Plus Intel's surprisingly overclockable laptop CPU, why you shouldn't freak out about 5G, and the incredible creativity of the Demoscene.

Links:

• Asus ROG Zephyrus G14—Ryzen 7nm mobile is here, and it’s awesome
• Linux on Laptops: ASUS Zephyrus G14 with Ryzen 9 4900HS
• Intel’s 10th-generation H-series laptop CPUs break 5GHz | Ars Technica
• Wi-Fi 6E becomes official—the FCC will vote on rules this month
• Celebs share rumors linking 5G to coronavirus, nutjobs burn cell towers
• Not-actually Linux distro review: FreeBSD 12.1-RELEASE
• Not actually Linux distro review deux: GhostBSD
• MOD (file format) - Wikipedia
• AT&T.MOD (YouTube)
• DJ Moses Rising—Ice Cream Trance (YouTube)
• Farbrausch—The Product (64K Intro, 2000)
• Farbrausch—Poem to a Horse (64K Intro, 2002)
• Finland accepts the Demoscene on its national UNESCO list of intangible cultural heritage of humanity

Plus why you may want to skip Nest Wifi, and our latest explorations of long range wireless protocols.

Links:

• Decoding LoRa: Realizing a Modern LPWAN with SDR — LoRa is an emerging Low Power Wide Area Network (LPWAN), a type of wireless communication technology suitable for connecting low power embedded devices over long ranges. This paper details the modulation and encoding elements that comprise the LoRa PHY, the structure of which is the result of the author’s recent blind analysis of the protocol. It also introduces grlora, an open source software defined implementation of the PHY that will empower wireless developers and security researchers to investigate this nascent protocol.
• Nest Wifi announced at Made by Google 2019 | Ars Technica — Google says that a two-piece Nest Wifi kit—one Nest Router and one Nest Point—should cover up to 3,800 square feet and 85% of homes. This claim, like most arbitrary claims of Wi-Fi coverage with no real detail, should be taken with several grains of salt.
• TP-LINK EAP series Business Wi-Fi Solution — The EAP Series Business Wi-Fi Solution incorporates EAP Series hardware, which provides a smooth, reliable wireless internet experience, and a powerful centralized management platform.
• Bloody Stupid Johnson | Discworld Wiki — Although evidently able in certain fields, Johnson is notorious for his complete inability to produce anything according to specification or common sense, or (sometimes) even the laws of physics.
• A Quick Look At EXT4 vs. ZFS Performance On Ubuntu 19.10 With An NVMe SSD — For those thinking of playing with Ubuntu 19.10's new experimental ZFS desktop install option in opting for using ZFS On Linux in place of EXT4 as the root file-system, here are some quick benchmarks looking at the out-of-the-box performance of ZFS/ZoL vs. EXT4 on Ubuntu 19.10 using a common NVMe solid-state drive.
• ubuntu/zsys: zsys daemon and client for zfs systems — It allows running multiple ZFS systems in parallel on the same machine, get automated snapshots, managing complex zfs dataset layouts separating user data from system and persistent data, and more.
• Ubuntu ZFS support in 19.10: ZFS on root · ~DidRocks — We are shipping ZFS On Linux version 0.8.1, with features like native encryption, trimming support, checkpoints, raw encrypted zfs transmissions, project accounting and quota and a lot of performance enhancements.
• Ubuntu ZFS support in 19.10: introduction · ~DidRocks — We want to support ZFS on root as an experimental installer option, initially for desktop, but keeping the layout extensible for server later on.
• A detailed look at Ubuntu’s new experimental ZFS installer | Ars Technica — If you're new to the ZFS hype train, you might wonder why a new filesystem option in an OS installer is a big deal. So here's a quick explanation: ZFS is a copy-on-write filesystem, which can take atomic snapshots of entire filesystems.

Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it's a great time to be a ZFS user.

Links:

• SACK Panic Security Bulletin — Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the Maximum Segment Size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.
• Ubuntu SACK Panic Guidance — You should update your kernel to the versions specified below in the Updates section and reboot. Alternatively, Canonical Livepatch updates will be available to mitigate these two issues without the need to reboot.
• Red Hat SACK Panic Advisory — Red Hat customers running affected versions of these Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the available updates immediately and enable the mitigations as they feel appropriate.   
• RFC 2018 - TCP Selective Acknowledgment Options — TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can only learn about a single lost packet per round trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments may have already been successfully received. A Selective Acknowledgment (SACK) mechanism, combined with a selective repeat retransmission policy, can help to overcome these limitations.
• Ping of Death — In a nutshell, it is possible to crash, reboot or otherwise kill a large number of systems by sending a ping of a certain size from a remote machine.
• Firefox zero-day was used in attack against Coinbase employees, not its users | ZDNet — A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users.
• Mozilla fixes second Firefox zero-day exploited in the wild | ZDNet — Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations.
• RAMBleed — RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key.
• Digging into the new features in OpenZFS post-Linux migration | Ars Technica — One of the most important new features in 0.8 is Native ZFS Encryption. Until now, ZFS users have relied on OS-provided encrypted filesystem layers either above or below ZFS. While this approach does work, it presented difficulties.
• Allan Jude on Twitter — Once the FreeBSDs are upstreamed, everything is changing to 'OpenZFS', including the github organization currently know as 'zfsonlinux'.
• ZFS on Linux Releases
• Linux Academy is hiring!
• Mozilla teases $5-per-month ad-free news subscription — Mozilla has started teasing an ad-free news subscription service, which, for $5 per month, would offer ad-free browsing, audio readouts, and cross-platform syncing of news articles from a number of websites.

Plus when not to use ZFS, the surprising way your disks are lying to you, and more!

Links:

• ZFS - Ubuntu Wiki — ZFS is a combined file system and logical volume manager designed and implemented by a team at Sun Microsystems led by Jeff Bonwick and Matthew Ahrens.
• Performance tuning - OpenZFS — Make sure that you create your pools such that the vdevs have the correct alignment shift for your storage device's size. if dealing with flash media, this is going to be either 12 (4K sectors) or 13 (8K sectors).

Plus the nitty-gritty details of vectorized optimizations and kernel preemption, and our thoughts on the future of the relationship between ZFS and Linux.

Special Guest: Richard Yao.

Links:

• LinuxFest Northwest 2019 — Join a bunch of JB hosts and community celebrating the 20th anniversary!
• Choose Linux — The show that captures the excitement of discovering Linux.
• Linux 5.0: _kernel_fpu{begin,end} no longer exported — The latest kernels removed the old compatibility headers.
• ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support — So while these symbols are important for SIMD vectorized checksums for ZFS in the name of performance, with Linux 5.0+ they are not going to be exported for use by non-GPL modules. ZFS On Linux developer Tony Hutter has now staged a change that would disable vector instructions on Linux 5.0+ kernels.
• Re: x86/fpu: Don't export __kernel_fpu_{begin,end}() — My tolerance for ZFS is pretty non-existant. Sun explicitly did not want their code to work on Linux, so why would we do extra work to get their code to work properly?
• The future of ZFS in FreeBSD — This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD's ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly so that we might all have a singleshared code base.
• Dephix: Kickoff to The Future — OpenZFS has grown over the last decade, and delivering our application on Linux provides great OpenZFS support while enabling higher velocity adoption of new environments.
• The future of ZFS on Linux [zfs-discuss] — Do you realize that we don’t actually need the symbols that the kernel removed. It All they do is save/restore of register state while turning off/on preemption. Nothing stops us from doing that ourselves. It is possible to implement our own substitutes using code from either Illumos or FreeBSD or even write our own. Honestly, I am beginning to think that my attempt to compromise with mainline gave the wrong impression. I am simply tired of this behavior by them and felt like reaching out to put an end to it. In a few weeks, we will likely be running on Linux 5.0 as if those symbols had never been removed because we will almost certainly have our own substitutes for them. Having to bloat our code because mainline won’t give us access to trivial functionality is annoying, but it is not the end of the world.
• LINUX Unplugged Episode 284: Free as in Get Out
• BSD Now 279: Future of ZFS
• BSD Now 157: ZFS, The “Universal” File-system

Links:

• Jim Salter — Jim Salter (@jrssnet) is an author, public speaker, small business owner, mercenary sysadmin, and father of three—not necessarily in that order. He got his first real taste of open source by running Apache on his very own dedicated FreeBSD 3.1 server back in 1999, and he's been a fierce advocate of FOSS ever since.
• Jim Salter on Twitter
• Dropbox Flaws | TechSNAP | 1
• PSN Breech Details | TechSNAP 3
• 2089 Days Uptime | TechSNAP 300

It’s a busy TechSNAP week.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• HP Inkjet Printers Buffer Overflows in Processing Files Let Remote Users Execute Arbitrary Code
• Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware | The first stop for security news
• How I gained commit access to Homebrew in 30 minutes
• Reconnaissance tool for GitHub organizations
• TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
• BFG Repo-Cleaner by rtyley
• TCP implementations vulnerable to Denial of Service
• SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390]
• Merge branch 'tcp-robust-ooo' · torvalds/linux
• New Sysadmin dealing with stress.
• Microsoft’s undersea data center now has a webcam with fish swimming past 27.6 petabytes of data

Plus the vulnerabilities found in Volkswagen cars, and the lengths a security research went to create the ultimate honeypot laptop.

Special Guest: Allan Jude.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Volkswagen and Audi Cars Vulnerable to Remote Hacking — esearchers also gained access to the IVI system's root account, which they say allowed them access to other car data.
• It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out. — For the last two years, I have carried a “honeypot” laptop with me every time I’ve traveled; this computer was intended to attract (and then detect) tampering.
• chipsec — Platform Security Assessment Framework
• UEFITool — UEFI firmware image viewer and editor
• Haven Project — Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
• Mr S. Delivers on his DO FreeNAS Guide
• OZ Shares a War Story
• Dave's REALLY Close Call...
• Karl Gives us the CTO View on new Hires
• Our Approach to Employee Security Training | PagerDuty — These are both training courses that we developed in-house and delivered ourselves.

Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can.

Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!

Sponsored By:

• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Links:

• Meltdown and Spectre — Meltdown and Spectre exploit critical vulnerabilities in modern processors.
• The Meltdown and Spectre CPU Bugs, Explained
• How we got to Spectre and Meltdown A Timeline My version of the timeline... — My version of the timeline on Spectre Meltdown. This post will be updated! If you want to add/correct something, please comment.
• How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown | TechCrunch — Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available.
• FreeBSD was made aware of Meltdown and Spectre in late December. There's currently no ETA for mitigation. — It looks like Dragonfly BSD has a patch, so hopefully that will be useful for FreeBSD.
• heads up: Fix for intel hardware bug will lead to performance regressions — Upcoming versions of the linux kernel (and apparently also windows and others), will include new feature that apparently has been implemented with haste to work around an intel hardware bug.
• AWS Developer Forums: Degraded performance — Immediately following the reboot my server running on this instance started to suffer from cpu stress.
• Google is pushing Retpoline — With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.
• PCID is now a critical performance/security feature on x86 — On any system that does not currently show "pcid" in the flags line of /proc/cpuinfo, Meltdown is a bigger issue than "install latest updates".
• Spectre & Meltdown vulnerability/mitigation checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
• Microsoft PowerShell Script to check for Meltdown — To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands.
• Why Raspberry Pi isn't vulnerable to Spectre or Meltdown — To help us understand why, here’s a little primer on some concepts in modern processor design.
• macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password — A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
• Major macOS High Sierra Bug Allows Full Admin Access Without Password
• WD My Cloud NAS devices have hard-wired backdoor — Lets anyone log in as user mydlinkBRionyg with the password abc12345cba.
• Question: How could I measure all of these overhead performance hits? — My question: how could I measure all of these overhead performance hits, so I can put in a well educated request to adjust all of these components, so I have a computer that performs near its capacity?
• Perfmon
• Troubleshooting with the Windows Sysinternals Tools
• ProcDump
• Process Monitor - Replaces filemon
• Question: MySQL Replication Woes — The problem is that during some larger deletes on the master, the tables on the slave get locked and the slave lag goes through the roof.. During this time all of my selects that have been sent to the slave are just sitting there and waiting for the table to unlock while the master is just fine.
• Ask Noah 44: Red Hat with Brandon Johnson
• BSD Now 228: The Spectre of Meltdown