Open-source implementation of the SSL and TLS protocols
POPULARITY
In this episode of Remote Ruby, Chris and Andrew catch up with Chris discussing the arrival of a new baby and the challenges of balancing work and parenting. Then, they dive into the complexities of dealing with OpenSSL 3.6 issues on their development environments, exploring various debugging attempts and ultimately finding a workaround. The conversation also touches on the ongoing drama within the Ruby community, expressing concerns about its impact and the need for unity. Additionally, they share thoughts on shows/series they've been watching and reflect on the joys and frustrations of nostalgic activities like building with Legos. The episode wraps up with a teaser about forthcoming features for Action Push, particularly for web notifications. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftGitHub PR #949- certificate verify failed (unable to get certificate CRL) Can I emailTaskThe GirlfriendMementoThe Usual SuspectsThe Bearcarlhuda Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter
This week it's all about your feedback! We answer your questions, and dig through your problems! -- During The Show -- 00:50 Intro Hallucinating 03:45 Friso from Mumble Moving all chats to one application Matrix Server Bridges Beeper Messages not flowing Self hosting beeper bridges E2EE 12:05 Security Cameras - Dustin Used Axis cameras Reolink Camera's POE Ethernet only models Some models require Reolink app for first setup Doorbell camera Steve's "doorbell camera flow" Surveillance Station Get one drive Reduce frame rate Weeks worth of footage Axis camera 2035 or 2036 Axis P3367 Write back in! 24:04 Laptops - Dasgeek Framework 12 Framework 12 vs Framework 13 25:45 News Wire Proxmox Mail Gateway 9.0 - helpnetsecurity.com (https://www.helpnetsecurity.com/2025/10/06/proxmox-mail-gateway-open-source-email-security-solution) GnuCash 5.13 - gnucash.org (https://www.gnucash.org/download.phtml) GNU Octave 10.3 - octave.org (https://octave.org/news/release/2025/10/01/octave-10.3.0-released.html) OpenSSL 3.6 - openssl-library.org (https://openssl-library.org/post/2025-10-01-3.6-release-announcement) Docker 28.5 - docker.com (https://docs.docker.com/engine/release-notes/28) Cairo-Dock 3.6 - phoronix.com (https://www.phoronix.com/news/Cairo-Dock-3.6-Released) GNU Linux Libre Kernel 6.17 - gnu.org (https://lists.gnu.org/archive/html/info-gnu/2025-09/msg00007.html) Tinycore 16.2 - tinycorelinux.net (https://forum.tinycorelinux.net/index.php/topic,27807.0.html) Opensuse Leap 16 - opensuse.org (https://get.opensuse.org/leap/16.0) Spine Endoscopic Atlas - nature.com (https://www.nature.com/articles/s41597-025-05897-7) Huawei Shrinks LLMs - venturebeat.com (https://venturebeat.com/ai/huaweis-new-open-source-technique-shrinks-llms-to-make-them-run-on-less) 4th Version of Granite AI - techrepublic.com (https://www.techrepublic.com/article/news-ibm-granite-40-ai) Granite AI Earns ISO 42001 - ibm.com (https://www.ibm.com/new/announcements/ibm-granite-iso-42001) 27:00 Send Feedback and Questions! Newbie questions welcome Fastest way to learn is immerse yourself Experts welcome too Email in! Follow up 30:45 Linux Basics - Kevin The bell story Level of learning GUI vs CLI Learning styles Ask your Linux friends Ask a LLM SIMPLE things Get hands on using it Set your expectations Tails Linux (https://tails.net/) Reproducibility Endless OS (https://www.endlessglobal.com/) Distro Hop Fedora (https://fedoraproject.org//) Ubuntu Arch Linux (https://archlinux.org/) Tiling window manager RHCSA and other Red Hat exams Canonical Academy ANS 437 (https://podcast.asknoahshow.com/437) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/462) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
Repasamos lo más relevante de la semana (28 sep–4 oct 2025) en tecnología, informática y Linux: el salto de Raspberry Pi OS a Debian 13 “Trixie”, la llegada de openSUSE Leap 16, cambios en Alpine (/usr-merge), actualizaciones de Steam en Linux, OpenSSL 3.6, parches de seguridad para sudo, y las últimas de Wine y Mesa, con un heads-up de Ubuntu 25.10. Todo explicado en monólogo, claro y sin rodeos, para que entiendas el porqué y decidas cuándo actualizar.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL
Software Engineering Radio - The Podcast for Professional Software Developers
Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why Hyper was removed from curl, why the last five percent of making it a success was difficult, what the project gained from the 5-year attempt to tackle bringing Rust into a C project, lessons learned for next time, why user support is critical, and the positive long-lasting impact this attempt had. Brought to you by IEEE Computer Society and IEEE Software magazine.
I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of post-quantum cryptography, and the evolution of OpenSSL from a small team to a global community. Whether you're a seasoned cryptographer or just curious about the future of secure communications, this episode offers insights and stories. Don't miss out on learning how OpenSSL is still shaping the future of cryptography. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-openssl-hana-anton/
Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e343
Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary, SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e342
This week we dig into how you can host your own 5G and Ubuntu's new certification program! -- During The Show -- 00:45 Technology Another Way Cell Phone sales and inventory Market uncertainty Erasing a phone Moving to GrapheneOS Used equipment Fdroid (https://f-droid.org/) Opportunities to move people to open source Routes to take 14:00 News Wire OpenSSH 10.0p2 - openssh.com (https://www.openssh.com/releasenotes.html) OpenSSL 3.5 - github.com (https://github.com/openssl/openssl/releases) GNU Coreutils 9.7 - gnu.org (https://www.gnu.org/software/coreutils/manual/coreutils.html) Pinta 3.0 - pinta-project.com (https://www.pinta-project.com/releases/3-0.html) OpenELA Leapp - techzine.eu (https://www.techzine.eu/news/devops/130476/openela-introduces-leapp-project-for-in-place-upgrades-of-enterprise-linux/) Linux Mint OEM Support - linuxmint.com (https://blog.linuxmint.com/?p=4825) Asahi Linux Roadblock - appleinsider.com (https://appleinsider.com/articles/25/04/08/asahi-linux-m4-support-hits-a-roadblock-because-of-apple-silicon-changes) Proxmox VW 8.4 - proxmox.com (https://www.proxmox.com/en/about/company-details/press-releases/proxmox-virtual-environment-8-4) Archbang 0904 - sourceforge.net (https://sourceforge.net/projects/archbang/files/ArchBang/archbang-0904-x86_64.iso/download) Feren OS 2025.03 - feren-os.com (https://medium.com/feren-os/feren-os-2025-03-minor-rebase-update-for-feren-os-f82ce0a47a52) Pardus 23.4 - pardus.org (https://pardus.org.tr/en/pardus-23-4-changelog/) SparkyLinux - sparkylinux.org (https://sparkylinux.org/sparky-7-7/) MX 26.3 - mxlinux.org (https://mxlinux.org/blog/mx-23-6-now-available/) Particle OS - itsfoss.com (https://news.itsfoss.com/systemd-particle-os/) Malware "Patches" - darkreading.com (https://www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software) Slopsquatting - theregister.com (https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/) Luminary Cloud and Honda's AI Model - engineering.com (https://www.engineering.com/luminary-cloud-releases-open-source-physics-ai-model-with-honda-nvidia/) 15:50 Canonical Certifications Adriana Frick's Story Why Adriana left tech BGP What did the creation process look like? Defining standards Making it measurable Proving skills How did you learn what employers want Mauricio Buschinelli's Story Verifying completion of a task What does the test look like Easter Eggs through out As close to real as possible Care about outcomes Accessibility Testing (https://ubuntu.com/credentials) A lot more coming 41:00 5G Cellphone companies want to be at the tower 5G Hardware Entire stack is open source Provisioning Sim Cards Roaming Charmed Ether SD Core 50:00 FCC Licensing Not a walk in the park FCC starting to require receiver registration Spectrum is crowded -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/437) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
video: https://youtu.be/ua-RPOtdcF8 Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, App 3.0 drops, bringing big changes under the hood. Amiga OS, yes, that Amiga OS, is still alive and getting updates, apparently. Open SSL 3.5 and Open SSH 10.0 both rolled out new features this week with also some future-proofing involved. And Sony, yes, that Sony, has released The Last of Us Part II on PC and it's Steam Deck verified. All that and much more on This Week in Linux, the weekly news show that keeps you plugged into everything happening in the Linux and Open Source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/c5514bc1-148c-43d2-a6eb-4d0fcbfd6966.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:39 APT 3.0 Released 02:48 Last of US Part 2 Verified for Steam Deck 05:47 MPV 0.40 Released 08:58 Sandfly Security [ad] 10:54 AmigaOS still exists and getting updates apparently 14:24 TUXEDO Provides Update On Their Snapdragon X Elite Linux Laptop 17:20 OpenSSL 3.5 Released 19:19 OpenSSH 10.0 Released 21:41 Support the show Links: APT 3.0 Released https://tracker.debian.org/news/1635519/accepted-apt-300-source-into-unstable/ (https://tracker.debian.org/news/1635519/accepted-apt-300-source-into-unstable/) https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface (https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface) https://www.phoronix.com/news/Debian-APT-3.0-Released (https://www.phoronix.com/news/Debian-APT-3.0-Released) Last of US Part 2 Verified for Steam Deck https://gameinformer.com/interview/2025/04/01/naughty-dog-and-nixxes-on-the-pc-port-of-the-last-of-us-part-ii-we-take-the (https://gameinformer.com/interview/2025/04/01/naughty-dog-and-nixxes-on-the-pc-port-of-the-last-of-us-part-ii-we-take-the) https://www.pcguide.com/news/steam-deck-support-is-so-important-says-the-last-of-us-part-2-pc-project-director/ (https://www.pcguide.com/news/steam-deck-support-is-so-important-says-the-last-of-us-part-2-pc-project-director/) MPV 0.40 Released https://mpv.io/ (https://mpv.io/) https://github.com/mpv-player/mpv/releases/tag/v0.40.0 (https://github.com/mpv-player/mpv/releases/tag/v0.40.0) https://www.phoronix.com/news/MPV-0.40-Released (https://www.phoronix.com/news/MPV-0.40-Released) https://9to5linux.com/mpv-0-40-open-source-video-player-released-with-native-hdr-support-on-linux (https://9to5linux.com/mpv-0-40-open-source-video-player-released-with-native-hdr-support-on-linux) Sandfly Security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) https://destinationlinux.net/409 (https://destinationlinux.net/409) discount code: destination50 (Home Edition) AmigaOS still exists and getting updates apparently https://www.hyperion-entertainment.com/index.php/news/1-latest-news/320-new-update-3-for-amigaos-32-available-for-download (https://www.hyperion-entertainment.com/index.php/news/1-latest-news/320-new-update-3-for-amigaos-32-available-for-download) https://www.theregister.com/2025/04/10/amigaos32_3/ (https://www.theregister.com/2025/04/10/amigaos_3_2_3/) TUXEDO Provides Update On Their Snapdragon X Elite Linux Laptop https://www.tuxedocomputers.com/en/How-is-TUXEDOCOes-ARM-Notebook-Coming-Along.tuxedo (https://www.tuxedocomputers.com/en/How-is-TUXEDOCOes-ARM-Notebook-Coming-Along.tuxedo) https://www.qualcomm.com/products/mobile/snapdragon/laptops-and-tablets/snapdragon-x-elite (https://www.qualcomm.com/products/mobile/snapdragon/laptops-and-tablets/snapdragon-x-elite) https://www.linaro.org/ (https://www.linaro.org/) https://www.phoronix.com/news/TUXEDO-Snapdragon-Laptop-Update (https://www.phoronix.com/news/TUXEDO-Snapdragon-Laptop-Update) OpenSSL 3.5 Released https://openssl-library.org/ (https://openssl-library.org/) https://github.com/openssl/openssl/releases/tag/openssl-3.5.0 (https://github.com/openssl/openssl/releases/tag/openssl-3.5.0) https://lwn.net/Articles/1016851/ (https://lwn.net/Articles/1016851/) https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic (https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic) https://www.phoronix.com/news/OpenSSL-3.5-Released (https://www.phoronix.com/news/OpenSSL-3.5-Released) OpenSSH 10.0 Released https://www.openssh.com/ (https://www.openssh.com/) https://www.openssh.com/releasenotes.html#10.0p1 (https://www.openssh.com/releasenotes.html#10.0p1) https://www.phoronix.com/news/OpenSSH-10.0-Released (https://www.phoronix.com/news/OpenSSH-10.0-Released) https://lwn.net/Articles/1016924/ (https://lwn.net/Articles/1016924/) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patch Tuesday Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited. https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838 Adobe Updates Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical. https://helpx.adobe.com/security/security-bulletin.html OpenSSL 3.5 Released OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release. https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA Fortiswitch Update Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification. https://fortiguard.fortinet.com/psirt/FG-IR-24-435
There's been a bit of a shakeup this week, with Torvalds criticizing Docker, Rustls dominating the TLS performance war, and Intel releasing a graphics card while "retiring" their CEO. Then, Flathub and KDE are working on their finances, OpenVPN has modernized its kernel driver, and Steam Machines may be back! Oh, and don't forget OBS 31 or the potential security issue with OpenWRT! For tips, we have eza as an ls replacement, pv for pipe progress viewing, IMSProg for EEPROM hacking, and HandlePowerKey for customizing what your machine does when you hit the power button. Grab the show notes at https://bit.ly/4gl1VtB and enjoy! Host: Jonathan Bennett Co-Hosts: Rob Campbell, David Ruggles, and Jeff Massie Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Cybersecurity Today: Zero Day Flaws, FinTech Breach, Phishing Scams & More In today's episode, host Jim Love discusses critical updates in the cybersecurity world. Discover the latest zero day vulnerabilities patched by Apple, a significant data breach at Fintech giant Finastra, emerging phishing attack tactics using Microsoft Visio files and SVG attachments, and the launch of a new privacy-focused telecom service, CAPE. Additionally, learn about Google's AI-powered OSS Fuzz tool, which uncovered a critical flaw in the OpenSSL library. Stay informed to protect yourself and your organization from sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:59 Emerging Phishing Attack Strategies 03:12 Finastra Data Breach Investigation 04:49 Launch of CAPE: A Privacy-Focused Telecom Service 06:19 Apple's Emergency Updates for Zero-Day Vulnerabilities 07:29 Google's OSS Fuzz Uncovers Critical Vulnerabilities 09:07 Conclusion and Podcast Information
Join us for a very special in-depth interview with Lucy Chen, VP of Claris Engineering. Kate Waldhauser hosts this special edition of the FileMaker DevCast, as Lucy gives us a glimpse behind the scenes of the engineering world at Claris, an Apple Company. Lucy shares insights as to how new features get into the product and how the latest version improves performance, reliability and security. She takes us under the hood, diving into the new enhancements of FileMaker 21.1, including the move to newer technologies like Java 17, Xcode 16, and OpenSSL 3.3. She also covers new features in FileMaker 21.1, such as HTTPS tunneling, improvements to the Admin Console, and the integration of AI-powered semantic search, for both natural language and image content searches. These changes have come about through Claris's ongoing commitment to understanding customer feedback. Join Kate & Lucy as they explore how the FileMaker platform continues to empower businesses with innovative capabilities. Portage Bay Solutions is a custom software development firm based in Seattle, WA, with additional offices in the Austin, Chicago, Dallas, Omaha, Orange County, and Vancouver areas. For more than thirty years, we have been helping businesses of all sizes get the most out of their FileMaker investments. As a full-service Claris FileMaker Platinum Partner, Portage Bay is committed to helping you optimize your software investments and improve your business processes. #claris #filemaker #devtools #devs #devcast #openSSL #https #tunneling #AI #semanticsearch #innovation #portagebaysolutions #portagebay #FileMaker21.1
This week Robie Basak joins Noah from the Ubuntu Summit and gives an introduction on how to get started contributing to Ubuntu. -- During The Show -- 01:26 HexOS - Craig Start with the Command Line When is a GUI appropriate Start with make a ZFS pool make a samba share Help us understand your goal What is HexOS Ubuntu and ZFS DKMS kABI Advantages of TrueNAS Snapshots Send/Receive 1 Click Re-silvering 17:08 Questions about HDMI switch - Andy Theater Receiver Decimator (https://www.amazon.com/Decimator-DMON-QUAD-SD-SDI-Multi-Viewer-Outputs/dp/B072NGFDMR) 21:14 News Wire SQLite 3.47.0 - sqlite.org (https://sqlite.org/releaselog/3_47_0.html) Peazip 10 - github.io (https://peazip.github.io) Jellyfin 10.10.0 - jellyfin.org (https://jellyfin.org/posts/jellyfin-release-10.10.0/) EasyOS 6.4 - puppylinux.com (https://forum.puppylinux.com/viewtopic.php?t=12973) Gnome 47.1 - gnome.org (https://discourse.gnome.org/t/gnome-47-1-released/24670) Tor Browser 14.0 - torproject.org (https://blog.torproject.org/new-release-tor-browser-140/) AlmaLinux Kitten 10 - almalinux.org (https://almalinux.org/blog/2024-10-22-introducing-almalinux-os-kitten/) Gentoo & DTrace 2.0 - gentoo.org (https://www.gentoo.org/news/2024/10/23/DTrace-for-Gentoo.html) NASA $15.6M Grant for Open Source Tools - spaceanddefense.io (https://spaceanddefense.io/nasa-awards-15-6-million-in-open-source-software-funding/) Open Source Printable Lathe - hackaday.com (https://hackaday.com/2024/10/23/a-3d-printed-open-source-lathe/) Thelio Astra - system76.com (https://system76.com/desktops/thelio-astra) Eight Nvidia High Severity Vulnerabilities - forbes.com (https://www.forbes.com/sites/daveywinder/2024/10/25/urgent-new-nvidia-security-warning-for-200-million-linux-and-windows-gamers/) OpenSSL 3.4 - github.com (https://github.com/openssl/openssl/releases/tag/openssl-3.4.0) IPS Snort v3.5 - github.com (https://github.com/snort3/snort3/releases) Parrot OS 6.2 - parrotsec.org (https://parrotsec.org/blog/2024-10-23-parrot-6.2-release-notes/) New Granite 3.0 - zdnet.com (https://www.zdnet.com/article/ibm-doubles-down-on-open-source-ai-with-new-granite-3-0-models/) HUGS - reuters.com (https://www.reuters.com/technology/startup-hugging-face-aims-cut-ai-costs-with-open-source-offering-2024-10-23/) SynthID Now Open Source - theverge.com (https://www.theverge.com/2024/10/23/24277873/google-artificial-intelligence-synthid-watermarking-open-source) Mochi 1 - venturebeat.com (https://venturebeat.com/ai/video-ai-startup-genmo-launches-mochi-1-an-open-source-model-to-rival-runway-kling-and-others/) Ubuntu Turns 20 - ubuntu.com (https://ubuntu.com/20years) 23:23 Robie Basak - Ubuntu Technical Council What drew you to Linux? Why did you decide to work for Canonical? What is the Ubuntu Technical Board? Difference between Ubuntu and Canonical The process of granting commit rights Conflict resolution Cloud init Unique ID Ubuntu Summit Range of interaction Membership Board Meeting Full Hour Long Meeting Recording YouTube (https://www.youtube.com/live/pyRcIZskKNE?si=frx3zrPhUoeLrHi8) 43:40 Fedora 41 Fedora 41 available early! New DNF bootc Plasma Mobile Spin (https://fedoramagazine.org/announcing-fedora-linux-41/) Fedora Magazine (https://fedoramagazine.org/announcing-fedora-linux-41/) Minisforum v3 (https://store.minisforum.com/products/minisforum-v3?) Steve, Fedora, hardware 50:30 Russian Kernel Maintainers Removed Greg Kroah-Hartman removed them due to "various compliance requirements" Removed developers Russian and not minor contributors We live in a world where decisions are made for political reasons zdnet.com (https://www.zdnet.com/article/why-remove-russian-maintainers-of-linux-kernel-heres-what-torvalds-says/) therecord.media (https://therecord.media/russia-separate-linux-community-kernel-maintainers-delisted) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/413) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
In der Folge mit der Unglückszahl 13 geht es um diverse Dinge, die unglücklich gelaufen sind, von Linux-Bootloadern, die Microsoft nur teilweise unabsichtlich blockiert hat, bis zur mangelhaften Sicherheit bei "MLOps", also dem KI-Pendant zu DevOps. Zuerst schauen sich Christopher und Sylvester aber eine sehr erfreuliche Diskussion zu OpenSSL an; die Entwickler haben ihre Community um Meinungen zu einer sicherheitsrelevanten Änderung gebeten. Außerdem geht es um die Festnahme von Pavel Durov, den Schöpfer des gar-nicht-so-sicheren Messengers Telegram, und das altehrwürdige Hacker-ezine "Phrack", das in Ausgabe 71 erschienen ist.
This week we take a deep dive behind-the-scenes look into how the team handled a recent report from Snyk's Security Lab of a local privilege escalation vulnerability in `wpa_supplicant` plus we cover security updates in Prometheus Alertmanager, OpenSSL, Exim, snapd, Gross, curl and more.
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security. Segment Resources: OWASP Security Champions Guide - Get Involved! - https://owasp.org/www-project-security-champions-guidebook/#div-getinvolved OWASP Security Champions Guide - LinkedIn page - https://www.linkedin.com/company/owasp-security-champions-guide/ The Security Champions Success Guide - https://securitychampionsuccessguide.org/ "Building a Successful Security Champions Program... What Does it Take?" - https://www.katilyst.com/post/building-a-successful-security-champions-program-what-does-it-take The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-294
The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Show Notes: https://securityweekly.com/asw-294
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security. Segment Resources: OWASP Security Champions Guide - Get Involved! - https://owasp.org/www-project-security-champions-guidebook/#div-getinvolved OWASP Security Champions Guide - LinkedIn page - https://www.linkedin.com/company/owasp-security-champions-guide/ The Security Champions Success Guide - https://securitychampionsuccessguide.org/ "Building a Successful Security Champions Program... What Does it Take?" - https://www.katilyst.com/post/building-a-successful-security-champions-program-what-does-it-take The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-294
The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Show Notes: https://securityweekly.com/asw-294
As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.
We delve into the top 3 open-source revenue streams, expose the pitfalls, and discuss what could be done quickly to improve the situation.
-- During The Show -- 00:50 MIDI MIDI a better mouse trap Pitch bending Special snowflake Firewire hardware Motu UltraLite AVB (https://motu.com/products/avb/ultralite-avb) Ardour (https://ardour.org/) Musicians please send in feedback! 11:25 News Wire Dynebolic is Back - ZDnet (https://www.zdnet.com/article/dynebolic-is-a-portable-linux-distribution-that-can-be-used-without-installation/) OpenSSL 3.3 - OpenSSL (https://www.openssl.org/news/openssl-3.3-notes.html) OpenTTD - OpenTTD (https://www.openttd.org/news/2024/04/13/openttd-14-0) Ardour - Ardour (https://ardour.org/whatsnew.html) KDE Frameworks 6.1.0 - KDE (https://kde.org/announcements/frameworks/6/6.1.0/) Descent 3 MIT Licensed - Gaming on Linux (https://www.gamingonlinux.com/2024/04/descent-3-has-been-made-open-source/) - Github (https://github.com/kevinbentley/Descent3) Opentofu vs Hashicorps - Opentofu (https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/) Huggingface Updated - Venture Beat (https://venturebeat.com/ai/hugging-face-introduces-idefics2-an-8b-open-source-visual-language-model/) Samll Verson of LLaMA-3 - CCN (https://www.ccn.com/news/technology/llama-3-release-date/) Spectre v2 Attacks - Bleeping Computer (https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/) OpenSFF and OpenJS Foundation Warning - Computer Weekly (https://www.computerweekly.com/news/366580938/More-social-engineering-attacks-on-open-source-projects-observed) 12:56 Framework Laptops Matt Hartley Linux Support Lead Reddit welcome post (https://old.reddit.com/r/framework/comments/yoslxe/welcome_to_the_framework_cx_team_matt_hartley/) First impressions Assembly How Framework supports Linux Officially supported distros Community support program Community support Ansible for other distros Support Framework 16 Alternative uses of Frameworks 27:48 Tailscale Tailscale (https://tailscale.com/) Alex Kretzschmar (https://blog.ktz.me/author/alex/) How Tailscale stays free How to get started How Tailscale works Headscale (https://headscale.net/) Tailscale for business (Paid) Features 35:37 QLC+ QLC+ (https://www.qlcplus.org/) DMX Lighting Control Boards Lighting Cues DMX King (https://dmxking.com/) Chases Built in web interface Network interfacing Elation Enode4 (https://www.elationlighting.com/enode4) Please write in about lighting on Linux! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/385) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/pscf https://prods.ec/ https://owaspsamm.org https://iso25000.com/index.php/en/iso-25000-standards/iso-25010 https://www.scmagazine.com/podcast-episode/application-security-weekly-242 Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-272
Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272
We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/pscf https://prods.ec/ https://owaspsamm.org https://iso25000.com/index.php/en/iso-25000-standards/iso-25010 https://www.scmagazine.com/podcast-episode/application-security-weekly-242 Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-272
This week Steve goes through his data migration story at his house. What things should you consider before moving large datasets around, and what things need to be taken into account for a solid backup plan? -- During The Show -- 01:52 Home Automation Leak Detection - Jeremy You can't really Using cameras 08:06 mmWave sensor update/comparison Seedstudio mmWave Sensor (https://wiki.seeedstudio.com/mmwave_human_detection_kit/) Space for other sensors Way better than a PIR sensor Aqara Water Sensor (https://cloudfree.shop/product/aqara-water-sensor/) 11:19 Point of sale gear? - Charlie Odoo (https://github.com/odoo/odoo) Open Source POS (https://github.com/opensourcepos/opensourcepos) UniCenta (https://unicenta.com/) Squirrel Systems (https://www.squirrelsystems.com/squirrel-pos-for-hotels) 13:28 Succession Planning - David Password dump Bitwarden Network diagram with pictures Good documentation Techy friends Dave Ramsey - Legacy box Legacy Folder Data, external drives 23:23 Odoo for Accounting and Bookkeeping - Tiny Looks like a solid platform Expensive Self hosting not really an option Accounting solid but very basic no payroll Not fully open source 25:51 Backups? - Mike Copying the file MIGHT be ok if file system has bit rot protection works till it doesn't Better to use database tools External drives 3.5 StarTech Enclosure (https://www.amazon.com/StarTech-com-10Gbps-Enclosure-SATA-Drives/dp/B00XLAZEFC) Pelican 1120 Case 2.5 Cable Matters Enclosure (https://www.amazon.com/Cable-Matters-Aluminum-External-Enclosure/dp/B07CQD6M5B) Steve's M.2 Enclosure (https://www.amazon.com/gp/product/B09T97Z7DM) ASUS ROG M.2 Enclosure (https://www.amazon.com/ASUS-ROG-Arion-Aluminum-Enclosure/dp/B07ZKB4SLK) 37:57 News Wire OpenZFS 2.2.1 - Phoronix (https://www.phoronix.com/news/OpenZFS-2.2.1-Released) Weston 13.0 - Freedesktop.org (https://lists.freedesktop.org/archives/wayland-devel/2023-November/043326.html) OpenSSL 3.2 - GitHub (https://github.com/openssl/openssl/blob/openssl-3.2.0/NEWS.md) PipeWire 1.0 - Phoronix (https://www.phoronix.com/news/PipeWire-1.0-Released) LibreOffice 7.6.3 On Android - Document Foundation (https://blog.documentfoundation.org/blog/2023/11/23/libreoffice-763-and-android-viewer-app/) Wine 8.21 - Gaming On Linux (https://www.gamingonlinux.com/2023/11/wine-821-brings-high-dpi-scaling-and-initial-vulkan-support-for-wayland/) Studio One 6.5 - Presonus Software (https://www.presonussoftware.com/en_US/blog/studio-one-6-5-for-linux) PeerTube v6 - Frama Blog (https://framablog.org/2023/11/28/peertube-v6-is-out-and-powered-by-your-ideas/) Proxmox 8.1 - Proxmox (https://www.proxmox.com/en/about/press-releases/proxmox-virtual-environment-8-1) OpenMandriva - LX 5.0 - Beta News (https://betanews.com/2023/11/25/openmandriva-lx-50-linux-download/) Nitrix 3.2.0 - NXOS.org (https://nxos.org/changelog/release-announcement-nitrux-3-2-0/) Ultra Marine Linux 39 - Fyra Labs (https://blog.fyralabs.com/ultramarine-39-released/) Linux 6.6 tagged LTS - Security Boulevard (https://securityboulevard.com/2023/11/linux-6-6-is-now-officially-an-lts-release/) Linux Runs 20% Faster on Ryzen 7995WX - Toms Hardware (https://www.tomshardware.com/news/ubuntu-runs-20-faster-than-windows-11-on-amd-threadripper-pro-7995wx) MicroCloud - Infoq (https://www.infoq.com/news/2023/11/canonical-microcloud-open-source/) GIMP Team Targeting May 2024 - Librearts.org (https://librearts.org/2023/11/gimp-3-0-roadmap/) X11 Being Removed from RHEL 10 - Red Hat (https://www.redhat.com/en/blog/rhel-10-plans-wayland-and-xorg-server) Fuctional Source License - The Register (https://www.theregister.com/2023/11/24/opinion_column/) Kinsing Malware - Hack Read (https://www.hackread.com/kinsing-crypto-malware-linux-apache-activemq-flaw/) SysJoker Malware - Cyber Security News (https://cybersecuritynews.com/sysjoker-malware-attacking-windows-linux-and-mac-users-abusing-onedrive/) Looney Tunables - Security Affairs (https://securityaffairs.com/154573/security/cisa-known-exploited-vulnerabilities-catalog-looney-tunables.html) Open Source Tesla - The Verge (https://www.theverge.com/2023/11/23/23973701/tesla-roadster-is-now-fully-open-source) AMD GPU & RISC-V - Toms Hardware (https://www.tomshardware.com/pc-components/gpus/amds-fastest-gaming-gpu-now-works-with-risc-v-cpus-amd-radeon-rx-7900-xtx-open-source-linux-drivers-available) Real AI - Mark Tech Post (https://www.marktechpost.com/2023/11/23/real-ai-wins-project-to-build-europes-open-source-large-language-model/) Synthetic Machine Learning Data - SD Times (https://sdtimes.com/data/capital-one-open-sources-new-project-for-generating-synthetic-data/) Uploading Minds - Crypto Slate (https://cryptoslate.com/buterin-sees-benefit-of-uploading-minds-and-need-for-open-source-innovation-in-ai/) AI Linux Optimization - Toms Hardware (https://www.tomshardware.com/news/chinese-company-uses-ai-to-optimize-linux-kernel) 41:11 Nativefier Makes native Linux app out of web pages Saves credentials and session Mind Drip One (http://docs.minddripone.com/how-to/install-use-nativefier/) Nativefier GUI GitHub (https://github.com/mattruzzi/nativefier-gui) 45:44 Data Migration Good to rotate drives Disk burn in (bunch of rsync) Rsync 26 hours rsync will preserve hard links with the right flags software raid is more portable nuke & pave 2 vdevs, 3 drives per vdev can only loose one drive ZFS send/receive is much faster and better IDrive (https://www.idrive.com/) Kopia (https://kopia.io/) Spider Oak One Plan for your target rsync commands a: Archive mode, which preserves permissions, ownership, and timestamps. v: Verbose mode, which prints out detailed information about the transfer. H: Preserve hard links. P: Preserve permissions. Dumping a database is intensive Proxmox gets in the way doesn't gain Steve anything Special snowflake Custom UI Good for multi node No updates KVM works the same everywhere Cockpit GUI Will eventually replace virtmanager -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/365) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
Joël recaps his time at RubyConf! He shares insights from his talk about different aspects of time in software development, emphasizing the interaction with the audience and the importance of post-talk discussions. Stephanie talks about wrapping up a long-term client project, the benefits of change and variety in consulting, and maintaining a balance between project engagement and avoiding burnout. They also discuss strategies for maintaining work-life balance, such as physical separation and device management, particularly in a remote work environment. Rubyconf (https://rubyconf.org/) Joël's talk slides (https://speakerdeck.com/joelq/which-time-is-it) Flaky test summary slide (https://speakerdeck.com/aridlehoover/the-secret-ingredient-how-to-understand-and-resolve-just-about-any-flaky-test?slide=170) Transcript: STEPHANIE: Hello and welcome to another episode of The Bike Shed, a weekly podcast from your friends at thoughtbot about developing great software. I'm Stephanie Minn. JOËL: And I'm Joël Quenneville. And together, we're here to share a bit of what we've learned along the way. STEPHANIE: So, Joël, what's new in your world? JOËL: Well, as of this recording, I have just gotten back from spending the week in San Diego for RubyConf. STEPHANIE: Yay, so fun. JOËL: It's always so much fun to connect with the community over there, talk to other people from different companies who work in Ruby, to be inspired by the talks. This year, I was speaking, so I gave a talk on time and how it's not a single thing but multiple different quantities. In particular, I distinguish between a moment in time like a point, a duration and amount of time, and then a time of day, which is time unconnected to a particular day, and how those all connect together in the software that we write. STEPHANIE: Awesome. How did it go? How was it received? JOËL: It was very well received. I got a lot of people come up to me afterwards and make a variety of time puns, which those are so easy to make. I had to hold myself back not to put too many in the talk itself. I think I kept it pretty clean. There were definitely a couple of time puns in the description of the talk, though. STEPHANIE: Yeah, absolutely. You have to keep some in there. But I hear you that you don't want it to become too punny [laughs]. What I really love about conferences, and we've talked a little bit about this before, is the, you know, like, engagement and being able to connect with people. And you give a talk, but then that ends up leading to a lot of, like, discussions about it and related topics afterwards in the hallway or sitting together over a meal. JOËL: I like to, in my talks, give little kind of hooks for people who want to have those conversations in the hallway. You know, sometimes it's intimidating to just go up to a speaker and be like, oh, I want to, like, dig into their talk a little bit. But I don't have anything to say other than just, like, "I liked your talk." So, if there's any sort of side trails I had to cut for the talk, I might give a shout-out to it and say, "Hey, if you want to learn more about this aspect, come talk to me afterwards." So, one thing that I put in this particular talk was like, "Hey, we're looking at these different graphical ways to think about time. These are similar to but not the same as thinking of time as a one-dimensional vector and applying vector math to it, which is a whole other side topic. If you want to nerd out about that, come find me in the hallway afterwards, and I'd love to go deeper on it." And yeah, some people did. STEPHANIE: That's really smart. I like that a lot. You're inviting more conversation about it, which I know, like, you also really enjoy just, like, taking it further or, like, caring about other people's experiences or their thoughts about vector math [laughs]. JOËL: I think it serves two purposes, right? It allows people to connect with me as a speaker. And it also allows me to feel better about pruning certain parts of my talk and saying, look, this didn't make sense to keep in the talk, but it's cool material. I'd love to have a continuing conversation about this. So, here's a path we could have taken. I'm choosing not to, as a speaker, but if you want to take that branch with me, let's have that afterwards in the hallway. STEPHANIE: Yeah. Or even as, like, new content for yourself or for someone else to take with them if they want to explore that further because, you know, there's always something more to explore [chuckles]. JOËL: I've absolutely done that with past talks. I've taken a thing I had to prune and turned it into a blog post. A recent example of that was when I gave a talk at RailsConf Portland, which I guess is not so recent. I was talking about ways to deal with a test suite that's making too many database requests. And talking about how sometimes misusing let in your RSpec tests can lead to more database requests than you expect. And I had a whole section about how to better understand what database requests will actually be made by a series of let expressions and dealing with the eager versus lazy and all of that. I had to cut it. But I was then able to make a blog post about it and then talk about this really cool technique involving dependency graphs. And that was really fun. So, that was a thing where I was able to say, look, here's some content that didn't make it into the talk because I needed to focus on other things. But as its own little, like, side piece of content, it absolutely works, and here's a blog post. STEPHANIE: Yeah. And then I think it turned into a Bike Shed episode, too [laughs]. JOËL: I think it did, yes. I think, in many ways, creativity begets creativity. It's hard to get started writing or producing content or whatever, but once you do, every idea you have kind of spawns new ideas. And then, pretty soon, you have a backlog that you can't go through. STEPHANIE: That's awesome. Any other highlights from the conference you want to shout out? JOËL: I'd love to give a shout-out to a couple of talks that I went to, Aji Slater's talk on the Enigma machine as a German code machine from World War II and how we can sort of implement our own in Ruby and an exploration of object-oriented programming was fantastic. Aji is just a masterful storyteller. So, that was really great. And then Alan Ridlehoover's talk on dealing with flaky tests that one, I think, was particularly useful because I think it's one of the talks that is going to be immediately relevant on Monday morning for, like, every developer that was in that room and is going back to their regular day job. And they can immediately use all of those principles that Alan talked about to deal with the flaky tests in their test suite. And there's, in particular, at the end of his presentation, Alan has this summary slide. He kind of broke down flakiness across three different categories and then talked about different strategies for identifying and then fixing tests that were flaky because of those reasons. And he has this table where he sort of summarizes basically the entire talk. And I feel like that's the kind of thing that I'm going to save as a cheat sheet. And that can be, like, I'm going to link to this and share it all over because it's really useful. Alan has already put his slides up online. It's all linked to that particular slide in the show notes because I think that all of you would benefit from seeing that. The talks themselves are recorded, but they're not going to be out for a couple of weeks. I'm sure when they do, we're going to go through and watch some and probably comment on some of the talks as well. So, Stephanie, what is new in your world? STEPHANIE: Yeah. So, I'm celebrating wrapping up a client project after a nine-month engagement. JOËL: Whoa, that's a pretty long project. STEPHANIE: Yeah, that's definitely on the longer side for thoughtbot. And I'm, I don't know, just, like, feeling really excited for a change, feeling really, you know, proud of kind of, like, all of the work that we had done. You know, we had been working with this client for a long time and had been, you know, continuing to deliver value to them to want to keep working with us for that long. But I'm, yeah, just looking forward to a refresh. And I think that's one of my favorite things about consulting is that, you know, you can inject something new into your work life at a kind of regular cadence. And, at least for me, that's really important in reducing or, like, preventing the burnout. So, this time around, I kind of started to notice, and other people, too, like my manager, that I was maybe losing a bit of steam on this client project because I had been working on it for so long. And part of, you know, what success at thoughtbot means is that, like, we as employees are also feeling fulfilled, right? And, you know, what are the different ways that we can try to make sure that that remains the case? And kind of rotating folks on different projects and kind of making sure that things do feel fresh and exciting is really important. And so, I feel very grateful that other people were able to point that out for me, too, when I wasn't even fully realizing it. You know, I had people checking in on me and being like, "Hey, like, you've been on this for a while now. Kind of what I've been hearing is that, like, maybe you do need something new." I'm just excited to get that change. JOËL: How do you find the balance between sort of feeling fulfilled and maybe, you know, finding that point where maybe you're feeling you're running out of steam–versus, you know, some projects are really complex, take a while to ramp up; you want to feel productive; you want to feel like you have contributed in a significant way to a project? How do you navigate that balance? STEPHANIE: Yeah. So, the flip side is, like, I also don't think I would enjoy having to be changing projects all the time like every couple of months. That maybe is a little too much for me because I do like to...on our team, Boost, we embed on our team. We get to know our teammates. We are, like, building relationships with them, and supporting them, and teaching them. And all of that is really also fulfilling for me, but you can't really do that as much if you're on more shorter-term engagements. And then all of that, like, becomes worthwhile once you're kind of in that, like, maybe four or five six month period where you're like, you've finally gotten your groove. And you're like, I'm contributing. I know how this team works. I can start to see patterns or, like, maybe opportunities or gaps. And that is all really cool, and I think also another part of what I really like about being on Boost. But yeah, I think what I...that losing steam feeling, I started to identify, like, I didn't have as much energy or excitement to push forward change. When you kind of get a little bit too comfortable or start to get that feeling of, well, these things are the way they are [laughs], -- JOËL: Right. Right. STEPHANIE: I've now identified that that is kind of, like, a signal, right? JOËL: Maybe time for a new project. STEPHANIE: Right. Like starting to feel a little bit less motivated or, like, less excited to push myself and push the team a little bit in areas that it needs to be pushed. And so, that might be a good time for someone else at thoughtbot to, like, rotate in or maybe kind of close the chapter on what we've been able to do for a client. JOËL: It's hard to be at 100% all the time and sort of always have that motivation to push things to the max, and yeah, variety definitely helps with that. How do you feel about finding signals that maybe you need a break, maybe not from the project but just in general? The idea of taking PTO or having kind of a rest day. STEPHANIE: Oh yeah. I, this year, have tried out taking time off but not going anywhere just, like, being at home but being on vacation. And that was really great because then it was kind of, like, less about, like, oh, I want to take this trip in this time of year to this place and more like, oh, I need some rest or, like, I just need a little break. And that can be at home, right? Maybe during the day, I'm able to do stuff that I keep putting off or trying out new things that I just can't seem to find the time to do [chuckles] during my normal work schedule. So, that has been fun. JOËL: I think, yeah, sometimes, for me, I will sort of hit that moment where I feel like I don't have the ability to give 100%. And sometimes that can be a signal to be like, hey, have you taken any time off recently? Maybe you should schedule something. Because being able to refresh, even short-term, can sort of give an extra boost of energy in a way where...maybe it's not time for a rotation yet, but just taking a little bit of a break in there can sort of, I guess, extend the time where I feel like I'm contributing at the level that I want to be. STEPHANIE: Yeah. And I actually want to point out that a lot of that can also be, like, investing in your life outside of work, too, so that you can come to work with a different approach. I've mentioned the month that I spent in the Hudson Valley in New York and, like, when I was there, I felt, like, so different. I was, you know, just, like, so much more excited about all the, like, novel things that I was experiencing that I could show up to work and be like, oh yeah, like, I'm feeling good today. So, I have all this, you know, energy to bring to the tasks that I have at work. And yeah, so even though it wasn't necessarily time off, it was investing in other things in my life that then brought that refresh at work, even though nothing at work really changed [laughs]. JOËL: I think there's something to be said for the sort of energy boost you get from novelty and change, and some of that you get it from maybe rotating to a different project. But like you were saying, you can change your environment, and that can happen as well. And, you know, sometimes it's going halfway across the country to live in a place for a month. I sometimes do that in a smaller way by saying, oh, I'm going to work this morning from a coffee shop or something like that. And just say, look, by changing the environment, I can maybe get some focus or some energy that I wouldn't have if I were just doing same old, same old. STEPHANIE: Yeah, that's a good point. So, one particularly surprising refresh that I experienced in offboarding from my client work is coming back to my thoughtbot, like, internal company laptop, which had been sitting gathering dust [laughs] a little bit because I had a client-issued laptop that I was working in most of the time. And yeah, I didn't realize how different it would feel. I had, you know, gotten everything set up on my, you know, my thoughtbot computer just the way that I liked it, stuff that I'd never kind of bothered to set up on my other client-issued laptop. And then I came back to it, and then it ended up being a little bit surprising. I was like, oh, the icons are smaller on this [laughs] computer than the other computer. But it definitely did feel like returning to home, I think, instead of, like, being a guest in someone else's house that you haven't quite, like, put all your clothes in the closet or in the drawers. You're still maybe, like, living out of a suitcase a little bit [laughs]. So yeah, I was kind of very excited to be in my own space on my computer again. JOËL: I love the metaphor of coming home, and yeah, being in your own space, sleeping in your own bed. There's definitely some of that that I feel, I think, when I come back to my thoughtbot laptop as well. Do you feel like you get a different sense of connection with the rest of our thoughtbot colleagues when you're working on the thoughtbot-issued laptop versus a client-issued one? STEPHANIE: Yeah. Even though on my client-issued computer I had the thoughtbot Slack, like, open on there so I could be checking in, I wasn't necessarily in, like, other thoughtbot digital spaces as much, right? So, our, like, project management tools and our, like, internal company web app, those were things that I was on less of naturally because, like, the majority of my work was client work, and I was all in their digital spaces. But coming back and checking in on, like, all the GitHub discussions that have been happening while I haven't had enough time to catch up on them, just realizing that things were happening [laughs] even when I was doing something else, that is both cool and also like, oh wow, like, kind of sad that I [chuckles] missed out on some of this as it was going on. JOËL: That's pretty similar to my experience. For me, it almost feels a little bit like the difference between back when we used to be in person because thoughtbot is now fully remote. I would go, usually, depending on the client, maybe a couple of days a week working from their offices if they had an office. Versus some clients, they would come to our office, and we would work all week out of the thoughtbot offices, particularly if it was like a startup founder or something, and they might not already have office space. And that difference and feeling the connection that I would have from the rest of the thoughtbot team if I were, let's say, four days a week out of a client office versus two or four days a week out of the thoughtbot office feels kind of similar to what it's like working on a client-issued laptop versus on a thoughtbot-issued one. STEPHANIE: Another thing that I guess I forgot about or, like, wasn't expecting to do was all the cleanup, just the updating of things on my laptop as I kind of had it been sitting. And it reminded me to, I guess, extend that, like, coming home metaphor a little bit more. In the game Animal Crossing, if you haven't played the game in a while because it tracks, like, real-time, so it knows if you haven't, you know, played the game in a few months, when you wake up in your home, there's a bunch of cockroaches running around [laughs], and you have to go and chase and, like, squash them to clean it up. JOËL: Oh no. STEPHANIE: And it kind of felt like that opening my computer. I was like, oh, like, my, like, you know, OS is out of date. My browsers are out of date. I decided to get an internal company project running in my local development again, and I had to update so many things, you know, like, install the new Ruby version that the app had, you know, been upgraded to and upgrade, like, OpenSSL and all of that stuff on my machine to, yeah, get the app running again. And like I mentioned earlier, just the idea of like, oh yeah, this has evolved and changed, like, without me [laughs] was just, you know, interesting to see. And catching myself up to speed on that was not trivial work. So yeah, like, all that maintenance stuff still got to do it. It's, like, the digital cleanup, right? JOËL: Exactly. So, you mentioned that on the client machine, you still had the thoughtbot Slack. So, you were able to keep up at least some messages there on one device. I'm curious about the experience, maybe going the other way. How much does thoughtbot stuff bleed into your personal devices, if at all? STEPHANIE: Barely. I am very strict about that, I think. I used to have Slack on my phone, I don't know, just, like, in an earlier time in my career. But now I have it a rule to keep it off. I think the only thing that I have is my calendar, so no email either. Like, that is something that I, like, don't like to check on my personal time. Yeah, so it really just is calendar just in case I'm, like, out in the morning and need to be, like, oh, when is my first meeting? But [laughs] I will say that the one kind of silly thing is that I also refuse to sign into my Google account for work. So, I just have the calendar, like, added to my personal calendar but all the events are private. So, I can't actually see what the events are [laughs]. I just know that I have something going on at, like, 10:00 a.m. So, I got to make sure I'm back home by then [laughs], which is not so ideal. But at the risk of being signed in and having other things bleed into my personal devices, I'm just living with that for now [laughs]. JOËL: What I'm hearing is that I could put some mystery events on your calendar, and you would have a fun surprise in the morning because you wouldn't know what it is. STEPHANIE: Yeah, that is true [laughs]. If you put, like, a meeting at, like, 8:00 a.m., [laughs] then I'm like, oh no, what's this? And then I arrive, and it's just, like [laughs], a fun prank meeting. So, you know, you were talking about how you were at the conference this week. And I'm wondering, how connected were you to work life? JOËL: Uh, not very. I tried to be very present in the moment at the conference. So, I'm, you know, connected to all the other thoughtboters who were there and connecting with the attendees. I do have Slack on my phone, so if I do need to check it for something. There was a little bit of communication that was going on for different things regarding the conference, so I did check in for that. But otherwise, I tried to really stay focused on the in-person things that are happening. I'm not doing any client work during those days that I'm at RubyConf, and so I don't need to deal with anything there. I had my thoughtbot laptop with me because that's what I used to give my presentation. But once the presentation was done, I closed that laptop and didn't open it again, and, honestly, that felt kind of good. STEPHANIE: Yeah, that is really nice. I'm the same way, where I try to be pretty connected at conferences, and, like, I will actually redownload Slack sometimes just for, like, coordinating purposes with other folks who are there. But I think I make it pretty clear that I'm, like, away. You know, like, I'm not actually...like, even though I'm on work time, I'm not doing any other work besides just being present there. JOËL: So, you mentioned the idea of work time. Do you have, like, a pretty strict boundary between personal time and work time and, like, try not to allow either to bleed into each other? STEPHANIE: Yeah. I can't remember if I've mentioned this on the show. I think I have, but I'm going to again because one of my favorite things that I picked up from The Bike Shed back when Chris Toomey and Steph Viccari were hosting the show is Chris had, like, a little ritual that he would do every day to signal that he was done with work. He would close his laptop and say, "Schedule shutdown complete," I think. And I've started adopting it because then it helps me be like, I'm not going to reopen my laptop after this because I have said the words. And even if I think of something that I maybe need to add to my to-do list, I will, instead of opening my computer and adding to my, like, whatever digital to-do list, I will, like, write it down on a piece of paper instead for the sake of, you know, not risking getting sucked back into, you know, whatever might be going on after the time that I've, like, decided that I need to be done. JOËL: So, you have a very strict divisioning between work time and personal time. STEPHANIE: Yeah, I would say so. I think it's important for me because even when I take time off, you know, sometimes folks might work a half day or something, right? I really struggle with having even a half day feel like, once I'm done with work, having that feel like okay, like, now I'm back in my personal time. I'd much prefer not working the entire day at all because that is kind of the only way that I can feel like I've totally reclaimed that time. Otherwise, it's like, once I start thinking about work stuff, it's like I need a mental boundary, right? Because if I'm thinking about a work problem, or, like, an interaction or, like, just anything, it's frustrating because it doesn't feel like time in my own brain [laughs] is my own. What do work and personal time boundaries look like for you? JOËL: I think it's evolved over time. Device usage is definitely a little bit more blurry for me. One thing that I have started doing since we've gone fully remote as the pandemic has been winding down and, you know, you can do things, but we're still working from home, is that more days than not, I work from home during the day, and then I leave my home during the evening. I do a variety of social activities. And because I like to be sort of present in the moment, that means that by being physically gone, I have totally disconnected because I'm not checking emails or anything like that. Even though I do have thoughtbot email on my phone, Gmail allows me to like log into my personal account and my thoughtbot account. I have to, like, switch between the two accounts, and so, that's, like, more work than I would want. I don't have any notifications come in for the thoughtbot account. So, unless I'm, like, really wanting to see if a particular email I'm waiting for has come in, I don't even look at it, ever. It's mostly just there in case I need to see something. And then, by being focused in the moment doing social things with other people, I don't find too much of a temptation to, like, let work life bleed into personal life. So, there's a bit of a physical disconnect that ends up happening by moving out of the space I work in into leaving my home. STEPHANIE: Yeah. And I'm sure it's different for everyone. As you were saying that, I was reminded of a funny meme that I saw a long time ago. I don't think I could find it if I tried to search for it. But basically, it's this guy who is, you know, sitting on one side of the couch, clearly working. And he's kind of hunched over and, like, typing and looking very serious. And then he, like, closes his laptop, moves over, like, just slides to the other side of the couch, opens his laptop. And then you see him, like, lay back, like, legs up on the coffee table. And it's, like, work computer, personal computer, but it's the same computer [laughs]. It's just the, like, how you've decided like, oh, it's time for, you know, legs up, Netflix watching [laughs]. JOËL: Yeah. Yeah. I'm curious: do you use your thoughtbot computer for any personal things? Or is it just you shut that down; you do the closing ritual, and then you do things on a separate device? STEPHANIE: Yeah, I do things on a separate device. I think the only thing there might be some overlap for are, like, career-related extracurriculars or just, like, development stuff that I'm interested in doing, like, separate from what I am paid to do. But that, you know, kind of overlaps a little bit because of, like, the tools and the stuff I have installed on my computer. And, you know, with our investment time, too, that ends up having a bit of a crossover. JOËL: I think I'm similar in that I'll tend to do development things on my thoughtbot machine, even though they're not necessarily thoughtbot-related, although they could be things that might slot into something like investment time. STEPHANIE: Yeah, yeah. And it's because you have all your stuff set up for it. Like, you're not [laughs] trying to install the latest Ruby version on two different machines, probably [laughs]. JOËL: Yeah. Also, my personal device is a Windows machine. And I've not wanted to bother learning how to set that up or use the Windows Subsystem for Linux or any of those tools, which, you know, may be good professional learning activities. But that's not where I've decided to invest my time. STEPHANIE: That makes sense. I had an interesting conversation with someone else today, actually, about devices because I had mentioned that, you know, sometimes I still need to incorporate my personal devices into work stuff, especially, like, two-factor authentication. And specifically on my last client project...I have a very old iPhone [laughs]. I need to start out by saying it's an iPhone 8 that I've had for, like, six or seven years. And so, it's old. Like, one time I went to the Apple store, and I was like, "Oh, I'm looking for a screen protector for this." And they're like, "Oh, it's an iPhone 8. Yikes." [laughs] This was, you know, like, not too long ago [laughs]. And the multi-factor authentication policy for my client was that, you know, we had to use this specific app. And it also had, like, security checks. Like, there's a security policy that it needed to be updated to the latest iOS. So, even if I personally didn't want to update my iOS [laughs], I felt compelled to because, otherwise, I would be locked out of the things that I needed to do at work [laughs]. JOËL: Yeah, that can be a challenge sometimes when you're adding work things to personal devices, maybe not because it's convenient and you want to, but because you don't have a choice for things like two-factor auth. STEPHANIE: Yeah, yeah. And then the person I was talking to actually suggested something I hadn't even thought about, which is like, "Oh, you know, if you really can't make it work, then, like, consider having that company issue another device for you to do the things that they're, like, requiring of you." And I hadn't even thought of that, so... And I'm not quite at the point where I'm like, everything has to be, like, completely separate [laughs], including two-factor auth. But, I don't know, something to consider, like, maybe that might be a place I get to if I'm feeling like I really want to keep those boundaries strict. JOËL: And I think it's interesting because, you know, when you think of the kind of work that we do, it's like, oh, we work with computers, but there are so many subfields within it. And device management and, just maybe, corporate IT, in general, is a whole subfield that is separate and almost a little bit alien. Two, I feel like me, as a software developer, I'm just aware of a little bit...like, I've read a couple of articles around...and this was, you know, years ago when the trend was starting called Bring Your Own Device. So, people who want to say, "Hey, I want to use my phone. I want to have my work email on my phone." But then does that mean that potentially you're leaking company memos and things? So, how do you secure that kind of thing? And everything that IT had to think through in order to allow that, the pros and cons. So, I think we're just kind of, as users of that system, touching the surface of it. But there's a lot of thought and discussion that, as an industry, the kind of corporate IT folks have gone through to struggle with how to balance a lot of those things. STEPHANIE: Yeah, yeah. I bet there's a lot of complexity or nuance there. I mean, we're just talking about, like, ways that we do or don't mix work and personal life. And for that kind of work, you know, that's, like, the job is to think really thoroughly about how people use their devices and what should and shouldn't be permissible. The last thing that I wanted to kind of ask about in terms of device management or, like, work and personal intermixing is the idea of being on call and your device being a way for work to reach you and that being a requirement, right? I feel very lucky to obviously not really be in that position. As consultants, like, we're not usually so embedded into a team that we're then brought into, like, an on-call rotation, and I think that's good for me. Like, I don't think that that is something I'd be interested in doing anytime soon. Do you have any experience with that? JOËL: I have not been on a project where I've had to be on call, and I think that's generally true for most of us at thoughtbot who are doing software development. I know those who are doing more kind of platformy SRE-type things are on call. And, in fact, we have specifically hired people in different regions around the world so that we can provide 24-hour coverage for that kind of thing. STEPHANIE: Yeah. And I imagine kind of like what we're talking about with work device management looks even different for that kind of role, where maybe you do need a lot more access to things, like, wherever you might be. JOËL: And maybe the answer there is you get issued a work-specific device and a work phone or something like that, or an old-school work pager. STEPHANIE: [laughs] JOËL: PagerDuty is not just a metaphoric thing. Back in the day, they used actual pagers. STEPHANIE: Yeah, that would be very funny. JOËL: So yeah, I can't speak to it from personal experience, but I could imagine that maybe some of the dynamics there might be a little bit different. And, you know, for some people, maybe it's fine to just have an app on your phone that pings you when something happens, and you have to be on call. And you're able to be present while waiting, like, in case you get pinged, but also let it go while you're on call. I can imagine that's, like, a really weird kind of, like, shadow, like, working, not working experience that I can't really speak to because I have not been in that position. STEPHANIE: Yeah. As you were saying that, I also had the thought that, like, our ability to step away from work and our devices is also very much dependent on, like, a company culture and those types of factors, right? Where, you know, it is okay for me to not be able to look at that stuff and just come back to it Monday morning, and I am very grateful [laughs] for that. Because I recognize that, like, not everyone is in that position where there might be a lot more pressure or urgency to be on top of that. But right now, for this time in my life, like, that's kind of how I like to work. JOËL: I think it kind of sits at the intersection of a few different things, right? There's sort of where you are personally. It might be a combination, like, personality and maybe, like, mental health, things like that, how you respond to how sharp or blurry those lines between work and personal life can be. Like you said, it's also an element of company culture. If there's a company culture that's really pushing to get into your personal life, maybe you need firmer boundaries. And then, finally, what we spent most of this episode talking about: technical solutions, whether that's, like, physically separating everything such that there are two devices. And you close down your laptop, and you're done for the day. And whether or not you allow any apps on your personal phone to carry with you after you leave for the day. So, I think at the intersection of those three is sort of how you're going to experience that, and every person is going to be a little bit different. Because those three...I guess I'm thinking of a Venn diagram. Those three circles are going to be different for everyone. STEPHANIE: Yeah, that makes complete sense. JOËL: On that note, shall we wrap up? STEPHANIE: Let's wrap up. Show notes for this episode can be found at bikeshed.fm. JOËL: This show has been produced and edited by Mandy Moore. STEPHANIE: If you enjoyed listening, one really easy way to support the show is to leave us a quick rating or even a review in iTunes. It really helps other folks find the show. JOËL: If you have any feedback for this or any of our other episodes, you can reach us @_bikeshed, or you can reach me @joelquen on Twitter. STEPHANIE: Or reach both of us at hosts@bikeshed.fm via email. JOËL: Thanks so much for listening to The Bike Shed, and we'll see you next week. ALL: Byeeeeeee!!!!!! AD: Did you know thoughtbot has a referral program? If you introduce us to someone looking for a design or development partner, we will compensate you if they decide to work with us. More info on our website at: tbot.io/referral. Or you can email us at: referrals@thoughtbot.com with any questions.
With the Ubuntu Summit just around the corner, we preview a couple talks by the Ubuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP, AOM, ncurses, the Linux kernel and more.
Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: https://www.solarwinds.com/assets/solarwinds/swresources/whitepaper/2111swiwhitepaper_nextgenbuild.pdf https://next.redhat.com/project/tekton-chains/ https://tekton.dev/ In the news, a stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security), and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-256
A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: https://securityweekly.com/asw-256
Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: https://www.solarwinds.com/assets/solarwinds/swresources/whitepaper/2111swiwhitepaper_nextgenbuild.pdf https://next.redhat.com/project/tekton-chains/ https://tekton.dev/ In the news, a stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security), and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-256
What if you could purchase a computer built like a Mac but run a free and open source operating system on it that you can't break, would you buy one? Steve and Noah discuss the Malibal, and an immutable distro with Flatpaks that "just works" -- During The Show -- 00:58 Intro Steve's Nvidea Issue trouble shooting process root cause = it's dirty why dig for the root cause Good News! Axia fixed our board! 06:50 Google Ad Policy - Ahmed Google ads used for phishing Google ads placement confusing Why google don't clearly label ads 12:05 TPM & Drive Encryption On Fedora - Tiny Clevis (https://github.com/latchset/clevis) SystemD Cryptenroll Fedora TPM Blog Post (https://fedoramagazine.org/automatically-decrypt-your-disk-using-tpm2/) Fedora Security Keys Blog Post (https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/) 15:09 Linux Mint Issues - penguin prince Maybe re-seat things? 15:55 Current Grafana Setup - Tiny Current Usage Network CPU RAM Disk Matrix database Added to Ansible Grafana can be more than graphs 21:00 News Wire Fedora KDE Plasma 6 Dropping X11 - 9 to 5 Linux (https://9to5linux.com/fedora-linux-40-to-offer-the-kde-plasma-6-desktop-on-wayland-and-drop-x11-session) Linux 6.7 Drops Itanium IA-64 - Phoronix (https://www.phoronix.com/news/Linux-6.7-To-Drop-Itanium-IA-64) ReiserFS Removed From Default Kernel - Phoronix (https://www.phoronix.com/news/ReiserFS-Drop-From-Defconfigs) Tails 5.17.1 - Tails (https://tails.net/news/version_5.17.1/index.en.html) Real-Time Linux on AWS - The News Stack (https://thenewstack.io/canonical-brings-real-time-linux-to-amazon-web-services/) Delayed Module Signature Verification - Phoronix (https://www.phoronix.com/news/Linux-Delay-Module-Verification) OpenSUSE Seeks LEAP Replacement - ZDNet (https://www.zdnet.com/article/opensuse-seeks-a-leap-replacement-but-will-distro-community-rise-to-the-challenge/) OpenSource.com Reborn - Open SOurce Watch (https://opensourcewatch.beehiiv.com/p/invaluable-opensourcecom-site-reborn-opensourcenet) Intel FPGA & RISC-V - The Register (https://www.theregister.com/2023/09/15/intel_fpga_updates/) OpenSSL 1.1.1 is EOL - The News Stack (https://thenewstack.io/update-now-openssl-1-1-1s-shelf-life-has-ended/) Earth Lusca & SprySOCKS backdoor - Bleeping Computer (https://www.bleepingcomputer.com/news/security/new-sprysocks-linux-malware-used-in-cyber-espionage-attacks/) NCurses Flaw - The Hacker News (https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html) CISA Announcement - CISA.gov (https://www.cisa.gov/news-events/news/cisa-announces-open-source-software-security-roadmap) VC Bill Gurley - Fortune.com (https://fortune.com/2023/09/17/bill-gurley-warns-regulatory-capture-ai-hails-open-source/) 6.1.14 Kernel in Scratch - MIT.edu (https://scratch.mit.edu/projects/892602496) 23:00 OpenSuse Aeon "It Just Works" Linux MicroOS & Gnome as immmutable base Software via FlatPak and distrobox Good for some users What problem does this solve? Purpose Driven OpenSuse Aeon (https://en.opensuse.org/Portal:Aeon) All Systems GO Talk (https://www.youtube.com/watch?v=1K_kGbmlewo) 34:30 Penguin Prince Calls Adding a Page to WordPress Issue Page refuses to go live 38:55 The US Assembled Linux Laptop You Haven't Heard Of Malibal (https://www.malibal.com/) Final Assembly in the US Expensive Making a powerful sleek computer Most have graphics cards Optimus Manager (https://github.com/Askannz/optimus-manager) Coreboot Commitment to sustainability Barrel Power vs Type-C charging Dell's commitment to Linux System76 (https://system76.com/) Framework Laptops (https://frame.work/) 51:36 NextCloud Hub 6 They have to have email Mail in a Box (https://mailinabox.email/) LInux Today (https://www.linuxtoday.com/news/nextcloud-hub-6-more-than-a-foss-replacement-for-microsoft-365-business-standard/) Linux UnPlugged 528 (https://linuxunplugged.com/528) 52:25 LFNW Moved to Next Year Had to move the date Will still have things to do -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/355) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) • Ask Noah Show © CC-BY-ND 2021 •
Watch on YouTube About the show Sponsored by InfluxDB from Influxdata. Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Michael #1: makeapp via Felix Ingram Simplifies Python application rollout and publishing. Link to its mention on Talk Python. Simplifies Python application rollout and publishing: Make a skeleton for your new application with one console command Automatically create a VCS repository for your application. Automatically check whether the chosen application name is not already in use. Customize new application layouts with skeleton templates. Put some skeleton default settings into a configuration file not to mess with command line switches anymore. Easily add entries to your changelog. Publish your application to remotes (VCS, PyPI) with single command. Brian #2: Looking forward to Python 3.12 We're on 3.12.0a7 now, the last alpha, final is scheduled for October schedule So far, in 3.12.0a7 What's new in Python 3.12 page has some examples of the Improved Error Messages Recent addition, PEP 684 - A Per-Interpreter GIL was approved recently “… sufficient isolation would facilitate true multi-core parallelism …” seems like a good thing. But also, “… this is an advanced feature meant for a narrow set of users of the C-API. “, so not really sure how this will affect us. Still, seems cool. Michael #3: Python 3.11.3 is out Fixes a HIGH level CVE in OpenSSL (so patch it) Lots of changes in Core and Builtins Brian #4: How to Make a Great Conference Talk Sebastian Witowski Lots of great advice for tech conf talks. Don't skip the last half of this, getting your talk accepted is really when the work starts. Good sections to make sure you don't miss Live demos “First of all - do you really need a demo? …” Rehearsing Don't skip this. Do this. A lot. Out loud. With a timer. While standing. Memorize the first few minutes, and the last few. Know how you're going to open and close. Night before get enough sleep Day of eat well. Don't drink too much liquids. Be comfortable. Sebastian was honest in saying this stuff works for him, but do what works for you. From Brian: I deviate from Sebastian in quite a few places, but still don't disagree with his advice. I can't give a talk without slides, as I use them for prompts to know what I'm talking about next. My talks usually have a lot of code snippets. Obviously, that would be difficult without slides. I write my talk and my slides in Markdown. Sebastian writes in something else, then builds slides as visual aids. That's cool. Do what works for you. Bonus tool from the article: demo-magic - If I'm ever tempted to live code again, I think I'll try this instead. Extras Michael: NOW the CDN course is out. Django 4.2 released. Joke: Using A.I. for Efficiency
Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike. Segment Resources https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf Reddit's breach disclosure, simple vulns in Toyota's web portals, OpenSSL vulns, voting results for Portswigger's top 10 web hacking techniques of 2022, tiny IoT cryptography implementations, real world migration of a million lines of code Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw229
OpenSSL is a free, open-source cryptographic library that provides secure communications over computer networks. It's widely used to implement the secure socket layer (SSL) and transport layer security (TLS) protocols, which are the basis for secure, encrypted connections on the internet. On Oct 25th, the OpenSSL project informed its users of a critical vulnerability that The post OpenSSL Vulnerability with Ilkka Turunen appeared first on Software Engineering Daily.
Picture of the Week. A minor Dropbox breach. OpenSSL follow-up. FTC sued and settled with a repeated offender. $1.2 billion in reported ransomware payments during 2021. Akamai's Q3 Threat Report. Initial Access Brokerages. How do today's bank heists work? De-Fi De-struction De-jour. Russia moves to Linux. We're The Red Cross. Don't attack us, please! Where there's a will, there's a way. From China with Love. The UK's NCSC scan plan. Miscellany. Closing The Loop. SpinRite. We invite you to read our show notes at https://www.grc.com/sn/SN-896-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT drata.com/twit
OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts' Cybersecurity 202 has the latest on election security. A visit to the CyberWire's Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two ‘high' severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA's part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters) XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia's war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/210 Selected reading. Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) O How The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security) New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion) Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog) The impact of exploitable misconfigurations on network security within US Federal organizations (Titania) Liz Truss's personal phone hacked by Putin's spies (Mail Online) O Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters) Liz Truss phone hack claim prompts calls for investigation (BBC News) Russian spies hacked Truss's personal phone (Computing) Government urged to investigate report Liz Truss's phone was hacked (the Guardian) Ministers creating ‘wild west' conditions with use of personal phones (the Guardian) Suella Braverman admits sending official documents to personal email six times (The Telegraph) Ukraine War: UK reveals £6m package for cyber defence (BBC News) DNS Threat Report — Q3 2022 (Akamai)
Picture of the Week. OpenSSL's Patch For Heap Memory Corruption Vulnerability. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. Yubico donated 30,000 Yubikeys to Ukraine. Apple's new extreme "Lockdown Mode". Microsoft to re-enable Office Macros. This Is the Code the FBI Used to Wiretap the World. Closing The Loop. The Rolling Pwn. We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow tanium.com/twit canary.tools/twit - use code: TWIT