A new vulnerability may be the next 'Ping of Death'; we explore the details of SACK Panic and break down what you need to know. Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it's a great time to be a ZFS user. Links: SACK Panic Security Bulletin — Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the Maximum Segment Size (MSS) and TCP Selective...

We explore the risky world of exposed RDP, from the brute force GoldBrute botnet to the dangerously worm-able BlueKeep vulnerability. Plus the importance of automatic updates, and Jim's new backup box. Links: Errata Security: Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) — Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public...

We turn our eye to web server best practices, from the basics of CDNs to the importance of choosing the right multi-processing module. Plus the right way to setup PHP, the trouble with benchmarking, and when to choose NGiNX. Links: Jim's Blog: Installing WordPress on Apache the modern way — It’s been bugging me for a while that there are no correct guides to be found about using modern Apache 2.4 or above with the Event or Worker MPMs. We’re going to go ahead and correct that lapse today,...

We’re back from LinuxFest Northwest with an update on all things WireGuard, some VLAN myth busting, and the trade-offs of highly available systems. Links: TechSNAP Episode 390: What’s Up with WireGuardWireGuard Sent Out Again For Review — WireGuard lead developer Jason Donenfeld has sent out the ninth version of the WireGuard secure network tunnel patches for review. If this review goes well and lands in net-next in the weeks ahead, this long-awaited VPN improvement could make it into the...

We continue our take on ZFS as Jim and Wes dive in to snapshots, replication, and the magic on copy on write. Plus some handy tools to manage your snapshots, rsync war stories, and more! Links: sanoid: Policy-driven snapshot management and replication tools. — Sanoid is a policy-driven snapshot management tool for ZFS filesystems. When combined with the Linux KVM hypervisor, you can use it to make your systems functionally immortal. Syncoid — Sanoid also includes a replication tool,...

Jim and Wes sit down to bust some ZFS myths and share their tips and tricks for getting the most out of the ultimate filesystem. Plus when not to use ZFS, the surprising way your disks are lying to you, and more! Links: ZFS - Ubuntu Wiki — ZFS is a combined file system and logical volume manager designed and implemented by a team at Sun Microsystems led by Jeff Bonwick and Matthew Ahrens.Performance tuning - OpenZFS — Make sure that you create your pools such that the vdevs have the correct...

We break down the ASUS Live Update backdoor and explore why these kinds of supply chain attacks are on the rise. Plus an update from the linux vendor firmware service, your feedback, and more! Links: Joren Verspeurt on Twitter — The explanation you gave for unsupervised wasn't correct, that was just using a net that was trained in a supervised way. Unsupervised learning doesn't involve labels at all. A good example: clustering. You say "there are x clusters" and it learns a way of grouping...

Machine learning promises to change many industries, but with these changes come dangerous new risks. Join Jim and Wes as they explore some of the surprising ways bias can creep in and the serious consequences of ignoring these problems. Links: Microsoft’s neo-Nazi sexbot was a great lesson for makers of AI assistants — What started out as an entertaining social experiment—get regular people to talk to a chatbot so it could learn while they, hopefully, had fun—became a nightmare for Tay’s...

We reveal the shady password practices that are all too common at many utility providers, and hash out why salts are essential to proper password storage. Plus the benefits of passphrases, and what you can do to keep your local providers on the up and up. Links: Plain wrong: Millions of utility customers’ passwords stored in plain text | Ars Technica — In September of 2018, an anonymous independent security researcher (who we'll call X) noticed that their power company's website was...

Join Jim and Wes as they battle bufferbloat, latency spikes, and network hogs with some of their favorite tools for traffic shaping, firewalling, and QoS. Plus the importance of sane defaults and why netdata belongs on every system. Links: Why you want QoS - Netdata Documentation — One of the features the Linux kernel has, but it is rarely used, is its ability to apply QoS on traffic. Even most interesting is that it can apply QoS to both inbound and outbound traffic.FireQOS Wiki — FireQOS...

Jim and Wes are joined by OpenZFS developer Richard Yao to explain why the recent drama over Linux kernel 5.0 is no big deal, and how his fix for the underlying issue might actually make things faster. Plus the nitty-gritty details of vectorized optimizations and kernel preemption, and our thoughts on the future of the relationship between ZFS and Linux. Special Guest: Richard Yao. Links: LinuxFest Northwest 2019 — Join a bunch of JB hosts and community celebrating the 20th anniversary!...

We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt. The history, the clients, and the from-the-field details you'll want to know. Links: Let’s Encrypt and CertBot – JRS SystemsAutomatic Certificate Management Environment (ACME) — The surprisingly readable IETF draft.How It Works - Let's EncryptACME Client ImplementationsCertbot — Certbot is EFF's tool to obtain certs from Let's Encrypt.acme-nginx: python acme client for nginx — A particularly simple client...

Wes and Jim have some great new SNAP in the works, in the meantime Chris stops by to keep you updated and share his favorite "hacker" story of the week.

Wes is joined by a special guest to take a look back on the growth and development of Azure in 2018 and discuss some of its unique strengths. Special Guest: Chad M. Crowell. Links: Under the sea, Microsoft tests a datacenter that’s quick to deploy, could provide internet connectivity for yearsAn Azure Infrastructure Year in ReviewAzure File Sync now generally availableMicrosoft's Newest OS is Based on LinuxAzure SphereWhat is Azure Stack?Azure Outage Proves the Hard Way Availability Zones are...

In a special new year’s episode we take a moment to reflect on the show’s past, its future, and say goodbye to an old friend. Links: Jim Salter — Jim Salter (@jrssnet) is an author, public speaker, small business owner, mercenary sysadmin, and father of three—not necessarily in that order. He got his first real taste of open source by running Apache on his very own dedicated FreeBSD 3.1 server back in 1999, and he's been a fierce advocate of FOSS ever since.Jim Salter on TwitterDropbox Flaws...

A security vulnerability in Kubernetes causes a big stir, but we’ll break it all down and explain what went wrong. Plus the biggest stories out of Kubecon, and serverless gets serious. Links: Everything that was announced at KubeConCNCF to Host etcd — The Cloud Native Computing Foundation Technical Oversight Committee voted to accept etcd as an incubation-level hosted project.Introduction to Knative — Knative is a framework from the folks at Google and Pivotal focused on “serverless” style...

We break down Firecracker Amazon’s new open source kvm powered, virtual machine monitor, and explore what makes it different from the options on the market now. Plus some good news for OpenBGP and the wider internet community, and a handy tool for inspecting docker images. Links: Firecracker – Lightweight Virtualization for Serverless Computing — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and...

WireGuard has a lot of buzz around it and for many good reasons. We’ll explain what WireGuard is specifically, what it can do, and maybe more importantly, what it can’t. Special Guest: Jim Salter. Links: How to easily configure WireGuard — At its core, all WireGuard does is create an interface from one computer to another.Jessie Frazelle's Blog: Installing and Using Wireguard, obviously with containers — What is cool about Wireguard is it integrates into the Linux networking stack.WireGuard...

Wes is joined by special guest Jim Salter to discuss Google's recent BGP outage and the future of HTTP. Plus the latest router botnet, why you should never go full UPnP, and the benefits of building your own home router. Special Guest: Jim Salter. Links: Google goes down after major BGP mishap routes traffic through China — Google lost control of several million of its IP addresses for more than an hour on Monday in an event that intermittently made its search and other services unavailable...

We explain what eBPF is, how it works, and its proud BSD production legacy. eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day. Links: Chris Goes to MeetBSD​Linus Torvalds talks about coming back to work on Linux | ZDNet — BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that...

We bring in Amy Marrich to break down the building blocks of OpenStack. There are nearly an overwhelming number of ways to manage your infrastructure, and we learn about one of the original tools. Plus a few warm up stories, a war story, and more. Links: James Stanley - Someone used my IPFS gateway for phishingScaling Engineering Teams via Writing Things Down and Sharing — I have recently been talking at small and mid-size companies, sharing engineering best practices I see us use at Uber,...

We bring on our Google Cloud expert and explore the fundamentals, demystify some of the magic, and ask what makes Google Cloud different. Plus how Google hopes Roughtime will solve one of the web’s biggest problems, some great emails, and more! Special Guest: Matt Ulasien. Links: Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost — The internet infrastructure firm Cloudflare will now support a free timekeeping protocol known as Roughtime, which helps synchronize the...

Kubernetes expert Will Boyd joins us to explain the top 3 things to know about Kubernetes, when it’s the right tool for the job, and building highly available production grade clusters. Plus the privacy improvements that could be coming to HTTPS, and a new SSH auditing tool hits the open source scene. Special Guest: Will Boyd. Links: Open Sourcing HASSH — HASSH is a network fingerprinting standard invented within the Detection Cloud team at Salesforce.ESNI: A Privacy-Protecting Upgrade to...

Jon the Nice Guy joins Wes to discuss all things IPFS. We'll explore what it does, how it works, and why it might be the best hope for a decentralized internet. Plus, Magecart strikes again, Alpine has package problems, and why you shouldn't trust Western Digital's MyCloud. Special Guest: Jon Spriggs. Links: GovPayNow.com Leaks 14M+ Records — Government Payment Service Inc. has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone...

TechSNAP progenitor and special guest Allan Jude joins us to talk mobile security, hand out some SSH tips and tricks, and discuss why security shaming works so well. Plus, how Mozilla is protecting their GitHub repos, a check-in on Equifax, and some great picks. Special Guest: Allan Jude. Links: Protecting Mozilla’s GitHub Repositories from Malicious ModificationBritish Airways: Suspect code that hacked fliers 'found'A year later, Equifax lost your data but faced little falloutSecurity...