Podcasts about lagg

Nick asks the big questions. And the little ones, too. But it's not the size that counts... it's what you do with it! This episode contains: - The Waffle, where Nick reveals all about (pot still) sizes around the world - who has the biggest? And who do we mockingly hold up our pinky finger at?; - The Whisky, where we review the inaugural Lagg release - the Isle of Arran's specialty peated distillery; and - Whisky Would You Rather, where Ted offers his two options in duty free! All this and more (including Fiji trips, Melbourne trips, Westward's woes and vomit on Waffle shirts) Please support us on Patreon and get access to drams and bonus content! www.patreon.com/whiskywaffle

On this episode of Scran Rosalind took a trip to Arran to learn a little more about food and drink production on the island.  Her first stop was at Lagg Distillery where Fred Baumgärtner, Brand Home Ambassador and Head Tour Guide showed her around this ultra-modern distillery set atop a cliffside with the most spectacular views. She sat down with Fred and Graham Omand, Distillery Manager to learn more about the liquid and what they've got coming up. From Lagg to Bellevue Farm where Rosalind met Agnes Madden who helps out and Donald Currie who is a sixth generation farmer to work this land. Rosalind got to learn more about their traditional farm and how they have adapted in recent years to work with Lagg as well as welcoming visitors to stay and experience life on the farm. You'll hear mention of Ailsa too - that's Donald's wife. Oh and did she get to hold and feed a baby lamb? You'll have to listen to find out. Finally, where else but to James of Arran? The famous Scottish chocolate brand was Rosalind's final port of call before heading back to the mainland. She met James McChlerey there who told her all about the business. If you would like to find out more about visiting Arran and it's wonderful food and drink please visit www.arransfoodjourney.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Jake and Stevie are back again, and this time they're joined by our good friend Jack Toye, and guess what? He's brought along some Arran! In this winter-themed episode, we dive into the whiskies we've been enjoying recently, perfect for the colder months. Expect a fantastic lineup, including a special Irish whiskey from Cadenhead's, a standout GlenAllachie, a small batch LAGG, and plenty more! Whether you're looking for warming winter drams or just want to hear some unfiltered whisky chat, this episode has you covered. Grab a dram, get cosy, and join us for another round of Whiskies We're Enjoying Right Now! Drams: Cadenheads Enigma Irish Single Malt 10yo 44.3% Infrequent Flyers Glentauchers 11yo 2009 (cask 6254) Arran 11yo single cask Shiraz Finish Craigellachie 11yo Single Oloroso Cask #5191 61.8% Kilkerran 19YO Refill Bourbon 54.1% Warehouse Tasting LAGG PX 2nd Small Batch 56.8% Longrow Cage Bottle This episode is sponsored by Glencairn. Code: UNCUT20 https://glencairn.co.uk/store-premium... Stay in the dram loop! Follow the guys on Instagram: Jake -   / the.whisky.baron  Ian -   / poshscotch  Stevie -   / drampirate  

https://www.whisky.de/p.php?id=LAGG00CO0 Nosing 05:21 Wir verkosten den Lagg Corriecravie Edition. Die Corriecravie Edition ist die zweite Abfüllung der Lagg Distillery, die aus Concerto-Gerstenmalz und Wasser aus dem eigenen Bohrloch hergestellt wird. Die Reifung erfolgt in Bourbonfässern und wird für etwa sechs weitere Monate in Oloroso-Sherry-Hogsheads verfeinert, die direkt von der Bodega Miguel Martin in Jerez bezogen werden. ► Lagg Brennereibesichtigung: https://youtu.be/PE8tfuXaBZw ► Lagg Playlist: https://www.youtube.com/playlist?list=PL0c4kGdVapNTgx9_Ys3C71Q24jP6r-Fva ► Abonnieren: http://www.youtube.com/user/thewhiskystore?sub_confirmation=1 ► Whisky.de Social Media ○ TikTok: https://www.tiktok.com/@whiskyde ○ Instagram: https://www.instagram.com/whisky.de/ ○ Facebook: https://www.facebook.com/Whisky.de/ ○ Twitter / X: https://www.threads.net/@whisky.de ○ Threads: https://www.threads.net/@whisky.de ○ Telegram: https://t.me/whisky_de ► Podcast: https://www.whisky.de/shop/newsletter/#podcast ► Merch: https://whiskyde-fanartikel.creator-spring.com/ Mehr Informationen finden Sie in unserem Shop auf Whisky.de/shop

Roberto har cyklat för Insamlingsstiftelsen för Drottning Silvias barnsjukhus, Robin har börjat förstå detta med Bakka laggår'n. Roberto har hunnit till Italien för att lära sig mer och känna mer av stövellandet och Robin är i full färd med Sockertoppen. Och hur ska svenska idrottare kunna nå toppen utan ett bekosta allt själv? Robin tror sig ha hittat lösningen.

 Join Jake and Jack as they venture to Lagg Distillery on the Isle of Arran for an exclusive episode with Distillery Manager Graham Omand and Brand Home Ambassador Fred Baumgärtner. They delve deep into LAGG whisky, exploring new make spirit, matured expressions, cask types, and the journey of young whisky. This captivating episode was filmed on location at Lagg Distillery, offering a unique behind-the-scenes look into their innovative approach to whisky making. As winners of the Scottish Distillery of the Year award, LAGG showcases their exceptional craftsmanship and dedication to quality. Don't miss out on this insightful exploration of LAGG's craft and character! https://www.laggwhisky.com/ https://www.instagram.com/laggwhisky/ https://www.instagram.com/laggwhiskyfred/ 

Mike and Duncan celebrate hitting fifty episodes and discuss who they would love to share a dram with... Of course there will be some weirdness. Plus we put the Springbank Local Barley 13 and 11 head to head. Which do we prefer? Plus a debrief on a most controversial Lagg handfill 3 year old Sauternes cask whisky. Thanks to Cliff for the song at the end and thank you to everyone who sent in a celebratory message for our episode milestone! Check out the original tune 50 Pence in Da Pub. Check out our ⁠⁠⁠⁠⁠⁠⁠Whisky T-Shirt Shop⁠⁠⁠⁠⁠⁠⁠ with #TumblerClub tees and ones featuring our favourite episode artwork. New whisky t-shirt designs being added regularly. You can also ⁠⁠⁠⁠⁠⁠buy us a dram⁠⁠⁠⁠⁠⁠ if you love the content. Honest to a Malt ⁠⁠⁠⁠⁠⁠⁠podcast website⁠⁠⁠⁠⁠⁠⁠ & blog. Email us on: HonestToAMalt@protonmail.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/honest-to-a-malt/message

Der Lermooser Bürgermeister Stefan Lagg war am Montag zum Thema Fernpasspaket zu Gast bei „Tirol live”. Im Gespräch “TT-Chefredakteur Marco Witting lobte Lagg einerseits die „unbedingt“ notwendige zweite Röhre in Lermoos, bezweifelt aber die Wirkung des geplanten Scheiteltunnels. Vielmehr drängt er auf weitere Maßnahmen. Insbesondere auf eine Umfahrung des Lermooser Talkessels, wenn in zwei bis drei Jahren die Umfahrung Garmisch fertig ist.

In diesem Video lässt Ben Lüning das Jahr 2023 Revue passieren und fasst nochmal die wichtigsten News der Whiskywelt aus dem Jahr 2023 in einem Video zusammen. News und Informationen finden Sie in unserem Shop auf https://www.whisky.de/whisky/aktuelles/nachrichten.html 00:00 Whisky.de News Highlights 00:34 Murray McDavid stellt Rebranding vor 00:50 Powers kreiert den ersten 100 % irischen Rye Whiskey 01:15 „Whiskypilz“ von Jack Daniel's führt zu Beschwerden der Anrainer 01:50 Lagg präsentierte Core Range 02:25 The House of Suntory feiert 100-jähriges Jubiläum 03:05 Sazerac gewinnt Fälschungsklage 03:43 Gordon & MacPhail wird Tätigkeit als unabhängiger Abfüller beenden 04:20 Single Malt Welsh Whisky wurde offizieller Begriff 04:49 Aus Laphroaig Select wird Laphroaig Oak Select 05:20 Isle of Harris enthüllte ersten Single Malt 06:22 Scotch Whisky erhielt Markenschutz in Hongkong 06:39 Waterford veröffentlicht die am stärksten getorften irischen Whiskies 07:11 Cask Whisky Association gegründet zum Schutz der Konsumenten 07:43 Brennereien und Investitionen 07:48 Japan's nördlichste Whiskybrennerei startet Produktion 08:13 Harvest Lodge Distillery erhält Baugenehmigung 08:41 Bluegrass Distillers hat Standort in Kentucky gebaut 09:11 Uilebheist Distillery in Inverness hat eröffnet 09:35 Deerness Distillery auf Orkney gebaut 10:01 Faer Isles Distillery hat Produktion gestartet 10:33 Dalmore möchte Produktion verdoppeln 11:07 Eastern Light Distilling baut Bourbon Standort 11:30 Komoro Distillery hat eröffnet 12:00 König Charles eröffnete 8 Doors Distillery 12:38 Rosebank Distillery hat erstes Fass befüllt 13:14 Whyte & Mackay hat Invergorden ausgebaut 13:42 Ian MacLeod hat neue Lagerhäuser gebaut 14:05 Titanic Distillers haben ersten Whiskey gebrannt 14:33 Port of Leith Distillery hat eröffnet 15:09 Personalwechsel & Sonstiges 15:15 Sarah Burgess wurde Whisky Maker bei Lakes Distillery 15:37 Dr. Jim Beveridge hat neuen Blend kreiert 16:09 Graham Logan ist in den Ruhestand gegangen 16:29 Whisky.de expandiert in die Niederlande 16:59 Whisky.de ist 30 Jahre alt geworden

Det är en lyxvecka för nördar när vi provar amerikansk rågwhisky från Rabbit Hole, en helt unik bourbonlagrad Dalmore och det nya släppet från Arrans rökiga syskon, Lagg Distillery! Skål på dig och ha en trevlig WhiskyVecka

#RJROHAN #RJNALWA #DL935 #BAJATERAHOSee omnystudio.com/listener for privacy information.

Shaft and Kepley seek Lagg's help at The Cliff's Edge  Like our Stuff? Let us know on social media! Connect with us: Twitter: @IncorrigiblePar Instagram: instagram.com/incorrigibleparty Facebook: facebook.com/groups/theincorrigiblepartypodcast/ Website: http://incorrigibleparty.com/ Youtube: The Incorrigible Party YT Twtich: https://www.twitch.tv/incorrigibleparty Support us and get exclusive mini campaign content! https://www.patreon.com/incorrigibleparty Intro Music provided by: Josh Jarvis Contact Josh for your music needs! All other music courtesy of Tabletopaudio.com The Incorrigible Party podcast is sponsored by the amazing and very generous Critical Hit Design!

Arrans whisky har blivit mycket älskad både i Sverige och övriga världen, och det med all rätt! Vi ger oss i kast med Arrans, eller Lochranza som det faktiskt heter, syskondestilleri; Lagg Distillery. Skräddarsytt för att göra kraftigt rökig whisky med inspiration från rökön Islay, och det märks med de 50ppm som de har i sin malt. Vi provar de tre allra första utgåvorna som alla bjuder på en unik och mycket lovande bild av framtiden för rökig whisky från Isle of Arran. Skål på dig och ha en trevlig WhiskyVecka

News und Informationen finden Sie in unserem Shop auf https://www.whisky.de/whisky/aktuelles/nachrichten.html 00:00 Whisky.de News 00:20 NEU: Glenmorangie 12 Jahre Amontillado Finish 00:44 Glengoyne bietet kostenlosen Whisky für wohltätige Zwecke an 01:43 NEU: Kingsbarns Doocot 02:09 Ardbeg 25 Jahre ist wieder erhältlich 02:24 Loch Lomond führt neue Blended Malt-Marke ein - Noble Rebel 02:54 NEU: The Glenrothes 42 Jahre 03:16 NEU: Highland Park 54 Jahre 03:47 Uilebheist Distillery in Inverness hat eröffnet 04:24 Metacask versteigert ein 1988er Macallan-Fass 05:03 NEU: Tobermory 25 Jahre 05:29 NEU: Port Charlotte Islay Barley 2014 05:39 Lagg präsentiert erste Single Malts der Core Range 06:51 Stephanie MacLeod wird Director of Blending “Scotch Whisky” bei Bacardi 07:30 Ca. 350 Flaschen „The Maltman“ und „The Grainman“ gestohlen 08:19 NEU: Waterford Cuvée: Argot 08:50 Mariah Carey kauft den Namen „Black Irish“ 09:40 Irish Distillers kündigt nachhaltige Verpackungsänderungen an 10:10 „Whiskypilz“ von Jack Daniel's führt zu Beschwerden der Anrainer 12:05 Yellowstone bringt ersten Single Malt auf den Markt 12:43 Whiskydestillerie und Dachstuhl der Elch Brauerei von Flammen zerstört 13:16 Alexandrion Group eröffnet zweite Destillerie 14:02 Stauning Whisky Flasche selbst gestalten 14:49 Kurzinterview: John MacKenzie (Distillery Manager - Aberfeldy)

Riprendiamo con le canoniche puntate del Salotto parlando di due film usciti in sala a metà febbraio. Argomenti: 00:00 "Laggù qualcuno mi ama" (Martone, 2023) 22:33 "Chronique d'une liaison passagère" (Mouret, 2022) Il nostro canale Telegram per rimanere sempre aggiornati e comunicare direttamente con noi: https://t.me/SalottoMonogatari Partecipanti: Dario Denta Paolo Torino Simone Malaspina Alessandro Valenti Anchor: https://anchor.fm/salotto-monogatari Spotify: https://open.spotify.com/show/2QtzE9ur6O1qE3XbuqOix0?si=mAN-0CahRl27M5QyxLg4cw Apple Podcasts: https://podcasts.apple.com/it/podcast/salotto-monogatari/id1503331981 Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8xNmM1ZjZiNC9wb2RjYXN0L3Jzcw== Logo creato da: Massimo Valenti Sigla e post-produzione a cura di: Alessandro Valenti / Simone Malaspina Per il jingle della sigla si ringraziano: Alessandro Corti e Gianluca Nardo

28 Distillery Visits. 11 Countries. 13 Months.In this episode, we sit down with Richard Nicholson, founder of the New Zealand Rum Society and your fellow Rumcast listener, to unpack what can only be described as a rum journey of epic proportions. Richard spent 13 months on the road taking 28 distillery visits, attending numerous rum festivals, and visiting three of his own personal rum "Holy Grail" destinations, from Barbados to Martinique to Guadeloupe to Madeira to Scotland and beyond. In addition to pulling as many rum travel tips out of Richard as we could, we also went deep into his on-the-ground exploration of rhum agricole and all of the delightful surprises it has to offer right now, his trip into the cellars of the Main Rum Company, and much more, including:How he went about planning this rum odyssey in the first placeHis #1 "run, don't walk" destination for other rum enthusiasts based on his journeyThe magic of Marie-Galante rumsCane juice rums more people should be talking aboutAdventures at rum festivals across EuropeThe ins and outs of Madeira rumAnd moreYou can follow Richard and his adventures with the New Zealand Rum Society here on Instagram. You can also check out the New Zealand Rum Society on Facebook. Also, if you're curious to see the complete list of distilleries Richard visited, here it is:Barbados x3: Foursquare, Mount Gay, St. Nicholas AbbeyMartinique x8: Depaz, La Favourite, La Mauny/Trois-Rivières, Neisson, Rhum JM, Saint James/J Bally, A1710, HSE (aging/bottling didn't get to Usine du Simone)Guadeloupe x6: Bologne, Damoiseau, Kurakera/Longueteau, Montebello, Reimonenq, Papa RouyoMarie Galante x3: Bielle, Poisson (Père Labat)/Rhum Rhum, Domaine de BellevueMadeira x5: O'Reizinho, Engenhos do Norte, Engenhos da Calheta, Engeno Novo (William Hinton), Florentino Izildo de Gouveia FerreiraAmsterdam: Rummie ClubScotland: NinefoldScotland (Scotch distilleries): Arran, Lagg, Springbank, Glengyle, Glen ScotiaP.S. Did you know you can support The Rumcast on Patreon now and get bonus episodes, happy hours, and more? You can! Head to patreon.com/therumcast to check it out.

Après un grand Coup de Cœur / Coup de Gueule, on aborde les Game Awards à venir, les chiffres de Nintendo, et la rédaction de Gamekult qui démissionne

Los primeros días de la operación Barbarroja, fueron terribles para la Unión Soviética, en todos los sentidos. En el frente del aire, cientos de sus aparatos quedaron pulverizados ante los ataques continuos de bombarderos en picado alemanes. Otros tantos fueron abatidos en combates aéreos. Sin embargo, pese a tales pérdidas, los soviéticos pudieron recomponerse de manera paulatina hasta disputar, con éxito, el dominio de los cielos, que hasta entonces, había mantenido la Luftwaffe. Pronto empezaron a verse con mayor frecuencia aeronaves como los Yakovlev 9 o los Ilyushin Il 4 y un avión que, pese a algunas limitaciones iniciales, provocaría no pocos problemas a los alemanes: el Lavochkin La-5. Bienvenidos historiadores, a una entrega más de la sección “Máquina de Guerra”, donde hablaremos sobre este caza soviético (y sobre su variante inmediatamente posterior), que ha sido eclipsado en fama mas no en importancia, por otros modelos contemporáneos. Una aeronave que además, fue tripulada por el mejor as de combate en el bando Aliado de la Segunda Guerra Mundial. Sin más dilación, comencemos. Guion: Bruno de Gante Narración: Ricardo Rodríguez ¡Únete a nuestro Patreon para obtener beneficios increíbles y ayudarnos a crecer! https://www.patreon.com/hchistoriacontemporanea Redes Sociales y Blog Blog: https://hchistoriacontemporanea.com/blog Facebook: https://www.facebook.com/historiacontemporanea1987​ Grupo de Facebook: https://www.facebook.com/groups/historiacontemporanea.1987 Instagram: https://www.instagram.com/hchistoriacontemporanea.1987/ Twitter: https://twitter.com/HcHistoria Pinterest: https://www.pinterest.com.mx/hchistoria Anchor: https://anchor.fm/hc-historia-contemporanea Contacto: historiacontemporanea.1987@gmail.com Música: Tower. Halo Infinite (OST) Fuentes consultadasLiss W. (1967) “The Lavochkin La 5 & 7”. Profile Publications. n. 149. 12 p.Mellinger G. (2003). LaGG & Lavochkin. Aces of World War 2. Oxford: Osprey Publishing.Stapfer H. H. (1996) “LaGG Fighters in Action”. Aircraft. n. 163, 52 p. Weal E. (1978) Aviones de Combate de la Segunda Guerra Mundial. Madrid: San Martin. #sovietunion #soviet #ww2 #airplane #aeronave #guerra --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/hc-historia-contemporanea/message

Here in conversation with Joga we tried to convey message to newcomers that don't give up so easily, people before you endured lot and with time achieved everything. Stay calm & on track, everything will fall in line. https://anchor.fm/ohisaabi/subscribe

https://www.whisky.de/p.php?id=LAGG00B10 Nosing 04:14 Wir verkosten den Lagg Batch 1. Für das erste Batch aus der Lagg Distillery wurde gemälzte Concerto Gerste verwendet und auf 50 ppm in den Kilns getorft. Das Quellwasser für die Herstellung stammt aus einem Bohrloch auf dem Brennereigelände. Der Single Malt wird in erstbefüllten und Ex-Bourbonfässern gereift ehe er ohne Kühlfilterung und ohne Zugabe von Farbe mit 50% vol. in Flaschen abgefüllt wird. Jetzt auch als Podcast: https://www.whisky.de/shop/newsletter/#podcast Geschmacksbeschreibungen und Informationen finden Sie in unserem Shop auf Whisky.de Abonnieren: http://www.youtube.com/user/thewhiskystore?sub_confirmation=1 Instagram: https://www.instagram.com/whisky.de/ Telegram: https://t.me/whisky_de Merch: https://whiskyde-fanartikel.creator-spring.com/

News und Informationen finden Sie in unserem Shop auf https://www.whisky.de/whisky/aktuelles/nachrichten.html 00:14 The Macallan veröffentlicht James Bond 60th Anniversary Release 00:38 Fettercairn stellt ihren neuen 18-jährigen Single Malt vor 00:57 Aberfeldy erweitert die Red Wine Cask Collection um 2 neue Limited Editions 01:26 The Cairn Distillery von Gordon & MacPhail ist fertiggestellt 01:55 Diageo hat die Special Releases 2022 enthüllt 02:21 Glendronach veröffentlicht GlenDronach Grandeur Batch 11 – 28 Jahre 02:44 Tomatin bringt den ersten Cù Bòcan mit Altersangabe auf den Markt: Cù Bòcan 15 Jahre 03:14 Lagg Distillery veröffentlicht ihren ersten Single Malt 03:52 Dewar‘s bringt neuen 12-jährigen Blended Scotch Whisky auf den Markt 04:13 Neu: Monkey Musk – das Whisky-Parfum von Monkey Shoulder 04:59 Titanic Distillery steht nach 7,6 Millionen Pfund-Investition kurz vor Eröffnung im Titanic Pump House 05:44 NEU: Wild Turkey Master's Keep Unforgotten 06:28 NEU: Suntory Hibiki Blossom Harmony 07:05 Kurzinterview mit Mark Giesler - Deutscher Brand Amabassador Laphroaig

UPPRINGD OCH UTSKÄLLD – IGEN! Vi ställer oss frågan: Hur blandar man egentligen whisky? David har provat både på High Coast och nyligen på Springbank. Vidare avhandlas Bung extractorn och därefter avlägger vi visit på Lagg distillery. Vi avslutar med lyssnarstorm. Vad var det i glaset? Mathias drack vatten och David en nioårig Ben Nevis från Cadenhead's som nästan exakt motsvarar denna för alkoholhalten har är inte precis likadan: https://www.whiskybase.com/whiskies/whisky/212301/ben-nevis-2012-ca …och Jeroen pimplade Mackmyra Limousin: https://www.systembolaget.se/produkt/sprit/mackmyra-5536001/ Här Davids smaknoter på den, om intresse finnes: https://tjederswhisky.se/tva-aktuella-myror/ Hur blandar man whisky? Springbanks Barley to bottle tour: https://www.springbank.scot/product/barley-to-bottle-tour/ High Coast whiskyakademi: https://highcoastwhisky.se/whiskyakademi/ The Ten som La maison du whisky åtminstone tidigare gav ut: https://www.whiskynotes.be/2011/whisky-news/the-ten/ Det var ingen skribent David glömde men däremot var ju faktiskt Jonas Tonell på Symposion också med på resan. Förlåt Jonas! En ruggigt bra artikel om detta med att blanda till whisky: https://whiskyanalysis.com/index.php/background/scotch-style-whiskies-single-malts-vs-blends/ Bruce Perry heter mycket riktigt representanten för destilleriet Torabhaig: https://bartendersbusiness.com/en/articles/interviews-2/everything-we-do-is-a-team-effort-says-bruce-perry-305.htm Kolla också: https://scotchwhisky.com/whiskypedia/12009/torabhaig/ Torabhaigs hemsida: https://www.torabhaig.com/ Veckans ord: bung extractor Kolla här: https://www.stortz.com/product/bung-puller/ Veckans destilleri: Lagg https://www.laggwhisky.com/ Kolla också här: https://distiller.com/articles/lagg-distillery Och här: https://scotchwhisky.com/magazine/interviews/five-minutes-with/16923/five-minutes-with-euan-mitchell-isle-of-arran-distillers/ Till sist, ett köptips (igen, vi måste ju kolla om Mathias tittar på våra shownotes!): https://www.olw.se/product/ostbagar-cheez-doodles-deluxe-stilton/ Här når du oss: En trea whisky på Facebook (https://www.facebook.com/entreawhisky) Maila till oss på hej@entreawhisky.se Davids blogg tjederswhisky.se (https://www.tjederswhisky.se) Följ oss på Instagram: https://www.instagram.com/entreawhisky Bli medlem! https://entreawhisky.memberful.com/checkout?plan=74960

This week it’s off to the stunning Isle of Arran that is home to two very different and impressive distilleries. In this 17th episode Inka & Jen are delighted to host Mariella to discuss her role, discover what the distilleries have to offer and chat about Jens recent jaunt to the Island. The Whisky Sisters … More Arran & Lagg Whisky with Global Brand Ambassador Mariella Romano

We're back on the Isle of Arran – we really love this little island! And no! Even though we greatly enjoy our chats with Andy Bell of Lochranza Distillery, we don't have him on the podcast this time – and actually this episode is not even about Lochranza Distillery.Instead, we will focus on the Isle of Arran's newest gem: Lagg Distillery (what a beautiful place!!).We travelled all the way to the south end of Arran, straight into the Scottish Lowlands (wait, really?!) to talk to Lagg's distillery manager Graham Omand. Of course, we also discussed the Lowlands, Highlands, Islands topic – because things are not as clear-cut for Lagg Distillery as for most other Scottish whisky producers, but Graham will happily tell you more about this topic – listen for yourself.Furthermore, find out more about Graham – the Islay man on Arran –, about the venture of setting up a new distillery, about Lagg's inaugural releases and about what Donkey Kong and Super Mario have to do with them. Of course, that's not all and there is a lot more to learn and discover…… So pour a dram, lean back, tune in and get to know Graham Omand and Lagg Distillery.

Välkommen till en lektion i vardagsgrammatik. På schemat: ordföljd i bisats, prepositionsobjekts relation till adjektiv, adjektiviska pronomen och nya former av preteritum. Veckans språkfrågor Varför kan man säga jag är arg på dig men inte jag är kär på dig? Eller varför fungerar adjektiv ihop med prepositionsobjekt på olika sätt? Varför sätts "inte" före första verbet i svenska bisatser? Håller det på att skapas en ny preteritumform av lägga? Lagg istället för la? Heter det en eller ett rap? Varför är det inte rätt att skriva min egna soffa? Hur fungerar adjektiviska pronomen? Språkvetare Henrik Rosenkvist, professor i nordiska språk vid Göteborgs universitet. Programledare Emmy Rasper.

6G är nästa generations mobilnät. Varför är det så viktigt att 6G löser bra samhällsproblem och teknikproblem samtidigt? Och vilka problem är det?

Angus Adamson is an Arranach. He was born and brought-up on Arran. We recorded a conversation the last week I lived there and it was a delight to hear the story of his connection to the island, its people and how he's served the community in one way or another all his working days. Angus has been a mechanic, a fire-fighter and a Church of Scotland Minister. There are only two characters in this story. You'll hear only two voices - Angus and the island of Arran. Angus and I spoke in his front room, but the island speaks through the sounds of wild-track I've recorded in the environment over the years. 

Angus Adamson is an Arranach. He was born and brought-up on Arran. We recorded a conversation the last week I lived there and it was a delight to hear the story of his connection to the island, its people and how he’s served the community in one way or another all his working days. Angus has been a mechanic, a fire-fighter and a Church of Scotland Minister. There are only two characters in this story. You’ll hear only two voices - Angus and the island of Arran. Angus and I spoke in his front room, but the island speaks through the sounds of wild-track I’ve recorded in the environment over the years. 

Angus Adamson is an Arranach. He was born and brought-up on Arran. We recorded a conversation the last week I lived there and it was a delight to hear the story of his connection to the island, its people and how he’s served the community in one way or another all his working days. Angus has been a mechanic, a fire-fighter and a Church of Scotland Minister. There are only two characters in this story. You’ll hear only two voices - Angus and the island of Arran. Angus and I spoke in his front room, but the island speaks through the sounds of wild-track I’ve recorded in the environment over the years. 

The SMWS paid a visit in early 2019 to the Isle of Arran to check on the progress of the new Lagg distillery on the south of the island, which will be the 'peated' sister to Lochranza distillery in the north.

Elon Musk får in $500 miljoner för att fixa internet från rymden. Men vad händer när vi ska ha internet i rymden då? #rockingthedigitallife #spacex #latency #fidonet

It's been a hot, dry summer in Scotland, and Euan Mitchell isn't complaining a bit. The managing director of Isle of Arran Distillers is overseeing construction of a second distillery at Lagg on the island's southern coast, and the weather is allowing work to be completed right on schedule. Lagg's stills are scheduled to arrive on the island this week, and plans are still in place for the distillery to begin production in January. We'll catch up on Lagg's progress and changes at Arran with Euan Mitchell on WhiskyCast In-Depth. In the news, whisky auctions Friday brought out bidders in Scotland and Hong Kong, with one rare Japanese single malt selling for more than $340,000! We'll also have details on a rare traffic jam in Speyside as would-be collectors jammed the gates at The Macallan hours before a rare single malt went on sale at the distillery. 

Consultazioni italiane e politica internazionale

(Avsnitt)

This week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie's paper on the evolution of Unix Time Sharing, have an Interview with Kris This episode was brought to you by OpenBSD 6.1 RELEASED (http://undeadly.org/cgi?action=article&sid=20170411132956) Mailing list post (https://marc.info/?l=openbsd-announce&m=149191716921690&w=2') We are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release. New/extended platforms: New arm64 platform, using clang(1) as the base system compiler. The loongson platform now supports systems with Loongson 3A CPU and RS780E chipset. The following platforms were retired: armish, sparc, zaurus New vmm(4)/ vmd(8) IEEE 802.11 wireless stack improvements Generic network stack improvements Installer improvements Routing daemons and other userland network improvements Security improvements dhclient(8)/ dhcpd(8)/ dhcrelay(8) improvements Assorted improvements OpenSMTPD 6.0.0 OpenSSH 7.4 LibreSSL 2.5.3 mandoc 1.14.1 *** Fuzz Testing OpenSSH (http://vegardno.blogspot.ca/2017/03/fuzzing-openssh-daemon-using-afl.html) Vegard Nossum writes a blog post explaining how to fuzz OpenSSH using AFL It starts by compiling AFL and SSH with LLVM to get extra instrumentation to make the fuzzing process better, and faster Sandboxing, PIE, and other features are disabled to increase debuggability, and to try to make breaking SSH easier Privsep is also disabled, because when AFL does make SSH crash, the child process crashing causes the parent process to exit normally, and AFL then doesn't realize that a crash has happened. A one-line patch disables the privsep feature for the purposes of testing A few other features are disabled to make testing easier (disabling replay attack protection allows the same inputs to be reused many times), and faster: the local arc4random_buf() is patched to return a buffer of zeros disabling CRC checks disabling MAC checks disabling encryption (allow the NULL cipher for everything) add a call to _AFLINIT(), to enable “deferred forkserver mode” disabling closefrom() “Skipping expensive DH/curve and key derivation operations” Then, you can finally get around to writing some test cases The steps are all described in detail In one day of testing, the author found a few NULL dereferences that have since been fixed. Maybe you can think of some other code paths through SSH that should be tested, or want to test another daemon *** Getting OpenBSD running on Raspberry Pi 3 (http://undeadly.org/cgi?action=article&sid=20170409123528) Ian Darwin writes in about his work deploying the arm64 platform and the Raspberry Pi 3 So I have this empty white birdhouse-like thing in the yard, open at the front. It was intended to house the wireless remote temperature sensor from a low-cost weather station, which had previously been mounted on a dark-colored wall of the house [...]. But when I put the sensor into the birdhouse, the signal is too weak for the weather station to receive it (the mounting post was put in place by a previous owner of our property, and is set deeply in concrete). So the next plan was to pop in a tiny OpenBSD computer with a uthum(4) temperature sensor and stream the temperature over WiFi. The Raspberry Pi computers are interesting in their own way: intending to bring low-cost computing to everybody, they take shortcuts and omit things that you'd expect on a laptop or desktop. They aren't too bright on their own: there's very little smarts in the board compared to the "BIOS" and later firmwares on conventional systems. Some of the "smarts" are only available as binary files. This was part of the reason that our favorite OS never came to the Pi Party for the original rpi, and didn't quite arrive for the rpi2. With the rpi3, though, there is enough availability that our devs were able to make it boot. Some limitations remain, though: if you want to build your own full release, you have to install the dedicated raspberrypi-firmware package from the ports tree. And, the boot disks have to have several extra files on them - this is set up on the install sets, but you should be careful not to mess with these extra files until you know what you're doing! But wait! Before you read on, please note that, as of April 1, 2017, this platform boots up but is not yet ready for prime time: there's no driver for SD/MMC but that's the only thing the hardware can level-0 boot from, so you need both the uSD card and a USB disk, at least while getting started; there is no support for the built-in WiFi (a Broadcom BCM43438 SDIO 802.11), so you have to use wired Ethernet or a USB WiFi dongle (for my project an old MSI that shows up as ural(4) seems to work fine); the HDMI driver isn't used by the kernel (if a monitor is plugged in uBoot will display its messages there), so you need to set up cu with a 3V serial cable, at least for initial setup. the ports tree isn't ready to cope with the base compiler being clang yet, so packages are "a thing of the future" But wait - there's more! The "USB disk" can be a USB thumb drive, though they're generally slower than a "real" disk. My first forays used a Kingston DTSE9, the hardy little steel-cased version of the popular DataTraveler line. I was able to do the install, and boot it, once (when I captured the dmesg output shown below). After that, it failed - the boot process hung with the ever-unpopular "scanning usb for storage devices..." message. I tried the whole thing again with a second DTSE9, and with a 32GB plastic-cased DataTraveler. Same results. After considerable wasted time, I found a post on RPI's own site which dates back to the early days of the PI 3, in which they admit that they took shortcuts in developing the firmware, and it just can't be made to work with the Kingston DataTraveler! Not having any of the "approved" devices, and not living around the corner from a computer store, I switched to a Sabrent USB dock with a 320GB Western Digital disk, and it's been rock solid. Too big and energy-hungry for the final project, but enough to show that the rpi3 can be solid with the right (solid-state) disk. And fast enough to build a few simple ports - though a lot will not build yet. I then found and installed OpenBSD onto a “PNY” brand thumb drive and found it solid - in fact I populated it by dd'ing from one of the DataTraveller drives, so they're not at fault. Check out the full article for detailed setup instructions *** Dennis M. Ritchie's Paper: The Evolution of the Unix Time Sharing System (http://www.read.seas.harvard.edu/~kohler/class/aosref/ritchie84evolution.pdf) From the abstract: This paper presents a brief history of the early development of the Unix operating system. It concentrates on the evolution of the file system, the process-control mechanism, and the idea of pipelined commands. Some attention is paid to social conditions during the development of the system. During the past few years, the Unix operating system has come into wide use, so wide that its very name has become a trademark of Bell Laboratories. Its important characteristics have become known to many people. It has suffered much rewriting and tinkering since the first publication describing it in 1974 [1], but few fundamental changes. However, Unix was born in 1969 not 1974, and the account of its development makes a little-known and perhaps instructive story. This paper presents a technical and social history of the evolution of the system. High level document structure: Origins The PDP-7 Unix file system Process control IO Redirection The advent of the PDP-11 The first PDP-11 system Pipes High-level languages Conclusion One of the comforting things about old memories is their tendency to take on a rosy glow. The programming environment provided by the early versions of Unix seems, when described here, to be extremely harsh and primitive. I am sure that if forced back to the PDP-7 I would find it intolerably limiting and lacking in conveniences. Nevertheless, it did not seem so at the time; the memory fixes on what was good and what lasted, and on the joy of helping to create the improvements that made life better. In ten years, I hope we can look back with the same mixed impression of progress combined with continuity. Interview - Kris Moore - kris@trueos.org (mailto:kris@trueos.org) | @pcbsdkris (https://twitter.com/pcbsdkris) Director of Engineering at iXSystems FreeNAS News Roundup Compressed zfs send / receive now in FreeBSD's vendor area (https://svnweb.freebsd.org/base?view=revision&revision=316894) Andriy Gapon committed a whole lot of ZFS updates to FreeBSD's vendor area This feature takes advantage of the new compressed ARC feature, which means blocks that are compressed on disk, remain compressed in ZFS' RAM cache, to use the compressed blocks when using ZFS replication. Previously, blocks were uncompressed, sent (usually over the network), then recompressed on the other side. This is rather wasteful, and can make the process slower, not just because of the CPU time wasted decompressing/recompressing the data, but because it means more data has to be sent over the network. This caused many users to end up doing: zfs send | xz -T0 | ssh unxz | zfs recv, or similar, to compress the data before sending it over the network. With this new feature, zfs send with the new -c flag, will transmit the already compressed blocks instead. This change also adds longopts versions of all of the zfs send flags, making them easier to understand when written in shell scripts. A lot of fixes, man page updates, etc. from upstream OpenZFS Thanks to everyone who worked on these fixes and features! We'll announce when these have been committed to head for testing *** Granting privileges using the FreeBSD MAC framework (https://mysteriouscode.io/blog/granting-privileges-using-mac-framework/) The MAC (Mandatory Access Control) framework allows finer grained permissions than the standard UNIX permissions that exist in the base system FreeBSD's kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I'll show how to leverage it to grant access to specific privileges to group of non-root users. mac(9) allows creating pluggable modules with policies that can extend existing base system security definitions. struct macpolicyops consist of many entry points that we can use to amend the behaviour. This time, I wanted to grant a privilege to change realtime priority to a selected group. While Linux kernel lets you specify a named group, FreeBSD doesn't have such ability, hence I created this very simple policy. The privilege check can be extended using two user supplied functions: privcheck and privgrant. The first one can be used to further restrict existing privileges, i.e. you can disallow some specific priv to be used in jails, etc. The second one is used to explicitly grant extra privileges not available for the target in base configuration. The core of the macrtprio module is dead simple. I defined sysctl tree for two oids: enable (on/off switch for the policy) and gid (the GID target has to be member of), then I specified our custom version of mpoprivgrant called rtprioprivgrant. Body of my granting function is even simpler. If the policy is disabled or the privilege that is being checked is not PRIVSCHED_RTPRIO, we simply skip and return EPERM. If the user is member of the designated group we return 0 that'll allow the action – target would change realtime privileges. Another useful thing the MAC framework can be used to grant to non-root users: PortACL: The ability to bind to TCP/UDP ports less than 1024, which is usually restricted to root. Some other uses for the MAC framework are discussed in The FreeBSD Handbook (https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html) However, there are lots more, and we would really like to see more tutorials and documentation on using MAC to make more secure servers, but allowing the few specific things that normally require root access. *** The Story of the PING Program (http://ftp.arl.army.mil/~mike/ping.html) This is from the homepage of Mike Muuss: Yes, it's true! I'm the author of ping for UNIX. Ping is a little thousand-line hack that I wrote in an evening which practically everyone seems to know about. :-) I named it after the sound that a sonar makes, inspired by the whole principle of cho-location. In college I'd done a lot of modeling of sonar and radar systems, so the "Cyberspace" analogy seemed very apt. It's exactly the same paradigm applied to a new problem domain: ping uses timed IP/ICMP ECHOREQUEST and ECHOREPLY packets to probe the "distance" to the target machine. My original impetus for writing PING for 4.2a BSD UNIX came from an offhand remark in July 1983 by Dr. Dave Mills while we were attending a DARPA meeting in Norway, in which he described some work that he had done on his "Fuzzball" LSI-11 systems to measure path latency using timed ICMP Echo packets. In December of 1983 I encountered some odd behavior of the IP network at BRL. Recalling Dr. Mills' comments, I quickly coded up the PING program, which revolved around opening an ICMP style SOCKRAW AFINET Berkeley-style socket(). The code compiled just fine, but it didn't work -- there was no kernel support for raw ICMP sockets! Incensed, I coded up the kernel support and had everything working well before sunrise. Not surprisingly, Chuck Kennedy (aka "Kermit") had found and fixed the network hardware before I was able to launch my very first "ping" packet. But I've used it a few times since then. grin If I'd known then that it would be my most famous accomplishment in life, I might have worked on it another day or two and added some more options. The folks at Berkeley eagerly took back my kernel modifications and the PING source code, and it's been a standard part of Berkeley UNIX ever since. Since it's free, it has been ported to many systems since then, including Microsoft Windows95 and WindowsNT. In 1993, ten years after I wrote PING, the USENIX association presented me with a handsome scroll, pronouncing me a Joint recipient of The USENIX Association 1993 Lifetime Achievement Award presented to the Computer Systems Research Group, University of California at Berkeley 1979-1993. ``Presented to honor profound intellectual achievement and unparalleled service to our Community. At the behest of CSRG principals we hereby recognize the following individuals and organizations as CSRG participants, contributors and supporters.'' Wow! The best ping story I've ever heard was told to me at a USENIX conference, where a network administrator with an intermittent Ethernet had linked the ping program to his vocoder program, in essence writing: ping goodhost | sed -e 's/.*/ping/' | vocoder He wired the vocoder's output into his office stereo and turned up the volume as loud as he could stand. The computer sat there shouting "Ping, ping, ping..." once a second, and he wandered through the building wiggling Ethernet connectors until the sound stopped. And that's how he found the intermittent failure. FreeBSD: /usr/local/lib/libpkg.so.3: Undefined symbol "utimensat" (http://glasz.org/sheeplog/2017/02/freebsd-usrlocalliblibpkgso3-undefined-symbol-utimensat.html) The internet will tell you that, of course, 10.2 is EOL, that packages are being built for 10.3 by now and to better upgrade to the latest version of FreeBSD. While all of this is true and running the latest versions is generally good advise, in most cases it is unfeasible to do an entire OS upgrade just to be able to install a package. Points out the ABI variable being used in /usr/local/etc/pkg/repos/FreeBSD.conf Now, if you have 10.2 installed and 10.3 is the current latest FreeBSD version, this url will point to packages built for 10.3 resulting in the problem that, when running pkg upgrade pkg it'll go ahead and install the latest version of pkg build for 10.3 onto your 10.2 system. Yikes! FreeBSD 10.3 and pkgng broke the ABI by introducing new symbols, like utimensat. The solution: Have a look at the actual repo url http://pkg.FreeBSD.org/FreeBSD:10:amd64… there's repo's for each release! Instead of going through the tedious process of upgrading FreeBSD you just need to Use a repo url that fits your FreeBSD release: Update the package cache: pkg update Downgrade pkgng (in case you accidentally upgraded it already): pkg delete -f pkg pkg install -y pkg Install your package There you go. Don't fret. But upgrade your OS soon ;) Beastie Bits CPU temperature collectd report on NetBSD (https://imil.net/blog/2017/01/22/collectd_NetBSD_temperature/) Booting FreeBSD 11 with NVMe and ZFS on AMD Ryzen (https://www.servethehome.com/booting-freebsd-11-nvme-zfs-amd-ryzen/) BeagleBone Black Tor relay (https://torbsd.github.io/blog.html#busy-bbb) FreeBSD - Disable in-tree GDB by default on x86, mips, and powerpc (https://reviews.freebsd.org/rS317094) CharmBUG April Meetup (https://www.meetup.com/CharmBUG/events/238218742/) The origins of XXX as FIXME (https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/) *** Feedback/Questions Felis - L2ARC (http://dpaste.com/2APJE4E#wrap) Gabe - FreeBSD Server Install (http://dpaste.com/0BRJJ73#wrap) FEMP Script (http://dpaste.com/05EYNJ4#wrap) Scott - FreeNAS & LAGG (http://dpaste.com/1CV323G#wrap) Marko - Backups (http://dpaste.com/3486VQZ#wrap) ***

This week on the show, we've got all sorts of goodies to discuss. Starting with, vmm, vkernels, raspberry pi and much more! Some iX folks are visiting from out of This episode was brought to you by Headlines vmm enabled (http://undeadly.org/cgi?action=article&sid=20161012092516&mode=flat&count=15) VMM, the OpenBSD hypervisor, has been imported into current It has similar hardware requirements to bhyve, a Intel Nehalem or newer CPU with the hardware virtualization features enabled in the BIOS AMD support has not been started yet OpenBSD is the only supported guest It would be interesting to hear from viewers that have tried it, and hear how it does, and what still needs more work *** vkernels go COW (http://lists.dragonflybsd.org/pipermail/commits/2016-October/624675.html) The DragonflyBSD feature, vkernels, has gained a new Copy-On-Write functionality Disk images can now be mounted RO or RW, but changes will not be written back to the image file This allows multiple vkernels to share the same disk image “Note that when the vkernel operates on an image in this mode, modifications will eat up system memory and swap, so the user should be cognizant of the use-case. Still, the flexibility of being able to mount the image R+W should not be underestimated.” This is another feature we'd love to hear from viewers that have tried it out. *** Basic support for the RPI3 has landed in FreeBSD-CURRENT (https://wiki.freebsd.org/arm64/rpi3) The long awaited bits to allow FreeBSD to boot on the Raspberry Pi 3 have landed There is still a bit of work to be done, some of the as mentioned in Oleksandr's blog post: Raspberry Pi support in HEAD (https://kernelnomicon.org/?p=690) “Raspberry Pi 3 limited support was committed to HEAD. Most of drivers should work with upstream dtb, RNG requires attention because callout mode seems to be broken and there is no IRQ in upstream device tree file. SMP is work in progress. There are some compatibility issue with VCHIQ driver due to some assumptions that are true only for ARM platform. “ This is exciting work. No HDMI support (yet), so if you plan on trying this out make sure you have your USB->Serial adapter cables ready to go. Full Instructions to get started with your RPI 3 can be found on the FreeBSD Wiki (https://wiki.freebsd.org/arm64/rpi3) Relatively soon, I imagine there will be a RaspBSD build for the RPI3 to make it easier to get started Eventually there will be official FreeBSD images as well *** OpenBSD switches softraid crypto from PKCS5 PBKDF2 to bcrypt PBKDF. (https://github.com/openbsd/src/commit/2ba69c71e92471fe05f305bfa35aeac543ebec1f) After the discussion a few weeks ago when a user wrote a tool to brute force their forgotten OpenBSD Full Disk Encryption password (from a password list of possible variations of their password), it was discovered that OpenBSD defaulted to using just 8192 iterations of PKCSv5 for the key derivation function with a SHA1-HMAC The number of iterations can be manually controlled by the user when creating the softraid volume By comparison, FreeBSDs GELI full disk encryption used a benchmark to pick a number of iterations that would take more than 2 seconds to complete, generally resulting in a number of iterations over 1 million on most modern hardware. The algorithm is based on a SHA512-HMAC However, inefficiency in the implementation of PKCSv5 in GELI resulted in the implementation being 50% slower than some other implementations, meaning the effective security was only about 1 second per attempt, rather than the intended 2 seconds. The improved PKCSv5 implementation is out for review currently. This commit to OpenBSD changes the default key derivation function to be based on bcrypt and a SHA512-HMAC instead. OpenBSD also now uses a benchmark to pick a number of of iterations that will take approximately 1 second per attempt “One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using application-specific integrated circuits or graphics processing units relatively cheap. The bcrypt key derivation function requires a larger amount of RAM (but still not tunable separately, i. e. fixed for a given amount of CPU time) and is slightly stronger against such attacks, while the more modern scrypt key derivation function can use arbitrarily large amounts of memory and is therefore more resistant to ASIC and GPU attacks.” The upgrade to the bcrypt, which has proven to be quite resistant to cracking by GPUs is a significant enhancement to OpenBSDs encrypted softraid feature *** Interview - Josh Paetzel - email@email (mailto:email@email) / @bsdunix4ever (https://twitter.com/bsdunix4ever) MeetBSD ZFS Panel FreeNAS - graceful network reload Pxeboot *** News Roundup EC2's most dangerous feature (http://www.daemonology.net/blog/2016-10-09-EC2s-most-dangerous-feature.html) Colin Percival, FreeBSD's unofficial EC2 maintainer, has published a blog post about “EC2's most dangerous feature” “As a FreeBSD developer — and someone who writes in C — I believe strongly in the idea of "tools, not policy". If you want to shoot yourself in the foot, I'll help you deliver the bullet to your foot as efficiently and reliably as possible. UNIX has always been built around the idea that systems administrators are better equipped to figure out what they want than the developers of the OS, and it's almost impossible to prevent foot-shooting without also limiting useful functionality. The most powerful tools are inevitably dangerous, and often the best solution is to simply ensure that they come with sufficient warning labels attached; but occasionally I see tools which not only lack important warning labels, but are also designed in a way which makes them far more dangerous than necessary. Such a case is IAM Roles for Amazon EC2.” “A review for readers unfamiliar with this feature: Amazon IAM (Identity and Access Management) is a service which allows for the creation of access credentials which are limited in scope; for example, you can have keys which can read objects from Amazon S3 but cannot write any objects. IAM Roles for EC2 are a mechanism for automatically creating such credentials and distributing them to EC2 instances; you specify a policy and launch an EC2 instance with that Role attached, and magic happens making time-limited credentials available via the EC2 instance metadata. This simplifies the task of creating and distributing credentials and is very convenient; I use it in my FreeBSD AMI Builder AMI, for example. Despite being convenient, there are two rather scary problems with this feature which severely limit the situations where I'd recommend using it.” “The first problem is one of configuration: The language used to specify IAM Policies is not sufficient to allow for EC2 instances to be properly limited in their powers. For example, suppose you want to allow EC2 instances to create, attach, detach, and delete Elastic Block Store volumes automatically — useful if you want to have filesystems automatically scaling up and down depending on the amount of data which they contain. The obvious way to do this is would be to "tag" the volumes belonging to an EC2 instance and provide a Role which can only act on volumes tagged to the instance where the Role was provided; while the second part of this (limiting actions to tagged volumes) seems to be possible, there is no way to require specific API call parameters on all permitted CreateVolume calls, as would be necessary to require that a tag is applied to any new volumes being created by the instance.” “As problematic as the configuration is, a far larger problem with IAM Roles for Amazon EC2 is access control — or, to be more precise, the lack thereof. As I mentioned earlier, IAM Role credentials are exposed to EC2 instances via the EC2 instance metadata system: In other words, they're available from http://169.254.169.254/. (I presume that the "EC2ws" HTTP server which responds is running in another Xen domain on the same physical hardware, but that implementation detail is unimportant.) This makes the credentials easy for programs to obtain... unfortunately, too easy for programs to obtain. UNIX is designed as a multi-user operating system, with multiple users and groups and permission flags and often even more sophisticated ACLs — but there are very few systems which control the ability to make outgoing HTTP requests. We write software which relies on privilege separation to reduce the likelihood that a bug will result in a full system compromise; but if a process which is running as user nobody and chrooted into /var/empty is still able to fetch AWS keys which can read every one of the objects you have stored in S3, do you really have any meaningful privilege separation? To borrow a phrase from Ted Unangst, the way that IAM Roles expose credentials to EC2 instances makes them a very effective exploit mitigation mitigation technique.” “To make it worse, exposing credentials — and other metadata, for that matter — via HTTP is completely unnecessary. EC2 runs on Xen, which already has a perfectly good key-value data store for conveying metadata between the host and guest instances. It would be absolutely trivial for Amazon to place EC2 metadata, including IAM credentials, into XenStore; and almost as trivial for EC2 instances to expose XenStore as a filesystem to which standard UNIX permissions could be applied, providing IAM Role credentials with the full range of access control functionality which UNIX affords to files stored on disk. Of course, there is a lot of code out there which relies on fetching EC2 instance metadata over HTTP, and trivial or not it would still take time to write code for pushing EC2 metadata into XenStore and exposing it via a filesystem inside instances; so even if someone at AWS reads this blog post and immediately says "hey, we should fix this", I'm sure we'll be stuck with the problems in IAM Roles for years to come.” “So consider this a warning label: IAM Roles for EC2 may seem like a gun which you can use to efficiently and reliably shoot yourself in the foot; but in fact it's more like a gun which is difficult to aim and might be fired by someone on the other side of the room snapping his fingers. Handle with care!” *** Open-source storage that doesn't suck? Our man tries to break TrueNAS (http://www.theregister.co.uk/2016/10/18/truenas_review/) The storage reviewer over at TheRegister got their hands on a TrueNAS and gave it a try “Data storage is difficult, and ZFS-based storage doubly so. There's a lot of money to be made if you can do storage right, so it's uncommon to see a storage company with an open-source model deliver storage that doesn't suck.” “To become TrueNAS, FreeNAS's code is feature-frozen and tested rigorously. Bleeding-edge development continues with FreeNAS, and FreeNAS comes with far fewer guarantees than does TrueNAS.” “iXsystems provided a Z20 hybrid storage array. The Z20 is a dual-controller, SAS-based, high-availability, hybrid storage array. The testing unit came with a 2x 10GbE NIC per controller and retails around US$24k. The unit shipped with 10x 300GB 10k RPM magnetic hard drives, an 8GB ZIL SSD and a 200GB L2ARC SSD. 50GiB of RAM was dedicated to the ARC by the system's autotune feature.” The review tests the performance of the TrueNAS, which they found acceptable for spinning rust, but they also tested the HA features While the look of the UI didn't impress them, the functionality and built in help did “The UI contains truly excellent mouseover tooltips that provide detailed information and rationale for almost every setting. An experienced sysadmin will be able to navigate the TrueNAS UI with ease. An experienced storage admin who knows what all the terms mean won't have to refer to a wiki or the more traditional help manual, but the same can't be said for the uninitiated.” “After a lot of testing, I'd trust my data to the TrueNAS. I am convinced that it will ensure the availability of my data to within any reasonable test, and do so as a high availability solution. That's more than I can say for a lot of storage out there.” “iXsystems produce a storage array that is decent enough to entice away some existing users of the likes of EMC, NetApp, Dell or HP. Honestly, that's not something I thought possible going into this review. It's a nice surprise.” *** OpenBSD now officially on GitHub (https://github.com/openbsd) Got a couple of new OpenBSD items to bring to your attention today. First up, for those who didn't know, OpenBSD development has (always?) taken place in CVS, similar to NetBSD and previously FreeBSD. However today, Git fans can rejoice, since there is now an “official” read-only github mirror of their sources for public consumption. Since this is read-only, I will assume (unless told otherwise) that pull-requests and whatnot aren't taken. But this will come in handy for the “git-enabled” among us who need an easier way to checkout OpenBSD sources. There is also not yet a guarantee about the stability of the exporter. If you base a fork on the github branch, and something goes wrong with the exporter, the data may be reexported with different hashes, making it difficult to rebase your fork. How to install LibertyBSD or OpenBSD on a libreboot system (https://libreboot.org/docs/bsd/openbsd.html) For the second part of our OpenBSD stories, we have a pretty detailed document posted over at LibreBoot.org with details on how to boot-strap OpenBSD (Or LibertyBSD) using their open-source bios replacement. We've covered blog posts and other tidbits about this process in the past, but this seems to be the definitive version (so far) to reference. Some of the niceties include instructions on getting the USB image formatted not just on OpenBSD, but also FreeBSD, Linux and NetBSD. Instructions on how to boot without full-disk-encryption are provided, with a mention that so far Libreboot + Grub does not support FDE (yet). I would imagine somebody will need to port over the openBSD FDE crypto support to GRUB, as was done with GELI at some point. Lastly some instructions on how to configure grub, and troubleshoot if something goes wrong will help round-out this story. Give it a whirl, let us know if you run into issues. Editorial Aside - Personally I find the libreboot stuff fascinating. It really is one of the last areas that we don't have full control of our systems with open-source. With the growth of EFI, it seems we rely on a closed-source binary / mini-OS of sorts just to boot our Open Source solutions, which needs to be addressed. Hats off to the LibreBoot folks for taking on this important challenge. *** FreeNAS 9.10 – LAGG & VLAN Overview (https://www.youtube.com/watch?v=wqSH_uQSArQ) A video tutorial on FreeNAS's official YouTube Channel Covers the advanced networking features, Link Aggregation and VLANs Covers what the features do, and in the case of LAGG, how each of the modes work and when you might want to use it *** Beastie Bits Remote BSD Developer Position is up for grabs (https://www.cybercoders.com/bsd-developer-remote-job-305206) Isilon is hiring for a FreeBSD Security position (https://twitter.com/jeamland/status/785965716717441024) Google has ported the Networked real-time multi-player BSD game (https://github.com/google/web-bsd-hunt) A bunch of OpenBSD Tips (http://www.vincentdelft.be) The last OpenBSD 6.0 Limited Edition CD has sold (http://www.ebay.com/itm/-/332000602939) Dan spots George Neville-Neil on TV at the Airport (https://twitter.com/DLangille/status/788477000876892162) gnn on CNN (https://www.youtube.com/watch?v=h7zlxgtBA6o) SoloBSD releases v 6.0 built upon OpenBSD (http://solobsd.blogspot.com/2016/10/release-solobsd-60-openbsd-edition.html) Upcoming KnoxBug looks at PacBSD - Oct 25th (http://knoxbug.org/content/2016-10-25) Feedback/Questions Morgan - Ports and Packages (http://pastebin.com/Kr9ykKTu) Mat - ZFS Memory (http://pastebin.com/EwpTpp6D) Thomas - FreeBSD Path Length (http://pastebin.com/HYMPtfjz) Cy - OpenBSD and NetHogs (http://pastebin.com/vGxZHMWE) Lars - Editors (http://pastebin.com/5FMz116T) ***

This week Josh is out as the rest of the boys discuss FFXV's big delay and our first impressions of No Man's Sky. Mike talks about Blizzard's huge introduction to the new World of Warcraft expansion and the cast talk about their favorite binge watching food.

This week on Lagg weekly we talk about Stranger Things, Mike has a deep dark secret he has to share (spoilers its WoW related), and we try to temper your expectations for No Man's Sky. Topic: What kind of movie would you star in? Who would co-star? What is the movie called?

Rebecca Pontius joins the podcast and tells what might be the most embarrassing story of her life. Craig leads a zesty discussion about Dads. Hilarity ensues.

Rebecca Pontius joins the podcast and tells what might be the most embarrassing story of her life. Craig leads a zesty discussion about Dads. Hilarity ensues.

Click above for our 2nd Podcast!Just a 10 min mix :)The Lagg is gone too!DJ Kazz

You never know how an Operation Christmas Child box will impact a child's life until you get to hear that child's story. Lydia Lagg, one of our very own MC students, shares how the Lord used just such a box in her own life. She also shares the story of how God brought her to the US and led her to Morrison Heights, a glimpse into the other side of the world, and her future plans. What a joy to see how what God has done and is doing!