on :-) ReBrickable is a site dedicated to taking off-the-shelf Lego sets, and creating something new with the set. In particular see the MOCs Designed by LUCAMOCS, fantastic Technic vehicles as well as interesting designs for vehicle subsystems. Yoshihito ISOGAWA - YouTube is an absolute genius at coming up with practical applications of new LEGO Elements. Ralph recommends his books as “awesome to read”. LEGO uses 18 Cucumbers to build real Log House Ralph highly recommends Test Driven Development for Embedded C by James Grenning (who has been on the show: 270: Broccoli is Good Too, 109: Resurrection of Extreme Programming, and 30: Eventually Lightning Strikes). Origami Simulator and Elecia's origami generating python code on github Transcript Nordic Semiconductor empowers wireless innovation, by providing hardware, software, tools and services that allow developers to create the IoT products of tomorrow. Learn more about Nordic Semiconductor at nordicsemi.com, check out the DevAcademy at academy.nordicsemi.com and interact with the Nordic Devzone community at devzone.nordicsemi.com.
Episode #10 Tech And Coffee https://techandcoffee.info/ CDC COVID Death Toll https://covid.cdc.gov/covid-data-tracker/#datatracker-home Edinburgh https://edinburgh.org/ Glasgow https://www.scotland.org/about-scotland/scotlands-stories/glasgow Pixelfed - A decentralized social media photo sharing site https://pixelfed.org/ Audacity https://www.audacityteam.org/ Ice Cast https://icecast.org/ Butt - Broadcast Using This Tool https://danielnoethen.de/butt/ FOSDEM Brussels, 2023 https://fosdem.org/2023/news/2022-09-14-fosdem-2023-dates/ Arduboy Mini https://liliputing.com/arduboy-mini-hits-kickstarter-for-29-and-up-tiny-8-bit-game-console-with-300-games-included/ Pine Tab 2 https://arstechnica.com/gadgets/2022/12/pinetab-2-is-a-rockchip-based-linux-powered-repairable-tablet/ NVIDIA 3080 https://www.nvidia.com/en-us/geforce/graphics-cards/30-series/rtx-3080-3080ti/ Pinebook Pro https://www.pine64.org/pinebook-pro/ Pinenote https://www.pine64.org/pinenote/ GDP Win 4 https://www.indiegogo.com/projects/gpd-win-4-smallest-6800u-handheld-console#/ Steam OS https://store.steampowered.com/steamos Steam Deck https://store.steampowered.com/steamdeck Docking Stations For Steam Deck https://store.steampowered.com/steamdeckdock HP Elitedesk G2 Mini https://support.hp.com/us-en/product/hp-elitedesk-800-35w-g2-desktop-mini-pc/7633266 Plex https://www.plex.tv/ Audio Bookshelf https://www.audiobookshelf.org/ Jellyfin https://jellyfin.org/ Helios NAS https://kobol.io/ Synology NAS https://www.synology.com/en-us VIA NAS Board (end of life) https://www.viatech.com/en/support/eol/nas7800-eol/ Huion Graphics Drawing Tablet https://store.huion.com/ X2GO https://wiki.x2go.org/doku.php Nicotine+ https://nicotine-plus.org/ Soulseek http://www.slsknet.org/news/ Diet Pi https://dietpi.com/ Yunohost https://yunohost.org/#/ Open Project https://www.openproject.org/ Nextcloud https://nextcloud.com/ Wire Guard https://www.wireguard.com/ Proxmox https://www.proxmox.com/en/ Linode https://www.linode.com/ Podman - manage containers https://podman.io/ Open Media Vault https://www.openmediavault.org/ NAS4FREE (now called XigmaNAS) https://xigmanas.com/xnaswp/ SAMBA https://www.samba.org/ Wacom Intuos Drawing Tablets https://www.wacom.com/en-us/products/pen-tablets/wacom-intuos Garuda Linux https://garudalinux.org/ btrfs (ButterFS) https://btrfs.wiki.kernel.org/index.php/Main_Page Jessica Garson https://pyvideo.org/speaker/jessica-garson.html Fox Dot - Live Coding with Python https://github.com/Qirky/FoxDot GTK https://www.gtk.org/ bulky https://pypi.org/project/bulky/ Toy Pizza Oven https://www.melissaanddoug.com/products/top-bake-pizza-counter-wooden-play-food Crayola Drawing Pad https://shop.crayola.com/toys-and-activities/ultimate-light-board-choose-your-color-7472.html Joplin https://joplinapp.org/ Lotus Notes https://en.wikipedia.org/wiki/HCL_Domino GNOTE https://wiki.gnome.org/Apps/Gnote SUSE Linux https://www.suse.com/ Keepass https://keepass.info/ Blackberry https://www.blackberry.com/us/en/products/devices InSync (Sync to Google drive) https://www.insynchq.com/ Keypass XC https://keepassxc.org/ Bitwarden https://bitwarden.com/ Geocities https://en.wikipedia.org/wiki/Yahoo!_GeoCities Angelfire https://www.angelfire.lycos.com/ Yubikey https://www.yubico.com/ Linux Mint https://linuxmint.com/ ASUS Vivobook https://www.asus.com/us/laptops/for-home/vivobook/ Mastodon https://mastodon.social/explore South Park https://southpark.cc.com/ Mastercard https://www.mastercard.us/en-us.html westernunion: Notify your bank before using a credit or debit card when traveling. ftc: What To Know About Credit Freezes and Fraud Alerts. wikipedia: Mastercard Inc. (stylized as MasterCard from 1979–2016, mastercard from 2016–2019) is the second-largest payment-processing corporation worldwide. wikipedia: Eurocard was a credit card, introduced in 1964 by a Swedish banker in the Wallenberg family as an alternative to American Express. visitsweden: Currency, credit cards and money in Sweden. wikipedia: Visa Inc. (/ˈviːzə, ˈviːsə/; stylized as VISA) is an American multinational financial services corporation headquartered in San Francisco, California. mewe: Brilliant features with no BS. No Ads. No Spyware. MeWe is the Next-Gen Social Network. hplovecraft: HOWARD PHILLIPS LOVECRAFT (20 August 1890–15 March 1937) is probably best known as a writer of weird fiction, but some believe his voluminous correspondence to be his greatest accomplishment. wikipedia: Lovecraftian horror, sometimes used interchangeably with "cosmic horror", is a subgenre of horror fiction and weird fiction that emphasizes the horror of the unknowable and incomprehensible more than gore or other elements of shock. adultswim: Rick and Morty is an American adult animated science-fiction sitcom created by Justin Roiland and Dan Harmon for Cartoon Network's nighttime programming block Adult Swim. wikipedia: Facebook is an online social media and social networking service owned by American company Meta Platforms. wikipedia: Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users send and respond publicly or privately 280-character-long messages, images and videos known as "tweets". climagic: Command LIne Magic (CLIMagic). climagic: Indiana Linux Fest 2012. element: Element is a free and open-source software instant messaging client based on the Matrix protocol. Element supports end-to-end encryption, groups, channels and sharing of files between users. matrix: Linux Lug Cast on Matrix. matrix: HPR on Matrix. wikipedia: Atom was a free and open-source text and source code editor for macOS, Linux, and Microsoft Windows with support for plug-ins written in JavaScript, and embedded Git Control. matrix: An open network for secure, decentralized communication. wikipedia: Multi-factor authentication. apple: Two-factor authentication for Apple ID. wikipedia: An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. wikipedia: Google Authenticator. wikipedia: Key authentication. wikipedia: SQRL (pronounced "squirrel") or Secure, Quick, Reliable Login (formerly Secure QR Login) is a draft open standard for secure website login and authentication. twit: Security Now - Hosted by Steve Gibson, Leo Laporte. keepassxc: KeePassXC - Cross-Platform Password Manager. wikipedia: In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. wikipedia: LastPass is a password manager distributed in subscription form as well as a freemium model with limited functionality. cnet: LastPass Owner GoTo Says Hackers Stole Customer Data Backups. wikipedia: The Zip drive is a removable floppy disk storage system that was introduced by Iomega in late 1994. wikipedia: Lotus 1-2-3 is a discontinued spreadsheet program from Lotus Software (later part of IBM). wikipedia: Office Space is a 1999 American black comedy film written and directed by Mike Judge. wikipedia: In cryptography, encryption is the process of encoding information. wikipedia: In computing, tar is a computer software utility for collecting many files into one archive file, often referred to as a tarball, for distribution or backup purposes. wikipedia: A quantum computer is a computer that exploits quantum mechanical phenomena. wikipedia: Final Destination is an American horror franchise that includes five films, two comic books, and nine novels. wikipedia: Buddhism. wikipedia: Conquian, Coon Can or Colonel (the two-handed version) is a rummy-style card game. linuxfestnorthwest: LinuxFest Northwest 2022 has concluded. wikipedia: Lead shielding refers to the use of lead as a form of radiation protection to shield people or objects from radiation so as to reduce the effective dose. wikipedia: The Hulk is a superhero appearing in American comic books published by Marvel Comics. jeffgeerling: I'm geerlingguy most places online. I'm an author and software developer from St. Louis, MO. jeffgeerling: Colons, semicolons, and Crohns surgery, oh my! wikipedia: Colon cancer staging. wikipedia: Colonoscopy. wikipedia: A smartwatch is a wearable computer in the form of a watch; modern smartwatches provide a local touchscreen interface for daily use, while an associated smartphone app provides management and telemetry, such as long-term biomonitoring. hipaajournal: Judge Denies Injunction Banning Meta from Collecting Patient Data via Meta Pixel Code. wikipedia: Raspberry Pi. wikipedia: Arduino. odroid: ODROID-C2. wikipedia: Google Hangouts is a discontinued cross-platform instant messaging service developed by Google. wikipedia: Mainframe computer wikipedia: ncurses. wikipedia: The IBM 3270 is a family of block oriented display and printer computer terminals introduced by IBM in 1971 and normally used to communicate with IBM mainframes. ibm: a PCOMM TN3270E. wikipedia: Command-line interface. redhat: 10 ways to use the Linux find command. github: Welcome to moby-thesaurus.org, a free and open-source website designed to facilitate meanderings through the Moby Thesaurus, the largest thesaurus in the English language. wikipedia: Software as a service. wikipedia: C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". wikipedia: deb is the format, as well as extension of the software package format for the Debian Linux distribution and its derivatives. wikipedia: dpkg is the software at the base of the package management system in the free operating system Debian and its numerous derivatives. wikipedia: K3b (from KDE Burn Baby Burn) is a CD, DVD and Blu-ray authoring application by KDE for Unix-like computer operating systems. nero: Nero Burning ROM: Rip, copy, burn and protect data. wikipedia: Feature creep. wikipedia: A digital single-lens reflex camera (digital SLR or DSLR) is a digital camera that combines the optics and the mechanisms of a single-lens reflex camera with a digital imaging sensor. wikipedia: A mirrorless camera is a photo camera featuring a single, removable lens and a digital display. wikipedia: Darkroom. corel: What is Corel AfterShot Pro? darktable: darktable is an open source photography workflow application and raw developer. wikipedia: Pentax K1000. hackerpublicradio: Noisetorch is a program for Linux that creates a virtual microphone that removes background sounds. wikipedia: Noise gate. proxmox: Proxmox Virtual Environment. jellyfin: Jellyfin is the volunteer-built media solution that puts you in control of your media. Thanks To: Mumble Server: Delwin HPR Site/VPS: Joshua Knapp - AnHonestHost.com Streams: Honkeymagoo EtherPad: HonkeyMagoo Shownotes by: Sgoti and hplovecraft
We couldn't do a podcast about open source without exploring a major Linux distribution, and there's hardly a more influential or enduring distro out there than Debian. So we're delighted to be joined on this episode by the current Debian Project Leader, Jonathan Carter, who spoke with us about a wide range of topics including progress on his goals since taking over the leadership role, why so many other distros are built on Debian, the revolutionary nature of dpkg and apt in the '90s, whether the testing release is appropriate for end users, our shared love of BeOS, what's going to happen when there are no more Toy Story characters, and more.Download or find out more about Debian: https://www.debian.org/The FOSS Pod is brought to you by Google Open Source. Find out more at https://opensource.google
Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs have been monitoring malware repositories as a part of their proactive threat hunting process. Danny shares how researchers discovered a series of suspicious ELF files compiled for Debian Linux . The research states how the team identified a series of samples that target the WSL environment, were uploaded every two to three weeks and that they started as early as May 3, 2021 and go until August 22, 20221. The research can be found here: Windows Subsystem For Linux (WSL): Threats Still Lurk Below The (Sub)Surface No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs have been monitoring malware repositories as a part of their proactive threat hunting process. Danny shares how researchers discovered a series of suspicious ELF files compiled for Debian Linux . The research states how the team identified a series of samples that target the WSL environment, they were uploaded every two to three weeks and started as early as May 3, 2021 and go until August 22, 2021. The research can be found here: Windows Subsystem For Linux (WSL): Threats Still Lurk Below The (Sub)Surface No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders
Happy 10th birthday Raspberry Pi! The tiny computer has come a long way in just ten short years. It all started when Raspberry Pi Foundation founders Eben Upton and Rob Mullins set out to create an affordable, easy-to-use computer that students could use to learn coding. And they succeeded - Raspberry Pi has become one of the most popular computers in the world, with millions of units sold.The Raspberry Pi HardwareThe first devices were not intended to be the massive platform they are today, Instead, the plan was simply to make a few thousand devices to encourage children to learn to code. Raspberry Pi devices were first sold in 2012, and the response was overwhelming. Not only did students love them, but makers and hobbyists snapped them up as well. It quickly became clear that there was a much larger market for the tiny computers than originally anticipated.The Raspberry Pi Foundation has always been focused on education, and they continue to work with schools and organizations around the world to promote coding and computer science education. In addition to their educational initiatives, they have also developed several tools and resources that have made it easier for makers of all levels to create amazing projects.Over the years, Raspberry Pi has undergone several iterations, each one more powerful than the last. The original Model B was followed by the Model B+, the Raspberry Pi Zero, the Raspberry Pi A+ and A series, the Raspberry Pi Compute Module, and the Raspberry Pi Model B+. Beyond that, there have been a whole lot more.The Raspberry Pi 4 is just one example of how much Raspberry Pi has changed over the years. The original Model B had just 256MB of RAM and a 700MHz single-core processor. The latest Raspberry Pi 4 has a quad-core processor clocked at up to 1.5 GHz, as well as 8 GB of RAM. It also features improved networking with dual-band 802.11ac Wi-Fi and Bluetooth Low Energy (BLE) on board.In addition to hardware changes, the Raspberry Pi Foundation has also made several changes to the operating system over the years. The original Raspberry Pi devices ran on a modified version of Debian Linux, but the Raspberry Pi Foundation later developed their own operating system, Raspbian. Raspbian is based on Debian and is optimized for the Raspberry Pi hardware. Since then, the platform has transferred to Raspberry Pi OS, another Linux-based operating system.The Raspberry Pi communityAs amazing as all of the changes to Raspberry Pi have been, perhaps the most impressive thing about the tiny computer is the community that has grown up around it. There are now millions of Raspberry Pi devices in use all over the world, and there are countless projects and applications for them.From small projects like retro gaming consoles and media centers to large-scale deployments like industrial control systems and weather stations, Raspberry Pi is being used for everything. The possibilities are truly endless, and the Raspberry Pi community continues to come up with new and innovative ways to use the tiny computers.As Raspberry Pi celebrates its tenth birthday, it's clear that the best is yet to come. Thank you for being a part of this incredible journey, and we can't wait to see what the next ten years have in store for Raspberry Pi.
Today's episode looks at the applications with the most vulnerabilities, security updates for VMware, Chrome, and another record year of ransomware payments
In dieser Episode gehe ich darauf ein, wieso sich das Linux-Urgestein Debian so schwer tut im Umgang mit nicht quelloffenen Treibern und Paketen.
Foundations of Amateur Radio For decades I've been playing with every new piece of technology that comes my way. In amateur radio terms that's reflected in, among other things, playing with different antennas, radios, modes and software. One of the modes I've played with is slow scan television or SSTV. It's an amateur mode that transmits pictures rather than voice over amateur radio. A couple of months ago a local amateur, Adrian VK6XAM, set-up an SSTV repeater. The way it works is that you tune to the repeater frequency, listen for a while and when the frequency is clear, transmit an image. The repeater will receive your image and re-transmit it. It's an excellent way to test your gear and software, so I played with it and made it all work for me. In 2012 I was part of a public event where local schools participated in a competition to have the opportunity to ask an astronaut on board the International Space Station a question as part of the City of Light 50th anniversary of John Glenn's first orbit. The event was under the auspices of a group called Amateur Radio on the International Space Station or ARISS, an organisation that celebrated its 20th anniversary in 2020. Assisting with the logistics behind the scenes first hand and the amount of equipment used I'd gained a healthy respect for the complexity involved. The ISS has several radio amateurs on orbit. Among their on board activities are plenty of amateur radio friendly ones. In addition to ARISS, you'll also find repeaters, voice, packet and other interesting signals if you listen out for them. In previous years I've made abortive attempts at using my station to listen and transmit to space, with varying degrees of success. On a regular basis the ISS transmits SSTV using amateur radio. Often you'll find a series of images that commemorate an activity. During the final week of 2020 astronauts on the ISS celebrated 20 years of ARISS by transmitting a series of images on a rotating basis as the ISS orbits the earth. One of my friends made a throwaway comment about listening to the international space station and decoding slow scan television. I'd heard about this event on various social media outlets but put it in the too hard basket. Based on what I'd seen during my ARISS event, my own trials, and what local amateurs have been playing with in the way of interesting cross polarised antennas, rotators and the like, I'd decided that this was a long term project, unachievable with my current station. My station consists of a dual-band vertical antenna for 2m and 70cm on my roof at about 2m above ground level. The radio is my trusty Yaesu FT-857d. Connected to a Debian Linux laptop running three bits of software, rigctld, gpredict and qsstv. With a high level of apprehension I fired up my station, tuned my radio, updated the orbital information and radio frequencies and waited for the first acquisition of signal from the ISS. Imagine my surprise when a picture started appearing on my screen. It's a lot like the days of 300 baud dial up, getting a picture from some remote computer back in 1985. With that I managed to receive several of the images by just letting it run for the next couple of days. I'm glad my friend made their comment, because it spurred me into action to try for myself. I'll be the first to admit that the image quality isn't broadcast ready, or that I made mistakes, or that I should have started listening at the beginning of the week rather than the last few days, but all that is just noise because I can report that it works and I have the pictures to prove it! I now have most of the image series, number 2 is missing and I only have part of number 1, but there are some beauties among the 35 images I captured. I've published them on my project website at vk6flab.com, for you to have a look at and use as inspiration for your own seemingly impossible task. This leaves me wondering what else I can hear from overlying spacecraft using this set-up. What have you heard and what equipment were you using to make that happen? Are there any impossible tasks that you've avoided? I'm Onno VK6FLAB
Foundations of Amateur Radio It's the morning after the day before. I've been calling CQ for 24 hours and for the first time in my life after a contest I still have my voice. That in and of itself is novel. I also don't have ringing ears, that's a blessing. I have learnt heaps and had fun doing it. I made contacts and I heard stations across the globe and I did it all from the comfort of my shack chair. Before I dig in and expand, the contest I just completed ran for 24 hours. I didn't sit at my radio for all of it, nor was my radio on for all of it. I managed to have lunch, dinner, desert, breakfast and morning tea. I snuck in a few naps and I managed to help with bringing in the shopping. My station did not transmit unattended at any time in case you're wondering. My setup consisted of a little 11 year old netbook computer running the current version of Debian Linux and the heart of this adventure, the software called fldigi. The computer is connected to my Yaesu FT-857d via three cables, well, two and a half. A microphone and a headphone lead that combine into the data port in the back of the radio. The other cable is a USB CAT cable, a Computer Assisted Tuning cable, that plugs into the CAT port on the back of the radio. I also used an external monitor to have my main contest screen on and used it to display the main fldigi window. My license class allows me access to a selected number of amateur bands, 80m, 40m, 15m, 10m, 2m and 70cm. I managed at least one RTTY contact on each band. As I described previously, my radio is set to use Single Side Band and the audio from the radio is fed via the microphone socket on the computer into fldigi that processes the information. Similarly, when I transmit, the audio is generated via fldigi and leaves the computer via the headphone socket and goes into the radio as a Single Side Band audio signal. The information in the audio is all RTTY, a digital mode that I've described previously. The software is using Audio Frequency Shift Keying, AFSK, simulating the switching between the two RTTY frequencies. On my screen I have a waterfall display that shows all the signals that are happening within the 2.3 kHz audio stream that's coming from the radio. Fldigi is also decoding this in real-time and showing each decode as a virtual channel in a list. Click on a channel entry and your next transmission will happen at that frequency. If you've ever used WSJT-X this will sound very familiar. That's the mechanics of what I've been doing. So, what did I learn in this adventure? Well, most of Australia goes to sleep at night, at least the ones that do RTTY. I have evidence of exactly one station on-air, and that was only because they were named in the DX Cluster, which by the way this contest allows as assistance. Since then I've found logs from at least two more stations. Local contacts did happen during the more civil hours and in total I managed ten of them. You may think that's not much for say 12 hours of work, but that's 5 Watts QRP, or low power, RTTY contacts, in an actual contest, on a new antenna, from my shack, dodging thunderstorms and learning to use filters and levels. You might not be impressed, but I'm absolutely stoked! During the midnight-to-dawn run, on 40m, when there were double points to be had, which I missed out on, I did manage to hear several stations across Europe, 14,000 km away, which means that I can pretty much count on global coverage with my current setup. Sadly they didn't hear me, too many competing stations, but I'm sure that with practice I'll manage to contact them too. The software crashed once. That's not nice. It seems to have a habit of corrupting one of the preference files, which prevents it from starting up. That's also not nice. I hasten to add that I don't yet know the source of this. It may well be a dud-hard-disk sector on my ancient laptop, rather than the software, so I'm not assigning blame here. Getting started with fldigi is an adventure. It's not point-and-click, nor plug-and-play, more like running a mainframe whilst cranking the handle, but when you get it to fly there's lots to love about this tool. Other things that worked well were that I'd spent some preparation time getting the keyboard macros right. These are pre-defined bits of text that you send as you're calling CQ and making a contact. They're a whole topic in and of themselves, so I'll skip past the detail and just mention that I was very happy with the choices I made, gathered from years of voice-only contacts, reading RTTY contest information and looking for exchange details. From a technical perspective, I used both contest modes, "Running" and "Search and Pounce". Running is when you call CQ, Pouncing is when they call CQ. The running was by far the most successful for me. I'm not yet sure if that was a reflection on how much I still have to learn about levels. One thing that I can say with confidence is that there's absolutely nothing like having a wall of RTTY signals to learn how to make sure you're actually decoding something useful. I spent a good couple of the wee hours tuning my levels. I would like to thank the stations who came back to my call and for those who tried without me noticing them. I had a blast. I'm Onno VK6FLAB
Pues si amigos, el cohete espacial Falcon 9 o, dicho en español, el Halcón 9, llevó a dos astronautas, Bob Behnken y Doug Hurley, a la estación espacial Internacional junto con otro pasajero que no es Alien, es nuestro querido amigo Tux, ya que este cohete basa su funcionamiento en Linux. Un equipo integrado por 35 personas desarrolló los sistemas que se encargaron de controlar el vuelo del cohete. Dicho software se ejecuta en un sistema operativo Linux recortado que corre en tres computadoras x86 paralelamente y está escrito en C y C++. El chiste es que las tres compus deben de tomar la misma decisión, si no llegan al mismo acuerdo, la decisión se desecha, se sigue con la decisión anterior y se vuelve a iniciar el proceso hasta alcanzar otro consenso. En la estación espacial, por ejemplo, se utiliza Debian Linux y Scientific linux para comunicarse con comando y control y windows, para que ahí caiga el malware. Y esos sistemas que están en la estación espacial deben de estar protegidos contra radiación porque puede causar interferencia y dañar los sistemas. La diferencia aquí, es que como la primera etapa de la Falcon 9 se aterriza sola, los chips no deben de ser a prueba de radiación porque pasan poco tiempo fuera y la redundancia resuelve los posibles problemas. Los sistemas de la cápsula dragón también están soportados por un linux y escritos en C++. La interface gráfica touch que vimos está escrita en javascript sobre Chromium y, si llegara a trabarse, hay botones que se pueden usar en su lugar. Quién diría, los pingüinos si pueden volar...
The first batch of Pinebook Pro ANSI (US Keyboard Layout) Linux laptops has shipped. At just $200 and coming with Debian Linux pre-installed, we really want to get a close look at this groundbreaking daily driver of a laptop from Pine64. Read the complete show notes, comment or rate this episode, view pictures and obtain links from this episode at https://category5.tv/shows/technology/episode/641/ Running time: 1 Hour 12 Minutes 34 Seconds
Sick of stu-stu-stuttering video and slow file transfers on WiFi? Edgewater Wireless CEO, Andrew Skafel joins us to speak on how their revolutionary new WiFi technology is about to shake up the wireless industry. We'll also fire up the flux capacitor and show you how to go back in time in the Debian Linux repositories. Read the complete show notes, comment or rate this episode, view pictures and obtain links from this episode at https://category5.tv/shows/technology/episode/624/ Running time: 1 Hour 24 Minutes 8 Seconds
The ODROID HC1 is a 2.5-inch SSD enclosure that features a built-in 8-core SBC with 2 GB RAM and gigabit Ethernet. Since it runs Debian Linux (among others), there is really no limit to what you can create. For our first project out of the box, we'll setup the SSD to auto-mount on boot, and turn the unit into a self-contained BitTorrent seed server with a browser-based interface. Read the complete show notes, comment or rate this episode, view pictures and obtain links from this episode at https://category5.tv/shows/technology/episode/597/ Running time: 1 Hour 17 Minutes 32 Seconds
A bunch of great news stories from Miles, and a wonderful tail of VR exploration at Siggraph 2018 from Ben. Plus goat sounds, stories of the geeks hurting each other, and thoughts on existential VR.Six Things About Opportunity's Recovery EffortsScientists found the moon has ice in the shadows of its polesHiggs Boson(10) The Infinadeck Omnidirectional Treadmill - Smarter Every Day 192 (VR Series) - YouTube9 telescopes that will change how we see spaceThe latest in a new generation of giant telescopes broke groundMeet the renegade who’s teaching the world to fix totaled TeslasThe Software Arts - Warren Sack - Google BooksHappy 25th Birthday, Debian Linux!Hacked Water Heaters Could Trigger Mass Blackouts SomedayAlex Jones hit with bans from Facebook and AppleInfoWars app will stay in the iOS App Store—here’s Apple’s reason why
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malicious DDL Loaded Through AutoIT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/ Traefik Fixes TLS Private Key Exposure https://github.com/containous/traefik/issues/3651 TLS Certificates Survive Domain Ownership https://insecure.design Intel Microcode License Update Causes Problems for Debian Linux https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malicious DDL Loaded Through AutoIT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/ Traefik Fixes TLS Private Key Exposure https://github.com/containous/traefik/issues/3651 TLS Certificates Survive Domain Ownership https://insecure.design Intel Microcode License Update Causes Problems for Debian Linux https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
How the term open source was created, running FreeBSD on ThinkPad T530, Moving away from Windows, Unknown Giants, as well as OpenBSD and FreeDOS. This episode was brought to you by Headlines How I coined the term 'open source' (https://opensource.com/article/18/2/coining-term-open-source-software) In a few days, on February 3, the 20th anniversary of the introduction of the term "open source software" is upon us. As open source software grows in popularity and powers some of the most robust and important innovations of our time, we reflect on its rise to prominence. I am the originator of the term "open source software" and came up with it while executive director at Foresight Institute. Not a software developer like the rest, I thank Linux programmer Todd Anderson for supporting the term and proposing it to the group. This is my account of how I came up with it, how it was proposed, and the subsequent reactions. Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006. It has never been published, until today. The introduction of the term "open source software" was a deliberate effort to make this field of endeavor more understandable to newcomers and to business, which was viewed as necessary to its spread to a broader community of users. The problem with the main earlier label, "free software," was not its political connotations, but that—to newcomers—its seeming focus on price is distracting. A term was needed that focuses on the key issue of source code and that does not immediately confuse those new to the concept. The first term that came along at the right time and fulfilled these requirements was rapidly adopted: open source. This term had long been used in an "intelligence" (i.e., spying) context, but to my knowledge, use of the term with respect to software prior to 1998 has not been confirmed. The account below describes how the term open source software caught on and became the name of both an industry and a movement. Meetings on computer security In late 1997, weekly meetings were being held at Foresight Institute to discuss computer security. Foresight is a nonprofit think tank focused on nanotechnology and artificial intelligence, and software security is regarded as central to the reliability and security of both. We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies. At these meetings, we discussed the need for a new term due to the confusion factor. The argument was as follows: those new to the term "free software" assume it is referring to the price. Oldtimers must then launch into an explanation, usually given as follows: "We mean free as in freedom, not free as in beer." At this point, a discussion on software has turned into one about the price of an alcoholic beverage. The problem was not that explaining the meaning is impossible—the problem was that the name for an important idea should not be so confusing to newcomers. A clearer term was needed. No political issues were raised regarding the free software term; the issue was its lack of clarity to those new to the concept. Releasing Netscape On February 2, 1998, Eric Raymond arrived on a visit to work with Netscape on the plan to release the browser code under a free-software-style license. We held a meeting that night at Foresight's office in Los Altos to strategize and refine our message. In addition to Eric and me, active participants included Brian Behlendorf, Michael Tiemann, Todd Anderson, Mark S. Miller, and Ka-Ping Yee. But at that meeting, the field was still described as free software or, by Brian, "source code available" software. While in town, Eric used Foresight as a base of operations. At one point during his visit, he was called to the phone to talk with a couple of Netscape legal and/or marketing staff. When he was finished, I asked to be put on the phone with them—one man and one woman, perhaps Mitchell Baker—so I could bring up the need for a new term. They agreed in principle immediately, but no specific term was agreed upon. Between meetings that week, I was still focused on the need for a better name and came up with the term "open source software." While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term "open" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn't know him well at the time, so I took an indirect strategy instead. Todd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely. The key meeting Later that week, on February 5, 1998, a group was assembled at VA Research to brainstorm on strategy. Attending—in addition to Eric Raymond, Todd, and me—were Larry Augustin, Sam Ockman, and attending by phone, Jon "maddog" Hall. The primary topic was promotion strategy, especially which companies to approach. I said little, but was looking for an opportunity to introduce the proposed term. I felt that it wouldn't work for me to just blurt out, "All you technical people should start using my new term." Most of those attending didn't know me, and for all I knew, they might not even agree that a new term was greatly needed, or even somewhat desirable. Fortunately, Todd was on the ball. Instead of making an assertion that the community should use this specific new term, he did something less directive—a smart thing to do with this community of strong-willed individuals. He simply used the term in a sentence on another topic—just dropped it into the conversation to see what happened. I went on alert, hoping for a response, but there was none at first. The discussion continued on the original topic. It seemed only he and I had noticed the usage. Not so—memetic evolution was in action. A few minutes later, one of the others used the term, evidently without noticing, still discussing a topic other than terminology. Todd and I looked at each other out of the corners of our eyes to check: yes, we had both noticed what happened. I was excited—it might work! But I kept quiet: I still had low status in this group. Probably some were wondering why Eric had invited me at all. Toward the end of the meeting, the question of terminology was brought up explicitly, probably by Todd or Eric. Maddog mentioned "freely distributable" as an earlier term, and "cooperatively developed" as a newer term. Eric listed "free software," "open source," and "sourceware" as the main options. Todd advocated the "open source" model, and Eric endorsed this. I didn't say much, letting Todd and Eric pull the (loose, informal) consensus together around the open source name. It was clear that to most of those at the meeting, the name change was not the most important thing discussed there; a relatively minor issue. Only about 10% of my notes from this meeting are on the terminology question. But I was elated. These were some key leaders in the community, and they liked the new name, or at least didn't object. This was a very good sign. There was probably not much more I could do to help; Eric Raymond was far better positioned to spread the new meme, and he did. Bruce Perens signed on to the effort immediately, helping set up Opensource.org and playing a key role in spreading the new term. For the name to succeed, it was necessary, or at least highly desirable, that Tim O'Reilly agree and actively use it in his many projects on behalf of the community. Also helpful would be use of the term in the upcoming official release of the Netscape Navigator code. By late February, both O'Reilly & Associates and Netscape had started to use the term. Getting the name out After this, there was a period during which the term was promoted by Eric Raymond to the media, by Tim O'Reilly to business, and by both to the programming community. It seemed to spread very quickly. On April 7, 1998, Tim O'Reilly held a meeting of key leaders in the field. Announced in advance as the first "Freeware Summit," by April 14 it was referred to as the first "Open Source Summit." These months were extremely exciting for open source. Every week, it seemed, a new company announced plans to participate. Reading Slashdot became a necessity, even for those like me who were only peripherally involved. I strongly believe that the new term was helpful in enabling this rapid spread into business, which then enabled wider use by the public. A quick Google search indicates that "open source" appears more often than "free software," but there still is substantial use of the free software term, which remains useful and should be included when communicating with audiences who prefer it. A happy twinge When an early account of the terminology change written by Eric Raymond was posted on the Open Source Initiative website, I was listed as being at the VA brainstorming meeting, but not as the originator of the term. This was my own fault; I had neglected to tell Eric the details. My impulse was to let it pass and stay in the background, but Todd felt otherwise. He suggested to me that one day I would be glad to be known as the person who coined the name "open source software." He explained the situation to Eric, who promptly updated his site. Coming up with a phrase is a small contribution, but I admit to being grateful to those who remember to credit me with it. Every time I hear it, which is very often now, it gives me a little happy twinge. The big credit for persuading the community goes to Eric Raymond and Tim O'Reilly, who made it happen. Thanks to them for crediting me, and to Todd Anderson for his role throughout. The above is not a complete account of open source history; apologies to the many key players whose names do not appear. Those seeking a more complete account should refer to the links in this article and elsewhere on the net. FreeBSD on a Laptop - A guide to a fully functional installation of FreeBSD on a ThinkPad T530 (https://www.c0ffee.net/blog/freebsd-on-a-laptop) As I stated my previous post, I recently dug up my old ThinkPad T530 after the embarrassing stream of OS X security bugs this month. Although this ThinkPad ran Gentoo faithfully during my time in graduate school at Clemson, these days I'd much rather spend time my wife and baby than fighting with emerge and USE flags. FreeBSD has always been my OS of choice, and laptop support seems to be much better than it was a few years ago. In this guide, I'll show you the tweaks I made to wrestle FreeBSD into a decent experience on a laptop. Unlike my usual posts, this time I'm going to assume you're already pretty familiar with FreeBSD. If you're a layman looking for your first BSD-based desktop, I highly recommend checking out TrueOS (previously PC-BSD): they've basically taken FreeBSD and packaged it with all the latest drivers, along with a user-friendly installer and custom desktop environment out of the box. TrueOS is an awesome project–the only reason I don't use it is because I'm old, grumpy, and persnickety about having my operating system just so. Anyway, if you'd still like to take the plunge, read on. Keep in mind, I'm using a ThinkPad T530, but other ThinkPads of the same generation should be similarly compatible. Here's what you'll get: Decent battery life (8-9 hours with a new 9-cell battery) UEFI boot and full-disk encryption WiFi (Intel Ultimate-N 6300) Ethernet (Intel PRO/1000) Screen brightness adjustment Suspend/Resume on lid close (make sure to disable TPM in BIOS) Audio (Realtek ALC269 HDA, speakers and headphone jack) Keyboard multimedia buttons Touchpad/Trackpoint Graphics Acceleration (with integrated Intel graphics, NVIDIA card disabled in BIOS) What I haven't tested yet: Bluetooth Webcam Fingerprint reader SD Card slot Installation Power Saving Tweaks for Desktop Use X11 Fonts Login Manager: SLiM Desktop Environment: i3 Applications The LLVM Sanitizers stage accomplished (https://blog.netbsd.org/tnf/entry/the_llvm_sanitizers_stage_accomplished) I've managed to get the Memory Sanitizer to work for the elementary base system utilities, like ps(1), awk(1) and ksh(1). This means that the toolchain is ready for tests and improvements. I've iterated over the basesystem utilities and I looked for bugs, both in programs and in sanitizers. The number of detected bugs in the userland programs was low, there merely was one reading of an uninitialized variable in ps(1). A prebuilt LLVM toolchain I've prepared a prebuilt toolchain with Clang, LLVM, LLDB and compiler-rt for NetBSD/amd64. I prepared the toolchain on 8.99.12, however I have received reports that it works on other older releases. Link: llvm-clang-compilerrt-lldb-7.0.0beta_2018-01-24.tar.bz2 The archive has to be untarballed to /usr/local (however it might work to some extent in other paths). This toolchain contains a prebuilt tree of the LLVM projects from a snapshot of 7.0.0(svn). It is a pristine snapshot of HEAD with patches from pkgsrc-wip for llvm, clang, compiler-rt and lldb. Sanitizers Notable changes in sanitizers, all of them are in the context of NetBSD support. Added fstat(2) MSan interceptor. Support for kvm(3) interceptors in the common sanitizer code. Added devname(3) and devname_r(3) interceptors to the common sanitizer code. Added sysctl(3) familty of functions interceptors in the common sanitizer code. Added strlcpy(3)/strlcat(3) interceptors in the common sanitizer code. Added getgrouplist(3)/getgroupmembership(3) interceptors in the common sanitizer code. Correct ctype(3) interceptors in a code using Native Language Support. Correct tzset(3) interceptor in MSan. Correct localtime(3) interceptor in the common sanitizer code. Added paccept(2) interceptor to the common sanitizer code. Added access(2) and faccessat(2) interceptors to the common sanitizer code. Added acct(2) interceptor to the common sanitizer code. Added accept4(2) interceptor to the common sanitizer code. Added fgetln(3) interceptor to the common sanitizer code. Added interceptors for the pwcache(3)-style functions in the common sanitizer code. Added interceptors for the getprotoent(3)-style functions in the common sanitizer code. Added interceptors for the getnetent(3)-style functions in the common sanitizer code. Added interceptors for the fts(3)-style functions in the common sanitizer code. Added lstat(3) interceptor in MSan. Added strftime(3) interceptor in the common sanitizer code. Added strmode(3) interceptor in the common sanitizer code. Added interceptors for the regex(3)-style functions in the common sanitizer code. Disabled unwanted interceptor __sigsetjmp in TSan. Base system changes I've tidied up inclusion of the internal namespace.h header in libc. This has hidden the usage of public global symbol names of: strlcat -> _strlcat sysconf -> __sysconf closedir -> _closedir fparseln -> _fparseln kill -> _kill mkstemp -> _mkstemp reallocarr -> _reallocarr strcasecmp -> _strcasecmp strncasecmp -> _strncasecmp strptime -> _strptime strtok_r -> _strtok_r sysctl -> _sysctl dlopen -> __dlopen dlclose -> __dlclose dlsym -> __dlsym strlcpy -> _strlcpy fdopen -> _fdopen mmap -> _mmap strdup -> _strdup The purpose of these changes was to stop triggering interceptors recursively. Such interceptors lead to sanitization of internals of unprepared (not recompiled with sanitizers) prebuilt code. It's not trivial to sanitize libc's internals and the sanitizers are not designed to do so. This means that they are not a full replacement of Valgrind-like software, but a a supplement in the developer toolbox. Valgrind translates native code to a bytecode virtual machine, while sanitizers are designed to work with interceptors inside the pristine elementary libraries (libc, libm, librt, libpthread) and embed functionality into the executable's code. I've also reverted the vadvise(2) syscall removal, from the previous month. This caused a regression in legacy code recompiled against still supported compat layers. Newly compiled code will use a libc's stub of vadvise(2). I've also prepared a patch installing dedicated headers for sanitizers along with the base system GCC. It's still discussed and should land the sources soon. Future directions and goals Possible paths in random order: In the quartet of UBSan (Undefined Behavior Sanitizer), ASan (Address Sanitizer), TSan (Thread Sanitizer), MSan (Memory Sanitizer) we need to add the fifth basic sanitizer: LSan (Leak Sanitizer). The Leak Sanitizer (detector of memory leaks) demands a stable ptrace(2) interface for processes with multiple threads (unless we want to build a custom kernel interface). Integrate the sanitizers with the userland framework in order to ship with the native toolchain to users. Port sanitizers from LLVM to GCC. Allow to sanitize programs linked against userland libraries other than libc, librt, libm and libpthread; by a global option (like MKSANITIZER) producing a userland that is partially prebuilt with a desired sanitizer. This is required to run e.g. MSanitized programs against editline(3). So far, there is no Operating System distribution in existence with a native integration with sanitizers. There are 3rd party scripts for certain OSes to build a stack of software dependencies in order to validate a piece of software. Execute ATF tests with the userland rebuilt with supported flavors of sanitizers and catch regressions. Finish porting of modern linkers designed for large C++ software, such as GNU GOLD and LLVM LLD. Today the bottleneck with building the LLVM toolchain is a suboptimal linker GNU ld(1). I've decided to not open new battlefields and return now to porting LLDB and fixing ptrace(2). Plan for the next milestone Keep upstreaming a pile of local compiler-rt patches. Restore the LLDB support for traced programs with a single thread. Interview - Goran Mekic - meka@tilda.center (mailto:meka@tilda.center) / @meka_floss (https://twitter.com/meka_floss) CBSD website (https://bsdstore.ru) Jail and VM Manager *** News Roundup Finally Moving Away From Windows (https://www.manios.ca/blog/2018/01/finally-moving-away-from-windows/) Broken Window Thanks to a combination of some really impressive malware, bad clicking, and poor website choices, I had to blow away my Windows 10 installation. Not that it was Window's fault, but a piece of malware had infected my computer when I tried to download a long lost driver for an even longer lost RAID card for a server. A word of advice – the download you're looking for is never on an ad-infested forum in another language. In any case, I had been meaning to switch away from Windows soon. I didn't have my entire plan ready, but now was as good a time as any. My line of work requires me to maintain some form of Windows installation, so I decided to keep it in a VM rather than dual booting as I was developing code and not running any high-end visual stuff like games. My first thought was to install Arch or Gentoo Linux, but the last time I attempted a Gentoo installation it left me bootless. Not that there is anything wrong with Gentoo, it was probably my fault, but I like the idea of some sort of installer so I looked at rock-solid Debian. My dad had installed Debian on his sweet new cutting-edge Lenovo laptop he received recently from work. He often raves about his cool scripts and much more effective customized experience, but often complains about his hybrid GPU support as he has an Intel/Nvidia hybrid display adapter (he has finally resolved it and now boasts his 6 connected displays). I didn't want to install Windows again, but something didn't feel right about installing some flavour of Linux. Back at home I have a small collection of FreeBSD servers running in all sorts of jails and other physical hardware, with the exception of one Debian server which I had the hardest time dealing with (it would be FreeBSD too if 802.11ac support was there as it is acting as my WiFi/gateway/IDS/IPS). I loved my FreeBSD servers, and yes I will write posts about each one soon enough. I wanted that cleanliness and familiarity on my desktop as well (I really love the ports collection!). It's settled – I will run FreeBSD on my laptop. This also created a new rivalry with my father, which is not a bad thing either. Playing Devil's Advocate The first thing I needed to do was backup my Windows data. This was easy enough, just run a Windows Image Backup and it will- wait, what? Why isn't this working? I didn't want to fiddle with this too long because I didn't actually need an image just the data. I ended up just copying over the files to an external hard disk. Once that was done, I downloaded and verified the latest FreeBSD 11.1 RELEASE memstick image and flashed it to my trusty 8GB Verbatim USB stick. I've had this thing since 2007, it works great for being my re-writable “CD”. I booted it up and started the installation. I knew this installer pretty well as I had test-installed FreeBSD and OpenBSD in VMs when I was researching a Unix style replacement OS last year. In any case, I left most of the defaults (I didn't want to play with custom kernels right now) and I selected all packages. This downloaded them from the FreeBSD FTP server as I only had the memstick image. The installer finished and I was off to my first boot. Great! so far so good. FreeBSD loaded up and I did a ‘pkg upgrade' just to make sure that everything was up to date. Alright, time to get down to business. I needed nano. I just can't use vi, or just not yet. I don't care about being a vi-wizard, that's just too much effort for me. Anyway, just a ‘pkg install nano' and I had my editor. Next was obvious, I needed x11. XFCE was common, and there were plenty of tutorials out there. I wont bore you with those details, but it went something like ‘pkg install xfce' and I got all the dependencies. Don't forget to install SLiM to make it seamless. There are some configs in the .login I think. SLiM needs to be called once the boot drops you to the login so that you get SLiM's nice GUI login instead of the CLI login screen. Then SLiM passes you off to XFCE. I think I followed this and this. Awesome. Now that x11 is working, it's time to get all of my apps from Windows. Obviously, I can't get everything (ie. Visual Studio, Office). But in my Windows installation, I had chosen many open-source or cross-compiled apps as they either worked better or so that I was ready to move away from Windows at a moments notice. ‘pkg install firefox thunderbird hexchat pidgin gpa keepass owncloud-client transmission-qt5 veracrypt openvpn' were some immediate picks. There are a lot more that I downloaded later, but these are a few I use everyday. My laptop also has the same hybrid display adapter config that my dad's has, but I chose to only run Intel graphics, so dual screens are no problem for me. I'll add Nvidia support later, but it's not a priority. After I had imported my private keys and loaded my firefox and thunderbird settings, I wanted to get my Windows VM running right away as I was burning productive days at work fiddling with this. I had only two virtualisation options; qemu/kvm and bhyve. qemu/kvm wasn't available in pkg, and looked real dirty to compile, from FreeBSD's point of view. My dad is using qemu/kvm with virt-manager to manage all of his Windows/Unix VMs alike. I wanted that experience, but I also wanted packages that could be updated and I didn't want to mess up a compile. bhyve was a better choice. It was built-in, it was more compatible with Windows (from what I read), and this is a great step-by-step article for Windows 10 on FreeBSD 11 bhyve! I had already tried to get virt-manager to work with bhyve with no luck. I don't think libvirt connects with bhyve completely, or maybe my config is wrong. But I didn't have time to fiddle with it. I managed it all through command lines and that has worked perfectly so far. Well sorta, there was an issue installing SQL Server, and only SQL Server, on my Windows VM. This was due to a missing ‘sectorsize=512' setting on the disk parameter on the bhyve command line. That was only found after A LOT of digging because the SQL Server install didn't log the error properly. I eventually found out that SQL Server only likes one sector size of disks for the install and my virtual disk geometry was incorrect. Apps Apps Apps I installed Windows 10 on my bhyve VM and I got that all setup with the apps I needed for work. Mostly Office, Visual Studio, and vSphere for managing our server farm. Plus all of the annoying 3rd party VPN software (I'm looking at you Dell and Cisco). Alright, with the Windows VM done, I can now work at work and finish FreeBSD mostly during the nights. I still needed my remote files (I setup an ownCloud instance on a FreeNAS jail at home) so I setup the client. Now, normally on Windows I would come to work and connect to my home network using OpenVPN (again, I have a OpenVPN FreeNAS jail at home) and the ownCloud desktop would be able to handle changing DNS destination IPs Not on FreeBSD (and Linux too?). I ended up just configuring the ownCloud client to just connect to the home LAN IP for the ownCloud server and always connecting the OpenVPN to sync things. It kinda sucks, but at least it works. I left that running at home overnight to get a full sync (~130GB cloud sync, another reason I use it over Google or Microsoft). Once that was done I moved onto the fstab as I had another 1TB SSD in my laptop with other files. I messed around with fstab and my NFS shares to my FreeNAS at home, but took them out as they made the boot time so long when I wasn't at home. I would only mount them when my OpenVPN connected or manually. I really wanted to install SpaceFM, but it's only available as a package on Debian and their non-package install script doesn't work on FreeBSD (packages are named differently). I tried doing it manually, but it was too much work. As my dad was the one who introduced me to it, he still uses it as a use-case for his Debian setup. Instead I kept to the original PCManFM and it works just fine. I also loaded up my Bitcoin and Litecoin wallets and pointed them to the blockchain that I has used on Windows after their sync, they loaded perfectly and my balances were there. I kinda wish there was the Bitcoin-ABC full node Bitcoin Cash wallet package on FreeBSD, but I'm sure it will come out later. The rest is essentially just tweaks and making the environment more comfortable for me, and with most programs installed as packages I feel a lot better with upgrades and audit checking (‘pkg audit -F' is really helpful!). I will always hate Python, actually, I will always hate any app that has it's own package manager. I do miss the GUI GitHub tool on Windows. It was a really good-looking way to view all of my repos. The last thing (which is increasing it's priority every time I go to a social media site or YouTube) is fonts. My god I never thought it was such a problem, and UTF support is complicated. If anyone knows how to get all UTF characters to show up, please let me know. I'd really like Wikipedia articles to load perfectly (I followed this post and there are still some missing). There are some extra tweaks I followed here and here. Conclusion I successfully migrated from Windows 10 to FreeBSD 11.1 with minimal consequence. Shout out goes to the entire FreeBSD community. So many helpful people in there, and the forums are a great place to find tons of information. Also thanks to the ones who wrote the how-to articles I've referenced. I never would have gotten bhyve to work and I'd still probably be messing with my X config without them. I guess my take home from this is to not be afraid to make changes that may change how comfortable I am in an environment. I'm always open to comments and questions, please feel free to make them below. I purposefully didn't include too many technical things or commands in this article as I wanted to focus on the larger picture of the migration as a whole not the struggles of xorg.conf, but if you would like to see some of the configs or commands I used, let me know and I'll include some! TrueOS Rules of Conduct (https://www.trueos.org/rulesofconduct/) We believe code is truly agnostic and embrace inclusiveness regardless of a person's individual beliefs. As such we only ask the following when participating in TrueOS public events and digital forums: Treat each other with respect and professionalism. Leave personal and TrueOS unrelated conversations to other channels. In other words, it's all about the code. Users who feel the above rules have been violated in some way can register a complaint with abuse@trueos.org + Shorter than the BSD License (https://twitter.com/trueos/status/965994363070353413) + Positive response from the community (https://twitter.com/freebsdbytes/status/966567686015782912) I really like the @TrueOS Code of Conduct, unlike some other CoCs. It's short, clear and covers everything. Most #OpenSource projects are labour of love. Why do you need a something that reads like a legal contract? FreeBSD: The Unknown Giant (https://neomoevius.tumblr.com/post/171108458234/freebsd-the-unknown-giant) I decided to write this article as a gratitude for the recent fast answer of the FreeBSD/TrueOS community with my questions and doubts. I am impressed how fast and how they tried to help me about this operating system which I used in the past(2000-2007) but recently in 2017 I began to use it again. + A lot has changed in 10 years I was looking around the internet, trying to do some research about recent information about FreeBSD and other versions or an easy to use spins like PCBSD (now TrueOS) I used to be Windows/Mac user for so many years until 2014 when I decided to use Linux as my desktop OS just because I wanted to use something different. I always wanted to use unix or a unix-like operating system, nowadays my main objective is to learn more about these operating systems (Debian Linux, TrueOS or FreeBSD). FreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete operating system, i.e. the project delivers kernel, device drivers, userland utilities and documentation, as opposed to Linux delivering a kernel and drivers only and relying on third-parties for system software; and FreeBSD source code is generally released under a permissive BSD license as opposed to the copyleft GPL used by Linux.“ But why do I call FreeBSD “The Unknown Giant”?, because the code base of this operating system has been used by other companies to develop their own operating system for products like computers or also game consoles. + FreeBSD is used for storage appliances, firewalls, email scanners, network scanners, network security appliances, load balancers, video servers, and more So many people now will learn that not only “linux is everywhere” but also that “FreeBSD is everywhere too” By the way speaking about movies, Do you remember the movie “The Matrix”? FreeBSD was used to make the movie: “The photo-realistic surroundings generated by this method were incorporated into the bullet time scene, and linear interpolation filled in any gaps of the still images to produce a fluent dynamic motion; the computer-generated “lead in” and “lead out” slides were filled in between frames in sequence to get an illusion of orbiting the scene. Manex Visual Effects used a cluster farm running the Unix-like operating system FreeBSD to render many of the film's visual effects” + FreeBSD Press Release re: The Matrix (https://www.freebsd.org/news/press-rel-1.html) I hope that I gave a good reference, information and now so many people can understand why I am going to use just Debian Linux and FreeBSD(TrueOS) to do so many different stuff (music, 3d animation, video editing and text editing) instead use a Mac or Windows. + FreeBSD really is the unknown giant. OpenBSD and FreeDOS vs the hell in earth (https://steemit.com/openbsd/@npna/openbsd-and-freedos-vs-the-hell-in-earth) Yes sir, yes. Our family, composed until now by OpenBSD, Alpine Linux and Docker is rapidly growing. And yes, sir. Yes. All together we're fighting against your best friends, the infamous, the ugliest, the worst...the dudes called the privacy cannibals. Do you know what i mean, sure? We're working hard, no matter what time is it, no matter in what part in the world we are, no matter if we've no money. We perfectly know that you cannot do nothing against the true. And we're doing our best to expand our true, our doors are opened to all the good guys, there's a lot here but their brain was fucked by your shit tv, your fake news, your laws, etc etc etc. We're alive, we're here to fight against you. Tonight, yes it's a Friday night and we're working, we're ready to welcome with open arms an old guy, his experience will give us more power. Welcome to: FreeDOS But why we want to build a bootable usb stick with FreeDOS under our strong OpenBSD? The answer is as usual to fight against the privacy cannibals! More than one decade ago the old BIOS was silently replaced by the more capable and advanced UEFI, this is absolutely normal because of the pass of the years and exponencial grow of the power of our personal computers. UEFI is a complex system, it's like a standalone system operative with direct access to every component of our (yes, it's our not your!) machine. But...wait a moment...do you know how to use it? Do you ever know that it exist? And one more thing, it's secure? The answer to this question is totally insane, no, it's not secure. The idea is good, the company that started in theory is one of the most important in IT, it's Intel. The history is very large and obviously we're going to go very deep in it, but trust me UEFI and the various friend of him, like ME, TPM are insecure and closed source! Like the hell in earth. A FreeDOS bootable usb image under OpenBSD But let's start preparing our OpenBSD to put order in this chaos: $ mkdir -p freedos/stuff $ cd freedos/stuff $ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img $ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/sys/sys-freedos-linux/sys-freedos-linux.zip $ wget https://download.lenovo.com/consumer/desktop/o35jy19usa_y900.exe $ wget http://145.130.102.57/domoticx/software/amiflasher/AFUDOS%20Flasher%205.05.04.7z Explanation in clear language as usual: create two directory, download the minimal boot disc image of FreeDOS, download Syslinux assembler MBR bootloaders, download the last Windows only UEFI update from Lenovo and download the relative unknown utility from AMI to flash our motherboard UEFI chipset. Go ahead: $ doas pkg_add -U nasm unzip dosfstools cabextract p7zip nasm the Netwide Assembler, a portable 80x86 assembler. unzip list, test and extract compressed files in a ZIP archive. dosfstoolsa collections of utilities to manipulate MS-DOSfs. cabextract program to extract files from cabinet. p7zipcollection of utilities to manipulate 7zip archives. $ mkdir sys-freedos-linux && cd sys-freedos-linux $ unzip ../sys-freedos-linux.zip $ cd ~/freedos && mkdir old new $ dd if=/dev/null of=freedos.img bs=1024 seek=20480 $ mkfs.fat freedos.img Create another working directory, cd into it, unzip the archive that we've downloaded, return to the working root and create another twos directories. dd is one of the most important utilities in the unix world to manipulate at byte level input and output: The dd utility copies the standard input to the standard output, applying any specified conversions. Input data is read and written in 512-byte blocks. If input reads are short, input from multiple reads are aggregated to form the output block. When finished, dd displays the number of complete and partial input and output blocks and truncated input records to the standard error output. We're creating here a virtual disk with bs=1024 we're setting both input and output block to 1024bytes; with seek=20480 we require 20480bytes. This is the result: -rw-r--r-- 1 taglio taglio 20971520 Feb 3 00:11 freedos.img. Next we format the virtual disk using the MS-DOS filesystem. Go ahead: $ doas su $ perl stuff/sys-freedos-linux/sys-freedos.pl --disk=freedos.img $ vnconfig vnd0 stuff/fdboot.img $ vnconfig vnd1 freedos.img $ mount -t msdos /dev/vnd0c old/ $ mount -t msdos /dev/vnd1c new/ We use the perl utility from syslinux to write the MBR of our virtual disk freedos.img. Next we create to loop virtual node using the OpenBSD utility vnconfig. Take care here because it is quite different from Linux, but as usual is clear and simple. The virtual nodes are associated to the downloaded fdboot.img and the newly created freedos.img. Next we mount the two virtual nodes cpartitions; in OpenBSD cpartition describes the entire physical disk. Quite different from Linux, take care. $ cp -R old/* new/ $ cd stuff $ mkdir o35jy19usa $ cabextract -d o35jy19usa o35jy19usa_y900.exe $ doas su $ cp o35jy19usa/ ../new/ $ mkdir afudos && cd afudos $ 7z e ../AFUDOS* $ doas su $ cp AFUDOS.exe ../../new/ $ umount ~/freedos/old/ && umount ~/freedos/new/ $ vnconfig -u vnd1 && vnconfig -u vnd0 Copy all files and directories in the new virtual node partition, extract the Lenovo cabinet in a new directory, copy the result in our new image, extract the afudos utility and like the others copy it. Umount the partitions and destroy the loop vnode. Beastie Bits NetBSD - A modern operating system for your retro battlestation (https://www.geeklan.co.uk/files/fosdem2018-retro) FOSDEM OS distribution (https://twitter.com/pvaneynd/status/960181163578019840/photo/1) Update on two pledge-related changes (https://marc.info/?l=openbsd-tech&m=151268831628549) *execpromises (https://marc.info/?l=openbsd-cvs&m=151304116010721&w=2) Slides for (BSD from scratch - from source to OS with ease on NetBSD) (https://www.geeklan.co.uk/files/fosdem2018-bsd/) Goobyte LastPass: You're fired! (https://blog.crashed.org/goodbye-lastpass/) *** Feedback/Questions Scott - ZFS Mirror with SLOG (http://dpaste.com/22Z8C6Z#wrap) Troels - Question about compressed ARC (http://dpaste.com/3X2R1BV#wrap) Jeff - FreeBSD Desktop DNS (http://dpaste.com/2BQ9HFB#wrap) Jonathon - Bhyve and gpu passthrough (http://dpaste.com/0TTT0DB#wrap) ***
An interview with Antonio Ribeiro, package author and master of StackOverflow Laravel. Rio de Janeiro Laravel-News interview TDDD Stats Tracker Antonio on Twitter Antonio on StackOverflow Antonio's web site Version Google2FA Firewall Pascal Delphi "Concourse" (?) Antonio's photography Editing sponsored by Tighten Transcription sponsored by LaraJobs Matt Stauffer: [music] Welcome back to The Laravel Podcast, this is your host Matt Stauffer. Today I'm going to be talking to someone whose name I struggle with, Antonio Ribeiro. He's the master of Stack Overflow Laravel and much more. Stay tuned. [music] Welcome back to the Laravel podcast, season three. I'm your host. I wanted to say I'm your favorite host but I'm your only host so that'd be kind of cheating. Like when you only have one kid and you say "I'm your favorite kid". I'm your host. I'm one of your hosts. No, I'm the only host. See? Matt Stauffer. That's me. I'm the guy talking to you. Joining me is someone who a lot of you have probably learned from at some point in your life but you often haven't associated that you're actually learning from him. This is the master of Stack Overflow Laravel. That's what's going on here. And I think a lot of people have no recognized that this is actually a thing. We'll get into this in a bit. His name, in Portuguese, is pronounced in such a way that I'm going to totally massacre it. So I'm going to say it and then literally the first thing I'm going to ask him to do is say it the way it's actually supposed to be said. So, Antonio Heb ... Ribeiro. No see, it's totally failed. Say your name for us. Also, what I'd love for you to do is just give us a picture of who are you, what are you about, when you meet someone for the first time what do you tell him about what you do, and then where are you? And then I'll get started in asking some questions. Antonio Ribeiro: Hi Matt. My name is Antonio Ribeiro. Matt Stauffer: Howdy. That's how badly I pronounced it. Antonio Ribeiro: No, no. The second time you say it was really cool. Matt Stauffer: It was a little better? Antonio Ribeiro: I'm from Brazil, originally. I work in Brazil and I work for a company outside Brazil. I lived in Europe for four years or five years. I don't remember exactly how much time. I lived in a city everybody knows. I think everybody knows. It's Rio de Janeiro. It as difficult as my name to say. Matt Stauffer: Rio de Janeiro. [Said with intentionally strong American accent] Antonio Ribeiro: Exactly. I work for the Brazilian government. Specifically, the state legislature in Rio. So I'm a public service. I do six hour per day of public serving. Of work. And after-hours, I do a lot of work. I work for another company. Now, I'm not exactly working for them but I'm available for them. I love the program and that's why I got into Laravel so quickly and maybe had some success in Stack Overflow. So I started my programming life when I was 12, I think, in Switzerland, in a big department store working with computers that were in the store. I was amazed about computers. I got a job when I was 12, 13. Matt Stauffer: You got a job when you were 12 years old working on computers? Antonio Ribeiro: No, not working on computers. I got a job delivering groceries for a store. Matt Stauffer: Oh okay. Antonio Ribeiro: To buy a computer. Matt Stauffer: Oh nice! I was going to say. That's still impressive. Man, you're getting right into it here. You've heard this before and you know that I'm gonna ask about your whole background. But let me pause for just one second because what I want to make sure that I have is ... I want to have context for why it is that I'm talking to you. And like I said, the whole point of this version of the podcast is to get to know the people who everybody knows but maybe they don't know who they are. Also, to get to know the people that nobody knows but they might have benefited from. I think you're in the second box. So, the reason that I originally met you is because I started Laravel. I don't know if you and I started at the same time or not ... So actually before I go any further, what version of Laravel was it when you first started getting really involved? Antonio Ribeiro: 3.2. Yeah, 3.2. Matt Stauffer: Yep, so you showed up there just a little bit before I did. I remember in the early days, and especially in the middle days, every time I'd come across everything in Stack Overflow, you would always be the answer. It's just consistently over and over. And I'm looking at this and you have 59,000 reputation on Stack Overflow. If anybody doesn't know, that's a very, very, very large number of answers. Who knows how good their ideas are here of how many people he's reached but it is telling me that he's reached 3.7 million people with his answers in Stack Overflow. Antonio Ribeiro: Wow. I didn't know that. Matt Stauffer: Right! And the large number of them are in Laravel. His top tag is in Laravel and then he's got Laravel 4. He's got 1,000 posts in Laravel that he's interacted with. Or that maybe even he's created. So there's a lot. There's a lot going on here. He's in the top 0.3% in Stack Overflow and I'm only saying that, not because that makes you worthwhile or not worthwhile, but that was the reason that we originally connected. Now, since you've made a couple repositories in a couple packages for Laravel, the most recent ones that have come up have been your tracker, the Stats Tracker. Then the Test-Dashboard? Is that what it's called? I'm trying to remember what it's called. Antonio Ribeiro: Yeah. I call it TDDD now. Matt Stauffer: Oh, it's got a new name. So TDDD. Antonio Ribeiro: Yeah. TDDD. Matt Stauffer: Got it. Also, the one I've tweeted out a little bit recently is that you have Version. Which basically allows you to pull the version of your Laravel application into your app based on any number of criteria. One of which being the Git tag, which I was super interested in. But it seems like you got a lot more in those. Do you even know how many packages you have? Antonio Ribeiro: No. I'm not sure, really. I have, I think, five or six really popular packages but I have like 150 repositories in my account so I don't know. Matt Stauffer: Yeah. So you're big on Stack Overflow. You've got a lot of packages. You are also are a Twitter presence here and there. Just like a few of the other people we've talked to so far, you're not someone, at least in the US or Europe, where everybody knows you and everybody knows your name. I don't know the Brazilian Laravel community quite so well so is that different either in Brazil or Rio? Do you guys have a really strong community there that you're really invested and involved in? Or are you kind of solo with this? Antonio Ribeiro: Yeah. I'm kind of solo because it all started for me in Stack Overflow. Matt Stauffer: Got it. Antonio Ribeiro: And in English, which is not exactly a language I used to speak. So I decided to go deep in this Stack Overflow thing but it was way before I discovered I was ranking on Stack Overflow. Matt Stauffer: Yeah. Antonio Ribeiro: So, I did not really contacted people in the Brazilian Laravel community but we got in touch via IRC when Taylor was still very frequent. I don't know if they are now because I'm not very frequent now. Matt Stauffer: Not so much, no. Antonio Ribeiro: I know some people of the Laravel community, Laravel.com.br, which is the website but I just saw that they kind of let it down. Unfortunately, the last posts on the websites- Matt Stauffer: 2016. Antonio Ribeiro: 2016, yeah. One of these days, someone asked me if I was going to do a Laraconf Brazil actually. I didn't even know that it was happening so- Matt Stauffer: Right. Antonio Ribeiro: I just say, "I'm sorry." Matt Stauffer: Yeah, so you're relatively disconnected. Antonio Ribeiro: Yeah. Matt Stauffer: I want to get your whole backstory but I want everybody to have the context for what we're talking about here. Do you use Laravel in your day job? Antonio Ribeiro: Yes. Yes. Of course. Everything we do for the government, now, is done in Laravel. Matt Stauffer: Cool. Antonio Ribeiro: Mostly everything. I am a lead of a very small group of developers and we work primarily in Laravel. Laravel and VueJS. Matt Stauffer: Oh, very cool. Did you get in VueJS pretty early last summer or is it something you're jumping into more recently? Antonio Ribeiro: No, no. Pretty early Matt Stauffer: Okay. Cool. Antonio Ribeiro: Almost when Taylor started to talk about it, I got in. Matt Stauffer: Nice, very cool. It's interesting because I just googled your name so that I could throw your website into the show notes and found that you had done an interview on Laravel News. I try to read those beforehand so that I can make sure I'm not covering the same territory and I had never read that you've done that. I had no idea that happened. So, excuse me, I didn't do the research I should have done. But that's fine because I still have plenty of questions and curiosities. Okay. So, you are doing Laravel in your day job but you're also doing some stuff on the side. There's various level of folks who you're working with. You're in Stack Overflow English early. You're somewhat connected but it's been a little while with the Laravel Brazil community. One of the reasons I asked that is because my book has been translated into two or three languages and Brazilian Portuguese is one of them. I was pretty surprised by that because that takes a pretty big commitment for somebody in the community to have decided that it's a group they want to target. I was wondering if there's some huge Brazilian Laravel community that I wasn't aware of. It sounds like at least there at some point was but it, at least the one in Rio, might have gone a little quiet for a little while. Antonio Ribeiro: Yes, I think the community to large but they are not very connected. Matt Stauffer: Mm-hmm (affirmative). Antonio Ribeiro: I think they are more connected in the PHP community than in the Laravel community. Matt Stauffer: Got it. That makes sense. Okay, so before I got to your life story, I want you to give me a pitch real quick on the TDDD and then if there's any other one package that it's just really your favorite package or your favorite contribution to Laravel. I don't know if Stats Tracker or something else but first, tell me about TDDD as if I'd never heard of it before. Then, do you have any other packages that you really love and that you want to share with everybody? Antonio Ribeiro: Well, TDDD is becoming an app actually. It's an app for helping people do TDDD. Basically, you are writing tests. If you write tests before or during or after you are coding- doesn't matter. You can use it to help you test your app during development. You make a change in your code, it will run all your tests. If you do a change in one of your tests, it will run that test particularly. It's basically that. We have some other things it does. It is able to link all the lines of your failures so you can click a link and it will open your PHPStorm, or your Sublime Text, or VSCode. It doesn't matter what editor you are using. I just added code coverage to it so you can also see the code coverage there. It's basically that. You can add as many projects as you have. You can use whatever code editor you have. If you have a project which you have tests in JavaScript, in PHP, in any other thing, you can add as many suites you want to add on it so it's very flexible. I use it all the time. I think it's the package that I'm using the most these days. Matt Stauffer: Okay, very cool. Is this an app where you think that if anybody's doing TDD in Laravel, they should just be using TDDD? Or is it more for specific contexts and not for others? Antonio Ribeiro: No, everybody can use it. If you are using TDD in Laravel or PHP or you can use it in Ruby. It's very open. I think it's a good one to use because Freek has a package almost like it but it's for the command line. Matt Stauffer: Okay. Antonio Ribeiro: The difference for me is that I keep a monitor ... I have three monitors here. I keep a monitor with it and while I'm coding I'm looking at the monitor and seeing if anything is broken with the code that I'm writing. It's very handy. Matt Stauffer: That's really cool. I asked for one other package that is really big for you. I know you've been working on Version recently but I also know that Stats Tracker is one of your more popular ones. If you had one more of your packages that you think people should check out, which ones at the top of your brain? Antonio Ribeiro: I like, very much, Google 2FA but I think there are other options and people are using Authy which you can blend into Laravel very easily. I think Firewall is a package that people should look at. Matt Stauffer: Yeah, I use Firewall. Antonio Ribeiro: You use Firewall? Matt Stauffer: Yeah. I had basically written a crappy version of Firewall and then you can out with Firewall so I just switched over to using your package so ... Could you give like a high-level introduction to what Firewall is? Antonio Ribeiro: Firewall is basically something you put in front of your app to protect it. It's like a real firewall. The difference, of course, is that you cannot rely on Firewall for everything but you can rely on it for things like someone trying to exploit your app. A Firewall will be better on that but if someone tries to hit one route 50 times, it will warn you about them and it can block the person or block the country. It's very flexible in this way too. I like it because one of these days I found someone in Denmark trying to exploit one of my end points so it's cool. Matt Stauffer: Nice. Some of the things that Firewall can do is it black lists and white lists, it allows you to block people really easily. It also does some detection, like you were saying. It does some intelligent detection to find people causing problems. It's also got a couple other cool features. One of the things I liked was, you can basically send everybody on the whole site to a "Coming Soon" page except people with white-listed IP addresses. So there's a couple other tools that are in the same vein of Firewall but are not just for security purposes. Some of them are for access purposes as well. It's really, really fast. I think I remember looking at some other packages and they would add 50 to 100 milliseconds and your GitHub page says 10 milliseconds which is really basically negligible on most sites. Alright, so I have given a little bit of the high-level introduction. Who you are and what ... People may have heard of your or they may have seen your stuff before and not have always known. We're about to jump into the history of who you are but I wanted to point one thing out which is that for the longest time, I had difficulty remembering what your name was because you have an "I" in front of it in your twitter handle. So it says "iantontio" and I would always think, "His name is Iantonio or" ... But then I would remember there's a Carlos somewhere in there and I'd be like "Is it Ian Carlos" and I always had a lot of trouble. I've always wanted to tell you the "I" has been so confusing to me. Alright, so. Antonio Ribeiro: Sorry. Matt Stauffer: No no, you're fine. You said, when you're 12 years old you were in Switzerland? You were living there at the time and you got into computers and so you got a job delivering stuff so that you could have enough money to ... But what I'm curious about is, how did you actually get into computers in the first time? I don't want to go too far down this road but I will mention that there's a little more gray in your beard than there is my beard. Maybe I'll just say that. So at this point you were not discovering the same computers that I was discovering when I was 12 years old. What did it look like for you to learn about and get interested in computers and what were those first computers you were getting interested in at that point? Antonio Ribeiro: Commodore VIC-20 was the first computer I touched with my own fingers. People were talking very much about Commodore 64, I think. I wasn't able to use one but after some time I got back to Brazil. I went first to France. I was there for some time. Then I got to Switzerland, some cities in Switzerland. Then I got back to Brazil and I decided to do a course. I was 18, I think. Then I was really amazed by Apple computers and the first PCs in Brazil. I think it was that. Very early in computing, here in Brazil, I got catched by them. Matt Stauffer: Yeah, yeah. At that point, there were actually classes that you could be taking. You weren't having to teach you on your own, right? Antonio Ribeiro: Yes. Mostly, yes. That was my whole life because first I try a course to get classes and it was not very good because I was already reading a lot about computers and about programming. Then I got to try class of a friend of my father which basically gave me a book and a computer and told me to learn by myself. I was basically self-taught my whole life. Matt Stauffer: Was that Commodore 64 that you were working with at that point then? Antonio Ribeiro: No, at that point it was an Apple 2. Matt Stauffer: Oh okay. So I assume you were learning how to use the machine but were you learning coding, like AppleScript at that point? Or what were you learning at that point? Antonio Ribeiro: First, it was basic and then I got to dBase. You know dBase? Matt Stauffer: No, I've never heard of it. Antonio Ribeiro: Oh yeah. It's like a language for querying databases. Matt Stauffer: Oh okay. Antonio Ribeiro: It was not exactly a language. Then there was Clipper. I think Clipper is a little bit more popular that dBase. Matt Stauffer: I've never heard of Clipper either. dBase and Clipper. Okay. Antonio Ribeiro: Yeah, so those were the languages that I started to learn. Then after doing this course I went to a company to work for them but work and learn. It was more like a friend than a boss. There we started to work with C. Not C++ yet. This was before. We were building a translation system in Clipper and C. Matt Stauffer: Translation meaning translating languages. Antonio Ribeiro: Exactly. It was trying to translate from six different languages but it was like changing words, not really- Matt Stauffer: It didn't understand syntax. It just replaced one word with another? Antonio Ribeiro: Yeah, basically that. After, we started to translate to switch sentences and idioms and things like that. Matt Stauffer: You understood how to do the parsing well enough to write all that? Were you actively involved in writing those translation layers? Antonio Ribeiro: Yeah, it was not exactly a parsing. It was like, try to get the meaning in the sentence and just switch words. Matt Stauffer: Okay. Antonio Ribeiro: Really rudimentary I think. Matt Stauffer: Mm-hmm (affirmative). I'm trying to get all the age ranges here. You said when you got to Brazil you were taking courses so was that university when you got back home? Antonio Ribeiro: No. It was during high school. Matt Stauffer: Oh, okay. Was this job doing the translation layer, were you also still in school at that point? Or was that out of school? Antonio Ribeiro: Yes, yes. I was working then and studying at the same time. Always. Matt Stauffer: Okay, so what was your degree that you were seeking? Antonio Ribeiro: Some years after I got to do university here. I have a degree in computing. Matt Stauffer: Got it, yeah. It sounds like computers have been a thing for a very long time. The first thing you mentioned about when you were younger is getting into computers when you were 12 years old. I know that you're interested in photography and I feel like you've mentioned dancing at one point so I know you have some other things. Are those going as far back as computers, as well? Or have you sort of always been ... Computers is one of your biggest hobbies since the early days? Antonio Ribeiro: No. Both dancing and photography are things that I started five years ago, eight years ago. Eight years ago photography and five years ago dancing. At that point my wife had the dance classes. We are seven years together so seven years of dancing and eight years of photography. Matt Stauffer: That's amazing. What sort of dancing was it? Antonio Ribeiro: Samba. Do you know samba? Matt Stauffer: Yeah, yeah. I can't do it but I know what it is. [laughter] Antonio Ribeiro: Samba, rock-and-roll. We call it differently here but it's like rock-and-roll. And salsa. Matt Stauffer: My wife is a dancer and I'm one of the worst dancers of all time. She's like a professional dancer and I'm a klumbling, bumbling idiot so it's a very fun pair. I know the words even if I don't know how to do anything. So five to ten years of photography, five to ten years of dancing, but this computer thing goes the whole way back there. Was it weird that you were 12 and you were into computing and it wasn't as much of a cultural phenomenon ... I mean, a 12 year old kid that's into computers today is just no big deal. Being a 12 year old in the 90's, for me, was a little bit weird. I get the sense that you were in the 12 year old more in the late 80's or something like that. Was it culturally strange in Switzerland, where you were, or was this a normative thing? Was it normal in Brazil? Was it weird in Brazil? What, culturally, was it like being that into computers that young? Antonio Ribeiro: I think it was completely different for people to know that I was excited about something nobody knew at the time. It was very, very expensive. In Brazil, a computer- it was like buying a car or two. My mother didn't want me to go to that path because she didn't believe very much in the power of a computer. I had to be an engineer or something like that. Matt Stauffer: Yeah, yeah. Antonio Ribeiro: So I asked her to buy me a computer and she basically said no, of course not. Matt Stauffer: Of course not. What are you talking about? What was it that interested you so much about computers when you were 12? What was the thing that you saw or the possibilities that you saw or did you see a specific thing happen and you say, "I want to be able to do that"? What was it Antonio Ribeiro: I think it was exactly that. Infinite possibilities. Matt Stauffer: And you were able to figure that out? That early? Antonio Ribeiro: Yeah, I think so. For a lot of time, in that department store, I was just trying to figure out what the thing was about. I was able to play with it and to write things and to create small programs. It was really cool. Matt Stauffer: I learned basic but you said, this was the Commodore 64, or VIC-something, or I don't know. What were you writing at that point? Antonio Ribeiro: VIC-20. Matt Stauffer: Yeah, 20. What were you writing in at that point, when you were really getting started? Antonio Ribeiro: I don't remember. I was just copying stuff from magazines and then changing words and changing functions. Matt Stauffer: And seeing if you could control things, yeah. Antonio Ribeiro: Yeah. Matt Stauffer: Very cool. When you were back in Brazil, you started studying things. You got the job translating. It seems like you were always had multiple fingers in multiple pies, as the expression goes. What was your goal then? Did you have a goal other than just to do more stuff with computers? Antonio Ribeiro: Learning was always my goal. Even today. What happened there ... Actually I was working for another company in Brazil before going to that job. There I learned to write a little bit more of Clipper and when I go to the company of the translation, I decided I was able to do the translation system in a different way. What we had at the time, it was a software that was plugged into a editor like Microsoft Word. It was not that, it was another editor. It was able to get the words from the editor and write words in another language. So I decided to build an editor which was able to translate at the same time. Matt Stauffer: Oh my gosh. Like a Word Perfect type thing. Antonio Ribeiro: Yeah, exactly. Before Word Perfect. Matt Stauffer: Oh god. That's no big project or anything like that. No big deal. [laughter] Okay so how'd that work for you? Antonio Ribeiro: I was young and I had no idea- [laughter] Matt Stauffer: That's fantastic. How long did that dream last? Antonio Ribeiro: That dream come true. Matt Stauffer: You actually built one? Antonio Ribeiro: Yeah! It was released and it was sold to a lot of people. Matt Stauffer: It was you working alone? Antonio Ribeiro: For some time, yeah. Until I got everything almost done, it was me in secret. Then it became a project from the company. Matt Stauffer: Oh okay. So the company that you were working for sort of absorbed it and then they released it but it was your work originally. Antonio Ribeiro: Yeah but for the company. I was working there. Matt Stauffer: Sure. What I'm hearing you say is- Antonio Ribeiro: Nobody knew exactly what I was doing but I was working there. Matt Stauffer: What I'm hearing you say is that at a relatively young age, you built a word processor from scratch that was live-translating from one language to another that was released and purchased by many, many, many people. Antonio Ribeiro: Yes. Matt Stauffer: No big deal. No big deal. You just do it in your sleep, ya know? [laughter] We've talked about your work there. You released that thing. What was next after that? I assumed you worked there for a little while. You said you started there when you were in school so what was the next big move whether being done with school or being with that company or geographic move- what was the next thing that went from there? Antonio Ribeiro: No big moves. I went from one job to another because I was always seeking something new to do, something new to learn. When I was 21, my girlfriend got pregnant so I got married. Things got a little bit different because I was not working for learning anymore. I was working for money. Matt Stauffer: For providing, yeah. Antonio Ribeiro: To provide. I went to university when my daughter was already born. Then I went and worked for another company of a big friend. Then I stayed there for five or six years and then around 1998 I decided to move completely to a completely different life and built a webhost company. There I working for a company. I was trying to get into the public serving. I was doing a concourse, I don't know how to say that in English but you have to do a test to enter to public serving. Matt Stauffer: Like a certification? Antonio Ribeiro: No, it's like ... I don't know exactly how to say that in English. Matt Stauffer: Okay. Antonio Ribeiro: It's a concourse. You have a lot of people competing for a position in the company. Matt Stauffer: Oh, it's almost like a competition and you have to get a better score on an exam, or something like that? Antonio Ribeiro: Yeah, that's it exactly. Exactly like that. I don't know if you have that in US. Matt Stauffer: I'm sure that concept exists where multiple people are competing for the same promotion. I don't know if it's such a normative thing where we have a word for it though. That makes sense though, what you're saying. Antonio Ribeiro: I got a position; we built the company, me and Anselmo, my partner. The company was doing a lot of things and we were also working for another company rebuilding their system. They have the system written in Pascal. You know Pascal? Matt Stauffer: Mm-hmm (affirmative). I don't know it but I know what it is. Antonio Ribeiro: Actually, TurboPascal at the time and we decided to move everything to Delphi. Matt Stauffer: Okay. Antonio Ribeiro: Me and him, basically, he wrote a 20 year old software into Delphi. Matt Stauffer: Wow. Antonio Ribeiro: That was our greatest move at the time, I think. The company had a lot of clients and nobody knew exactly how to build things for Windows, at the time. Everybody was still working on DOS. The company had five or six different big softwares including a healthcare system using Pascal and everything running DOS. We had to move to Windows because DOS was dying at the time. I think it was almost dead. Matt Stauffer: Yeah. Antonio Ribeiro: That was a really big move. For that move, why we decided to go in this path was because they offered us part of the company. Matt Stauffer: For rewriting all those systems? Antonio Ribeiro: So we had 20% of the company and 13 years ago this move and everything switched and the software was working, they basically cut us off the contact. Matt Stauffer: But you had 20% of the company at that point, right? Antonio Ribeiro: No, not anymore. We lost everything. Matt Stauffer: Oh my gosh. Antonio Ribeiro: That was 2013. It was exactly when I decided go web. We were not web anymore. Actually, the whole problem was we were talking to them that we needed to go to the web. Move everything to the web as fast as we could because everybody else was already there. Matt Stauffer: Right. Antonio Ribeiro: So, they say to us, "No, we cannot do that now" and just cut us off. End of story. Matt Stauffer: I don't wanna go too deep into money issues but if you own 20%, did they just force you to sell your shares? I don't know how that worked legally. Or was it more of an agreement where that was a little more casual. Antonio Ribeiro: Yeah, that was the problem actually. We had no contract. We had no shares. We had nothing. It was basically friends doing something really big together for 10 years or 13 years. They just stopped giving us money and end of story. Matt Stauffer: I don't mean to at all preach in the face of something difficult that you're going through but my business partner, Dan, and I have found that since the beginning of us starting the company together we said, "you know what, we have each been burned in this similar way at some point in our lives. Where we go into business with friends and just hugely regret it later". Because you're working with friends you don't do the same level of protection that you might've normally done otherwise and so what we decided to do as we started our company was to be very legalistic. Even more than you might be with someone that you don't know so that at no point do we get to a point where our friendship is on the rocks because of those tensions. Because everything's explicitly spelled out. But obviously we had that after having been burned multiple times just like you were on that one. So I know how that feels although I don't think to the level that you experienced so I'm sorry. That's not fun. Antonio Ribeiro: Yeah. Matt Stauffer: How did you guys recover from that? That's a hard hit. What did you do next? Antonio Ribeiro: I was lucky because I had two different jobs. The job I still have now, working for government, I had it because it will basically give me money for the rest of my life. Matt Stauffer: Right. Antonio Ribeiro: So I lost 50% of what I was making at the time but that's not really bad. Matt Stauffer: It's not the end of the world. Antonio Ribeiro: I had to move from the apartment I was in. A lot of things happened in my life but I survived. And him too. So it's okay. Matt Stauffer: Okay. I like the attitude. The hosting provider, is that still going on? Because you've mentioned working for the government. You've mentioned working for the translation people. Then you switched jobs to other people. You're mentioned these folks who you had the 20% with but you don't anymore. You mentioned the hosting provider that you created. I'm not always fully following who you work for at any given moment so you're definitely still working for the government because you just told me that. Are you still doing this hosting thing? Antonio Ribeiro: No, not anymore. Matt Stauffer: Oh okay. Antonio Ribeiro: We had to close everything because- Matt Stauffer: Oh I'm sorry. Antonio Ribeiro: The money that we were making with the other company was providing a lot of things, including the hosting company that was not very profitable at the time. Matt Stauffer: Got it. Antonio Ribeiro: So we closed it. Very fast. Matt Stauffer: When you said hosting company, the first that came to my mind was your were running some servers and you were renting out shared hosting but you've never actually said that. What sort of hosting were you renting and what sort of folks were your clients? Antonio Ribeiro: Exactly that. The hosting company started because we knew a little bit about internet. We saw some hosting companies doing really bad things in the market and we decided to get one client of ours, which was not exactly that company that was our partner, and build a site for them. For that we needed a good webserver so we learn a lot of Linux at the time, Debian Linux, build a server, got a home internet connection, discovered how to make things happen to get a DNS up, Apache mail server ... So we learn everything in three months and we got it up. Matt Stauffer: Geez. Antonio Ribeiro: Got it all up and the company was online, working- Matt Stauffer: You said home internet server. You were able to get a fixed IP address though, right? Antonio Ribeiro: Yes. Afterwards, yeah. We started with an IP address. Actually, our tests were all doing at home. Then we got an IP address in an office of a friend in downtown so it was that. After that, we moved our server collocation inside the center and got more servers and the thing got really big. Matt Stauffer: Right. Was it just the two of you remoting into those servers in the collocation center or did you start having other folks working for you as well? Antonio Ribeiro: Not in the webservers company. It was only me and him. Matt Stauffer: Okay. What do you use for hosting now for your side projects? Are you a Linode guy or are you hosting your own stuff? Antonio Ribeiro: Yeah, I host everything in Digital Ocean using Laravel Forge. Matt Stauffer: Yeah. Antonio Ribeiro: Except for my backups that are on Amazon. Matt Stauffer: I do the same thing. I know my way around a basic Linode server or an Nginx and Apache and stuff like that but I'm not to the point where I could be running my own hosting service. It's interesting to hear someone who has such a depth of experience in hosting still choosing. Saying, "Hey this is the easiest way to do it so why not". Antonio Ribeiro: Yeah. Matt Stauffer: So that was 2013. Those things shut down. Since 2013, obviously you've mentioned that the last time the Laravel meet-up was going was in 2016 and you said at that point you had already kind of stepped away a little bit. What have the last four years been like? What have you been working on? Obviously you're still spitting our packages and I'm guessing you're still answering questions on Stack Overflow, although I have not looking at how recent your most recent was. What else are you up to? What are you most interested in? What have you been learning and excited about learning recently? Antonio Ribeiro: I'm learning JavaScript now. Matt Stauffer: Okay, got it. Antonio Ribeiro: I got into VueJS very early but I did not move my thinks to VueJS. Right now everything I do is Laravel, back end API, VueJS front end. Matt Stauffer: Got it. Antonio Ribeiro: The past four years, I was basically learning, doing some jobs and some websites for one or another people or company. Doing some contracting work. Everything is small. Two years ago we started to build things in the government using Laravel so it got really big. I have at least five sites and two mobile apps using Laravel. One of the sites, we have a voting system for young congressmen in Rio de Janeiro. Matt Stauffer: Cool. Antonio Ribeiro: Yeah. My company, it has a program for young congressmen so every year we have all the schools in the state, the students, trying to become young congressmen. We have a big voting, I think in July, and then they go to be a congressman for a week. Creating bills and voting bills in and afterwards those bills usually become a real state bill. Matt Stauffer: Really? Antonio Ribeiro: Yeah really. Matt Stauffer: Wow, that's fascinating. And a little bit terrifying, but mainly fascinating Antonio Ribeiro: [laughter] Everything is done with our real congressman so it's cool. Matt Stauffer: So, you built that. I assume you're using View Router and Laravel is really just basically spitting out the view initialization and then the API but none of the front end of those applications is actually built by Laravel? Or is it more of a mix? Antonio Ribeiro: Oh, no. The APIs, Laravel, the front end, is usually view. Particularly this one is not 100% view yet because it has one year and a half. But it basically VueJS. Matt Stauffer: Stepping outside of coding a little bit, I am going to admit that I am an extraordinarily, commonly ignorant American when it comes to most things Brazil, Portuguese, and even Rio. I've seen a couple movies. I watched City of God a whole bunch of times. My sister lived in Rio for a year and my book was translated- Antonio Ribeiro: Oh yeah? Matt Stauffer: Yeah, she's obsessed with Portuguese. When I went home for Thanksgiving a couple of weeks ago, she had been at the bank after coming back from a year living in Brazil and she heard two people speaking Brazilian Portuguese. She walked up, she said "Excuse me, are you from Brazil?" And they look at her like she's a crazy person. They say "Yes, we just moved here and we're setting up our first bank account". She said, "Let's be friends!" And so they and one of her other random Brazilian friends were over at my family's house for Thanksgiving and my son does capoeira so he was like doing the capoeira plays back and forth with one of the guys who does capoeira. I have this very tiny, tiny, tiny side influence that is bringing more than average amount of Brazil into my life but I really know very, very little about the city. I know very little about the country. I know very little about the language. So as a total American idiot who doesn't know anything, let's start with Rio. What aspect of Rio do you feel like, if someone were to visit, they just needed to take in? Obviously, there's a couple specific tourist sites but what aspect of living there and being there do you think is really interest and unique relative to other similar countries that you would really want people to know about? Antonio Ribeiro: Yeah, I think if you are coming to Brazil you have to come blend. The people are the best. We are, I'll not say "cool", but we are good. We are warming. We love to chat, to be with people, to laugh. Knowing the city is something that will happen really fast if you know people here because, of course, you can go to tourist sites. It's easy to get a book and go to tourist sites but to eat food, if you like food, to eat good food. To know amazing restaurants and not very known restaurants. You have to know people. You have to make friends here. And its very easy to make friends in Brazil. Really, really easy. Matt Stauffer: I like that. Talking about food, if there was one food that you would want everyone to try, what would it be? Antonio Ribeiro: My American boss was in Brazil last week. I got them to eat a lamb. There is a very good lamb here in Lapa. I don't know if you know the name. Matt Stauffer: No. Antonio Ribeiro: It's a very popular part of the city where you can find a lot of bars opening at night. Friday and Saturday you go there and you will probably see like 200 persons. 200,000 persons in that part of the city. It's really very crowded. So the lamb. Matt Stauffer: So, if I were go to and I were to visit, I would need to get lamb. I would make friends with people. Get to know ... And honestly that's one of the most commonly known things about Brazil. It's just wonderful. A lot of the stereotypes also have to do with parties and fun and entertainment and Carnival and all that kind of stuff. Are there any stereotypes or any common misconceptions you think that people have about Brazil and Brazilians that you think aren't true that you want to dispel? Antonio Ribeiro: Probably, people think that Rio in particular is too dangerous to know. Of course, it's dangerous. We are living in dangerous times. But it's not like that. You can come here and you will be safe. It's not like something bad will happen as you as you touch the soil. Matt Stauffer: Walk out the door, right. Antonio Ribeiro: It's safe here. It's a good place to be. Matt Stauffer: Cool, I like that. We're a little short on time but I want to make sure that we touch into the other things that you're really passionate about. We've got dancing and photography cued up. I do want to ask before I go into those two, am I missing anything about you? Is there an aspect of who you are or what you've done, a part of your story or anything, that I've just completely missed that you really want to make sure people get the chance to hear? Antonio Ribeiro: Not at the top of my mind, I don't think so. Matt Stauffer: Okay, so let's talk photography. Antonio Ribeiro: Probably yes, but nothing I can remember. Matt Stauffer: Alright, let's talk photography. What got you into photography? What sort of things do you primarily focus on photographing? How much is it actually a part of your life right now? I know it has been as some point, is it still? Antonio Ribeiro: Yeah, I got into photography because I love to make photos. I'm very technical with everything I do so I like very much to program my camera. Matt Stauffer: Are you a manual-mode kind of guy? Antonio Ribeiro: Yes, yes. I do all the time. I love to take pictures of people. This may be what I do the best. Matt Stauffer: Uh-huh. Antonio Ribeiro: I got known in the photography world by taking pictures of shows and nature. Matt Stauffer: Like music shows? Antonio Ribeiro: Music shows, yeah. Because of the dancing, which is the other, I got to the music of the city. To know a lot of musicians, to be with musicians. I have at least two great friends in music here in Rio. I got to photograph them. Today I think their photos in Facebook and Twitter are my photos. Matt Stauffer: When you go straight to your website, you see photography right in there. Is the background of your website, is that a photo you took? Antonio Ribeiro: Yes. Everything, yes. Matt Stauffer: That's gorgeous. It doesn't look real. I assumed, even though I knew you did photography, I assumed you must not have taken them because they're so beautiful. I'm really impressed with this. Antonio Ribeiro: All of them. You're talking about which one? Matt Stauffer: Well, the first ones that came up the last few times I went were a couple of the view of Rio from above. Then, obviously, I'm sure you're aware it keeps cycling through photos. These are incredible photos. Do you consider yourself a professional photographer? Antonio Ribeiro: Yes but I don't make money from photography. I have some professional work, three or four, but I'm not really into it. I'm not photography too much these days. Photography takes a lot of time. You have to really stop and look at the photo. Retouch sometimes. That takes a lot of time too. It's time consuming so I don't have that time now. Matt Stauffer: Yeah. It's mildly offensive that you can say that you don't even have time for photography and you don't do much and then your photos are this good. I'm just going to tell you that right now. Antonio Ribeiro: Yes. I agree. Matt Stauffer: Yeah, this is really beautiful stuff. Folks who are listening, definitely check it out. Of course this will all be in the show notes. Okay so, do you and your wife still dance a lot? Antonio Ribeiro: We dance a little bit. Not as much as we would like to dance and we are not in the dance classes anymore. We were in the beginning of the year. We went back to the dance classes but our lives are getting too crazy to be there, to go to class every week at such time. It's hard. It's hard for us. Matt Stauffer: Yeah, absolutely. Especially when you have a family. There's just a lot of obligations that come from family and come from work and everything like that. I'm finding that I haven't picked up a lot of my hobbies. Somebody asked in the Laravel advent "What are your hobbies" and I laughed and I said, "Keeping my kids alive". There's just times when, if everybody's alive and fed at the end of the time and the house hasn't burned down, I'm considering it a win. Cool. Well, we're coming up on time. I know I said is there any high-level aspects of your story that we haven't covered but are there any projects or any frameworks or any packages or any conferences or meet ups that you'd like to plug, you want to talk about, or you want to make sure people know about? Antonio Ribeiro: No, I don't think so. I'm basically trying to get into my packages a little bit more. I'm trying to rewrite Tracker from scratch. Matt Stauffer: Oh cool. Antonio Ribeiro: Yeah, because it's getting old. Codes is really ugly to look at right now. I think I have changed as a coder in the past years. Matt Stauffer: It's a couple years old, right? Antonio Ribeiro: Yeah, yeah. It's like two or three years old. I think it was the first big package that I wrote and people really like it. I think I have to give some love to the package again. Matt Stauffer: Yeah, yeah. It's this thing where we look at our old code and we can't imagine how we ever wrote like that but it's still our baby. I like it. It's hard every time. It's hard to cut off talking when I have so many more questions but I feel like we've covered a really good chunk. We made it from at least age 14 until today, even if we probably missed a lot of interesting digressions we could have taken. Thank you so much for your time. It was a ton of fun talking to you. I love getting to learn about you. Thank you for the contribution you make, especially because often you're making those contributions ... Again, I don't want to say nobody knows who you are or anything like that but you're consistently helping. Getting a good Stack Overflow score means that you have helped a huge number of people. You've helped me many, many, many times. So, for the tireless work that you do helping people in our community- thank you very, very, very much. Antonio Ribeiro: Thanks for having me and thanks for inviting me do this interview. And thanks for your blogging too because your blog posts are helping me all the time as well. Matt Stauffer: I love it. Well, I promise that I'm gonna do my best to actually writing them again. I'm in the same pit as you where anything other than the day job and keeping my family alive have really dropped. But my hope for 2018, let's get back into doing these side things and working on our packages and our blogs. Antonio, thank you so much for your time. Everybody else, see everything you need in the show notes. Just go to laravelpodcast.com and we'll see you next time. [music]
For the last 15 years Dirk has been contributing to both Debian Linux and the R language. Learn how he uses code to do Financial Econometrics. More info at http://codepop.com/open-sourcecraft/episodes/dirk-eddelbuettel/
Donate to The Permaculture Podcast Online: via PayPal Venmo: @permaculturepodcast How do we make sustainability, permaculture resources, and education more accessible? Are free and open source tools a way to answer that question? To start that conversation, Botho Willer, the creator of Plant Buddies, joins me to talk this open source tool which makes finding compatible companion plants easier. During our time together Botho also shares his work with Serlo.org, an open education platform and project modeled after Wikipedia and designed to provide high quality education worldwide, free of charge, and without ads. As mentioned in this conversation, open source tools matter to me. I've used these resources for years. My first encounter with Linux was in 1995 as the senior student systems administrator for my high school. In the early days of the podcast the show was recorded and edited entirely on a Linux laptop, and to this day the podcast website is hosted on a Debian Linux server. Even after 6+ years, I continue to edit the show with Audacity, a Free and Open Source editor. As a result of all of that, I would like to see more independent education like you find on the podcast, or on YouTube through the videos of Geoff Lawton or Blake Kirby . With so much information available, however, sometimes it can be difficult to find high quality resources, which is why sites like Serlo are important for curating this information in open, crowd sourced, democratic ways. Together, with our skills and talents, we can contribute the a regenerative future. If you know of other projects or programs like Serlo, let me know. Email: The Permaculture Podcast Write: The Permaculture Podcast The Permaculture Podcast Also, if you haven't visited the main Patreon page for the show in a while, please do. You'll find updated information about the podcast, can check out the Patreon video, and see our updated goals and rewards. Visit our Sponsor: Earth Tools Contribute to The Permaculture Podcast: Become a Patreon member Give a one time gift Resources: Plant Buddies Serlo (English) Serlo (German) Green Gold - John D. Liu (Documentary - YouTube) The Language of Image - My discussion with David Bilbrey mentioned in this interview. (A Patreon Exclusive)
At our listeners' requests, we provide a review of some non-Debian Linux distributions. Episode 317 Time Stamps 00:00 Going Linux #317 · Linux Distros Reviewed 00:15 Introduction 00:59 Rain in the desert 02:03 A review of non-Debian Linux distributions 03:01 RPM vs. DEB 07:12 Sabayon 17:51 Scientific Linux 25:20 openSuSE 35:53 Fedora 43:01 PCLinuxOS 50:10 ArchBang 53:52 So... did Bill switch to an RPM distribution? 60:29 goinglinux.com, goinglinux@gmail.com, +1-904-468-7889, @goinglinux, feedback, listen, subscribe 61:29 End
At our listeners' requests, we provide a review of some non-Debian Linux distributions. Episode 317 Time Stamps 00:00 Going Linux #317 · Linux Distros Reviewed 00:15 Introduction 00:59 Rain in the desert 02:03 A review of non-Debian Linux distributions 03:01 RPM vs. DEB 07:12 Sabayon 17:51 Scientific Linux 25:20 openSuSE 35:53 Fedora 43:01 PCLinuxOS 50:10 ArchBang 53:52 So... did Bill switch to an RPM distribution? 60:29 goinglinux.com, goinglinux@gmail.com, +1-904-468-7889, @goinglinux, feedback, listen, subscribe 61:29 End
Today on the show, we've got a look at running OpenBSD on a APU, some BSD in your Android, managing your own FreeBSD cloud service with ansible and much more. Keep it turned on your place to B...SD! This episode was brought to you by Headlines OpenBSD on PC Engines APU2 (https://github.com/elad/openbsd-apu2) A detailed walkthrough of building an OpenBSD firewall on a PC Engines APU2 It starts with a breakdown of the parts that were purchases, totally around $200 Then the reader is walked through configuring the serial console, flashing the ROM, and updating the BIOS The next step is actually creating a custom OpenBSD install image, and pre-configuring its serial console. Starting with OpenBSD 6.0, this step is done automatically by the installer Installation: Power off the APU2 Insert the bootable OpenBSD installer USB flash drive to one of the USB slots on the APU2 Power on the APU2, press F10 to get to the boot menu, and choose to boot from USB (usually option number 1) At the boot> prompt, remember the serial console settings (see above) Also at the boot> prompt, press Enter to start the installer Follow the installation instructions The driver used for wireless networking is athn(4). It might not work properly out of the box. Once OpenBSD is installed, run fw_update with no arguments. It will figure out which firmware updates are required and will download and install them. When it finishes, reboot. Where the rubber meets the road… (part one) (https://functionallyparanoid.com/2016/11/29/where-the-rubber-meets-the-road-part-one/) A user describes their adventures installing OpenBSD and Arch Linux on a new Lenovo X1 Carbon (4th gen, skylake) They also detail why they moved away from their beloved Macbook, which while long, does describe a journey away from Apple that we've heard elsewhere. The journey begins with getting a new Windows laptop, shrinking the partition and creating space for a triple-boot install, of Windows / Arch / OpenBSD Brian then details how he setup the partitioning and performed the initial Arch installation, getting it tuned to his specifications. Next up was OpenBSD though, and that went sideways initially due to a new NVMe drive that wasn't fully supported (yet) The article is split into two parts (we will bring you the next installment at a future date), but he leaves us with the plan of attack to build a custom OpenBSD kernel with corrected PCI device identifiers. We wish Brian luck, and look forward to the “rest of the story” soon. *** Howto setup a FreeBSD jail server using iocage and ansible. (https://github.com/JoergFiedler/freebsd-ansible-demo) Setting up a FreeBSD jail server can be a daunting task. However when a guide comes along which shows you how to do that, including not exposing a single (non-jailed) port to the outside world, you know we had a take a closer look. This guide comes to us from GitHub, courtesy of Joerg Fielder. The project goals seem notable: Ansible playbook that creates a FreeBSD server which hosts multiple jails. Travis is used to run/test the playbook. No service on the host is exposed externally. All external connections terminate within a jail. Roles can be reused using Ansible Galaxy. Combine any of those roles to create FreeBSD server, which perfectly suits you. To get started, you'll need a machine with Ansible, Vagrant and VirtualBox, and your credentials to AWS if you want it to automatically create / destroy EC2 instances. There's already an impressive list of Anisible roles created for you to start with: freebsd-build-server - Creates a FreeBSD poudriere build server freebsd-jail-host - FreeBSD Jail host freebsd-jailed - Provides a jail freebsd-jailed-nginx - Provides a jailed nginx server freebsd-jailed-php-fpm - Creates a php-fpm pool and a ZFS dataset which is used as web root by php-fpm freebsd-jailed-sftp - Installs a SFTP server freebsd-jailed-sshd - Provides a jailed sshd server. freebsd-jailed-syslogd - Provides a jailed syslogd freebsd-jailed-btsync - Provides a jailed btsync instance server freebsd-jailed-joomla - Installs Joomla freebsd-jailed-mariadb - Provides a jailed MariaDB server freebsd-jailed-wordpress - Provides a jailed Wordpress server. Since the machines have to be customized before starting, he mentions that cloud-init is used to do the following: activate pf firewall add a pass all keep state rule to pf to keep track of connection states, which in turn allows you to reload the pf service without losing the connection install the following packages: sudo bash python27 allow passwordless sudo for user ec2-user “ From there it is pretty straight-forward, just a couple commands to spin up the VM's either locally on your VirtualBox host, or in the cloud with AWS. Internally the VM's are auto-configured with iocage to create jails, where all your actual services run. A neat project, check it out today if you want a shake-n-bake type cloud + jail solution. Colin Percival's bsdiff helps reduce Android apk bandwidth usage by 6 petabytes per day (http://android-developers.blogspot.ca/2016/12/saving-data-reducing-the-size-of-app-updates-by-65-percent.html) A post on the official Android-Developers blog, talks about how they used bsdiff (and bspatch) to reduce the size of Android application updates by 65% bsdiff was developed by FreeBSD's Colin Percival Earlier this year, we announced that we started using the bsdiff algorithm (by Colin Percival). Using bsdiff, we were able to reduce the size of app updates on average by 47% compared to the full APK size. This post is actually about the second generation of the code. Today, we're excited to share a new approach that goes further — File-by-File patching. App Updates using File-by-File patching are, on average, 65% smaller than the full app, and in some cases more than 90% smaller. Android apps are packaged as APKs, which are ZIP files with special conventions. Most of the content within the ZIP files (and APKs) is compressed using a technology called Deflate. Deflate is really good at compressing data but it has a drawback: it makes identifying changes in the original (uncompressed) content really hard. Even a tiny change to the original content (like changing one word in a book) can make the compressed output of deflate look completely different. Describing the differences between the original content is easy, but describing the differences between the compressed content is so hard that it leads to inefficient patches. So in the second generation of the code, they use bsdiff on each individual file, then package that, rather than diffing the original and new archives bsdiff is used in a great many other places, including shrinking the updates for the Firefox and Chrome browsers You can find out more about bsdiff here: http://www.daemonology.net/bsdiff/ A far more sophisticated algorithm, which typically provides roughly 20% smaller patches, is described in my doctoral thesis (http://www.daemonology.net/papers/thesis.pdf). Considering the gains, it is interesting that no one has implemented Colin's more sophisticated algorithm Colin had an interesting observation (https://twitter.com/cperciva/status/806426180379230208) last night: “I just realized that bandwidth savings due to bsdiff are now roughly equal to what the total internet traffic was when I wrote it in 2003.” *** News Roundup Distrowatch does an in-depth review of NAS4Free (https://distrowatch.com/weekly.php?issue=20161114#nas4free) Jesse Smith over at DistroWatch has done a pretty in-depth review of Nas4Free. The review starts with mentioning that NAS4Free works on 3 platforms, ARM/i386/AMD64 and for the purposes of this review he would be using AMD64 builds. After going through the initial install (doing typical disk management operations, such as GPT/MBR, etc) he was ready to begin using the product. One concern originally observed was that the initial boot seemed rather slow. Investigation revealed this was due to it loading the entire OS image into memory, and the first (long) disk read did take some time, but once loaded was super responsive. The next steps involved doing the initial configuration, which meant creating a new ZFS storage pool. After this process was done, he did find one puzzling UI option called “VM” which indicated it can be linked to VirtualBox in some way, but the Docs didn't reveal its secrets of usage. Additionally covered were some of the various “Access” methods, including traditional UNIX permissions, AD and LDAP, and then various Sharing services which are typical to a NAS, Such as NFS / Samba and others. One neat feature was the built-in file-browser via the web-interface, which allows you another method of getting at your data when sometimes NFS / Samba or WebDav aren't enough. Jesse gives us a nice round-up conclusion as well Most of the NAS operating systems I have used in the past were built around useful features. Some focused on making storage easy to set up and manage, others focused on services, such as making files available over multiple protocols or managing torrents. Some strive to be very easy to set up. NAS4Free does pretty well in each of the above categories. It may not be the easiest platform to set up, but it's probably a close second. It may not have the prettiest interface for managing settings, but it is quite easy to navigate. NAS4Free may not have the most add-on services and access protocols, but I suspect there are more than enough of both for most people. Where NAS4Free does better than most other solutions I have looked at is security. I don't think the project's website or documentation particularly focuses on security as a feature, but there are plenty of little security features that I liked. NAS4Free makes it very easy to lock the text console, which is good because we do not all keep our NAS boxes behind locked doors. The system is fairly easy to upgrade and appears to publish regular security updates in the form of new firmware. NAS4Free makes it fairly easy to set up user accounts, handle permissions and manage home directories. It's also pretty straight forward to switch from HTTP to HTTPS and to block people not on the local network from accessing the NAS's web interface. All in all, I like NAS4Free. It's a good, general purpose NAS operating system. While I did not feel the project did anything really amazing in any one category, nor did I run into any serious issues. The NAS ran as expected, was fairly straight forward to set up and easy to manage. This strikes me as an especially good platform for home or small business users who want an easy set up, some basic security and a solid collection of features. Browsix: Unix in the browser tab (https://browsix.org/) Browsix is a research project from the PLASMA lab at the University of Massachusetts, Amherst. The goal: Run C, C++, Go and Node.js programs as processes in browsers, including LaTeX, GNU Make, Go HTTP servers, and POSIX shell scripts. “Processes are built on top of Web Workers, letting applications run in parallel and spawn subprocesses. System calls include fork, spawn, exec, and wait.” Pipes are supported with pipe(2) enabling developers to compose processes into pipelines. Sockets include support for TCP socket servers and clients, making it possible to run applications like databases and HTTP servers together with their clients in the browser. Browsix comprises two core parts: A kernel written in TypeScript that makes core Unix features (including pipes, concurrent processes, signals, sockets, and a shared file system) available to web applications. Extended JavaScript runtimes for C, C++, Go, and Node.js that support running programs written in these languages as processes in the browser. This seems like an interesting project, although I am not sure how it would be used as more than a toy *** Book Review: PAM Mastery (https://www.cyberciti.biz/reviews/book-review-pam-mastery/) nixCraft does a book review of Michael W. Lucas' “Pam Mastery” Linux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme. Before PAM, if you wanted to use an SQL database to authenticate users, you had to write specific support for that into each of your applications. Same for LDAP, etc. So Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM. Of course, each OS chose to implement PAM a little bit differently The book starts with the basic concepts about PAM and authentication. You learn about Multi-Factor Authentication and why use PAM instead of changing each program to authenticate the user. The author went into great details about why PAM is useful for developers and sysadmin for several reasons. The examples cover CentOS Linux (RHEL and clones), Debian Linux, and FreeBSD Unix system. I like the way the author described PAM Configuration Files and Common Modules that covers everyday scenarios for the sysadmin. PAM configuration file format and PAM Module Interfaces are discussed in easy to understand language. Control flags in PAM can be very confusing for new sysadmins. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module. There is also a chapter about using one-time passwords (Google Authenticator) for your application. The final chapter is all about enforcing good password policies for users and apps using PAM. The sysadmin would find this book useful as it covers a common authentication scheme that can be used with a wide variety of applications on Unix. You will master PAM topics and take control over authentication for your organization IT infrastructure. If you are Linux or Unix sysadmin, I would highly recommend this book. Once again Michael W Lucas nailed it. The only book you may need for PAM deployment. get “PAM Mastery” (https://www.michaelwlucas.com/tools/pam) *** Reflections on Trusting Trust - Ken Thompson, co-author of UNIX (http://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html) Ken Thompson's "cc hack" - Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled "Reflections on Trusting Trust", Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the "login" program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of "cc" the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the "login" backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed. The article starts off by talking about a content to write a program that produces its own source code as output. Or rather, a C program, that writes a C program, that produces its own source code as output. The C compiler is written in C. What I am about to describe is one of many "chicken and egg" problems that arise when compilers are written in their own language. In this case, I will use a specific example from the C compiler. Suppose we wish to alter the C compiler to include the sequence "v" to represent the vertical tab character. The extension to Figure 2 is obvious and is presented in Figure 3. We then recompile the C compiler, but we get a diagnostic. Obviously, since the binary version of the compiler does not know about "v," the source is not legal C. We must "train" the compiler. After it "knows" what "v" means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 4. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 3. The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user. Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions. Next “simply add a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere. So now there is a trojan'd version of cc. If you compile a clean version of cc, using the bad cc, you will get a bad cc. If you use the bad cc to compile the login program, it will have a backdoor. The source code for both backdoors no longer exists on the system. You can audit the source code of cc and login all you want, they are trustworthy. The compiler you use to compile your new compiler, is the untrustworthy bit, but you have no way to know it is untrustworthy, and no way to make a new compiler, without using the bad compiler. The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. Acknowledgment: I first read of the possibility of such a Trojan horse in an Air Force critique of the security of an early implementation of Multics. I can- not find a more specific reference to this document. I would appreciate it if anyone who can supply this reference would let me know. Beastie Bits Custom made Beastie Stockings (https://www.etsy.com/listing/496638945/freebsd-beastie-christmas-stocking) Migrating ZFS from mirrored pool to raidz1 pool (http://ximalas.info/2016/12/06/migrating-zfs-from-mirrored-pool-to-raidz1-pool/) OpenBSD and you (https://home.nuug.no/~peter/blug2016/) Watson.org FreeBSD and Linux cross reference (http://fxr.watson.org/) OpenGrok (http://bxr.su/) FreeBSD SA-16:37: libc (https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc) -- A 26+ year old bug found in BSD's libc, all BSDs likely affected -- A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. HardenedBSD issues correction for libc patch (https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb) -- original patch improperly calculates how many bytes are remaining in the buffer. From December the 27th until the 30th there the 33rd Chaos Communication Congress[0] is going to take place in Hamburg, Germany. Think of it as the yearly gathering of the european hackerscene and their overseas friends. I am one of the persons organizing the "BSD assembly (https://events.ccc.de/congress/2016/wiki/Assembly:BSD)" as a gathering place for BSD enthusiasts and waving the flag amidst the all the other projects / communities. Feedback/Questions Chris - IPFW + Wifi (http://pastebin.com/WRiuW6nn) Jason - bhyve pci (http://pastebin.com/JgerqZZP) Al - pf errors (http://pastebin.com/3XY5MVca) Zach - Xorg settings (http://pastebin.com/Kty0qYXM) Bart - Wireless Support (http://pastebin.com/m3D81GBW) ***
The DragonBox Pyra has a 5 inch screen and a dual-core ARM-based processor. But it's not a smartphone. In fact, this handheld computer looks more like a cross between a tiny laptop and a Nintendo DS game system. It has a physical keyboard, a bunch of storage and input/output options, dedicated buttons for playing games, and Debian Linux software which allows you to play games or run desktop software including LibreOffice and Firefox. The DragonBox Pyra is developed by a team led by Michael Mrozek, who wanted to create a system that not only runs open source software, but which also features open designs: anybody can open up the case and replace the parts or download the schematics to design their own case for the hardware... or design their own CPU board and insert it into the case. Mrozek began taking pre-orders for the DragonBox Pyra on May 1st, 2016 and I reached out to him to discuss the project in more detail. Here are some links to projects mentioned in this episode: DragonBox Pyra Pandora Game Park GP32 (Wikipedia) Neo900 You can also follow Michael Mrozek on Twitter and YouTube. Visit the LPX website to learn more about the DragonBoyx Pyra. You can find the LPX Show in iTunes, on Stitcher, in Google Play Music, and just about anywhere else you get your podcasts. You can also get the latest updates by following LPX on Facebook, Google+ or Twitter or by visiting our website, LPXShow.com And if you want to help support the LPX podcast, please consider making a donation to our Patreon campaign.
In this episode Kenneth turns the table on Kevin and chats about a recent successful migration between clouds and architectures. Kevin and his team at Platform45 recently migrated a well established application (www.resourceguruapp.com) from AWS and EngineYard to Google Container Engine. This was a non-trivial migration from a managed platform and a collection of third-party services to a containerised deployment with minimal external dependencies. We talked about the challenges they faced (turned out to be not too many), the new stack they're building on and how Google Container Engine works. We dive deeply into the various components offered by Google's Kubernetes project, the open source technology that powers Google Container Engine, and how Kevin leverages them to take control of his environment. Technology aside, this does highlight the fact that it is possible to move between cloud providers. The team retooled their deployments to take advantage of Kubernetes' rolling deployments, they migrated their state from AWS to Google Cloud, communicated clearly with their customers and handled one unexpected event gracefully. In this age of containerised deployments this could potentially become the norm, whether you move between your own data centers, or between clouds. Here are some of the resources mentioned in the show: * Engine Yard - https://www.engineyard.com * Google Container Engine - https://cloud.google.com/container-engine/ * Deis - http://deis.io * Kubernetes - http://kubernetes.io * Kubernetes on GitHub - https://github.com/kubernetes/kubernetes * Large-scale cluster management at Google with Borg - http://research.google.com/pubs/pub43438.html * Sacrificial architecture by Martin Fowler - http://martinfowler.com/bliki/SacrificialArchitecture.html * Netflix Chaos Monkey - https://github.com/Netflix/SimianArmy/wiki/Chaos-Monkey * Running Kubernetes on a Pi cluster - https://www.youtube.com/watch?v=AAS5Mq9EktI * ZFS is Smashing Baby! - https://www.youtube.com/watch?v=CN6iDzesEs0 * HAProxy - http://www.haproxy.org/ * nginx - http://nginx.org/ * Gentoo Linux - https://www.gentoo.org/ * Debian Linux - https://www.debian.org/ * Redis - http://redis.io/ * openredis - https://openredis.com/ * Google Cloud SQL - https://cloud.google.com/sql/ * MySQL - https://www.mysql.com/ * Episode 21 on Devops, Ansible & Automation - https://soundcloud.com/zadevchat/episode-21-ansible-devops-and-automation * Episode 31 on 12 Factor apps - https://soundcloud.com/zadevchat/episode-31-polarbearjs-and-12factor-apps-with-ben-janecke * Datadog - https://www.datadoghq.com/ * NewRelic APM - http://newrelic.com/application-monitoring * Using Kubernetes namespaces to manage environments - https://www.ianlewis.org/en/using-kubernetes-namespaces-manage-environments * A technical overview of Kubernetes (CoreOS Fest 2015) - https://www.youtube.com/watch?v=WwBdNXt6wO4 The aforementioned video, A technical overview of Kubernetes, by Brendan Burns is well worth watching to help demystify what Kubernetes is and how it can help you get the most of containerising your deployments. Stay in touch: * Socialize - https://twitter.com/zadevchat & http://facebook.com/ZADevChat/ * Suggestions and feedback - https://github.com/zadevchat/ping * Subscribe and rate in iTunes - https://itunes.apple.com/za/podcast/zadevchat-podcast/id1057372777
This is a very exciting episode of Linux in the Ham Shack for us. It's so special, that it's a double episode! That's right, it's like getting two episodes in one. Your hosts (one of them new to the program) discuss winter field day, WxBot, the origin of Debian Linux, SSTV using Linux, OpenSSH security [...]
Converting PDF tables (importing into Excel), Presidential candidates and technology (a sorry sight), creating a CD with an ISO file (ImgBurn, Active@ISO Burner), Profiles in IT (Ian Murdock, founder of Debian Linux distribution), Wikepedia turns 15 (WikiMedia politics is troubling), Internet Engineering Task Force (30 years old, rough consensus and running code), developer declares Bitcoin a failure (BitcoinXT fork undermines the future), and Bitcoin blockchain is technology of choice (Open Ledger Project, digital transaction tracking embraced by Wall Street). This show originally aired on Saturday, January 16, 2016, at 9:00 AM EST on WFED (1500 AM).
Converting PDF tables (importing into Excel), Presidential candidates and technology (a sorry sight), creating a CD with an ISO file (ImgBurn, Active@ISO Burner), Profiles in IT (Ian Murdock, founder of Debian Linux distribution), Wikepedia turns 15 (WikiMedia politics is troubling), Internet Engineering Task Force (30 years old, rough consensus and running code), developer declares Bitcoin a failure (BitcoinXT fork undermines the future), and Bitcoin blockchain is technology of choice (Open Ledger Project, digital transaction tracking embraced by Wall Street). This show originally aired on Saturday, January 16, 2016, at 9:00 AM EST on WFED (1500 AM).
What use is an F-call? I've just built myself v1.0 of a Raspberry Pi SDR. It still has some way to go until I can show it off - needs a touch screen, a power supply that runs on 12V, some user interface elements, but the functionality is there. If you're unfamiliar with the nature of a Raspberry Pi, it's a single board computer, the size of a credit card, has Ethernet, USB, HDMI, audio, video and a MicroSD card slot. My version comes with 512Mb of memory. It's 17mm high. This is a tiny fully functional computer. From a geek perspective, it's running a version of Debian Linux, called raspbian. It's the same version of Debian as my main computer, Wheezy, which means that everything you have on your main computer, you could theoretically use on a Raspberry Pi. I've plugged in a USB Television Dongle, one that allows it to be reprogrammed into a versatile receiver. After a little bit of programming, nothing too complex, I can now see wave forms and spectrograms of 2 MHz of bandwidth. I'm aiming to make this enclosed and self-contained, so I can take it with me in the field and use it as a pan-adapter with my Yaesu 857d. So far it's cost me $38 for the Raspberry Pi, $15 for the SDR dongle. I'm waiting for a screen to come back in stock, but in the mean time I've just plugged it into my monitor on my desk. It's only a little hack, but it was fun to do. I'm Onno VK6FLAB
© 2020-2025 Ivy Podcast Discovery LLC
