0

SMLR Episode 292 Big Purple Hat

Posted by Tom Lawrence on November 4, 2018 in Show-mp3, Show-ogg |
Play

http://smlr.us

Downloads:

Show 286

Contact Us:

show (at) smlr.us or the Contact us page


Intro:

Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich

Sound bites by Mike Tanner

Phils GitHub

https://github.com/pgporada

The LawrenceSystems YouTube Channel Where videos
https://www.youtube.com/user/TheTecknowledge

Tech News:

New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks #BleedingBit

https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

 

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data #PortSmash

https://thehackernews.com/2018/11/portsmash-intel-vulnerability.html

 

New Ubuntu 19.04 Will be Disco Dingo.  If there are issues I will be compelled to say “That dingo as planned”
https://launchpad.net/ubuntu/disco

 

Red Hat + IBM: Creating the leading hybrid cloud provider

https://www.redhat.com/en/blog/red-hat-ibm-creating-leading-hybrid-cloud-provider

 

System76 Thelio computer is open source, Linux-powered, and made in the USA

https://system76.com/desktops

https://github.com/system76/thelio

DHS Seized Aftermarket Apple Laptop Batteries From Independent Repair Expert Louis Rossman

https://motherboard.vice.com/en_us/article/a3ppvj/dhs-seized-aftermarket-apple-laptop-batteries-from-independent-repair-expert-louis-rossman

 

AMD Ryzen Threadripper 2920X & 2970WX Linux Performance Benchmarks

https://www.phoronix.com/scan.php?page=article&item=amd-2920x-2970wx&num=1

 

Post-mortem: MRI disables every iOS device in facility

https://www.reddit.com/r/sysadmin/comments/9si6r9/postmortem_mri_disables_every_ios_device_in/

 

Big Purple Hat

IBM bought RedHat for $34 billion

 

They is trying to become a cloud provider. From an IBM-er of 10 years, “The IBM engineering team in Bluemix is weak and one way to really up the ante is getting access to top talent in the industry to do this (CoreOS team, Openshift.io team, linux kernel devs, distributed storage devs)”

 

  • In 2018 IBM 3 companies, Alphabet 6 companies, Amazon 6
  • In 2017 IBM 3 companies, Alphabet 11 companies, Amazon 11
  • In 2016 IBM 12 companies, Alphabet 17 companies, Amazon 5
  • In 2015 IBM 13 companies, Alphabet 15 companies, Amazon 7

 

A comment I saw on Hacker News was, “I’m an IBMer and the current rule is you can work on OS projects in your own time as long as it isn’t to the detriment of IBM’s projects.” Contrast that to, “One of the most praised points in Red Hat’s code of conduct is the fact that it specifically says that you can work on open source projects _even if it is to the detriment to Red Hat”

 

Possibly in danger due to the heavy amount of RH involvement

  1. Glibc
  2. Libreoffice
  3. Freedesktop.org
  4. Ansible
  5. Ceph
  6. GlusterFS
  7. Fedora – technically a community project, but RH is the main contributor
  8. Centos – gratis version of RHEL
  9. CoreOS

 

https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/

“KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.” In other words, if you’re using RHEL on the desktop, at some point KDE will not be supported.

 

To be clear, Red Hat heavily backs the Linux desktop environment GNOME, which is developed as an independent open-source project and is also used by a large bunch of other distros. And although Red Hat is signalling the end of the road for KDE support in RHEL, KDE is very much its own independent project that will continue on its own, with or without future RHEL editions’ blessings

 

Red Hat has never exactly been a massive supporter of KDE, but at least they shipped it and supported you using it.

https://vespene.io

Vespene is a modern, streamlined build and self-service automation platform.

Architecturally Vespene is a horizontally-scalable Python application, using Django and PostgreSQL. Each node in a Vespene cluster runs a copy of the web code and any number of backend build “worker” processes, all of which share the database. Users can connect to any node in the cluster to submit jobs.

Like saltstack and ansible, the build or automation declaration can be written in YAML or JSON and use the Jinja2 python templating engines.

 

Use cases for something like this are deploying a new copy of a website or upgrading your staging, qa, prod in a rolling release fashion.

https://www.openwall.com/lists/oss-security/2018/11/01/4 CVE-2018-5407

PortSmash

Report: We steal an OpenSSL (<= 1.1.0h) ECDSA private key using the P-384 elliptic curve from a TLS server
using this new side-channel vector. It is a local attack in the sense
that the malicious process must be running on the same physical core
as the victim (an OpenSSL-powered TLS server in this case).

Affected platforms: SMT/Hyper-Threading architectures (verified on Skylake and Kaby Lake)

Proof of Concept: https://github.com/bbbrumley/portsmash

Hacking Bluetooth

The speaker may have a button that allows other devices to connect to it only when pressed, if this is the case then you can do nothing about it. There’s also the case that the speaker is already connected to another device. Bluetooth speakers support only one device to be connected.

 

However

https://linux.die.net/man/1/l2ping

L2ping sends a L2CAP echo request to the Bluetooth MAC address bd_addr given in dotted hex notation.

Interview with Steven Vaughn-Nichols regarding IBM/Redhat (video)
https://www.zdnet.com/article/is-red-hat-ibms-hail-mary-pass/

Ubuntu Opt-in Usage Stats
https://www.ubuntu.com/desktop/statistics

Disk/File Recovery Tools:
https://www.maketecheasier.com/recover-data-linux-tools/

 

ProtonDB:
Compatibility database for Steam’s proton
https://www.protondb.com/

Red Hat deprecates KDE:
https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/

Jonathan Riddell’s statement on that:
https://jriddell.org/2018/11/02/red-hat-and-kde/

Mark Shuttleworth’s statement on IBM acquisition:
https://blog.ubuntu.com/2018/10/30/statement-on-ibm-acquisition-of-red-hat

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2018 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.