SMLR Episode 292 Big Purple Hat
Podcast: Play in new window
Subscribe: Apple Podcasts | RSS
Downloads:
Contact Us:
show (at) smlr.us or the Contact us page
Intro:
Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich
Sound bites by Mike Tanner
Phils GitHub
The LawrenceSystems YouTube Channel Where videos
https://www.youtube.com/user/TheTecknowledge
Tech News:
New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks #BleedingBit
https://thehackernews.com/2018/11/bluetooth-chip-hacking.html
New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data #PortSmash
https://thehackernews.com/2018/11/portsmash-intel-vulnerability.html
New Ubuntu 19.04 Will be Disco Dingo. If there are issues I will be compelled to say “That dingo as planned”
https://launchpad.net/ubuntu/disco
Red Hat + IBM: Creating the leading hybrid cloud provider
https://www.redhat.com/en/blog/red-hat-ibm-creating-leading-hybrid-cloud-provider
System76 Thelio computer is open source, Linux-powered, and made in the USA
https://github.com/system76/thelio
DHS Seized Aftermarket Apple Laptop Batteries From Independent Repair Expert Louis Rossman
AMD Ryzen Threadripper 2920X & 2970WX Linux Performance Benchmarks
https://www.phoronix.com/scan.php?page=article&item=amd-2920x-2970wx&num=1
Post-mortem: MRI disables every iOS device in facility
https://www.reddit.com/r/sysadmin/comments/9si6r9/postmortem_mri_disables_every_ios_device_in/
Big Purple Hat
IBM bought RedHat for $34 billion
They is trying to become a cloud provider. From an IBM-er of 10 years, “The IBM engineering team in Bluemix is weak and one way to really up the ante is getting access to top talent in the industry to do this (CoreOS team, Openshift.io team, linux kernel devs, distributed storage devs)”
- In 2018 IBM 3 companies, Alphabet 6 companies, Amazon 6
- In 2017 IBM 3 companies, Alphabet 11 companies, Amazon 11
- In 2016 IBM 12 companies, Alphabet 17 companies, Amazon 5
- In 2015 IBM 13 companies, Alphabet 15 companies, Amazon 7
A comment I saw on Hacker News was, “I’m an IBMer and the current rule is you can work on OS projects in your own time as long as it isn’t to the detriment of IBM’s projects.” Contrast that to, “One of the most praised points in Red Hat’s code of conduct is the fact that it specifically says that you can work on open source projects _even if it is to the detriment to Red Hat”
Possibly in danger due to the heavy amount of RH involvement
- Glibc
- Libreoffice
- Freedesktop.org
- Ansible
- Ceph
- GlusterFS
- Fedora – technically a community project, but RH is the main contributor
- Centos – gratis version of RHEL
- CoreOS
https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/
“KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.” In other words, if you’re using RHEL on the desktop, at some point KDE will not be supported.
To be clear, Red Hat heavily backs the Linux desktop environment GNOME, which is developed as an independent open-source project and is also used by a large bunch of other distros. And although Red Hat is signalling the end of the road for KDE support in RHEL, KDE is very much its own independent project that will continue on its own, with or without future RHEL editions’ blessings
Red Hat has never exactly been a massive supporter of KDE, but at least they shipped it and supported you using it.
Vespene is a modern, streamlined build and self-service automation platform.
Architecturally Vespene is a horizontally-scalable Python application, using Django and PostgreSQL. Each node in a Vespene cluster runs a copy of the web code and any number of backend build “worker” processes, all of which share the database. Users can connect to any node in the cluster to submit jobs.
Like saltstack and ansible, the build or automation declaration can be written in YAML or JSON and use the Jinja2 python templating engines.
Use cases for something like this are deploying a new copy of a website or upgrading your staging, qa, prod in a rolling release fashion.
https://www.openwall.com/lists/oss-security/2018/11/01/4 CVE-2018-5407
PortSmash
Report: We steal an OpenSSL (<= 1.1.0h) ECDSA private key using the P-384 elliptic curve from a TLS server
using this new side-channel vector. It is a local attack in the sense
that the malicious process must be running on the same physical core
as the victim (an OpenSSL-powered TLS server in this case).
Affected platforms: SMT/Hyper-Threading architectures (verified on Skylake and Kaby Lake)
Proof of Concept: https://github.com/bbbrumley/portsmash
Hacking Bluetooth
The speaker may have a button that allows other devices to connect to it only when pressed, if this is the case then you can do nothing about it. There’s also the case that the speaker is already connected to another device. Bluetooth speakers support only one device to be connected.
However
https://linux.die.net/man/1/l2ping
L2ping sends a L2CAP echo request to the Bluetooth MAC address bd_addr given in dotted hex notation.
Interview with Steven Vaughn-Nichols regarding IBM/Redhat (video)
https://www.zdnet.com/article/
Ubuntu Opt-in Usage Stats
https://www.ubuntu.com/desktop
Disk/File Recovery Tools:
https://www.maketecheasier.com
ProtonDB:
Compatibility database for Steam’s proton
https://www.protondb.com/
Red Hat deprecates KDE:
https://www.theregister.co.uk/
Jonathan Riddell’s statement on that:
https://jriddell.org/2018/11/
Mark Shuttleworth’s statement on IBM acquisition:
https://blog.ubuntu.com/2018/1
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.