Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Plus why you may want to skip Nest Wifi, and our latest explorations of long range wireless protocols.

Links:

• Decoding LoRa: Realizing a Modern LPWAN with SDR — LoRa is an emerging Low Power Wide Area Network (LPWAN), a type of wireless communication technology suitable for connecting low power embedded devices over long ranges. This paper details the modulation and encoding elements that comprise the LoRa PHY, the structure of which is the result of the author’s recent blind analysis of the protocol. It also introduces grlora, an open source software defined implementation of the PHY that will empower wireless developers and security researchers to investigate this nascent protocol.
• Nest Wifi announced at Made by Google 2019 | Ars Technica — Google says that a two-piece Nest Wifi kit—one Nest Router and one Nest Point—should cover up to 3,800 square feet and 85% of homes. This claim, like most arbitrary claims of Wi-Fi coverage with no real detail, should be taken with several grains of salt.
• TP-LINK EAP series Business Wi-Fi Solution — The EAP Series Business Wi-Fi Solution incorporates EAP Series hardware, which provides a smooth, reliable wireless internet experience, and a powerful centralized management platform.
• Bloody Stupid Johnson | Discworld Wiki — Although evidently able in certain fields, Johnson is notorious for his complete inability to produce anything according to specification or common sense, or (sometimes) even the laws of physics.
• A Quick Look At EXT4 vs. ZFS Performance On Ubuntu 19.10 With An NVMe SSD — For those thinking of playing with Ubuntu 19.10's new experimental ZFS desktop install option in opting for using ZFS On Linux in place of EXT4 as the root file-system, here are some quick benchmarks looking at the out-of-the-box performance of ZFS/ZoL vs. EXT4 on Ubuntu 19.10 using a common NVMe solid-state drive.
• ubuntu/zsys: zsys daemon and client for zfs systems — It allows running multiple ZFS systems in parallel on the same machine, get automated snapshots, managing complex zfs dataset layouts separating user data from system and persistent data, and more.
• Ubuntu ZFS support in 19.10: ZFS on root · ~DidRocks — We are shipping ZFS On Linux version 0.8.1, with features like native encryption, trimming support, checkpoints, raw encrypted zfs transmissions, project accounting and quota and a lot of performance enhancements.
• Ubuntu ZFS support in 19.10: introduction · ~DidRocks — We want to support ZFS on root as an experimental installer option, initially for desktop, but keeping the layout extensible for server later on.
• A detailed look at Ubuntu’s new experimental ZFS installer | Ars Technica — If you're new to the ZFS hype train, you might wonder why a new filesystem option in an OS installer is a big deal. So here's a quick explanation: ZFS is a copy-on-write filesystem, which can take atomic snapshots of entire filesystems.

Plus the importance of automatic updates, and Jim's new backup box.

Links:

• Errata Security: Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) — Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug.
• Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708) | ZDNet — "[The] NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
• Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) – MSRC — This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017
• BlueKeep - everyone agrees, you should patch PCs running legacy versions of Windows — I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.
• CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability — Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received any security updates to protect their systems from CVE-2019-0708, which is a critical remote code execution vulnerability.
• Forget BlueKeep: Beware the GoldBrute | Threatpost — In the past few days, GoldBrute (named after the Java class it uses) has attempted to brute-force Remote Desktop Protocol (RDP) connections for 1.5 million Windows systems and counting, according to Morphus Labs chief research officer Renato Marinho. The botnet is actively scanning the internet for machines with RDP exposed, and trying out weak or reused passwords to see if it can gain access to the systems.
• The GoldBrute botnet — The latest round of bad news emerged last week when Morphus Labs’ researcher Renato Marinho announced the discovery of an aggressive brute force campaign against 1.5 million RDP servers by a botnet called ‘GoldBrute’.
• Ubuntu Automatic Updates — The unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates.
• AutoUpdates - Fedora Project Wiki — You must decide whether to use automatic DNF or YUM updates on each of your machines.
• It's time to block Windows Automatic Updating | Computerworld — Those of you who feel it’s important to install Windows and Office patches the moment they come out – I salute you. The Windows world needs more cannon fodder.
• Windows 10's Ugly Updates Just Got Uglier. Here's How To Stay Safe by Disabling Automatic Updates — Stay safe by disabling automatic updates? How is that possible? As a general rule of thumb, I’d never recommend disabling updates because security patches are essential. But the situation with Windows 10 has become intolerable. Microsoft continues to fail and continues to release update after update that they know, or should know, has serious problems.
• Jim's New Rig — I build, sell, and manage much bigger and meaner systems than this all the time. But this one's MINE! 12 hot swap bays, Ryzen 7 2700 w/ ECC RAM, quiet enough to share an office with, and the trays can take either HDD or SSD with no adapter needed.

Plus when not to use ZFS, the surprising way your disks are lying to you, and more!

Links:

• ZFS - Ubuntu Wiki — ZFS is a combined file system and logical volume manager designed and implemented by a team at Sun Microsystems led by Jeff Bonwick and Matthew Ahrens.
• Performance tuning - OpenZFS — Make sure that you create your pools such that the vdevs have the correct alignment shift for your storage device's size. if dealing with flash media, this is going to be either 12 (4K sectors) or 13 (8K sectors).