POPULARITY
VettaFi's Head of Research Todd Rosenbluth discussed the Vanguard Core Plus Bond ETF (VPLS) on this week's “ETF of the Week” podcast with Chuck Jaffe of “Money Life.”
BESTIES this is an episode that you cannot miss. We delve into old holiday romances; Lucie's stalker, Ebony's perfect rom-com moment and some of your hilarious stories! Of course, the episode wouldn't be complete without our FUOTFs too! We hope you laugh as much as we did xxx
Chris and Pete talks VPNs, VPLs and EPL, all on the podcast that gave the world the catchphrase 'what's in the fax machine?'AbroadInJapanPodcast@gmail.com to say hello to your lads. See acast.com/privacy for privacy and opt-out information.
New features launch with iOS 15.2, LG working on ProDisplay XDR successor, and we highlight the best Apple Watch apps. Follow our hosts @stephenrobles on Twitter @Hillitech on Twitter Sponsored by: Headspace: Get a FREE one-month trial with access to the entire Headspace library! Visit headspace.com/appleinsider to learn more. MasterClass: Buy one annual MasterClass membership and get a second annual membership for FREE when you visit: masterclass.com/appleinsider Wealthfront: To start building your wealth and get your first $5,000 managed for FREE, for life, visit: wealthfront.com/appleinsider VPLS Managed Services: From growing businesses in need of IT support, or large companies in need of security and expert consultation, VPLS can help. To learn more, visit: vpls.com/goit Support the show Support the show on Patreon or Apple Podcasts to get ad-free episodes every week, access to our private Discord channel, and early release of the show! We would also appreciate a 5-star rating and review in Apple Podcasts Links from the show How to set up Legacy Contacts in iOS 15 Hands on with the new features in iOS 15.2 Apple delays release of Universal Control for macOS, iPadOS until 2022 Apple releases Swift Playground 4 with iPad-based app development support Apple releases AirTag 'Tracker Detect' app for Android Disney+ adds support for SharePlay on iPhone, iPad, and Apple TV LG working on Pro Display XDR successor & 2 other high-end monitors, reportedly for Apple Apple brings back mask requirement to all U.S. Apple Stores Apple closes three retail locations in the US & Canada due to Covid-19 surge Apple delaying corporate return to the office date indefinitely Apple wipes on-device CSAM photo monitoring from site, but plans unchanged What is Roblox? Everything you need to know about the latest craze How to use macOS Messages to Share Your Screen Remotely - YouTube Apple Watch apps Pocket Casts AnyList: Grocery Shopping List Watchsmith HomeCam for HomeKit Sleep Watch by Bodymatter Shortcuts 1Password - Password Manager Bear - Markdown Notes Deliveries: a package tracker Starbucks Outdooractive: Hiking & Biking Lumen - Metabolism Tracker Fitness Just Press Record CARROT Weather Headspace: Mindful Meditation HomeRun 2 for HomeKit PCalc Facer Your Apple Watch stylist • buddywatch More AppleInsider podcasts Subscribe and listen to our AppleInsider Daily podcast for the latest Apple news Monday through Friday. You can find it on Apple Podcasts, Overcast, or anywhere you listen to podcasts. Tune in to our HomeKit Insider podcast covering the latest news, products, apps and everything HomeKit related. Subscribe in Apple Podcasts, Overcast, or just search for HomeKit Insider wherever you get your podcasts. Podcast artwork from Basic Apple Guy. Download the free wallpaper pack here. Those interested in sponsoring the show can reach out to us at: steve@appleinsider.com
After a week away to eat regrettable amounts of food, we are back to discuss a seemingly random list of topics (see the time stamps for all of them). Also, the burger this week was a little weird.Timestamps:00:00 Intro03:22 Burger of the Week04:46 Qualcomm Announces Snapdragon 8 Gen 109:44 AMD RZ600 Series Wi-Fi 6E Chips Coming Via MediaTek Collaboration11:47 Break for Sponsor: Work smarter and faster with TextExpander12:51 Did you know that Microsoft and Qualcomm were exclusive?18:44 Getting Nostalgic About Netbooks and Webcams (???)21:28 Kingston Joins the PCIe 4.0 SSD Club with the KC300027:17 Bricking Samsung TVs remotely30:08 Break for Sponsor: VPLS, a full services IT company31:26 Seaberry Turns A Raspberry Pi 4 Into A Linux Powered ITX System35:35 With DDR4 At 5000MHz, Who Needs DDR5?44:55 Break for Sponsor: SimpliSafe, complete home security system46:00 Picks of the Week57:02 Outro★ Support this podcast on Patreon ★
We round up our favorite iPadOS apps, give a one year review of AirPods Max, and compare Apple Music Replay to Spotify Wrapped. Follow our hosts @stephenrobles on Twitter @Hillitech on Twitter Sponsored by: Bespoke Post: Get 20% off your first monthly box when you sign up at: boxofawesome.com and enter the code appleinsider at checkout. MasterClass: Buy one annual MasterClass membership and get a second annual membership for FREE when you visit: masterclass.com/appleinsider The Prisoner Wine Company: Get 20% off and FREE shipping in time for the holidays when you visit: theprisonerwinecompany.com/appleinsider VPLS Managed Services: From growing businesses in need of IT support, or large companies in need of security and expert consultation, VPLS can help. To learn more, visit: vpls.com/goit Support the show Support the show on Patreon or Apple Podcasts to get ad-free episodes every week, access to our private Discord channel, and early release of the show! We would also appreciate a 5-star rating and review in Apple Podcasts Links from the show Classical Musicians Review AirPods Max - YouTube Don't get Spotify FOMO - here's how to get your Apple Music Replay playlist Jack Dorsey steps down as Twitter CEO, Parag Agrawal named as new head Payment giant Square changes name to Block, shifts focus to blockchain Apple unveils the winning apps and games in its App Store Awards 2021 iPad app recommendations Ferrite Recording Studio GoodNotes 5 forScore Twitterrific: Tweet Your Way iA Writer Drafts Text Case Any Buffer Picsew - Screenshot Stitching Apple Frames Shortcut Affinity Photo Affinity Designer CARROT Weather Noir - Dark Mode for Safari Minecraft Notability Shortcuts Adobe Lightroom: Photo Editor Jump Desktop (RDP, VNC, Fluid) Pixelmator Canva: Design, Photo & Video GarageBand Bear FANTASIAN MindNode - Mind Map & Outline Keynote Momentum 1Password - Password Manager Vidimote for Safari Hyperweb PiPifier Portal - Immersive Escapes Weather Gods LumaFusion Microsoft MyHub PS Remote Play MARVEL Strike Force: Squad RPG Spike Email - Mail & Team Chat Evernote - Notes Organizer Procreate Pocket Craft - Docs and Notes Editor Vectornator: Design Software AppHouseKitchen – Mac Software for the Gourmet PeakHour 4 - Simple and beautiful network performance AdGuard — World's most advanced adblocker 1blocker More AppleInsider podcasts Subscribe and listen to our AppleInsider Daily podcast for the latest Apple news Monday through Friday. You can find it on Apple Podcasts, Overcast, or anywhere you listen to podcasts. Tune in to our HomeKit Insider podcast covering the latest news, products, apps and everything HomeKit related. Subscribe in Apple Podcasts, Overcast, or just search for HomeKit Insider wherever you get your podcasts. Podcast artwork from Basic Apple Guy. Download the free wallpaper pack here. Those interested in sponsoring the show can reach out to us at: steve@appleinsider.com
New features are coming with iOS 15.2 including Child Safety in Messages, Apple announces a device management program for businesses, Twitter Blue launches, and more. Follow Our Hosts @stephenrobles on Twitter @WGallagher on Twitter Sponsored by: Molekule: For a limited time, save up to $120 on Molekule air purifiers when you use the promo code appleinsider at checkout! Visit: molekule.com to learn more. SimpliSafe Security: Get 50% OFF your first home security system at: simplisafe.com/appleinsider Wealthfront: To start building your wealth and get your first $5,000 managed for FREE, for life, visit: wealthfront.com/appleinsider VPLS Managed Services: From growing businesses in need of IT support, or large companies in need of security and expert consultation, VPLS can help. To learn more, visit: vpls.com/goit Support the show Support the show on Patreon or Apple Podcasts to get ad-free episodes every week, access to our private Discord channel, and early release of the show! We would also appreciate a 5-star rating and review in Apple Podcasts Links from the show macOS Shortcut - Auto Paste Clean URL New iOS 15.2 beta includes Messages feature that detects nudity sent to kids Apple Business Essentials service includes device management, onsite Apple repairs New 14-inch MacBook Pro review: Where the 'Pro' starts Uber, Twitter among companies giving engineers 'fully loaded' M1 Max MacBook Pro MacBook Vertical Dock Wood MacBook Dock Leaked Apple Silicon roadmap hints at new Mac Pro, MacBook Air iPad Pro White Magic Keyboard - Tweet Photos Twitter Blue launches in US, New Zealand with 'Undo Tweet' feature Apple CEO Tim Cook talks Bitcoin, China & side-loading in wide-ranging interview How to teach Siri to pronounce names correctly in iOS 15 How to use an iPad or iPhone in your car, instead of CarPlay Yoink - Improved Drag and Drop More AppleInsider podcasts Subscribe and listen to our AppleInsider Daily podcast for the latest Apple news Monday through Friday. You can find it on Apple Podcasts, Overcast, or anywhere you listen to podcasts. Tune in to our HomeKit Insider podcast covering the latest news, products, apps and everything HomeKit related. Subscribe in Apple Podcasts, Overcast, or just search for HomeKit Insider wherever you get your podcasts. Podcast artwork from Basic Apple Guy. Download the free wallpaper pack here. Those interested in sponsoring the show can reach out to us at: steve@appleinsider.com
You'd think that everything there was to know about the new 14-inch MacBook Pro and revised 16-inch MacBook Pro was already known, but then you don't have a secret laboratory. The AppleInsider podcast goes in deep on the details, and also examines when you should concentrate on specification details, and when you should not. There's a lot to discuss about just physically getting hold of a MacBook Pro, too, as online preorders keep slipping, yet certain models are tantalizingly in plentiful supply in Apple Stores. It's much the same with the Apple Watch Series 7, too, and we explain just why everything is so hard to find this year. Plus, you may not be all that fussed about the notch in the new MacBook Pro, but Apple knew some people would be very vocal about it. So they already added a workaround to macOS Monterey. Speaking of Apple adding things, it is surely now going to pick up more subscribers to it services. Apple Music is now on the Playstation 5, and Comcast is bringing Apple TV+ to its subscribers. That could just be enough, just about, to mean Apple isn't doomed. What with having only taken in a mere $83.4 billion in the September quarter and beaten all financial records. It's tough being Apple. If you have questions you'd like answered on the show, tweet at Stephen Robles and William Gallagher, or email us here. Find us in your favorite podcast player by searching for "AppleInsider" and support the show by leaving a 5-Star rating and comment in Apple Podcasts here. Sponsored by: Coinbase: Coinbase offers a trusted and easy-to-use platform to buy, sell, and spend cryptocurrency. For a limited time, new users can get $10 in free Bitcoin when you sign up today at: coinbase.com/appleinsider Comet Backup: Test drive Comet Backup with a 30-day free trial. Get $50 free credit when you sign up with the promo code APPLEINSIDER. Start running backups in 15 minutes or less at: cometbackup.com VPLS Managed Services: From growing businesses in need of IT support, or large companies in need of security and expert consultation, VPLS can help. To learn more, visit: vpls.com/goit Zocdoc: Go to zocdoc.com/appleinsider and download the app to sign-up for FREE. Find doctors and specialists that take your insurance and even book appointments online! Support the show Support the show on Patreon or Apple Podcasts to get ad-free episodes every week, access to our private Discord channel, and early release of the show! We would also appreciate a 5-star rating and review in Apple Podcasts Those interested in sponsoring the show can reach out to us at: advertising@appleinsider.com
Marcin Ignac asked me the following on Twitter: "We are actually starting to think of abstractions/groups/sub-graphs in @nodes_io just now. Would you have any pointers to environments doing it well or wishes for a better way of doing it?" Yep, I've got wishes. Speaking of Marcin's Nodes project, this is essential reading: https://nodes.io/story/ Every visual programming language should have that depth of thought put into it, and should share that thinking out loud. Beautiful stuff.
Grace Sandra talks about her journey as a biracial woman growing up with a white mom and siblings, the importance of all-black spaces, and the impact of intergeneration trauma on the black community. You can find Grace's book Grace, Actually: Faith, Love, Loss & Black Womanhood here. In this episode we also talked about: Well Told Home Town Maps Insulated Hydration Bottle 23 Vitals Immune Support SureSwatch Temporary Paint Swatches Garment Rack Roo's Favorite Comforter Having your voice counted in this year’s election is more important than ever. You don’t have to wait until November 3rd to cast your ballot. Be an October Voter! In most states, you can vote early in October. Request your mail ballot; return your completed ballot in the mail or in-person; or vote early at an early voting location. Visit AndStillIVote.org to join the fight for voting rights today. Paid for by The Leadership Conference Education Fund. WYLD Gallery is an art gallery in Austin Texas featuring Native American Art. The art is bright/bold pop art style, many with a little historical tension thrown in. Several of the artists have work in the permanent collections of museums, including the Smithsonian National Museum of the American Indian in DC and NYC. WYLD Gallery art would make a great statement piece for your home, or a unique Christmas gift for loved ones. Today’s show is brought to you by EBY, a seamless underwear membership.Eby’s are seamless and smooth, with the perfect amount of softness and stretch . . . your new super power to fight VPLs, slipping, or riding up. A no-slip grip keeps everything in place, with a cotton lining to keep your lady parts healthy. They have fits and styles in sizes XS-4X to fit every woman. Joining EBY gives you access to exclusive, members-only offers, free shipping, limited edition prints, and weekly power tips on confidence and productivity. A membership keeps your underwear drawer fresh AND helps fund cyclical microfinance loans for women around the world. 10% of every EBY purchase funds business loans for women around the world. Get 20% your first order at joineby.com with code SELFIE20. Orgain has all kinds of organic products to fit your active lifestyle –nutrition shakes, protein powders, meal powders, bars, and even almond milk. Orgain products are food-based and full of organic vitamins and minerals that taste delicious and provide maximum nutrition. And Orgain promises to never use unnecessary fillers like artificial ingredients, preservatives, or GMOs. They’re all about good, clean nutrition.Plus, Orgain ships right to your door! You can also set up recurring deliveries to get your favorite products delivered for free. Right now, you can save 20% off your first order at the link Orgain.com/SELFIE..
Eugene Cho is talking about how to have a civil dialogue about politics, the polarization of political parties, and the problem with Christians aligning with a party over their moral convictions. Thou Shalt Not Be a Jerk: A Christian's Guide to Engaging Politics, Kristen and Eugene’s trip to Iraq and Lebanon Air Queen N95 Substantial Equivalent Masks The Happy Labs Chill Pills TheBalm Stainiac Ninja Coffee Maker Today’s show is brought to you by EBY, a seamless underwear membership.Eby’s are seamless and smooth, with the perfect amount of softness and stretch . . . your new super power to fight VPLs, slipping, or riding up. A no-slip grip keeps everything in place, with a cotton lining to keep your lady parts healthy. They have fits and styles in sizes XS-4X to fit every woman. Joining EBY gives you access to exclusive, members-only offers, free shipping, limited edition prints, and weekly power tips on confidence and productivity. A membership keeps your underwear drawer fresh AND helps fund cyclical microfinance loans for women around the world. 10% of every EBY purchase funds business loans for women around the world. Get 20% your first order at joineby.com with code SELFIE20.
It takes a lot of cables running around the entire planet just to get us the data connectivity we expect. There was a time when all those cables were copper and the companies that had put them there were certainly going to maximize that investment. But as often happens, someone came along and saw an opportunity to disrupt it all in a very fundamental way. Dave Schaefer is CEO and founder of Cogent, a multinational Tier 1 Internet Service Provider consistently ranked as one of the top five networks in the world. Dave started with contrarian ideas formed within one of the most turbulent eras of Internet history. Hank Kilmer is VP of IP Engineering, tasked with the continued execution of Dave’s vision. Robb Boyd talks with both of them in 2018 to learn about these ideas how they hold up as Cogent approaches their 20th year in business.@robboydFor more, check out these links:www.cogentco.com/en/www.cisco.com/go/spwww.techwisetv.comwww.explainerds.net
This week Greg,Tomas, Mike, and Miller chop it up after the holidays…trying to come to terms with going back to work…ugh. This week we talk about: Brock – /tool sniffer quick Chad was having VPLS issues that smelled like MTU – Go home fiberstore switch, you’re drunk DACs are faster Carlan likes his 3D(More)…
Liz Maupin (@Liz_Maupin) braves a nearby brush fire to podcast with the ladies! These are wild times, ya'll. They talk about preparing for natural disasters, debate about thongs and VPLs (visible panty lines), and discuss therapy and self-care. They answer a lady problem about how to tell your guy he needs to work on his personal hygiene. If you're in the LA area this week, go see Barbara's show this Thursday, August 29th at the Lyric Hyperion! Stay hydrated and feeling good with Liquid IV! Head over to LiquidIV.com and enter code L2L to get 25% off of your first order. Treat yourself to a box full of goodies every season from FabFitFun. Go to FabFitFun.com and use the code L2L to get $10 off of your first FabFitFun box!
I.T.guy Kyle. The Big Empty. The Filcher. The Grössënvöïd. Prolapse Impressions. VPLs. Asthma Impressions. Hobo Bindles. Ghost groping. Goopers. Peenie Moists. Cowgirls ride the trail of truth. Truckasaurus. Cowgirlfriends.
I.T.guy Kyle. The Big Empty. The Filcher. The Grössënvöïd. Prolapse Impressions. VPLs. Asthma Impressions. Hobo Bindles. Ghost groping. Goopers. Peenie Moists. Cowgirls ride the trail of truth. Truckasaurus. Cowgirlfriends.
I.T.guy Kyle. The Big Empty. The Filcher. The Grössënvöïd. Prolapse Impressions. VPLs. Asthma Impressions. Hobo Bindles. Ghost groping. Goopers. Peenie Moists. Cowgirls ride the trail of truth. Truckasaurus. Cowgirlfriends.
This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up. This episode was brought to you by Headlines FreeBSD on Olimex RT5350F-OLinuXino (https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino) If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it) It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment In part two of the series (https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2), he talks about the GPIO and how you can configure it Part three is still in the works, so check the site later on for further progress and info *** The modern OpenBSD home router (https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html) In a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway (http://www.bsdnow.tv/tutorials/openbsd-router) for his home network "It's no secret that most consumer routers ship with software that's flaky at best, and prohibitively insecure at worst" Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless This guide also covers PPP and IPv6, in case you have those requirements In a similar but unrelated series (http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html), another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge He also has a separate post (http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html) for setting up an IPSEC VPN on the router *** NetBSD at Open Source Conference 2015 Kansai (https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html) The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it And what conference would be complete without an LED-powered towel *** OpenSSH 7.0 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html) The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now If you're using an older configuration file, the "without-password" option still works, so no change is required You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications Various bug fixes and documentation improvements are also included Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users In the next release, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled *** Interview - Peter Toth - peter.toth198@gmail.com (mailto:peter.toth198@gmail.com) / @pannonp (https://twitter.com/pannonp) Containment with iocage (https://github.com/iocage/iocage) News Roundup More c2k15 reports (http://undeadly.org/cgi?action=article&sid=20150809105132) A few more hackathon reports from c2k15 in Calgary are still slowly trickling in Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things) He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging Renato Westphal sent in a report (http://undeadly.org/cgi?action=article&sid=20150811171006) of his very first hackathon He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network Philip Guenther also wrote in (http://undeadly.org/cgi?action=article&sid=20150809165912), getting some very technical and low-level stuff done at the hackathon His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well *** FreeBSD jails, the hard way (https://clinta.github.io/freebsd-jails-the-hard-way) As you learned from our interview this week, there's quite a selection of tools available to manage your jails This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf Unlike with iocage, ZFS isn't actually a requirement for this method If you are using it, though, you can make use of snapshots for making template jails *** OpenSSH hardware tokens (http://www.tancsa.com/mdtblog/?p=73) We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server? This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too *** LibreSSL 2.2.2 released (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt) The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well *** Feedback/Questions James writes in (http://slexy.org/view/s216lrsVVd) Stuart writes in (http://slexy.org/view/s20uGUHWLr) ***
We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it! This episode was brought to you by Headlines Remote DoS in the TCP stack (https://blog.team-cymru.org/2015/07/another-day-another-patch/) A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely This problem has a slightly confusing history that involves different fixes at different points in time from different people Juniper originally discovered the bug and announced a fix (https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686) for their proprietary networking gear on June 8th On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=284941&r2=284940&pathrev=284941), but did not issue a security notice or MFC the fix back to the -stable branches On July 13th, two weeks later, OpenBSD fixed the issue (https://www.marc.info/?l=openbsd-cvs&m=143682919807388&w=2) in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found Immediately afterwards, they merged it back to -stable and issued an errata notice (http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig) for 5.7 and 5.6 On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=285777&r2=285776&pathrev=285777) and issued a security notice (https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html) for the problem (which didn't include the first fix) After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way NetBSD confirmed they were vulnerable too, and applied another completely different fix (http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.183&r2=1.184&only_with_tag=MAIN) to -current on July 24th, but haven't released a security notice yet DragonFly is also investigating the issue now to see if they're affected as well *** c2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20150721180312&mode=flat) Reports from OpenBSD's latest hackathon (http://www.openbsd.org/hackathons.html), held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these) The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?" With mandoc's new internal jump targets, this is a problem of the past now Jasper also sent in a report (http://undeadly.org/cgi?action=article&sid=20150723124332&mode=flat), doing his usual work with Puppet (and specifically "Facter," a tool used by Puppet to gather various bits of system information) Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an "-i" flag for sed (hooray!) Antoine Jacoutot gave a report (http://undeadly.org/cgi?action=article&sid=20150722205349&mode=flat) on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services) It now has an "ls" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this "the poor man's service monitoring tool") He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example) His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades Foundation director Ken Westerback was also there (http://undeadly.org/cgi?action=article&sid=20150722105658&mode=flat), getting some disk-related and laptop work done He cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues Stefan Sperling, OpenBSD's token "wireless guy," had a lot to say (http://undeadly.org/cgi?action=article&sid=20150722182236&mode=flat) about the hackathon and what he did there (and even sent in his write-up before he got home) He taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report) Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work One quote from Stefan's report that a lot of people seem to be talking about: "Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year." Jeremy Evans wrote in (http://undeadly.org/cgi?action=article&sid=20150725180527&mode=flat) to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem While he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon Rafael Zalamena, who got commit access at the event, gives his very first report (http://undeadly.org/cgi?action=article&sid=20150725183439&mode=flat) on his networking-related hackathon activities With Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS (https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service) Jonathan Gray got a lot done (http://undeadly.org/cgi?action=article&sid=20150728184743&mode=flat) in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code As he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix) Martin Pieuchot gave an write-up (http://undeadly.org/cgi?action=article&sid=20150724183210&mode=flat) on his experience: "I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did." He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack Unfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle We're still eagerly awaiting a report from one of OpenBSD's newest developers (https://twitter.com/phessler/status/623291827878137856), Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes) OpenBSD 5.8's "beta" status was recently reverted, with the message "take that as a hint (https://www.marc.info/?l=openbsd-cvs&m=143766883514831&w=2)," so that may mean more big changes are still to come... *** FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2015-04-2015-06.html) FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far It's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just "svn.freebsd.org") are now using GeoGNS with official SSL certs and general redundancy was increased In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012) The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support Multipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon) ZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August PCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though) The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling Various other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more *** The OpenSSH bug that wasn't (http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html) There's been a lot of discussion (https://www.marc.info/?t=143766048000005&r=1&w=2) about a supposed flaw (https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/) in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even) There's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-July/034209.html) FreeBSD in its default configuration, with PAM (https://en.wikipedia.org/wiki/Pluggable_authentication_module) and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH (https://www.marc.info/?l=openbsd-misc&m=143767296016252&w=2), nor any of the other BSDs, and not even the majority of Linux distros If you disable all forms of authentication except public keys, like you're supposed to (https://stribika.github.io/2015/01/04/secure-secure-shell.html), then this is also not a big deal for FreeBSD systems Realistically speaking, it's more of a PAM bug (https://www.marc.info/?l=openbsd-misc&m=143782167322500&w=2) than anything else OpenSSH added an additional check (https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab) for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update (https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-July/000248.html)) *** Interview - Sebastian Wiedenroth - wiedi@netbsd.org (mailto:wiedi@netbsd.org) / @wied0r (https://twitter.com/wied0r) pkgsrc (https://en.wikipedia.org/wiki/Pkgsrc) and pkgsrcCon (http://pkgsrc.org/pkgsrcCon/) News Roundup Now served by OpenBSD (https://tribaal.io/this-now-served-by-openbsd.html) We've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it The use case for the author was for a webserver, so he decided to try out the httpd in base Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting TLS 1.2 by default, strong ciphers with LibreSSL and HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) combined give you a pretty secure web server *** FreeBSD laptop playbooks (https://github.com/sean-/freebsd-laptops) A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named "freebsd-laptops" It's based on ansible, and uses the playbook format for automatic set up and configuration Right now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models Check the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop *** NetBSD on the NVIDIA Jetson TK1 (https://blog.netbsd.org/tnf/entry/netbsd_on_the_nvidia_jetson) If you've never heard of the Jetson TK1 (https://developer.nvidia.com/jetson-tk1), we can go ahead and spoil the secret here: NetBSD runs on it As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything) You can even run X11 on it, pretty sweet *** DragonFly power mangement options (http://lists.dragonflybsd.org/pipermail/users/2015-July/207911.html) DragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there In this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well He also did some testing with each of them and gave his findings about power saving If you've been thinking about running DragonFly on a laptop, this would be a good one to read *** OpenBSD router under FreeBSD bhyve (https://www.quernus.co.uk/2015/07/27/openbsd-as-freebsd-router/) If one BSD just isn't enough for you, and you've only got one machine, why not run two at once This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it If you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware The author also includes a little bit of history on how he got into both operating systems There are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research Of course, the next logical step is to put that bhyve host under Xen on NetBSD... *** Feedback/Questions Kevin writes in (http://slexy.org/view/s2yPVV5Wyp) Logan writes in (http://slexy.org/view/s21zcz9rut) Peter writes in (http://slexy.org/view/s21CRmiPwK) Randy writes in (http://slexy.org/view/s211zfIXff) ***
Verizon Business’ Virtual Private LAN Service (VPLS) combines the simplicity of Ethernet, the flexibility of MPLS and the reliability of SONET. This podcast provides insight into how large business and government customers can leverage VPLS to converge voice, video and data applications onto a single cost-effective local-to-global network solution. The guest is Alla Reznik, Group […]
On this podcast from Futurenet 2007, Alla Reznik, group manager for IP & Ethernet Services at Verizon Business, discusses their recently launched Ethernet VPLS, which delivers new Wide Area Network options that are robust, flexible and feature-rich, and how companies can use the VPLS network with existing Ethernet deployments. This is a Verizon Business podcast.