Hacker Public Radio

At one time most malware targeted Windows because it was the most popular OS, but as Linux has risen in popularity, particularly in the data center, it has become a target. We look at some of the recent attacks on Linux, and note some common features of the attacks. This then suggests some ways we can protect ourselves Links: https://build5nines.com/linux-is-most-used-os-in-microsoft-azure-over-50-percent-fo-vm-cores/ https://w3techs.com/technologies/comparison/os-linux,os-windows https://gs.statcounter.com/os-market-share https://en.wikipedia.org/wiki/Chrome_OS https://www.zdnet.com/article/this-surprise-linux-malware-warning-shows-that-hackers-are-changing-their-targets/ https://www.zwilnik.com/security-and-privacy/ssh-and-tunneling/ssh-introduction/ http://hackerpublicradio.org/eps.php?id=1850 https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/ https://www.theregister.com/2016/09/02/alleged_linux_hacker_arrested/ https://www.helpnetsecurity.com/2018/12/07/linux-backdoors-openssh/ https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf https://www.helpnetsecurity.com/2018/12/07/linux-backdoors-openssh/ https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/ https://www.zdnet.com/article/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers/ https://www.bleepingcomputer.com/news/security/lucifer-cryptomining-ddos-malware-now-targets-linux-systems/ https://www.bleepingcomputer.com/news/security/lemon-duck-cryptominer-malware-now-targets-linux-devices/ https://www.bleepingcomputer.com/news/security/fritzfrog-malware-attacks-linux-servers-over-ssh-to-mine-monero/

Enigma discusses a project proposal called Hacker exchange, a proposed content sharing site that would aggregate audio/video and text based tutorials. Come chat about this project on irc.freenode.net #hackerexchange

LinuxOne: https://developer.ibm.com/components/ibm-linuxone/gettingstarted IBM quantum computing: https://www.ibm.com/quantum-computing redis on LinuxOne(in German): https://chemnitzer.linux-tage.de/2019/en/programm/beitrag/206 Ask IBM: https://www.ibm.com/blogs/cloud-computing/2015/01/13/hello-watson-ask-anything Jeff Bezo's real name: https://en.wikipedia.org/wiki/Jeff_Bezos Jeff Bezo's divorce: https://www.bloomberg.com/news/articles/2019-07-05/bezos-split-finalizes-as-38-billion-amazon-stake-transfer-looms French protests: https://www.politico.eu/article/spotlight-falls-on-amazon-as-french-businesses-are-restricted-by-lockdown-rules/ 2001: A Space Odyssee: https://www.imdb.com/title/tt0062622 OpenAI: https://openai.com GPT3: https://en.wikipedia.org/wiki/GPT-3 ARM Jazelle: https://en.wikipedia.org/wiki/Jazelle ARM ThumbEE: https://en.wikipedia.org/wiki/ARM_architecture#Thumb_Execution_Environment_(ThumbEE) TIOBE programming language index: https://www.tiobe.com/tiobe-index Commons Clause and Redis Source Available License: https://redislabs.com/blog/redis-labs-modules-license-changes

I sneak back into the HPR community with an episode about cloning the hard drive on my laptop for a backup after some recent catastrophic drive failures. Links Clonezilla: The Free and Open Source Software for Disk Imaging and Cloning Hard drive adapters at Amazon Credits Music bumpers are from Kimiko Ishizaka's Libre Art of Fugue: https://music.kimiko-piano.com/album/j-s-bach-the-art-of-the-fugue-kunst-der-fuge-bwv-1080, used by permission of their CC0 1.0 Universal (CC0 1.0) Public Domain Dedication license.

Pat and Claudio discuss the current state of Linux audio applications in 2020. The primary focus is applications to create music. We discuss Linux sound servers (Pulse, ALSA and Jack). Software synthesizers available in Linux. Midi, sequencers and drum machines. Digital Audio Workstation applications. Impulse Responses for guitar and bass speaker emulation. Commercial vendors that support the Linux platform. Music equipment vendors that use Linux as the basis of their products. This page has been around for years. Some links might be stale or dead. http://linux-sound.org/ Some of the sound fonts I've used: http://midkar.com/soundfonts/ http://www.pvv.org/~hammer https://www.michaelpichermusic.com/sample-libraries MIDI/Music software discussed: JACK (JACK Audio Connection Kit) https://jackaudio.org/ Qtractor https://qtractor.sourceforge.io/ Ardour https://ardour.org/ Reaper https://www.reaper.fm/index.php Carla https://kx.studio/Applications:Carla Duality Bass https://audio-assault.com/duality.php My Soundcloud page. https://www.soundcloud.com/claudiom72 Open source synthesizers: https://www.moddevices.com/ http://www.linuxsynths.com/ https://en.wikipedia.org/wiki/Korg_OASYS (Finally found that hardware Linux-based synth.) http://synthesia.sourceforge.net/ https://zynthian.org/ (Don't remember if this was mentioned, but here it is. :-p) Pipewire https://pipewire.org/ unfa https://www.youtube.com/channel/UCAYKj_peyESIMDp5LtHlH2A

A follow up show in the vein of hpr3016 :: Nixie tube clock and friends!. Also be sure to remove batteries from electronics in storage.

30" Apple Cinema Display 2560x1600 160 GB iPod Classic IPad 3 Mac Pro 1.1 iPhone 4s

Beni, McNalu, Klaatu, and Philip review the Fifth Edition of the Shadowrun roleplaying game. For more information about Shadowrun, go to ShadowrunTabletop.com. Quickstart rules are available for $0 from drivethrurpg.com (this is Klaatu's affiliate link, granting him some n% of the $0 sale) Finally, you can find lots of great Shadowrun fiction on drivethrurpg.com in EPUB format.

I've been running NextCloud since it was OwnCloud. In this episode, I encourage other people to install and run NextCloud. It's a great way to get out of the Google ecosystem, and it doesn't require much to set up or maintain. Here's the script I use to update one of the Nextcloud instances I maintain, running on a dirt-cheap VPS slice from Blue Host er something: #/test/before/using/bash # GNU All-Permissive License # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright # notice and this notice are preserved. This file is offered as-is, # without any warranty. if [ "${1}" == "--help" ]; then echo "usage:" echo "$0 http://path-to-nextcloud.bz2" echo "WARNING: You MUST put your Nextcloud instance into maintenance mode first" exit fi set -e # get rid of the old Nextcloud tarball from the last time you upgraded trash nextcloud*bz2 || true # get rid of old backups as long as they are empty of actual data [[ -e cloud/data ]] && trash cloud-deleteme #download the source tarball wget "${1}" #rename old cloud mv nextcloud cloud-deleteme # untar source # grab your data from old cloud tar xvf nextcloud*bz2 && mv cloud-deleteme/data/ nextcloud/ # copy your config cp cloud-deleteme/config/config.php nextcloud/config/ # enter the cloud pushd nextcloud # perform upgrade php ./occ upgrade # leave the cloud popd Don't use my upgrade script blindly, and please do test first. It works for my setup, but has been tested ONLY on my setup. Also, it doesn't put your Nextcloud instance into maintenance mode (probably because I wrote it before I knew Awk...), so you must do that manually. Happy hacking!

Script and instruction at https://james.toebesacademy.com/USBKey.html Combo of Perl for Installation, ssh-keygen for key exchange. udev for actions bash for locking/unlocking/key checking. udev add/remove/change events add event does not allow access to drive change event was not allowing unlock. Compromise was unlock, then lock if key check fails.

Layers are the feature that does most of the heavy lifting in GIMP. In this episode we begin looking at them with an introduction, but we'll go deeper! Links: https://docs.gimp.org/2.8/en/ https://www.animationconnection.com/about-the-art/original-production-cels https://en.wikipedia.org/wiki/XCF_(file_format) https://www.webopedia.com/TERM/A/alpha_channel.html https://www.ahuka.com/gimp/introduction-to-layers/

In this episode our two heroes interview Itamar Haber, community liaison for Redis, a popular open-source in-memory NoSQL database. Technology prevails in this episode; communism, free love and drugs take a backseat (but only for the moment! :-). The trio discuss the legacy of redis, bemoan their old age and reveal why Itamar initially wanted to be a mermaid. Listen to the episode for more shocking epiphanies! Shownotes: Kaypro: https://en.wikipedia.org/wiki/Kaypro Salvatore Sanfilippo: https://github.com/antirez redis: https://github.com/redis/redis Redis Labs: https://redislabs.com Redis Streams: https://redis.io/topics/streams-intro Redis Modules: https://redis.io/modules Windows: https://bugs.launchpad.net/ubuntu/+bug/1 WSL 2: https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux#WSL_2 On the Bro'd: https://www.mikelacher.com/work/on-the-brod

YAML has two data elements that serve as building blocks for complex data structures: sequences and mappings. Sequence This is a sequence: --- - Emperor - Gentoo - Little Blue Mapping This is a mapping: --- Penguin: Emperor In this case, Penguin is a key and Emperor is a value. This is often called a "key and value pair", but in YAML it's just called a mapping. Combining data blocks You can embed these data types into one another. Here is a mapping that has a sequence as its value: --- Penguin: - Emperor - Gentoo - Little Blue Here is a sequence of mappings: --- - Penguin: Emperor - Penguin: Gentoo - Penguin: Little Blue yamllint Use yamllint to detect errors in your YAML. To install: $ pip install yamllint Run it: $ yamllint good.yaml $ yamllint bad.yaml bad.yaml 1:1 warning missing document start "---" (document-start) 4:14 error no new line character at the end of file (new-line-at-end-of-file) yaml2json Sometimes it's useful to convert your YAML to JSON so you can view the data structure in a different way. There are probably dozens of YAML-to-JSON converters out there, but here's the one I use: http://gitlab.com/slackermedia/yaml2json.git Run it: $ cat example.yaml --- penguins: - Gentoo - Little Blue - Rockhopper dragons: - black - white - red $ ~/bin/yaml2json.py example.yaml {"penguins": ["Gentoo", "Little Blue", "Rockhopper"], "dragons": ["black", "white", "red"]} YAML police There are no YAML police. As long as yamllint finds no errors, your YAML is valid and can be parsed by any one of the dozens of YAML libraries out there. However, these YAML libraries aren't magical, so you must understand the internal logic of your own YAML data. Keep that in mind when devising a scheme for the data you're recording. YAML is a great method for creating configuration files, or storing simple data structures, and it's essential for Ansible playbooks. Enjoy!

Enigma discusses the high level basics of getting into the aquarium hobby and what to consider when purchasing your first aquarium. Links: API Test kit

taskwarrior.org Taskwarrior is Free and Open Source Software that manages your TODO list from the command line. It is flexible, fast, and unobtrusive. It does its job then gets out of your way. timewarrior.net Timewarrior is Free and Open Source Software that tracks time from the command line. Article on the Medium website Tracking time on the command line with Taskwarrior and Timewarrior