Plus our favorite features from Fedora 32, and why Wes loves DNF.

Links:

• What's new in Fedora 32 Workstation
• Fedora 32 ChangeSet
• Linux distro review: Fedora Workstation 32
• TechSNAP 428: RAID Reality Check
• ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner
• Understanding RAID: How performance scales from one disk to eight
• Find Jim on 2.5 Admins
• Find Wes on LINUX Unplugged
• TechSNAP 1: First episode of TechSNAP (in 2011!)
• TechSNAP 300: End of the Allan and Chris era (2017)
• TechSNAP 301: Enter Dan and Wes
• TechSNAP 347: A Farewell to Dan
• TechSNAP 348: Chris is back!
• TechSNAP 389: Jim's first time as a guest
• TechSNAP 390: Jim's second guest appearance
• TechSNAP 393: Chris says goodbye
• TechSNAP 395: Jim joins the show

Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Plus so-so SSD security, and a new wireless protocol that works best where the Wi-Fi sucks.

Links:

• “Where the Wi-Fi sucks” is where a new wireless protocol does its magic
• Ubiquiti’s new “Amplifi Alien” is a mesh-capable Wi-Fi 6 router
• Self-encrypting deception: weaknesses in the encryption of solid state drives
• Securely erase a solid-state drive
• Solid state drive/Memory cell clearing - ArchWiki
• The Deep Learning Revolution and Its Implications for Computer Architecture and Chip Design
• Intel Core i9-10980XE—a step forward for AI, a step back for everything else
• How to recognize AI snake oil

Plus the importance of automatic updates, and Jim's new backup box.

Links:

• Errata Security: Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) — Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug.
• Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708) | ZDNet — "[The] NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
• Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) – MSRC — This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017
• BlueKeep - everyone agrees, you should patch PCs running legacy versions of Windows — I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.
• CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability — Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received any security updates to protect their systems from CVE-2019-0708, which is a critical remote code execution vulnerability.
• Forget BlueKeep: Beware the GoldBrute | Threatpost — In the past few days, GoldBrute (named after the Java class it uses) has attempted to brute-force Remote Desktop Protocol (RDP) connections for 1.5 million Windows systems and counting, according to Morphus Labs chief research officer Renato Marinho. The botnet is actively scanning the internet for machines with RDP exposed, and trying out weak or reused passwords to see if it can gain access to the systems.
• The GoldBrute botnet — The latest round of bad news emerged last week when Morphus Labs’ researcher Renato Marinho announced the discovery of an aggressive brute force campaign against 1.5 million RDP servers by a botnet called ‘GoldBrute’.
• Ubuntu Automatic Updates — The unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates.
• AutoUpdates - Fedora Project Wiki — You must decide whether to use automatic DNF or YUM updates on each of your machines.
• It's time to block Windows Automatic Updating | Computerworld — Those of you who feel it’s important to install Windows and Office patches the moment they come out – I salute you. The Windows world needs more cannon fodder.
• Windows 10's Ugly Updates Just Got Uglier. Here's How To Stay Safe by Disabling Automatic Updates — Stay safe by disabling automatic updates? How is that possible? As a general rule of thumb, I’d never recommend disabling updates because security patches are essential. But the situation with Windows 10 has become intolerable. Microsoft continues to fail and continues to release update after update that they know, or should know, has serious problems.
• Jim's New Rig — I build, sell, and manage much bigger and meaner systems than this all the time. But this one's MINE! 12 hot swap bays, Ryzen 7 2700 w/ ECC RAM, quiet enough to share an office with, and the trays can take either HDD or SSD with no adapter needed.