Episode 43: Course Correction
Play • 20 min

A stripped down episode, this is a heart-to-heart chat between me and you about the Linux community, burnout, detours, and things you never expect to face.

Support Linux For Everyone

Links:

BSD Now
BSD Now
Allan Jude
391: i386 tear shedding
Follow-up about FreeBSD jail advantages, Install Prometheus, Node Exporter and Grafana, Calibrate your touch-screen on OpenBSD, OPNsense 21.1 Marvelous Meerkat Released, NomadBSD 1.4-RC1, Lets all shed a Tear for 386, find mostly doesn't need xargs today on modern Unixes, OpenBSD KDE Status Report, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines Follow-up about FreeBSD jail advantages (https://rubenerd.com/follow-up-about-freebsd-jail-advantages/) I’ll admit I ran a lot of justifications together into a single paragraph because I wanted to get to configuring the jails themselves. They’re also, by and large, not specific to FreeBSD’s flavour of containerisation, though I still think it’s easily the most elegant implementation. Sometimes the simplest solution really is the best one. History of FreeBSD part 4: TCP/IP (https://klarasystems.com/articles/history-of-freebsd-part-4-bsd-and-tcp-ip/) How TCP/IP evolved and BSDs special contribution to the history of the Internet *** FreeBSD: Install Prometheus, Node Exporter and Grafana (https://blog.andreev.it/?p=5289) FreeBSD comes out of the box with three great tools for monitoring. If you need more info about how these tools work, please read the official documentation. I’ll explain the installation only and creating a simple dashboard. News Roundup Calibrate your touch-screen on OpenBSD (https://www.tumfatig.net/20210122/calibrate-your-touch-screen-on-openbsd/) I didn’t expected it but my refurbished T460s came with a touch-screen. It is recognized by default on OpenBSD and not well calibrated as-is. But that’s really simple to solve. Lets all shed a Tear for 386 (https://lists.freebsd.org/pipermail/freebsd-announce/2021-January/002006.html) FreeBSD is designating i386 as a Tier 2 architecture starting with FreeBSD 13.0. The Project will continue to provide release images, binary updates, and pre-built packages for the 13.x branch. However, i386-specific issues (including SAs) may not be addressed in 13.x. The i386 platform will remain Tier 1 on FreeBSD 11.x and 12.x. OPNsense 21.1 Marvelous Meerkat Released (https://opnsense.org/opnsense-21-1-marvelous-meerkat-released/) For more than 6 years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. NomadBSD 1.4-RC1 (https://nomadbsd.org/index.html#1.4-RC1) We are pleased to present the first release candidate of NomadBSD 1.4. find mostly doesn't need xargs today on modern Unixes (https://utcc.utoronto.ca/~cks/space/blog/unix/FindWithoutXargsToday) I've been using Unix for long enough that 'find | xargs' is a reflex. When I started and for a long time afterward, xargs was your only choice for efficiently executing a command over a bunch of find results. OpenBSD KDE Status Report (https://undeadly.org/cgi?action=article;sid=20210124113220) OpenBSD has managed to drop KDE3 and KDE4 in the 6.8 -> 6.9 release cycle. That makes me very happy because it was a big piece of work and long discussions. This of course brings questions: Kde Plasma 5 package missing. After half a year of work, I managed to successfully update the Qt5 stack to the last LTS version 5.15.2. On the whole, the most work was updating QtWebengine. What a monster! With my CPU power at home, I can build it 1-2 times a day which makes testing a little bit annoying and time intensive. Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Karl - Firefox webcam audio solution (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Karl%20-%20Firefox%20webcam%20audio%20solution.md) Michal - openzfs (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Michal%20-%20openzfs.md) Dave - bufferbloat (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Dave%20-%20bufferbloat.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***
39 min
Unfilter
Unfilter
Chris Fisher
351: It's Different This Time
All we have here is a branding problem. Video: 351: Live Video - UnfilterTube (https://unfilter.tube/videos/watch/5e3cb94e-9d21-49ad-9b30-ff79b67304b4) 351: Overtime - UnfilterTube (https://unfilter.tube/videos/watch/bdd33bca-5b64-4449-9ac3-73f55f960cf9) Links: 2020 United States federal government data breach - Wikipedia (https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach) 'Disinformation And Extremism in the Media' — House Committee Hearing | CBN News - YouTube (https://www.youtube.com/watch?v=I5Rtq3C1KQo) The Great Climate Bill of 2021 Is Being Shaped Now - The Atlantic (https://www.theatlantic.com/science/archive/2021/02/the-great-climate-bill-of-2021-is-being-shaped-now/618121/) American Airlines Confirms Encounter With Unidentified Cylindrical Object Over New Mexico (https://www.thedrive.com/the-war-zone/39416/american-airlines-confirms-pilot-report-of-bizarre-cylinder-shaped-object-over-new-mexico) Developers of Oxford-AstraZeneca Vaccine Tied to UK Eugenics Movement - unlimitedhangout.com (https://unlimitedhangout.com/2020/12/investigative-series/developers-of-oxford-astrazeneca-vaccine-tied-to-uk-eugenics-movement/) Ex-aide details sexual harassment allegations against Cuomo (https://nypost.com/2021/02/24/ex-aide-details-sexual-harassment-allegations-against-cuomo/) Lindsey Boylan, Ex-Aide, Says Cuomo Sexually Harassed Her - The New York Times (https://www.nytimes.com/2021/02/24/nyregion/cuomo-lindsey-boylan-harassment.html?smid=tw-nytimes&smtyp=cur) 2-22-21 Trump Voters USA TODAY Marginals (https://www.suffolk.edu/-/media/suffolk/documents/academics/research-at-suffolk/suprc/polls/issues-polls/2021/2_22_2021_marginals_pdftxt.pdf?la=en&hash=90BD0E21168399E259262CD994978737F5D7F929) https://twitter.com/ryangirdusky/status/1363896844905041920 (https://twitter.com/ryangirdusky/status/1363896844905041920) Biden’s slow start - POLITICO (https://www.politico.com/newsletters/politico-nightly/2021/02/23/bidens-slow-start-491861) Biden told Letterman he got arrested at 21 for breaching chamber at US Capitol, sitting in lawmaker's seat (https://www.bizpacreview.com/2021/02/22/biden-told-letterman-he-got-arrested-at-21-for-breaching-chamber-at-us-capitol-sitting-in-vp-chair-1033322/) German scientist says 99.9% chance coronavirus leaked from Wuhan lab | Taiwan News | 2021/02/23 (https://www.taiwannews.com.tw/en/news/4134301) The Blob circles the wagons around failing Afghanistan strategy – Responsible Statecraft (https://responsiblestatecraft.org/2021/02/23/the-blob-circles-the-wagons-around-failing-afghanistan-strategy/) Letters from House members to cable providers [pdf] | Hacker News (https://news.ycombinator.com/item?id=26237823) The Sound and the Fury of Andrew Cuomo | The New Yorker (https://www.newyorker.com/news/our-local-correspondents/the-sound-and-the-fury-of-andrew-cuomo) Democrats question TV carriers' decisions to host Fox, OAN and Newsmax, citing 'misinformation' - POLITICO (https://www.politico.com/news/2021/02/22/democrats-conservative-media-misinformation-470863) China Hijacked an NSA Hacking Tool in 2014—and Used It for Years | WIRED (https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/) Weed now legal in New Jersey - Breaking911 (https://breaking911.com/breaking-weed-now-legal-in-new-jersey/) Psaki dodges question on whether Biden still considers Cuomo 'the gold standard' for COVID-19 leadership - Breaking911 (https://breaking911.com/psaki-dodges-question-on-whether-biden-still-considers-cuomo-the-gold-standard-for-covid-19-leadership/) Yellen sounds warning about 'extremely inefficient' bitcoin (https://www.cnbc.com/2021/02/22/yellen-sounds-warning-about-extremely-inefficient-bitcoin.html) Yellen Signals Interest in Backing Digital-Dollar Research (https://finance.yahoo.com/news/yellen-signals-interest-backing-digital-164843289.html) Trump loses Supreme Court appeal to shield tax records from NY prosecutor (https://www.cnbc.com/2021/02/22/supreme-court-rejects-trump-effort-to-shield-tax-records-from-ny-prosecutors.html?__source=androidappshare) People Who Wear Spectacles Are About Three Times Less Likely to Catch Covid-19, Finds Study (https://www.ibtimes.sg/people-who-wear-spectacles-are-about-three-times-less-likely-catch-covid-19-finds-study-55744) Whistleblowers: Software Bug Keeping Some Inmates In Prisons Beyond Release Dates | KJZZ (https://kjzz.org/content/1660988/whistleblowers-software-bug-keeping-hundreds-inmates-arizona-prisons-beyond-release) 75% Of US Troops Refused Taking COVID-19 Vaccine Says Pentagon Report | GreatGameIndia (https://greatgameindia.com/us-troops-refuse-covid-19-vaccine/) Germany urges 'caution' as COVID infections climb again (https://medicalxpress.com/news/2021-02-germany-urges-caution-covid-infections.html) Lockdown roadmap: Boris Johnson reveals shops, pubs & hairdressers will open & holiday plan will be unveiled on APRIL 12 (https://www.thesun.co.uk/news/14125374/lockdown-roadmap-boris-johnson-revealed-live-2/) Americans may still need masks to fight COVID in 2022, Fauci... (https://news.trust.org/item/20210221143523-j7r4j) White supremacy a global threat, says UN chief | The Independent (https://www.independent.co.uk/news/world/white-supremacy-threat-neo-nazi-un-b1805547.html) Reuters, BBC, and Bellingcat participated in covert UK Foreign Office-funded programs to "weaken Russia," leaked docs reveal | The Grayzone (https://thegrayzone.com/2021/02/20/reuters-bbc-uk-foreign-office-russian-media/) Sunday shows - COVID-19 dominates as grim milestone approaches | TheHill (https://thehill.com/homenews/sunday-talk-shows/539774-sunday-shows-covid-19-dominates-as-grim-milestone-approaches) Senate Leadership Coalition Announces Intention To Release Comprehensive Legislation To End Marijuana Prohibition - NORML (https://norml.org/blog/2021/02/01/senate-leadership-coalition-announces-intention-to-release-comprehensive-legislation-to-end-marijuana-prohibition/) ‘Stakes are high’ as QAnon conspiracy phenomenon emerges in France (https://www.france24.com/en/france/20210220-stakes-are-high-as-qanon-conspiracy-phenomenon-emerges-in-france) Russia reports first human cases of H5N8 bird flu - BNO News (https://bnonews.com/index.php/2021/02/russia-first-human-cases-of-h5n8-bird-flu/) We’ll Have Herd Immunity by April - WSJ (https://www.wsj.com/articles/well-have-herd-immunity-by-april-11613669731)
1 hr 10 min
Sudo Show
Sudo Show
Destination Linux Network
19: Sunburst and Securing Your Supply Chain
Today, Brandon and Eric take a look Solarburst, the Solar Winds vulnerability that led to one of the biggest breaches in years. You'll get their take on the impact as well as stop by the Productivity Corner to discuss 30-60-90. All that and more on this episode of the Sudo Show! Destination Linux Network (https://destinationlinux.network) Sudo Show Website (https://sudo.show) Sponsor: Digital Ocean (https://do.co/dln) Sponsor: Bitwarden (https://bitwarden.com/dln) Sudo Show Swag (https://sudo.show/swag) UPDATED! Contact Us: DLN Discourse (https://sudo.show/discuss) Email Us! (mailto:contact@sudo.show) Matrix: +sudoshow:matrix.org Digital Ocean: Jump Start Your Startup with DigitalOcean App Platform (https://www.digitalocean.com/blog/jump-start-your-startup-with-digitalocean-app-platform/) SolarWinds (https://www.solarwinds.com/) OpenNMS (https://www.opennms.com/) Fireeye (https://www.fireeye.com/) Sunburst: Arstechnica: Feds Wrn that Solarwinds Hackers Likely Used Other Ways to Breach Networks (https://arstechnica.com/information-technology/2020/12/feds-warn-that-solarwinds-hackers-likely-used-other-ways-to-breach-networks/) Arstechnica: Microsoft is Reportly Added to the Growing List of Victims (https://arstechnica.com/information-technology/2020/12/microsoft-is-reportedly-added-to-the-growing-list-of-victims-in-solarwinds-hack/) ZDNet: The More We Learn the Worse It Looks (https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/) CNN: US Officials Scramble to Deal with Suspected Russian Hack of Government Agencies (https://www.cnn.com/2020/12/14/politics/us-agencies-hack-solar-wind-russia/index.html) Open Source Hacks: Mint: Beware of Hacked ISOs (https://blog.linuxmint.com/?p=2994) Fossbyes: Fake Kodi Repos Hijack GitHub (https://fossbytes.com/fake-kodi-repos-hijack-github/) The Register: Leaky S3 Buckets (https://www.theregister.com/2020/08/03/leaky_s3_buckets/) Protecting Your Supply Chain: Docker Certification Program (https://www.docker.com/blog/announcing-docker-certified/) ReproducibleBuilds.Org (https://reproducible-builds.org/) Tidelift (https://tidelift.com/) Linux Foundation: Preventing Supply Chain Attacks Like Solarwinds (https://www.linuxfoundation.org/en/blog/preventing-supply-chain-attacks-like-solarwinds) Open Source Security Foundation (https://openssf.org/) Palo Alto: What is a Zero Trust Architecture (https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) GitHub: Third Party Code Scanning (https://github.blog/2020-10-05-announcing-third-party-code-scanning-tools-static-analysis-and-developer-security-training/) GitLab: Dependency Scanning (https://docs.gitlab.com/ee/user/application_security/dependency_scanning/) Productivity Corner: 30-60-90 Amazon: The First 90 Days, Michael D. Watkins (https://amzn.to/36bykB6) Disclaimer, this is an Affiliate link. A percentage of your purchase will go to support the Sudo Show!
31 min
Security Unlocked
Security Unlocked
Microsoft
Judging a Bug by Its Title
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles.  And, believe it or not, it works! (Sorry, Grandma!)  Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.    In This Episode, You Will Learn: • How data science and ML can improve security protocols and identify and classify bugs for software developers  • How to determine the appropriate amount of data needed to create an accurate ML training model  • The techniques used to classify bugs based simply on their title    Some Questions We Ask: • What questions need to be asked in order to obtain the right data to train a security model?  • How does Microsoft utilize the outputs of these data-driven security models?   • What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?    Resources:    Microsoft Digital Defense Report  https://www.microsoft.com/en-us/security/business/security-intelligence-report    Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”  https://docs.microsoft.com/en-us/security/engineering/identifying-security-bug-reports    Mayana’s LinkedIn  https://www.linkedin.com/in/mayana-pereira-2aa284b0    Nic’s LinkedIn     https://www.linkedin.com/in/nicfill/          Natalia’s LinkedIn     https://www.linkedin.com/in/nataliagodyla/          Microsoft Security Blog:      https://www.microsoft.com/security/blog/  Transcript (Full transcript can be found at https://aka.ms/SecurityUnlockedEp16) Nic Fillingham: Hello, and welcome to Security Unlocked, a new podcast from Microsoft where we unlock insights from the latest in news and research from across Microsoft Security engineering and operations teams. I'm Nic Fillingham- Natalia Godyla: And I'm Natalia Godyla. In each episode we'll discuss the latest stories from Microsoft Security, deep dive into the newest threat, intel, research and data science- Nic Fillingham: And profile some of the fascinating people working on artificial intelligence in Microsoft Security. Natalia Godyla: And now let's unlock the pod. Natalia Godyla: Hello, Nic. How's it going? Nic Fillingham: Hello, Natalia. Welcome back. Well, I guess welcome back to Boston to you. But welcome to Episode 16. I'm confused because I saw you in person last week for the first time. Well, technically it was the first time for you, 'cause you didn't remember our first time. It was the second time for me. But it was- Natalia Godyla: I feel like I just need to justify myself a little bit there. It was a 10 second exchange, so I feel like it's fair that I, I was new to Microsoft. There was a lot coming at me, so, uh- Nic Fillingham: Uh, I'm not very memorable, too, so that's the other, that's the other part, which is fine. But yeah. You were, you were here in Seattle. We both did COVID tests because we filmed... Can I say? You, you tell us. What did we do? It's a secret. It is announced? What's the deal? Natalia Godyla: All right. Well, it, it's sort of a secret, but everyone who's listening to our podcast gets to be in the know. So in, in March you and I will be launching a new series, and it's a, a video series in which we talk to industry experts. But really we're, we're hanging with the industry experts. So they get to tell us a ton of really cool things about [Sec Ups 00:01:42] and AppSec while we all play games together. So lots of puzzling. Really, we're just, we're just getting paid to do puzzles with people cooler than us. Nic Fillingham: Speaking of hanging out with cool people, on the podcast today we have Mayana Pereira whose name you may have heard from a few episodes ago Scott Christiansen was on talking about the work that he does. And he had partnered Mayana to build and launch a, uh, machine learning model that looked at the titles of bugs across Microsoft's various code repositories, and using machine learning determined whether those bugs were actually security related or not, and if they were, what the correct severity rating should be. Nic Fillingham: So this episode we thought we'd experiment with the format. And instead of having two guests, instead of having a, a deep dive upfront and then a, a profile on someone in the back off, we thought we would just have one guest. We'd give them a little bit extra time, uh, about 30 minutes and allow them to sort of really unpack the particular problem or, or challenge that they're working on. So, yeah. We, we hope you like this experiment. Natalia Godyla: And as always, we are open to feedback on the new format, so tweet us, uh, @msftsecurity or send us an email securityunlocked@microsoft.com. Let us know what you wanna hear more of, whether you like hearing just one guest. We are super open. And with that, on with the pod? Nic Fillingham: On with the pod. Nic Fillingham: Welcome to the Security Unlocked podcast. Mayana Pereira, thanks for joining us. Mayana Pereira: Thank you for having me. I'm so happy to be here today, and I'm very excited to share some of the things that I have done in the intersection of [ML 00:03:27] and security. Nic Fillingham: Wonderful. Well, listeners of the podcast will have heard your name back in Episode 13 when we talked to Scott Christiansen, and he talked about, um, a fascinating project about looking for or, uh, utilizing machine learning to classify bugs based simply on, on their title, and we'll get to that in a minute. But could you please introduce you- yourself to our audience. Tell us about your title, but sort of what does that look like in terms of day-to-day and, and, and the work that you do for Microsoft? Mayana Pereira: I'm a data scientist at Microsoft. I've been, I have been working at Microsoft for two years and a half now. And I've always worked inside Microsoft with machine learning applied to security, trust, safety, and I also do some work in the data privacy world. And this area of ML applications to the security world has always been my passion, so before Microsoft I was also working with ML applied to cyber security more in the malware world, but still security. And since I joined Microsoft, I've been working on data science projects that kinda look like this project that we're gonna, um, talk today about. So those are machine learning applications to interesting problems where we can either increase the trust and the security Microsoft products, or the safety for the customer. You know, you would develop m- machine learning models with that in mind. Mayana Pereira: And my day-to-day work includes trying to understand which are those interesting programs across the company, talk to my amazing colleagues such as Scott. And I have a, I have been so blessed with an amazing great team around me. And thinking about these problems, gathering data, and then getting, you know, heads down and training models, and testing new machine learning techniques that have never been used for a specific applications, and trying to unde…
39 min
Search
Clear search
Close search
Google apps
Main menu