Plus our favorite features from Fedora 32, and why Wes loves DNF.

Links:

• What's new in Fedora 32 Workstation
• Fedora 32 ChangeSet
• Linux distro review: Fedora Workstation 32
• TechSNAP 428: RAID Reality Check
• ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner
• Understanding RAID: How performance scales from one disk to eight
• Find Jim on 2.5 Admins
• Find Wes on LINUX Unplugged
• TechSNAP 1: First episode of TechSNAP (in 2011!)
• TechSNAP 300: End of the Allan and Chris era (2017)
• TechSNAP 301: Enter Dan and Wes
• TechSNAP 347: A Farewell to Dan
• TechSNAP 348: Chris is back!
• TechSNAP 389: Jim's first time as a guest
• TechSNAP 390: Jim's second guest appearance
• TechSNAP 393: Chris says goodbye
• TechSNAP 395: Jim joins the show

Plus Jim's journeys with Clear Linux, and why Ubuntu 18.04.4 is a maintenance release worth talking about.

Links:

• Ubuntu 18.04.4 LTS: here's what's new — It's not as shiny and exciting as entirely new versions, of course, but it does pack in some worthwhile security and bugfix upgrades, as well as support for more and newer hardware.
• 18.04.4 - Ubuntu Wiki
• MobaXterm — Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more.
• Linux distro review: Intel’s own Clear Linux OS — There's not much question that Clear Linux is your best bet if you want to turn in the best possible benchmark numbers. The question not addressed here is, what's it like to run Clear Linux as a daily driver? We were curious, so we took it for a spin.
• Clear Linux* Project — Clear Linux OS is an open source, rolling release Linux distribution optimized for performance and security, from the Cloud to the Edge, designed for customization, and manageability.
• swupd — Documentation for Clear Linux* project
• clr-boot-manager: Kernel & Boot Loader Management
• Cannot compile zfs for 5.5-rc2 · Issue #9745 · zfsonlinux/zfs
• Persistent L2ARC might be coming to ZFS on Linux — The primary ARC is kept in system RAM, but an L2ARC device can be created from one or more fast disks. In a ZFS pool with one or more L2ARC devices, when blocks are evicted from the primary ARC in RAM, they are moved down to L2ARC rather than being thrown away entirely. In the past, this feature has been of limited value, both because indexing a large L2ARC occupies system RAM which could have been better used for primary ARC and because L2ARC was not persistent across reboots.
• Persistent L2ARC by gamanakis · Pull Request #9582 · zfsonlinux/zfs — This feature implements a light-weight persistent L2ARC metadata structure that allows L2ARC contents to be recovered after a reboot. This significantly eases the impact a reboot has on read performance on systems with large caches.
• LINUX Unplugged 303: Stateless and Dateless — We visit Intel to figure out what Clear Linux is all about and explain a few tricks that make it unique.
• LINUX Unplugged Blog: Clear Linux OS 2019
• HAMR don’t hurt ’em: laser-assisted hard drives are coming in 2020 — Although the 2012 "just around the corner" HAMR drives seem to have been mostly vapor, the technology is a reality now. Seagate has been trialing 16TB HAMR drives with select customers for more than a year and claims that the trials have proved that its HAMR drives are "plug and play replacements" for traditional CMR drives, requiring no special care and having no particular poor use cases compared to the drives we're all used to.
• HAMR Milestone: Seagate Achieves 16TB Capacity on Internal HAMR Test Units
• Western Digital debuts 18TB and 20TB near-MAMR disk drives
• Previously on TechSNAP 341: HAMR Time — We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.

Plus the latest Intel speculative execution vulnerability, and Microsoft's troubled history with certificate renewal.

Links:

• Oregon company makes top bid for Microsoft check - CNET
• Microsoft’s failures to renew: Teams, Hotmail, and Hotmail.co.uk | Ars Technica
• Microsoft Teams goes down after Microsoft forgot to renew a certificate - The Verge
• Browser review: Microsoft’s new “Edgium” Chromium-based Edge | Ars Technica
• Linus Torvalds pulled WireGuard VPN into the 5.6 kernel source tree | Ars Technica
• Ubuntu 20.04 LTS Adds WireGuard Support - Phoronix
• Multipath TCP Support Is Working Its Upstream - First Bits Landing With Linux 5.6 - Phoronix
• MultiPath TCP - Linux Kernel implementation
• Upstreaming multipath TCP
• LPC2019 - Multipath TCP Upstreaming - YouTube
• LPC2019 - Multipath TCP Upstreaming - Slides
• LPC2019 - Multipath TCP Upstreaming - Paper
• Using MultiPath TCP to enhance home networks
• Linux 5.6 Crypto Getting AVX/AVX2/AVX-512 Optimized Poly1305
• Poly1305
• CacheOut
• CacheOut Paper
• Intel Responds to ZombieLoad and CacheOut Attacks | Tom's Hardware
• New CacheOut Attack Targets Intel CPUs, Leaks Data From VMs And Secure Enclave

Plus a look back at Apollo-era audio that's still relevant today with the surprising story of the Quindar tones.

Links:

• Critical Vulnerabilities in Microsoft Windows Operating Systems
• Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
• NSA discovers a serious flaw in Windows 10
• Exploiting CVE-2020-0601
• CVE-2020-0601 POC
• NSA Cybersecurity Advisory on CryptoAPI Flaw
• Why can’t I get to the internet on my new OPNsense install?! - Jim's Blog
• OPNsense: a true open source security platform and more
• There's An Actual Name And Reason For Those Beeps You Hear In Recordings Of Astronauts In Space
• Quindar Tones
• Cap'n Crunch Whistle and the Secrets of the Little Blue Box

Plus Debian's continued init system debate, and our frustrations over 5G reporting.

Links:

• 5G Underwhelms in Its First Big Test - WSJ
• How South Korea built 5G, and what it's learning - RCR Wireless News
• After seven months, here’s what South Korea can teach us about 5G - CNA
• South Korea secures 4 million 5G subscribers | ZDNet
• Debian Developers Take To Voting Over Init System Diversity
• Debian GR Results
• General Resolution: Init systems and systemd
• Ringing In 2020 By Clang’ing The Linux 5.5 Kernel - Benchmarks Of GCC vs. Clang Built Kernels
• Using LLVM Clang To Compile The Linux Kernel Is Heating Up Again Thanks To Google
• Building the kernel with Clang - LWN
• ClangBuiltLinux
• Compiling the Linux kernel with LLVM tools (FOSDEM 2019)

Links:

• Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it? — Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.
• UI official: urgent, please answer | Ubiquiti Community
• Update: UniFi Phone Home/Performance Data Collection | Ubiquiti Community
• Possible example data
• Latest firmware with changes
• Microsoft’s Project Silica offers robust thousand-year storage | Ars Technica — Silica aims to replace both tape and optical archival discs as the media of choice for large-scale, (very) long duration cold storage.
• Project Silica
• The Future of Data Storage
• Microsoft Ignite 2019
• Microsoft Edge is coming to Linux. But will anybody use it? | Ars Technica — At Microsoft Ignite a slide announced that Microsoft's project to rebase its perennially unloved Edge browser on Google's open source project Chromium is well underway. Sharper-eyed attendees also noticed a promise for future Linux support.
• Has Microsoft Changed?
• This isn’t your father’s Microsoft

Plus what to expect from USB4 and an upcoming Linux scheduler speed-up for AMD's Epyc CPUs.

Links:

• Google says hackers have put ‘monitoring implants’ in iPhones for years | Technology | The Guardian — Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
• Project Zero: A very deep dive into iOS Exploit chains found in the wild — We discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.
• Project Zero: In-the-wild iOS Exploit Chain 1 — This exploit provides evidence that these exploit chains were likely written contemporaneously with their supported iOS versions; that is, the exploit techniques which were used suggest that this exploit was written around the time of iOS 10. This suggests that this group had a capability against a fully patched iPhone for at least two years.  
• Project Zero: In-the-wild iOS Exploit Chain 3 — It’s difficult to understand how this error could be introduced into a core IPC library that shipped to end users. While errors are common in software development, a serious one like this should have quickly been found by a unit test, code review or even fuzzing.
• Project Zero: JSC Exploits — In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS.
• Project Zero: Implant Teardown — There is no visual indicator on the device that the implant is running. There's no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system. The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds.The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage.
• iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources — Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China.
• Google's Shocking Decision To Ignore A Critical Android Vulnerability In Latest Security Update — Despite immediately acknowledging the vulnerability and confirming in June that it will be fixed, Google had not provided an estimated time frame for the patch.
• Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn | Threatpost — “In the unlikely event an attacker succeeds in exploiting this bug, they would effectively have complete control over the target device,” he told Threatpost. Once an attacker obtains escalated privileges, “it means they could completely take over a device if they can convince a user to install and run their application,”
• Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED — "During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we've recently started refusing some them"
• Linux 5.4 Kernel To Bring Improved Load Balancing On AMD EPYC Servers — The scheduler topology improvement by SUSE's Matt Fleming changes the behavior as currently it turns out for EPYC hardware the kernel has failed to properly load balance across NUMA nodes on different sockets.
• USB4 is coming soon and will (mostly) unify USB and Thunderbolt | Ars Technica — The USB Implementers Forum published the official USB4 protocol specification. If your initial reaction was "oh no, not again," don't worry—the new spec is backward-compatible with USB 2 and USB 3, and it uses the same USB Type-C connectors that modern USB 3 devices do.

Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it's a great time to be a ZFS user.

Links:

• SACK Panic Security Bulletin — Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the Maximum Segment Size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.
• Ubuntu SACK Panic Guidance — You should update your kernel to the versions specified below in the Updates section and reboot. Alternatively, Canonical Livepatch updates will be available to mitigate these two issues without the need to reboot.
• Red Hat SACK Panic Advisory — Red Hat customers running affected versions of these Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the available updates immediately and enable the mitigations as they feel appropriate.   
• RFC 2018 - TCP Selective Acknowledgment Options — TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can only learn about a single lost packet per round trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments may have already been successfully received. A Selective Acknowledgment (SACK) mechanism, combined with a selective repeat retransmission policy, can help to overcome these limitations.
• Ping of Death — In a nutshell, it is possible to crash, reboot or otherwise kill a large number of systems by sending a ping of a certain size from a remote machine.
• Firefox zero-day was used in attack against Coinbase employees, not its users | ZDNet — A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users.
• Mozilla fixes second Firefox zero-day exploited in the wild | ZDNet — Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations.
• RAMBleed — RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key.
• Digging into the new features in OpenZFS post-Linux migration | Ars Technica — One of the most important new features in 0.8 is Native ZFS Encryption. Until now, ZFS users have relied on OS-provided encrypted filesystem layers either above or below ZFS. While this approach does work, it presented difficulties.
• Allan Jude on Twitter — Once the FreeBSDs are upstreamed, everything is changing to 'OpenZFS', including the github organization currently know as 'zfsonlinux'.
• ZFS on Linux Releases
• Linux Academy is hiring!
• Mozilla teases $5-per-month ad-free news subscription — Mozilla has started teasing an ad-free news subscription service, which, for $5 per month, would offer ad-free browsing, audio readouts, and cross-platform syncing of news articles from a number of websites.

Links:

• TechSNAP Episode 390: What’s Up with WireGuard
• WireGuard Sent Out Again For Review — WireGuard lead developer Jason Donenfeld has sent out the ninth version of the WireGuard secure network tunnel patches for review. If this review goes well and lands in net-next in the weeks ahead, this long-awaited VPN improvement could make it into the mainline Linux 5.2 kernel.
• CloudFlare announces Warp VPN — Using Cloudflare’s existing network of servers, Internet users all over the world will be able to connect to Warp VPN through the 1.1.1.1 app. In the same vein, Warp VPN will not significantly increase battery usage by using an efficient protocol called WireGuard.
• CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation - Phoronix — CloudFlare took to creating BoringTun as they wanted a user-space solution as not to have to deal with kernel modules or satisfying certain kernel versions. They also wanted cross platform support and for their chosen implementation to be very fast, these choices which led them to writing a Rust-based solution.
• cloudflare/boringtun — BoringTun is an implementation of the WireGuard® protocol designed for portability and speed.
• VPN protocol WireGuard now has an official macOS app — You can already download the WireGuard app on Android and iOS, but today’s release is all about macOS.
• WireGuard Windows Pre-Alpha — I've been mostly absent these last weeks, due to being completely absorbed in Windows programming. I think we're finally getting to the state where we might really benefit from testing of the "pre-alpha".
• Wintun – Layer 3 TUN Driver for Windows — Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets. It is akin to Linux's /dev/net/tun and BSD's /dev/tun.
• WireGuard for Kubernetes: Introducing Gravitational Wormhole — Wormhole is a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
• gravitational/wormhole: Wireguard based overlay network CNI plugin for kubernetes
• NetworkManager 1.16 — NetworkManager 1.16 is a big feature release bringing support for WireGuard VPN tunnels
• Portal Cloud - Subspace — Subspace is an open source WireGuard® VPN server that supports connecting all of your devices to help secure your internet access.
• subspacecloud/subspace — A simple WireGuard VPN server GUI
• jimsalterjrs/wg-admin — Simple CLI utilities to manage a WireGuard server
• 5 big misconceptions about virtual LANs — In the real world, VLANs are anything but simple.
• High Availability vs. Fault Tolerance vs. Disaster Recovery — You need IT infrastructure that you can count on even when you run into the rare network outage, equipment failure, or power issue. When your systems run into trouble, that’s where one or more of the three primary availability strategies will come into play: high availability, fault tolerance, and/or disaster recovery.
• High Availability: Concepts and Theory — Running server operations using clusters of either physical or virtual computers is all about improving both reliability and performance over and above what you could expect from a single, high-powered server.
• RPO and RTO: Understanding the Differences — Recovery time objective refers to how much time an application can be down without causing significant damage to the business. Recovery point objectives refer to your company’s loss tolerance: the amount of data that can be lost before significant harm to the business occurs.
• JupiterBroadcasting/Talks — Public repository of crew talks, slides, and additional resources.
• Command Line Threat Hunting — That viruses and malware are Windows problems is a misnomer that is often propagated through the Linux community and it's an easy one to believe until you start noticing strange behavior on your system. What do you do next? Join Ell Marquez and Tony Lambert in discussing a common sense approach to threat detection using only command line tools.
• Fear the Man in the Middle? This company wants to sell quantum key distribution — For now, Quantum XChange has only said about a dozen companies are part of the pilot. But with the appetite for quantum solutions in the US increasing—the National Quantum Initiative was just signed into law at the end of 2018 to advance the tech—this could be an opportune time to enter the market, so long as the service lives up to its billing.

Plus when not to use ZFS, the surprising way your disks are lying to you, and more!

Links:

• ZFS - Ubuntu Wiki — ZFS is a combined file system and logical volume manager designed and implemented by a team at Sun Microsystems led by Jeff Bonwick and Matthew Ahrens.
• Performance tuning - OpenZFS — Make sure that you create your pools such that the vdevs have the correct alignment shift for your storage device's size. if dealing with flash media, this is going to be either 12 (4K sectors) or 13 (8K sectors).

Plus an update from the linux vendor firmware service, your feedback, and more!

Links:

• Joren Verspeurt on Twitter — The explanation you gave for unsupervised wasn't correct, that was just using a net that was trained in a supervised way. Unsupervised learning doesn't involve labels at all. A good example: clustering. You say "there are x clusters" and it learns a way of grouping similar items.
• Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers — The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
• Malicious updates for ASUS laptops — A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels.
• Asus Live Update Patch Now Availabile — Asus has emitted a non-spyware-riddled version of Live Update for people to install on its notebooks, which includes extra security features to hopefully detect any future tampering.
• ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups — ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
• The Messy Truth About Infiltrating Computer Supply Chains — The Defense Intelligence Agency believed that China’s capability at exploiting the BIOS “reflects a qualitative leap forward in exploitation that is difficult to detect”
• Inside the Unnerving CCleaner Supply Chain Attack — Security researchers at Cisco Talos and Morphisec made a worst nightmare-type disclosure: the ubiquitous computer cleanup tool CCleaner had been compromised by hackers for more than a month. The software updates users were downloading from CCleaner owner Avast—a security company itself—had been tainted with a malware backdoor. The incident exposed millions of computers and reinforced the threat of so-called digital supply chain attacks, situations where trusted, widely distributed software is actually infected by malicious code.
• ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World — ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component.
• Gaming industry still in the scope of attackers in Asia — Yet again, new supply-chain attacks recently caught the attention of ESET Researchers. This time, two games and one gaming platform application were compromised to include a backdoor.
• Microsoft Security Intelligence Report Volume 24 is now available — Software supply chain attacks are another trend that Microsoft has been tracking for several years. One supply chain tactic used by attackers is to incorporate a compromised component into a legitimate application or update package, which then is distributed to the users via the software. These attacks can be very difficult to detect because they take advantage of the trust that users have in their software vendors. The report includes several examples, including the Dofoil campaign, which illustrates how wide-reaching these types of attacks are and what we are doing to prevent and respond to them.
• Microsoft Security Intelligence Report Volume 24
• Supply Chain Attacks Spiked 78 Percent in 2018
• Supply Chain Security: A Talk by Bunnie Huang — I recently gave an invited talk about supply chain security at BlueHat IL 2019. I was a bit surprised at the level of interest it received, so I thought I’d share it here for people who might have missed it.
• Attack inception: Compromised supply chain within a supply chain poses new risk — The plot twist: The app vendor’s systems were unaffected. The compromise was traceable instead to a second software vendor that hosted additional packages used by the app during installation. This turned out be an interesting and unique case of an attack involving “the supply chain of the supply chain”.
• Supply Chain Attacks and Secure Software Updates — In general, a supply chain attack involves first hacking a trusted third party who provides a product or service to your target, and then using your newly acquired, privileged position to compromise your intended target.
• Bad USB, Very Bad USB — The best defense for this type of attack is to only use devices that do not have reprogrammable firmware. Outside of this, it is important to only use USB drives that you trust completely, because after plugging in an untrusted device, you will never know if there is an invisible threat running on your computer.
• Reflections on Trusting Trust by Ken Thompson
• LVFS Project Announcement - The Linux Foundation — The Linux Foundation welcomes the Linux Vendor Firmware Service (LVFS) as a new project. LVFS is a secure website that allows hardware vendors to upload firmware updates. It’s used by all major Linux distributions to provide metadata for clients, such as fwupdmgr, GNOME Software and KDE Discover.
• LVFS: Vendor Status
• Two new supply-chain attacks come to light in less than a week — Called “Colourama,” the package looked similar to Colorama, which is one of the top-20 most-downloaded legitimate modules in the Python repository. The doppelgänger Colourama package contained most of the legitimate functions of the legitimate module, with one significant difference: Colourama added code that, when run on Windows servers, installed a Visual Basic script.
• Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

Plus the nitty-gritty details of vectorized optimizations and kernel preemption, and our thoughts on the future of the relationship between ZFS and Linux.

Special Guest: Richard Yao.

Links:

• LinuxFest Northwest 2019 — Join a bunch of JB hosts and community celebrating the 20th anniversary!
• Choose Linux — The show that captures the excitement of discovering Linux.
• Linux 5.0: _kernel_fpu{begin,end} no longer exported — The latest kernels removed the old compatibility headers.
• ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support — So while these symbols are important for SIMD vectorized checksums for ZFS in the name of performance, with Linux 5.0+ they are not going to be exported for use by non-GPL modules. ZFS On Linux developer Tony Hutter has now staged a change that would disable vector instructions on Linux 5.0+ kernels.
• Re: x86/fpu: Don't export __kernel_fpu_{begin,end}() — My tolerance for ZFS is pretty non-existant. Sun explicitly did not want their code to work on Linux, so why would we do extra work to get their code to work properly?
• The future of ZFS in FreeBSD — This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD's ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly so that we might all have a singleshared code base.
• Dephix: Kickoff to The Future — OpenZFS has grown over the last decade, and delivering our application on Linux provides great OpenZFS support while enabling higher velocity adoption of new environments.
• The future of ZFS on Linux [zfs-discuss] — Do you realize that we don’t actually need the symbols that the kernel removed. It All they do is save/restore of register state while turning off/on preemption. Nothing stops us from doing that ourselves. It is possible to implement our own substitutes using code from either Illumos or FreeBSD or even write our own. Honestly, I am beginning to think that my attempt to compromise with mainline gave the wrong impression. I am simply tired of this behavior by them and felt like reaching out to put an end to it. In a few weeks, we will likely be running on Linux 5.0 as if those symbols had never been removed because we will almost certainly have our own substitutes for them. Having to bloat our code because mainline won’t give us access to trivial functionality is annoying, but it is not the end of the world.
• LINUX Unplugged Episode 284: Free as in Get Out
• BSD Now 279: Future of ZFS
• BSD Now 157: ZFS, The “Universal” File-system

Special Guest: Chad M. Crowell.

Links:

• Under the sea, Microsoft tests a datacenter that’s quick to deploy, could provide internet connectivity for years
• An Azure Infrastructure Year in Review
• Azure File Sync now generally available
• Microsoft's Newest OS is Based on Linux
• Azure Sphere
• What is Azure Stack?
• Azure Outage Proves the Hard Way Availability Zones are a Good Idea
• Microsoft Azure Infrastructure and Deployment on Linux Academy — In this course, we will cover an introduction to the Azure portal, followed by how to build infrastructure and deploy that infrastructure in real world scenarios.
• Chad Crowell on Twitter

Special Guest: Jim Salter.

Links:

• How to easily configure WireGuard — At its core, all WireGuard does is create an interface from one computer to another.
• Jessie Frazelle's Blog: Installing and Using Wireguard, obviously with containers — What is cool about Wireguard is it integrates into the Linux networking stack.
• WireGuard Didn't Make it To The Mainline Linux Kernel This Cycle — The code continues to be improved upon but looks like it came up just short of making it into this current development cycle.
• WireGuard VPN review: A new type of VPN offers serious advantages — Fewer lines of code, simpler setup, and better algorithms make a strong case.
• The Current Status of WireGuard VPNs - Are We There Yet?
• Using a free VPN? Why not skip the middleman and just send your data to President Xi?
• Feedback from Cody
• NRE Labs — NRE Labs is a no-strings-attached, community-centered initiative to bring the skills of automation within reach for everyone
• Introduction to Antidote — Antidote is an open-source project aimed at making automated network operations more accessible with fast, easy and fun learning.
• StackStorm — From simple if/then rules to complicated workflows, StackStorm lets you automate DevOps your way.
• wireguard-private-networking: Build your own multi server private network using wireguard and ansible
• Algo: Set up a personal IPSEC or WireGuard VPN in the cloud

eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.

Links:

• Chris Goes to MeetBSD
• ​Linus Torvalds talks about coming back to work on Linux | ZDNet — BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for.
• The Kernel Report - Jonathan Corbet
• BPF - the forgotten bytecode — All this changed in 1993 when Steven McCanne and Van Jacobson published the paper introducing a better way of filtering packets in the kernel, they called it "The BSD Packet Filter" (BPF)
• The BSD Packet Filter
• eBPF: Past, Present, and Future — The Extended Berkeley Packet Filter, or eBPF, has rapidly been adopted into a number of Linux kernel systems since its introduction into the Linux kernel in late 2014. Understanding eBPF, however, can be difficult as many try to explain it via a use of eBPF as opposed to its design. Indeed eBPF's name indicates that it is for packet filtering even though it now has uses which have nothing to do with networking.
• Using eBPF in Kubernetes — Cilium is a networking project that makes heavy use of eBPF superpowers to route and filter network traffic for container-based systems. By using eBPF, Cilium can dynamically generate and apply rules—even at the device level with XDP—without making changes to the Linux kernel itself
• Why is the kernel community replacing iptables with BPF? — The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.
• bpftrace (DTrace 2.0) for Linux 2018 — Created by Alastair Robertson, bpftrace is an open source high-level tracing front-end that lets you analyze systems in custom ways. It's shaping up to be a DTrace version 2.0: more capable, and built from the ground up for the modern era of the eBPF virtual machine.
• The bpftrace One-Liner Tutorial
• BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.
• Linux eBPF Tracing Tools — This page shows examples of performance analysis tools using enhancements to BPF (Berkeley Packet Filter) which were added to the Linux 4.x series kernels, allowing BPF to do much more than just filtering packets. These enhancements allow custom analysis programs to be executed on Linux dynamic tracing, static tracing, and profiling events.
• eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor
• Ultimate Plumber — Ultimate Plumber is a tool for writing Linux pipes with instant live preview
• BSD Now 073: Pipe Dreams — Interview w/ David Maxwell about Pipecut, text processing, and commandline wizardry.

Plus the latest vulnerabilities in Wireshark and OpenSSH, the new forensic hotness from Netflix, and some great introductions to cryptography.

Special Guest: Martin Wimpress.

Links:

• I’m teaching email security to Democratic campaigns. It’s as bad as 2016.
• Botched CIA Communications System Helped Blow Cover of Chinese Agents
• NSA-Designed Speck Algorithm to Be Removed From Linux 4.20
• Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades
• Wireshark can be crashed via malicious packet trace files
• Service provider story about tracking down TCP RSTs
• The case of the 500-mile email
• Diffy: A cloud-centric triage tool for digital forensics and incident response
• An intensive introduction to Cryptography
• The Manga Guide to Cryptography | No Starch Press

It’s a busy TechSNAP week.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• HP Inkjet Printers Buffer Overflows in Processing Files Let Remote Users Execute Arbitrary Code
• Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware | The first stop for security news
• How I gained commit access to Homebrew in 30 minutes
• Reconnaissance tool for GitHub organizations
• TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
• BFG Repo-Cleaner by rtyley
• TCP implementations vulnerable to Denial of Service
• SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390]
• Merge branch 'tcp-robust-ooo' · torvalds/linux
• New Sysadmin dealing with stress.
• Microsoft’s undersea data center now has a webcam with fish swimming past 27.6 petabytes of data

Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.

Sponsored By:

• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Links:

• The Market for Stolen Account Credentials — But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.
• Hackers shut down plant by targeting its safety system — FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place.
• FireEye Report on TRITON — We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.
• ROBOT Attack: 19-Year-Old Bleichenbacher Attack — Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.
• The ROBOT Attack - Offical Site
• Robot-detect: Detection script for the ROBOT vulnerability — Tool to detect the ROBOT attack (Return of Bleichenbacher's Oracle Threat).
• WannaCry: End of Year Retrospective — Since our Vantage team sinkholed and subsequently nullified the WannaCry attack on May 12th, 2017, we have been monitoring and maintaining the domain known as the WannaCry killswitch.
• Why NSA spied on inexplicably unencrypted Windows crash reports — And, according to slides published this weekend by Der Spiegel, this information also includes crash reports from Microsoft's Windows Error Reporting facility built in to Windows.
• Network namespaces — As the name would imply, network namespaces partition the use of the network—devices, addresses, ports, routes, firewall rules, etc.—into separate boxes, essentially virtualizing the network within a single running kernel instance.
• namespaces - Linux manual page — A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes. One use of namespaces is to implement containers.
• Network Namespaces » ADMIN Magazine — With network namespaces, you can virtualize network devices, IPv4 and IPv6 protocol stacks, routing tables, ARP tables, and firewalls separately, as well as /proc/net, /sys/class/net/, QoS policies, port numbers, and sockets in such a way that individual applications can find a particular network setup without the use of containers.
• How to Get the Network Namespace Associated With a Socket
• Network devices as virtual Ethernet devices — Virtualize network devices as virtual Ethernet devices by configuring direct MacVTap connections or virtual switches.
• Testing network software with pytest and Linux namespaces
• Implementation of IEEE 802.1ab (LLDP) — LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.
• WireGuard Routing & Network Namespaces — This allows for some very cool properties. Namely, you can create the WireGuard interface in one namespace (A), move it to another (B), and have cleartext packets sent from namespace B get sent encrypted through a UDP socket in namespace A.
• VRF for Linux — The concept of VRF was first introduced around 1999 for L3 VPNs, but it has become a fundamental feature for a networking OS. VRF provides traffic isolation at layer 3 for routing, similar to how you use a VLAN to isolate traffic at layer 2. Think multiple routing tables.
• linux/vrf.txt at master · torvalds/linux · GitHub
• Using VRFs with linux
• Feedback - DHCPDECLINE over and over again
• DHCP Snooping - Cisco
• Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites — In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store.