Podcasts about qubes os

In der neuesten Folge von "Passwort" kommen die Hosts an einer kurzen Einordnung der explodierenden Pager nicht vorbei, halten sich aber mit dem Thema nicht lange auf. Schließlich gibt es noch viel anderes zu besprechen, etwa einen nun durch Strafverfolger abgeräumten Messengerdienst für Kriminelle, Details zum Fehler in Yubikeys, Malware mit cleveren Social-Engineering-Tricks und Clipboard-Manipulation und ein "bat-ylonisches" Dateiendungs-Gewirr. - Qubes OS - a reasonable secure operating system: https://www.qubes-os.org/ Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://aktionen.heise.de/heise-security-pro

https://youtu.be/y62JeJtX0MU Forum Discussion Thread (https://forum.tuxdigital.com/t/247-manjaro-23-1-cosmic-desktop-fedora-asahi-zorin-17-almalinux-amp-more-linux-news/6108) On this episode of TWIL (247), we've got new distro releases to stuff your Christmas stockings with from Manjaro, Zorin 17 and AlmaLinux. Fedora has announced the release of their new Asahi remix with Fedora Asahi. Then we'll take a look at the latest news for System76's COSMIC Desktop. Plus Debian might be doing something very rare for the project. All of this and more on this episode of This Week in Linux, Your Source for Linux GNews! Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/f039d27c-4e89-461f-b851-e9b963ed77ad.mp3) Supported by: LINBIT = https://thisweekinlinux.com/linbit (https://thisweekinlinux.com/linbit) Want to Support the Show? Become a Patron = https://tuxdigital.com/membership (https://tuxdigital.com/membership) Store = https://tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 TWIL 247 Intro 01:04 Manjaro Linux 23.1.0 "Vulcan” Released - [ link (https://forum.manjaro.org/t/manjaro-23-1-vulcan-released/153458) ] 02:50 COSMIC Desktop & Pop!_OS - [ link (https://blog.system76.com/post/the-spirit-of-cosmic-december-updates) ] 06:08 Fedora Asahi Remix 39 - [ link 1 (https://asahilinux.org/fedora/), link 2 (https://fedoramagazine.org/introducing-fedora-asahi-remix-39/) ] 08:07 Zorin OS 17 Released - [ link (https://blog.zorin.com/2023/12/20/zorin-os-17-has-arrived/) ] 11:46 LINBIT - [ link (https://thisweekinlinux.com/linbit) ] 13:10 Debian Likely Moving Away From i386 - [ link (https://lists.debian.org/debian-devel-announce/2023/12/msg00003.html) ] 15:30 AlmaLinux Expands ELevate with EPEL Integration - [ link (https://almalinux.org/blog/2023-12-05-announcing-epel-support-in-elevate/) ] 16:48 Firefox 121 Released - [ link (https://www.mozilla.org/en-US/firefox/121.0/releasenotes/) ] 19:37 Alpine Linux 3.19 Released - [ link (https://alpinelinux.org/posts/Alpine-3.19.0-released.html) ] 21:29 Qubes OS 4.2.0 Released - [ link (https://www.qubes-os.org/news/2023/12/18/qubes-os-4-2-0-has-been-released/) ] 23:00 Valve Rewards Naughty Dota 2 Players with Lumps of Coal - [ link (https://www.gamingonlinux.com/2023/12/valve-hands-out-lumps-of-coal-to-naughty-dota-2-players/) ] 26:09 Outro

Docker's open-source crackdown, the Wayland regression solved this week, and why ipmitool's repo has been locked.

Docker's open-source crackdown, the Wayland regression solved this week, and why ipmitool's repo has been locked.

Gabriel Custodiet speaks with Max Hillebrand about the philosophy behind Bitcoin, as well as proper techniques for using it as it was intended. Along the way they discuss Monero, Max's appreciation for German economist-philosopher Ludwig von Mises, and Max's interest in Qubes OS. This conversation at times gets into the depths of Bitcoin, tackling the nature of UTXOs, Bitcoin taint, coin control, privacy holes in the Lightning Network, crossing borders with Bitcoin, and the Wasabi Wallet controversy. Guest Links → https://twitter.com/HillebrandMax → https://towardsliberty.com (Max's website) → https://bitcoinops.org/en/newsletters → https://bitcoinaudible.com   Watchman Privacy → https://watchmanprivacy.com (newsletter, consultation requests) → https://twitter.com/watchmanprivacy → https://www.amazon.com/Watchman-Guide-Privacy-Financial-Lifestyle/dp/B08PX7KFS2   Bitcoin Privacy Course → https://rpf.gumroad.com/l/privatebitcoin   Monero Donation Address (If you can't see the whole string, double click in the middle to select all) →8829DiYwJ344peEM7SzUspMtgUWKAjGJRHmu4Q6R8kEWMpafiXPPNBkeRBhNPK6sw27urqqMYTWWXZrsX6BLRrj7HiooPAy   Please subscribe to and rate this podcast wherever you can to help it thrive. Thank you! Timeline 0:00 – Beginning 7:27 – Why not use Monero? 10:14 – Underlying world view of Max Hillebrand 13:22 – How does Bitcoin solve the world's problems? 16:03 – Naming the enemies of Bitcoin privacy 24:03 – Erasing Bitcoin taint 27:59 – What is a UTXO? 31:20 – How confident can we be in CoinJoin? 37:44 – How to accumulate large amounts of Bitcoin privately 41:57 – Lighting Network for privacy? 45:21 – Rapid fire digital privacy tools 52:04 – Max's favorite Bitcoin resources 52:50 – Crossing borders with Bitcoin 56:46 – Wasabi Wallet controversy response by Max Hillebrand 1:04:39 – Gabriel thoughts on “aiding evil people with privacy” 1:11:17 – Final thoughts

Hauke, Jean und Micha gehen auf die neuste Qubes OS Version ein. Besprechen die Chemnitzer Linuxtage 2022 und zum Schluss gibt es noch allerlei Neuigkeiten zum Raspberry Pi.

RADIO%27 produce el tercer episodio del programa radial "Eskuela GNU/Linux" conducido por Eduardo Fórneas y Danmery. Una serie de novedades en cuanto a distros y nuevo lanzamientos, resaltando la nueva versión de Qubes OS. Una "asociación" de fabricantes de automóviles eléctricos adopta GNU/Linux como el sistema operativo a utilizar en sus unidades de transportación. Vamos, el universo GNU/Linux continúa su avance, a esta altura imparable, en todas las tecnologías importantes en el actual momento. ¿Quién dijo que el año de GNU/Linux no ha llegado aún?. A divertirse, a llenarse de dudas y a experimentar. Los Hackers son "cyborgs" pensantes y críticos, muy lejos de la manada "zombizada" creada por el pensamiento único y oficial. RADIO%27 "Compartir el conocimiento nos hace libres" "La duda es el suplemento vitamínico más saludable de nuestra mente y los pensamientos que produce"

On this episode of This Week in Linux, KDE Plasma 5.24, KDE Discover Redesign, Intel Joins RISC-V International, Mozilla Firefox 97, Inkscape 1.1.2, OpenMandriva Lx 4.3, Qubes OS 4.1.0, Steam Deck Hands-On Hardware Reviews, DBrand's Project Killswitch, The Nobara Project, Escuelas Linux 7.3, Absolute Linux 15.0, Twister OS & Twister UI. All that and much more on Your Weekly Source for Linux GNews! SPONSORED BY: DigitalOcean ►► https://do.co/dln Bitwarden ►► https://bitwarden.com/dln TWITTER ►► https://twitter.com/michaeltunnell MASTODON ►► https://mastodon.social/@MichaelTunnell DLN COMMUNITY ►► https://destinationlinux.network/contact FRONT PAGE LINUX ►► https://frontpagelinux.com MERCH ►► https://dlnstore.com BECOME A PATRON ►► https://tuxdigital.com/contribute This Week in Linux is produced by the Destination Linux Network: https://destinationlinux.network SHOW NOTES ►► https://tuxdigital.com/twil185 00:00 = Welcome to TWIL 185 00:41 = Announcement: I'm Hosting Linux Saloon This Week 01:24 = KDE Plasma 5.24 Released 08:13 = KDE Discover Redesign Has Begun 09:05 = Intel Joins RISC-V International 11:27 = Mozilla Firefox 97 Released 13:41 = DigitalOcean App Platform ( https://do.co/dln ) 14:51 = Inkscape 1.1.2 Released 17:37 = OpenMandriva Lx 4.3 Released 21:13 = Qubes OS 4.1.0 Released 24:50 = Bitwarden Password Manager ( https://bitwarden.com/dln 26:19 = Steam Deck Hands-On Hardware Reviews 27:46 = DBrand's Project Killswitch 28:56 = The Nobara Project 33:22 = Visuex.com: Design & Digital Marketing ( https://visuex.com/dln ) 34:25 = Escuelas Linux 7.3 Released 36:23 = Absolute Linux 15.0 Released 37:39 = Twister OS & Twister UI 40:02 = Outro Other Videos: 7 Reasons Why Firefox Is My Favorite Web Browser: https://youtu.be/bGTBH9yr8uw 17 KDE Plasma Features That You Didn't Know About: https://www.youtube.com/watch?v=zhPIwFC4qFs How To Use Firefox's Best Feature, Multi-Account Containers: https://youtu.be/FfN5L5zAJUo 5 Reasons Why I Use KDE Plasma: https://youtu.be/b0KA6IsO1M8 Thanks For Watching! Linux #TechNews #Podcast

On this episode of This Week in Linux, KDE Plasma 5.24, KDE Discover Redesign, Intel Joins RISC-V International, Mozilla Firefox 97, Inkscape 1.1.2, OpenMandriva Lx 4.3, Qubes OS 4.1.0, Steam Deck Hands-On Hardware Reviews, DBrand's Project Killswitch, The Nobara Project, Escuelas Linux 7.3, Absolute Linux 15.0, Twister OS & Twister UI. All that and much […]

Guest Sarah Gran | Josh Aas Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We are super excited to have two guests today, Sarah Gran and Josh Aas, who both work for ISRG, the Internet Security Research Group which consists of three projects: Let's Encrypt, Divvi Up, and Prossimo. Sarah is a VP of Communication and fundraising for ISRG, and Josh is the Executive Director at ISRG. They are both working on Prossimo to bring memory safe code to critical digital infrastructure, which they will explain more in depth today. We also learn about some other projects they are investing in this year, and Sarah and Josh share some positive things they're really excited about happening in 2022 with Prossimo. Go ahead and download this episode now to find out more! [00:02:03] We find out what ISRG is and how they choose which projects to focus on. [00:04:53] Josh explains the difference between Prossimo and Rust. [00:07:07] Josh and Sarah explain why memory allocation is so important. [00:10:33] Justin wonders if Log4j is on their radar in terms of funding, if that's something ISRG can help them with, and how that has brought more attention to memory safe languages. [00:13:03] We hear about the relationship ISRG has with the Linux Foundation. [00:15:21] Sarah shares what they've done so far to make the Prossimo project sustainable. [00:18:21] We find out what the budget is for running ISRG, and how they make that budget for what they are trying to accomplish. [00:22:40] Josh tells us about using Linkerd if you're looking for memory safety in that space. [00:24:40] Besides working on major projects that have had massive impacts like he had with Let's Encrypt, Josh shares things that have been difficult for him this year. [00:27:02] Josh explains how Cloudflare deals with DDoS attacks, and if there's been any open line of communication with NginX. [00:29:55] Josh and Sarah detail what they're doing to get the word out about Prossimo which includes four criteria they use to decide what they're going to engage with. [00:33:18] We hear about some projects they are investing in this year, such as Rustls, Linux kernel, and NTP. [00:35:07] What are Sarah and Josh most excited about happening in 2022? [00:41:35] Find out where you can follow Josh, Sarah, and Prossimo online. Quotes [00:04:05] “We just like to do a lot research about what we're doing. We're not a throw it at the wall and see what sticks organization.” [00:12:05] “From my perspective in communications and fundraising, I think this is a great moment for us to help people understand that memory safety isn't at the crux of Log4j.” [00:14:31] “Rising tides raises all ships.” [00:25:27] “We have a huge amount of history that tells us C++ code is not safe.” [00:29:25] “I really hope that ten years from now, the number one web server is not written in C, that cannot happen, we can't allow that to happen. Popular web servers written in C need to go.” [00:36:37] “We can have a plan to boot OpenSSL off the internet. That's a dream of mine and I think that's an achievable goal.” Spotlight [00:38:09] Justin's spotlight is Twitter communities. [00:38:33] Richard's spotlight is Karl Becker. [00:39:14] Sarah's spotlight is Crowdin. [00:40:43] Josh's spotlight is Qubes OS. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Podcast (https://podcast.sustainoss.org/) Josh Aas Twitter (https://twitter.com/0xjosh?lang=en) Josh Aas LinkedIn (https://www.linkedin.com/in/josh-aas-406a772) Sarah Gran Twitter (https://twitter.com/sarahgrrrrrrran) Sarah Gran LinkedIn (https://www.linkedin.com/in/sarah-gran-saline) Internet Security Research Group (https://www.abetterinternet.org/) Prossimo (https://www.memorysafety.org/) Let's Encrypt (https://letsencrypt.org/) Apache Log4j (https://logging.apache.org/log4j/2.x/index.html) Linkerd (https://linkerd.io/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Crowdin (https://crowdin.com/) Karl Becker GitHub (https://github.com/karlbecker) Qubes OS (https://www.qubes-os.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Josh Aas and Sarah Gran.

Gościem siedemdziesiątego szóstego odcinka podcastu Rozmowa Kontrolowana jest Marek Marczykowski-Górecki, administrator, programista, odpowiedzialny za kierowanie rozwojem Qubes OS. Odwiedź stronę podcastu pod adresem live.zaufanatrzeciastrona.pl, zapisz się do newslettera i otrzymuj powiadomienia o nowych odcinkach Rozmowy Kontrolowanej. Podcast jest dostępny: w serwisie Spotify w serwisie Apple Podcasts w serwisie Google Podcasts w formie RSS jako playlista Youtube Odcinek w wersji wideo można obejrzeć poniżej: Wersja audio do odsłuchania jeszcze niżej.… Czytaj dalej The post Odcinek 76 – Marek Marczykowski-Górecki, lider projektu Qubes first appeared on Zaufana Trzecia Strona.

Pour ceux qui veulent aller plus loin avec les machines virtuelles.

Noticias con Netskope Monográfico: Qubes OS, con Forcepoint Concurso de TrendMicro

Mozilla sparkar 250 anställda - vi börjar prata trevliga och hängivna VPN-tjänster Trots Marco Arments varningar - Fredrik har fortfarande inte gjort en Big Sur på hela datorn Kontoret - det är precis lagom att vara där två gånger. Jocke mediterar över sin bils vara eller icke vara Reklam fungerar. Det är dåligt. Men Rogue Amoebas appar. De är bra. Fredrik tar två En flaska Fiske fjæs Livet med första generationens iPhone SE. Fredrik gillar, Jocke mediterar över vad nästa telefon kan tänkas vara Dune II - är det precis lika bra som förr? Visual studio code - också ett sätt att ringa varandra Vad som händer med en server under VMware när strömmen går… och en backup pågår med Veeam. Jocke tittar på iRedMail 20 Macs for 2020 - trevlig lågintensivt … MULTIMEDIAPROJEKT Gott om retrodatorer med programmeringsvinkel i Kodsnack på sistone Postnord fuckar upp det Film och TV - Jocke slår ett slag för John Landis samlade produktion Länkar Mozilla sparkar 250 personer Mozillas VPN-tjänst Trevlig mjukvara Mullvad VPN OVPN Qubes OS GIMP Pixelmator Rogue Amoeba Jeep Cherokee 1991 Loopback Virtuella ljudenheter i Macos Soundsource Fishshot Dune 2 Den kommande Dune-filmen Den klassiska Dune-filmen Flash Gordon-filmen Queens soundtrack till Flash Gordon RISC OS Archimedes Dosbox Visual studio code Live share för Visual studio code Iredmail Zimbra Z-push Jabber Pidgin Plugins för Pidgin Gadu-gadu Zephyr Adium Fina Adium-tröjor Lotus sametime 20 Macs for 2020 - podden 20 Macs for 2020 - Youtubekanalen 20 Macs for 2020 - artiklarna Kodsnack om stordatorer: del 1, del 2, och del 3 Årsta partihallar John Landis Trading places Coming to America Två nördar - en podcast. Fredrik Björeman, Joacim Melin diskuterar allt som gör livet värt att leva. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-221-ologgat-ar-bast.html.

Sponsored By: Panelists Justin Dorfman | Allen “Gunner” Gunn | Richard Littauer Guest Rachel Lawson Drupal Association Show Notes In this episode, we have Rachel Lawson, from the U.K., who is the Community Liaison for Drupal Association. She is going to tell you all about the Drupal Association, what role she plays, and what she does. Since DrupalCon has been canceled due to COVID-19, there are some major things going on with sponsors that are still contributing money, the founder of Drupal making an unbelievable donation, as well as some other campaigns and match donations happening! [00:01:08] Rachel explains about working with Drupal in the U.K. and also talks about how many people are using Drupal to power their websites. [00:02:50] Justin has noticed that Drupal has a very big adoption within government, and he wonders why is that? Is it a security thing? Rachel answers this. [00:04:14] Rachel tells us how Drupal gets paid as an open source product. She also talks about what’s been going on since DrupalCon has been canceled in May. [00:10:37] There is a list of sponsors that are still contributing money to Drupal, despite the event being canceled, and a HUGE SHOUT OUT is necessary to them, so please see the list below! ☺ [00:012:01] The Founder of Drupal, Dries Buytaert, made an unbelievable donation and Rachel talks about what it was and how it affected everything. It is AMAZING!! There have been some other match donations mentioned as well. [00:16:16] Governance is brought up by Gunner and he wants to know the civilian’s version of how governance at Drupal works and how the decision-making works that others could learn from and Rachel explains. [00:23:00] Rachel explains her role with Drupal and what she does. [00:25:00] How does someone join the Drupal open source community and how does Drupal capture all the contributors, not just the Devs? Rachel explains. Spotlight [00:33:01] Justin’s spotlight is The Ruby Blend Podcast-Episode 9. Listen to it! [00:33:49] Gunner has two spotlights: Qubes OS and Subgraph OS and the Tails Project (tails.boum.org). [00:34:39] Richard’s spotlight is the EFF (Electronic Frontier Foundation). [00:35:33] Rachel has two spotlights: A pub in Leeds, Yorkshire where she was attending a Drupal event. It made her reflect back to being there before and how much it changed her life. Also, OS FEST in Lagos, Nigeria, that she recently attended. It was a huge experience for her and truly incredible. Quotes [00:20:54] “We’ve been going through a process at Drupal association about raising money and we have a campaign on at the moment called Drupal cares (#DrupalCares) and you will notice there is quite a lot going on with that.” [00:23:33] “If just downloading Drupal or downloading any open source projects isn’t enough, you need the services around it, the support around it, regular security updates so where you can work on new code and have thousands and thousands of thousands of continuous integration tests run every time you say, “Hey, I propose that we do this new thing in Drupal!” [00:25:18] “Do you want to give a shout out to those sponsors that have done that because that warmed my heart! You know, the sponsors that said, keep our money, we believe in the project, we know we won’t get any real value out of the event not being alive. Please, give them some props.” (They are listed below.)

Firefox launches a new plan to bring revenue directly to websites without 3rd party tracking! Qubes OS is tackling the GUI domain, and a new professional audio editor is available for Linux! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/173) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #AskNoahShow on Freenode! -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Firefox launches a new plan to bring revenue directly to websites without 3rd party tracking! Qubes OS is tackling the GUI domain, and a new professional audio editor is available for Linux!

Firefox launches a new plan to bring revenue directly to websites without 3rd party tracking! Qubes OS is tackling the GUI domain, and a new professional audio editor is available for Linux!

We revisit some of the projects we have covered in previous episodes to see what we've stuck with and what we haven't. Qubes OS and Tails, a handy Android app, building websites, easy Arch, the cloud, hardware hacking, and more.

An important security fix for Firefox, handy upgrades for a Tor tool, and a new security-optimized laptop from Nitrokey.

Distrohoppers brings us up a fascinating distro where every application runs in its own VM. Plus Drew and Joe disagree on the best media solution.

Distrohoppers throws up a fascinating distro where every application runs in its own VM. Plus Drew and Joe disagree on the best media solution.

Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more. ##Headlines ###The byproducts of reading OpenBSD netcat code When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process. (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff. (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future. (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it. (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part. Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself. ###What I learned from porting my projects to FreeBSD Introduction I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there. The Projects https://github.com/shlomif/shlomif-computer-settings/ (my dotfiles). https://web-cpan.shlomifish.org/latemp/ https://fc-solve.shlomifish.org/ https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/ https://better-scm.shlomifish.org/source/ http://perl-begin.org/source/ https://www.shlomifish.org/meta/site-source/ Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more. Work fine on several Linux distributions and have https://en.wikipedia.org/wiki/TravisCI using Ubuntu 14.04 hosts Some pass builds and tests on AppVeyor/Win64 What I Learned: FreeBSD on VBox has become very reliable Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin make on FreeBSD is not GNU make m4 on FreeBSD is not compatible with GNU m4 Some CPAN Modules fail to install using local-lib there DocBook/XSL Does Not Live Under /usr/share/sgml FreeBSD’s grep does not have a “-P” flag by default FreeBSD has no “nproc” command Conclusion: It is easier to port a shell than a shell script. — Larry Wall I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them. ##News Roundup ###OpenBSD’s unveil() One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux. The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job. In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access. Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype: int unveil(const char *path, const char *permissions); A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path. Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply. Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile. unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source. One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms. ###NetBSD Virtual Machine Monitor (NVVM) NetBSD Virtual Machine Monitor The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary. Download The source code of NVMM, plus the associated tools, can be downloaded here. Technical details NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM. Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs. Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism. The host must always be x8664, but the guest has no constraint on the mode, so it can be x8632, PAE, real mode, and so on. The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs. When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch. The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state. ###What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca) I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc): I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description. Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem. This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.) In general, there are three different relationships between services that I tend to encounter: a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place. a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.) an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.) Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later? My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway. (In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.) ###Jailing The bhyve Hypervisor As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve. You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD. The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD. A Gentle History Lesson At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W^X are all applied to bhyve, making it an extremely hardened hypervisor. So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAPGUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed. Initial Setup We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail. I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail. By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail. We will use the following in our jail, so we will need to set up devfs(8) rules for them: A ZFS volume A null-modem device (nmdm(4)) UEFI GOP (no devfs rule, but IP assigned to the jail) A tap device Conclusion The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened: PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement) PaX NOEXEC is fully applied (strict W^X) (HardenedBSD enhancement) Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement) Full RELRO (RELRO + BINDNOW) is fully applied (HardenedBSD enhancement) SafeStack is applied to the application (HardenedBSD enhancement) Jailed (FreeBSD feature written by HardenedBSD) Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD) Capsicum is fully applied (FreeBSD feature) Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :) ##Beastie Bits GhostBSD 18.10 has been released Project Trident RC3 has been released The OpenBSD Foundation receives the first Silver contribution from a single individual Monitoring pf logs gource NetBSD on the RISC-V is alive The X hole Announcing the pkgsrc-2018Q3 release (2018-10-05) NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT UNIX (as we know it) might not have existed without Mrs. Thompson Free Pizza for your dev events Portland BSD Pizza Night: Nov 29th 7pm ##Feedback/Questions Dennis - Core developers leaving illumOS? Ben - Jumping from snapshot to snapshot Ias - Question about ZFS snapshots Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Richard Stallman has some practical steps society could take to roll back the rampant and expanding invasion of our privacy. But his suggestions leave us asking some larger questions. Plus the latest on the march to Juno, some fun app picks, a quick look at Qubes OS 4.0, community news, and more.

Episode #173 consacré à Qubes OS Avec Arnaud Soullié The post Qubes OS appeared first on NoLimitSecu.

Facebook is still under fire for privacy violations but Mozilla is trying to help users mitigate these issues with their new Facebook Container Extension for Firefox. There was some very exciting news from the GIMP team regarding the long awaited next release of the software. We got some updates for a couple photo related applications… Read more

Enregistré le 2017/09/13

Vi spånar kring smarta hem, en enklare vardag och automatiserade lösningar ur alla möjliga perspektiv. Vilka appar använder Edward Snowden och är det egentligen rätt att kasta ut datorn till förmån för en surfplatta? Detta och mer diskuteras det kring i veckans avsnitt. En podd om teknik stöder Musikhjälpen. Hjälp till du också! http://bossan.musikhjalpen.se/insamling/en-podd-om-teknik Håriga människor har sex oftare http://sverigesradio.se/sida/avsnitt/627984?programid=4640 Philips Hue http://www2.meethue.com/sv-se/ ZigBee-standarden http://www.zigbee.org/ Sonos http://sonos.com IFTTT https://ifttt.com/ Spotify Connect https://www.spotify.com/se/connect/ Gör kul grejor med Tasker https://forum.array.se/viewtopic.php?f=11&t=2112 Apple TV (4th gen) http://www.apple.com/tv/ Plex https://plex.tv/ Apple iCloud Keychain http://www.apple.com/icloud/ Apple Home Kit http://www.apple.com/ios/homekit/ DN.se: Intervju med Snowden http://fokus.dn.se/intervju-edward-snowden/?l1 DN.se: Snowdens applista http://mobil.blogg.dn.se/digitalt/2015/11/06/snowdens-lista-sakerhetsprogrammen-varldens-mest-jagade-man-litar-pa/ Tor: https://www.torproject.org/ OpenWhisper Signal: https://whispersystems.org/ Off the Record: http://wiki.xmpp.org/web/OTR Tails OS: https://tails.boum.org/ Qubes OS: https://www.qubes-os.org/ Ersätta hemdatorn med surfplatta? http://www.bt.se/tt-inrikes/expert-slang-datorn-kop-en-platta/ En podd om teknik Hemsida Skicka feedback En chatt om teknik Donera Om oss Social media En podd om teknik på Twitter En podd om teknik på Facebook Jezper på Twitter Johan på Twitter Magnus på Twitter Tommie på Twitter  

Heute mit: Bier Deathmatch: Slowenien vs Belgien, Hörerbrief: Update bzgl. Qubes OS, Express-Bierkühlung, Stille SMS, Best Trial Expiry, Batman-Briefmarken, Roko's Basilisk, Naumachia, Sway, The Grid, Keyboard-Ghosting erklärt, Immediate-mode UI, Hearthstone-Simulator Hearthbreaker, Emulator-backed Remakes, Contraption Maker, Electronic Super Joy, Nuclear Throne, Rebel Galaxy, Eve Online: Red vs Blue, Lost Ark, How Does No Man's Sky Actually Work?, Mad Max: Fury Road, Tomorrowland, US-Remake von "IT Crowd" ist freaky, Buchserie "Magic 2.0", Billigbierratingagentur, Postcards from Pripyat, Chernobyl, Rob Whitworth Video Portfolio, GoPro: The Adventure of Life in 4K, Jeff Goldblum macht Werbung für neue Glühbirnen, True Facts About The Mantis Shrimp