Recap of week 51, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.
Earlier editions can be found here
Comic by Wumo
If you like this website and want to support it AND get $10 Digital Ocean credit (2 months free), use this link to order: https://www.digitalocean.com/?refcode=7435ae6b8212 (referral link).
News, tutorials and articles
- Self hosting a firefox Sync server
- A rant from a developer who thinks a smaller archive is nice but forgets all the procedural changes and the extra dev time lost
- The Linux Mint team has problems with their servers due to a catastrophal disk crash. Donate a bit to help them work on the awesome distro they make, and read their monthly update
- Remove other desktop environments like Kubuntu of XFCE and go back to a pure Ubuntu. It has these commands for the other *buntu's as well.
- OpenBSD 5.8 on a HP 6560b laptop
- Let's Encrypt on a FreeBSD NGINX reverse proxy including a good auto-renewal script.
- Another tutorial on Let's Encrypt with NGINX plus auto-renewal script
- Lets Encrypt issued +160K certificates. That's 60K more than last week
- A good modern guide for creating GPG keys, including subkeys and best practices
- Google Chrome will block all SHA-1 certificates after 2017, or maybe half of 2016, and give warnings earlier next year.
- Facebook wants to delay the SHA-1 deprecation by introducing a special Legacy certificate. That is, of course, very stupid, we all know how good EXPORT crypto was...
- Facebook also fucks up a security researcher that follows the rules, including intimidation... They did give an official response.
- Facebook switches all flash video Players to HTML5
- A good read on how hard file consistensy actually is
- Avast on Mac does a man in the middle without validating certificates
- Lenovo ships a driver from CSR that installs a "test" root certificate
- A pre-boot rootkit, nothing new, still the press does a scary article...
- A nice writeup on some of the flaws in the kerberos protocol
- 'Hack' Grub2 by pressing space 28 times
- FreeBSD kernel exploit breaks out of jail and possibly jailbreaks the PS4. Actual background info from the dev here and here
- Philips Smart Home Hue Lights now block third party devices. Lamps that worked perfectly before the update keep working, until you need to pair again. This is why I have trust issues with closed sourced software. And probably explains part of my negative bias towards home automation and the "internet of things"...
- A nice article on good practices for Bash scripting
- Western Digital and Owncloud bring a kit to market to get Owncloud to home users. But which home users will buy a Raspberry Pi 2 and a 1TB HDD as a kit to run just Owncloud?.
- Collabora and Owncloud release a preview of Libreoffice Online that runs on Owncloud
- Forward or save all outgoing email with Exim
- How Does the Use of Docker Affect Latency?
- The Dutch Government published a obligation for companies to report data leaks in the official state gazette.
- Python Core developer writes on why Python 3 exists and the big difference with Python 2
- 684.8 TB of data is up for grabs due to publicly exposed MongoDB databases
- If your icons are unclear, put a damn text label with it
- The GOV.UK site is an open redirect to porn and other malicious content
- Good writeup by BBC Digital Media about how they replaced varnish with nginx and why.
Software and releases
- OPNSense, a firewall appliance based on FreeBSD, forked from PFSense, released 15.7.22. Lots of bugfixes.
- cURL enables HTTP 2.0 by default. The main dev blog a lot and writes good articles.
- Drupal creator writes about de-coupling the frontend of the CMS of the backend
- Getting xterm and modern applications to share a clipboard to do cut and paste together
- A critical Joomla zero day in all versions dating back to 2008 was found allowing remote code execution. Update to the latest 3.4.6. It is so bad, they even released patches for unsupported versions 1.5 and 2.5. I think people who failed to upgrade for almost 10 years deserve their server getting abused.... Also the official Joomla announcement.
- A very detailed technical writeup on how the Joomla bug works
- Firelet, distributed linux iptables firewall manager
- Qubes OS, the Linux that runs every application in its own Xen VM will come preinstalled on the Purism Laptop. You know, that device that promises fully open source hardware and software but still ships with an nvidia card and a binary blob for the bios/uefi...
- Lets Encrypt client now in the Fedora repo's by default
- Firefox 43 released with 64bit Windows version and better tracking blocking in anonymous browsing mode
- ReactOS, open source Windows OS clone (not linux) releases RC for version 0.4
- Request Map Generator is a visual way of looking at what requests are being made for a given page. (via)
- Juniper ScreenOS has a backdoor coded in since 2012.. Makes me wonder how the code review procedures are at Juniper...
- There were a few Xen Security Advisories published this week (XSA). Here's a writeup on one of them
- Wireshark 2.0, now with Qt
- Software created or maintained by the OpenBSD project
- CopiedApp, A full featured clipboard manager for OS X.. I can't live without a clipboard manager, on linux ClipIt is my preferred choice.
Talks, slides and podcasts
Fun and nifty things and discussions
- This guy writes about his journey on becoming a morming person
- Solder more USB ports on the new awesome Raspberry Pi Zero
- The Open Source Smartwatch. 3D print it yourself, stack an arduino and an rtc module and have the coolest geeky watch ever
- A nice recap of the creation and hurdles of the PiDP8/i, a very nice remake of the PDP-8/i
- And here's another guy producing a PDP, this time a PDP-11, with a Pi. Not a mass kit, but does include a good guide for programming the PDP-11
- Here's yet another retro thingy, adding a second hard drive to a commodore
- And more retro with a classic Mac getting a network connection. Source is in French though.
- How to keep your head up in the constant stream of bad news
- Sometimes you rewrite your core company software in two weeks before going live
- Lines of code, or tickets answered are not a good measurement for how good your employees work.
- You need to register your drone next year, and the year after that you probably need to get a pilot license as well.
- An interactive LED Christmas tree
- A cozy fireplace for emacs
- Can we use Jenkins for that?
- Tom Limoncelli has the solution for the government encryption problem
- Fun stuff happens on your network, like bringing down your AIX with Oracle if your smartwatch claims to be localhost
- Moving from an MSP to internal IT, what to expect?
- Remember the kernel version in Terminator? It's finally released.
- ford.com had their Apache Server Status page open wide