SMLR Episode 298 Twenty Five Years of GNU

The first dot release of the 18.12 series is out with fixes and usability improvements. The most exciting change is the fix for audio capture when recording from screen or webcam, a handy feature for people doing video tutorials.

https://kdenlive.org/en/2019/01/18-12-1-released/

“Announcing unlimited free private repos“ Now people can to choose to share their code either with the world or only with Microsoft and 3 other friends.

https://blog.github.com/2019-01-07-new-year-new-github/

Syncthing 1.0

https://forum.syncthing.net/t/syncthing-graduation-day/12617

NotePost

https://netsyms.com/apps/notepost/

NSA to release a free reverse engineering tool

https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/

Metasploit Framework 5.0 Released!

https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/

RDP Man In The Middle HoneyPot

https://gosecure.net/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

https://goaccess.io/

Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers’ Location Data – Motherboard

https://motherboard.vice.com/en_us/article/d3bnyv/google-demanded-tmobile-sprint-to-not-sell-google-fi-customers-location-data

Shutdown Makes .Gov Websites Insecure Due to Expired TLS Certificates | Digital Trends

https://www.digitaltrends.com/web/shutdown-websites-tls-certificates/

January 5, 1984: GNU Project Founded

https://dayintechhistory.com/dith/january-5-1984-gnu-project-founded-2/

End of the Year Report – Librem 5 – Things are awesome

https://puri.sm/posts/end-of-year-librem-5-update/

Visualizing weak encryption by the team at Viking VPN

https://vikingvpn.com/blogs/security/visualizing-weak-encryption-experiments-with-aes

Enter this simple bitmap experiment. You take a simple image, encrypt it, and then reapply the headers to make it a valid bitmap image again and look at what the encrypted data looks like visually. When doing this, you are applying no mathematical attacks or simplifications and no cryptanalysis. You’re just looking at the raw encryption with your eyes and seeing if you can see any of the original bitmap in the encrypted code.

Best so far

AES-256-CBC (Cipher block chaining)

AES in CBC mode is the worldwide standard of operation on the web today. The mode has extensive entropy because it uses chunks of encrypted data from the previous block, and appends it to the block that is currently being encrypted. This dramatically increases the entropy and makes discerning the original image through just visual analysis impossible. AES in CBC mode does have the disadvantage of being unable to combat tampering on its own. That is why AES in CBC is often accompanied by some flavor of Hash to do data integrity checks. Today that is mostly the SHA-1 and SHA-2 family of hashes.

AES-256-GCM (Galois Counter Mode)

AES in Galois Counter Mode is the current bleeding edge of encryption the is being used on the web. The biggest advantage that GCM has over CBC is built-in message authentication. AES in Galois Counter Mode tends to be slower than CBC with the same key lengths, so some developers, especially those who operate mobile apps, are hesitant to implement GCM. The concern surrounds the slower processors in mobile devices not being able to handle the encryption/decryption operations in a reasonable amount of time making apps and services seem sluggish.

This problem is improving with the propagation of multi-core processors in smartphones and tablets, allowing the advantages of GCM to shine over CBC.

(Next Page)

Gaming

Super Tux Kart enters beta phase

https://betanews.com/2019/01/11/supertuxkart-mario-kart-linux/

“We are now confident that our code is stable enough for a beta release: 0.10-beta1. This means that we will provide our usual set of binaries and installers for all supported platforms. And hopefully that means that many more people will be able to test this current version. Note that we consider this beta very stable, de-facto very close to a release candidate. But we are waiting for another track to be ready to be included, so we are using this time to give more players the opportunity to test (or re-test) our online racing implementation,” says Joerg Henrichs, Project Lead.

The SuperTuxKart developers share the following features that have been added since the last stable release.

You can now race against your friends or people world-wide in online races, either in LAN or WAN games.
You can either run a server on your own computer, all handled by SuperTuxKart, fire up a stand-alone server, or connect to servers already running.
A Raspberry Pi 3 is powerful enough to act as a game server (though you need a server-only binary). We provide several game servers on VPS and Pis that are constantly up.
On special so-called ‘ranked servers’ a global ranking of online players is maintained.

Cool Tools

BFG Repo Cleaner

https://rtyley.github.io/bfg-repo-cleaner/

Removes large or troublesome blobs like git-filter-branch does, but faster. And written in Scala

The BFG is 10 – 720x faster than git-filter-branch, turning an overnight job into one that takes less than ten minutes.

Requirements

The Java Runtime Environment (Java 7 or above – BFG v1.12.3 was the last version to support Java 6)
Or just run it in a container

Hexyl

https://github.com/sharkdp/hexyl

hexyl is a simple hex viewer for the terminal. It uses a colored output to distinguish different categories of bytes (NULL bytes, printable ASCII characters, ASCII whitespace characters, other ASCII characters and non-ASCII).

SQL LiteCLI

https://www.pgcli.com/launching-litecli.html

Today we are happy to announce the launch of LiteCLI!

LiteCLI is a user-friendly CommandLine client for SQLite database.

It is based on the popular pgcli and mycli projects.

LiteCLI is written in python using the wonderful prompt-toolkit library. It is cross-platform compatible and it is tested on Linux, MacOS and Windows.

Bash 5.0 released

https://lobste.rs/s/5orxb4/bash_5_0_released

Chet Ramey

Interesting

https://devpost.com/software/sed-pathfinder

sed is a unix utility for transforming text. It provides a simple programming language for matching and replacing text. Given its limited features, it was never designed as a general purpose programming language. However, it is an extremely versatile tool and can be used to solve problems way beyond the domain of simple text transformation. This is a proof-of-concept implementation of a maze solver written in sed.

The algorithm is a breadth-first search expressed as a cellular automaton. The rules of this automaton are simulated using sed’s substitution command.

Story

“What If Linus Torvalds Gets Hit By A Bus?” – An Empirical Study

https://www.crummy.com/writing/segfault.org/Bus.html

Some Windows 7 Installations Deactivated with Update

https://www.howtogeek.com/fyi/microsoft-deactivated-some-windows-7-pcs-with-an-update/

Check amazon reviews for possible

https://reviewmeta.com

Linux 5.0 is coming soon

https://lkml.org/lkml/2019/1/6/178

Fedora Updates Chromium with VAAPI Support

https://www.linuxuprising.com/2019/01/fedora-updates-chromium-with-vaapi.html

Mozilla Firefox 65 Promises Enhanced Security for Linux, Android, and macOS