Tag Archives: flash

All About Backblaze’s USB Hard Drive Restore

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/usb-hard-drive-restore/

When you use Backblaze Computer Backup to back up your data to Backblaze it is first encrypted on your PC or Mac, transmitted using encryption, and stored encrypted in the Backblaze cloud. When the time comes for you to restore those files you may decide you don’t want to do that online. After all, it could take a while to download the hundreds of gigabytes of data you have stored with Backblaze. That’s why we offer the ability to securely restore your data using a USB hard drive or USB flash drive instead. Here’s more about the service and how to use it.

Restore By Mail

Backblaze offers the Restore By Mail service for any customer who wants to restore their files by using a USB drive. For restores up to 110 GB we offer a USB flash drive. For larger restores up to 3.5 TB we offer a USB-based hard disk drive instead (we’re currently using WD My Passport Ultra drives). The flash drive costs $99; the hard drive costs $189. Both prices include shipping and handling. You select which method you’d like to use (web, USB hard drive or USB flash drive) at the beginning of the restore process.

We send the drive to you by FedEx. You restore the files at your convenience. What’s more, our Restore Return Refund service saves you money. After your restore is done, send the drive back to us within 30 days. We refund your purchase price in full. We’re not interested in turning hard drive restores into a big profit center. We just want to make it as convenient as possible for you to get your files.

Secure In Transit

Your files are safe even though we’re sending them via a delivery service. If the drive gets intercepted en route, whoever got it can’t to do anything with it. That’s because we encrypt the data on the USB drive before we send it to you. We take the safety and security of your data very seriously at Backblaze.

You’re given a Drive Unlock Code when you order a USB drive from us. View the code by logging into your account page on the Backblaze Web site. Without that Drive Unlock Code, no one can access the data on your drive.

Hard drive encryption used to be optional. A while back we made it the standard operating procedure for any USB flash drive or USB hard drive we send out the door.

How To Restore Your Files Using A USB Hard Drive

Here is a step-by-step guide to recovering your data once you have received your USB hard drive from Backblaze:

  1. To access your data, you will need your personalized drive unlock code. After logging into Backblaze, the drive unlock code can be found on the bottom right of the My Restores page.My Restores
  2. Next, remove the WD My Passport Ultra hard drive from the box and connect it to your computer via the accompanying cable.
  3. Once the hard drive is connected, you will be prompted to enter the unlock code. Copy and paste your drive unlock code from step one into the password field.Unlock My Passport
  4. Now the hard drive will be unlocked and fully accessible to you. You can retrieve all your restored files.

You can send back the USB Hard Drive to us within 30 days, and we’ll refund your purchase price: $189.00 for USB hard drive or $99.00 for USB flash drives. Of course you can keep the USB drive and we’ll keep your money and that’s OK too. We just want to make sure you can get your data back as quickly, conveniently, and securely as possible.

The post All About Backblaze’s USB Hard Drive Restore appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Internet-enable your microcontroller projects for under $6 with ESP8266 (Opensource.com)

Post Syndicated from ris original https://lwn.net/Articles/715174/rss

David Egts takes
a look
at the ESP8266 Wi-Fi chip, on Opensource.com. “What is
the ESP8266 exactly? The ESP8266 is a 32-bit RISC CPU made by Espressif Systems. Its clock runs at
80MHz, and it supports up to 16MB of flash RAM for program storage. These
specifications are quite impressive when compared to an Arduino UNO, which
runs at 16MHz, only has 32KB of RAM, and is several times more
expensive. Another big difference is that the ESP8266 requires only 3.3
volts of power while most Arduinos require 5 volts. Keep this voltage
difference in mind when extending your existing Arduino knowledge and
projects to the ESP8266 to prevent magic smoke.

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/715160/rss

CentOS has updated openssl (C7; C6: two vulnerabilities).

Debian-LTS has updated gtk-vnc (two vulnerabilities).

Fedora has updated kernel (F25; F24: two
vulnerabilities), mingw-gstreamer1 (F25:
denial of service), mingw-gstreamer1-plugins-bad-free (F25: two
vulnerabilities), mingw-gstreamer1-plugins-base (F25: multiple
vulnerabilities), mingw-gstreamer1-plugins-good (F25: multiple
vulnerabilities), mingw-wavpack (F25; F24:
multiple vulnerabilities), and xen (F25: denial of service).

Gentoo has updated adobe-flash
(multiple vulnerabilities), dropbear
(multiple vulnerabilities), firefox
(multiple vulnerabilities), libass
(multiple vulnerabilities), libvncserver
(two vulnerabilities), mariadb (multiple
vulnerabilities), mysql (multiple
vulnerabilities), nagios-core (multiple
vulnerabilities, one from 2008), ocaml
(information leak), opus (code execution),
php (multiple vulnerabilities), pycrypto (denial of service), qemu (multiple vulnerabilities), redis (three vulnerabilities), tcpdump (multiple vulnerabilities), thunderbird (multiple vulnerabilities), tigervnc (code execution), and xen (code execution).

Mageia has updated ruby-archive-tar-minitar (file overwrites).

openSUSE has updated libplist
(42.1: multiple vulnerabilities) and nodejs
(42.1: three vulnerabilities).

Oracle has updated openssl (OL7; OL6: two vulnerabilities).

SUSE has updated flash-player
(SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated gtk-vnc
(14.04, 12.04: two vulnerabilities), spice
(16.10, 16.04, 14.04: two vulnerabilities), and tomcat6, tomcat7 (14.04, 12.04: denial of service).

Cassette deck in an old Ferrari, Pi-fied

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/cassette-deck-in-an-old-ferrari-pi-fied/

Here’s one for the classic car enthusiasts and audiophiles in the room. Matthew Leigh (Managing Director of Infomagnet by day, skilled maker by night) took the aged cassette deck from an old Ferarri, and brought it into 2017 with the help of a Raspberry Pi.

Raspberry Pi Ferarri

He used a HiFiBerry DAC alongside a Raspberry Pi 3 to allow the playback of digital music through the sound system of the car. The best part? It all fits neatly into the existing tape deck.

Raspberry Pi FerarriMatthew was also able to integrate the tech with the existing function buttons, allowing him to use the original fast-forward, rewind, pause and play controls.

Raspberry Pi Ferrari

The USB ports are accessible via the cassette door, allowing users to insert flash drives loaded with music. As always, the Raspberry Pi 3 is also accessible via WiFi, providing further connectivity and functionality. A network-connected tablet acts as a media centre screen.

Raspberry Pi Ferarri

The build could be taken further. The Amazon Alexa Voice Service, connected to a 4G dongle or phone, could update the driver with traffic issues, breaking news, or weather reports. In fact, we’ve seen so many ‘carputer’ builds, we’re convinced that there’s no end to the vehicular uses for a hidden Raspberry Pi.

Have you built a carputer? Or maybe hidden a Raspberry Pi in an old piece of tech, or an unexpected location? Let us know in the comments below.

The post Cassette deck in an old Ferrari, Pi-fied appeared first on Raspberry Pi.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/714848/rss

Arch Linux has updated diffoscope
(file overwrite), flashplugin (multiple vulnerabilities), and lib32-flashplugin (multiple vulnerabilities).

Debian has updated spice (two vulnerabilities).

Debian-LTS has updated spice (two
vulnerabilities).

Gentoo has updated imagemagick (multiple vulnerabilities).

openSUSE has updated expat (42.2,
42.1: two vulnerabilities, one from 2012), guile (42.2, 42.1: information disclosure), libgit2 (42.2: multiple vulnerabilities), mariadb (42.2, 42.1: multiple vulnerabilities), mysql-community-server (42.1: multiple vulnerabilities),
openssl (42.2; 42.1: multiple vulnerabilities), and postfixadmin (42.2, 42.1: security bypass).

SUSE has updated java-1_7_0-openjdk (SLE12: multiple vulnerabilities).

Ubuntu has updated bind9 (denial
of service), python-crypto (16.10, 16.04,
14.04: code execution), and webkit2gtk
(16.10, 16.04: multiple vulnerabilities).

Wednesday’s security updates

Post Syndicated from ris original https://lwn.net/Articles/714580/rss

CentOS has updated bind (C7: denial of service).

Debian has updated libevent (three vulnerabilities).

Debian-LTS has updated libevent (three vulnerabilities).

Fedora has updated lynx (F25:
invalid URL parsing) and xen (F25: multiple vulnerabilities).

Oracle has updated bind (OL7: denial of service).

Red Hat has updated bind (RHEL7:
denial of service), flash-plugin (RHEL6:
multiple vulnerabilities), and kernel
(RHEL7.1: code execution).

Scientific Linux has updated bind
(SL7: denial of service).

SUSE has updated java-1_8_0-ibm
(SLE12-SP1,2: multiple vulnerabilities) and kernel (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated php5 (14.04,
12.04: multiple vulnerabilities).

Four Ways Groups Makes Business Backups Easy

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/four-ways-groups-makes-business-backups-easy/

We recently introduced the new Backblaze for Business featuring Groups. If backup management for your business is part of your job description, Groups can make your work a lot easier.

What is a Group? Groups centrally manage billing by an administrator. Admins can also (optionally) keep track of the Group member’s backup statuses, B2 Cloud Storage usage, and any alerts that members may have on their Backblaze accounts.

Here are some tips on getting the most out of Groups as part of your business backup strategy. If you’re a home user interested in setting up a Group of your own, we have some tips for you too.

1. Consolidate Your Billing

If your users already have Backblaze accounts, Groups lets you gather those accounts under common one billing umbrella. That way you don’t have to manage multiple transactions. You can buy licenses as you need them.

You can create as many Groups as you need, so you can adopt whatever organizational model makes the most sense: By department, for example, or by business unit, or by geographical location. The choice is yours.

By the way, the billing will change but the backup won’t: Users in your new Group don’t have to reupload their backups. What’s more, being in a Group is voluntary — they can leave (or you can reassign or remove them) at any point.

Member management for your Group is flexible. You can email invitations to members. Or provide them with a unique invitation link generated by Backblaze and send it by instant message or any other medium you prefer. You can even configure your Group to accept anyone from a specific domain. There’s an option to auto-accept anyone with a valid invitation link. We leave it to you to figure out what’s best for you and your members.

Groups doesn’t change your members’ backup process. If they’re already using Backblaze, they don’t need to reupload their backup and restart. All that changes is how the account is billed, and optionally, whether you’re able to centrally manage their backups and restores. Let’s take a look at what that means.

2. Centralize Your Backup Management

Your CEO is about to present to investors when he realizes he’s deleted his presentation. With a managed Group, you can help. Just login to Backblaze, access his backup and create a ZIP-compressed restore file to get him what he needs in a few minutes. It doesn’t matter where he is or where you are. Everything is managed through the Backblaze web interface, or through our easy to use mobile app.

Group management is optional — you specify whether you want to manage the Group when you first set it up. Administrators in managed Groups can browse backup data on individual user accounts, create restores for them, and update account information for users.

Logging in and out of multiple Backblaze accounts to handle restores or other account issues? Or worse, using a single account with a shared login and password? Groups helps to fix those problems. You, as the administrator, have access to the restore data and account information you need, and your Group members continue to have unfettered access to their backups as well.

It’s worth noting that managed Groups are “opt-in.” Group members acknowledge the administrator’s rights to access backup and account data when they join a Managed Group.

3. Use Affordable, Reliable Backup

Backblaze For Business is priced at $50 per year, per computer. That’s our unlimited backup service, with no caps and no throttling. You can backup as many members as you need at a predictable budget that’s not going to surprise or shock you when there are lots of backups or recoveries.

We can even send the data right to your door to make large restores go more smoothly. Our Restore Return Refund program sends a Flash drive or 4TB hard drive by FedEx. The data on that drive is encrypted, so it arrives safe and sound. Your Group member can use it as a local backup drive or for additional storage, but if you return the drive to us within 30 days, we’ll refund the price in full.

4. Use B2 Cloud Storage for NAS Backups and More

Have Network Attached Storage (NAS) devices that need offsite backup? If so, we offer B2 Cloud Storage. B2 integrates with Synology, CloudBerry and other software. B2 Cloud Storage is priced at a fraction of the rate of other cloud storage services – for example, B2 is one-quarter the price of Amazon S3.

We publish an API for B2 that you can use in your own tools. You can also use B2 from a command line interface. The web interface is very powerful and easy to use, as well.

B2 is fully integrated into our Business Backup platform. You can give your Group members access to B2 if they need inexpensive, reliable cloud storage. It’s for more than just NAS or server backups — use B2 Cloud Storage however you might need it.

Be More Productive With Groups

Backing up your users’ most important business data is a vital part of your job, but it shouldn’t have to be the entirety of your job. With Groups, you can organize your business backups more easily. Centrally manage billing, backups, restores and handle member account changes. Groups make it possible for you to do more for your users in less time. Start improving your productivity with Groups today!

If you’re already a Backblaze for Business customer and would like to enable the new Groups functionality for yourself and your users, please take a look at our Migrating Your Existing Backblaze for Business FAQ.

The post Four Ways Groups Makes Business Backups Easy appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Troubleshooting Tips for SSDs

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/ssd-troubleshooting/

Need help troubleshooting a problematic SSD (Solid State Drive)? Here’s a list of problems SSD users commonly run into, along with some suggestions on how to fix them.

SSD Failure

Let’s go over some of the warning signs of a potential SSD failure. Any of these could be indications that an SSD is on its way out.

  • Files can’t be read from or written to the drive.
  • The computer runs excessively slow.
  • The computer won’t boot, you get a flashing question mark (on Mac) or “No boot device” error (on Windows).
  • Frequent Blue Screen of Death/Black Screen of Death errors.
  • Apps freeze or crash.
  • Your drive becomes read-only.

Troubleshooting Your Solid State Drive

The following issues can explain some of these failures, so feel free to use this as a troubleshooting guide to help isolate and correct the problem.

Hardware Issues

Let’s start with the basics: Turn the computer off then turn it back on again. If you can directly observe the SSD (if, for example, it’s a replacement for a spinning hard drive), look for any sign of activity, such as a data transfer or power LED. If the SSD is powering up, the problem may be with a software misconfiguration or a setup issue. Let’s assume for the moment that there’s no sign of activity. What should you do next?

Power down the computer and unplug it. If it’s a laptop, remove the battery if possible. An SSD replacement for a spinning hard drive uses the same physical connections for data and power. Check those cables to make sure they’re in place.

Also consider peripheral connections. Have problems cropped up since installing a new external device? It’s possible an external device might be contributing to the issue, so remove any peripheral that isn’t necessary to the computer’s basic operation and see if that fixes the problem.

Software and File System Issues

It may not be the hardware to blame at all – instead, a rogue app may be to blame. To troubleshoot, restart the computer in Safe Mode and see if the problems continue. Safe Mode operates with minimal drivers, and can be a useful way to see if software is making your computer malfunction.

To enable Safe Mode on the Mac
Restart holding down either Shift key on the keyboard.
To enable Safe Mode on a Windows PC
Press F4 while starting the computer.

Make sure the core operating system, mission-critical software and drivers are up to date. Run your computer’s built-in system software update tools. That’s done through the Mac App Store on Mac computers, or through Windows Update on Windows PCs.

File system damage or corruption can also contribute to storage system instability. Run your favorite disk utility software to assess the health of the file system installed on that SSD and see if it picks up any problems that need to be addressed.

The third piece of the software puzzle is the operating system itself. You can try reinstalling the OS through its built-in restore and recovery tools to see if that fixes your SSD instability.

SMART Failures

SMART stands for Self-Monitoring, Analysis and Reporting Technology; It’s self-diagnosis technology built into hard drives and SSDs which can be used to identify potential problems. SMART status is reported by SSDs as well. That information can be collected by disk utilities and operating systems, which will report SMART issues when they arise.

Just like with spinning hard drives, having an SSD throw a SMART failure isn’t a surefire indication that it’s about to die. It’s all about understanding which particular error is being reported and what that means. For example, has the drive simply exceeded a threshold operational value? Is it a consistently repeatable problem?

Reading and interpreting SMART status information from a drive can be tricky, because the information reported from one device to another varies. How various disk utilities interpret that information is also important. Regardless, repeated warnings certainly merit further analysis.

Find out more about how Backblaze uses SMART stats to troubleshoot the tens of thousands of hard drives we use our own Storage Pods in this analysis.

Out of date SSD firmware or motherboard BIOS

Cursor freezing? Getting the Blue Screen of Death on Windows, or the Black Screen of Death on the Mac? It’s possible the SSD is acting up because its firmware is out of date. Firmware problems on SSDs often mimic outright hardware failures.

If you’ve installed a third-party SSD in your computer, check with the SSD maker to make sure your firmware is up to date. Intel, Samsung, SanDisk and others make updater apps available for download from their web site. Apple distributes firmware updates to its own factory-installed SSDs through the Mac App Store, but check with individual SSD makers if you’ve upgraded your Mac with an aftermarket model. If an update is available, make sure to install it, restart your computer, and see if that fixes the problem.

While you’re at it, if you’re troubleshooting a PC with an SSD, make sure its main logic board BIOS or EFI firmware is up to date. There’s no one-size-fits-all method for checking, so follow the manufacturer’s instructions. And proceed with extreme caution. Applying the wrong BIOS firmware or doing it incorrectly can brick your computer.

Call In The Calvary

If these tips haven’t helped you diagnose or solve your SSD issues, don’t panic. The next step is to have someone else take a look. Bring your computer to a technician or service you trust and have them try to troubleshoot the problem. With the growth in solid state drives over the past few years finding an experienced tech to help you shouldn’t be a problem.

If you’re interested in upgrading oyur computer with an SSD, read this SSD Upgrade Guide for more details.

The post Troubleshooting Tips for SSDs appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

UK Police Threats Fail to ‘Impress’ Pirate Site Operator

Post Syndicated from Ernesto original https://torrentfreak.com/uk-police-threats-fail-to-impress-pirate-site-operator-170121/

city-pipcuFor most police departments, online piracy has no priority, but in recent years City of London Police have made copyright infringement one of their main targets.

In September 2013, the Police Intellectual Property Crime Unit (PIPCU) was founded, marking the start of a broad enforcement campaign to decrease traffic to online pirate sites.

To achieve this goal PIPCU has targeted hosting services, advertisers and payment processors, asking them to cut ties with allegedly infringing sites. In addition, police also sent out warning letters to pirate site owners directly, asking them to go legit or shut down.

In recent years, hundreds of sites have been approached. This week it appears that another batch of letters was sent out which, compared to earlier versions, are extended with added references to UK legislation and increased threats.

One of the websites that was targeted is DNJ.to (DailyNewJams), a music portal that allows users to stream and download a wide variety of tracks.

In their letter, PIPCU accuses the site of facilitating copyright infringement. They state that the operator may be liable to prosecution for conspiracy to defraud, offences under the Fraud Act, the Copyright, Design & Patents Act, as well as the Serious Crime Act.

“Should a conviction be brought for the above offences, UK courts may impose sentences of imprisonment and/or fines,” the letter reads, adding that “PIPCU has criminal and civil powers in UK law to seize money, belongings and any property in connection with these offences.”

Part of PIPCU’s recent letter

pipcu2017

The new letter, which comes in the form of a flashy PDF, also references a recent ruling from the European Court of Justice, which clarified that knowingly linking to infringing material for profit is against the law.

PIPCU suggests that DNJ.to is making copyright-infringing material available with a profit motive, and urges the site to stop doing so. If no action is taken in a few weeks, they may become subject to various enforcement efforts.

“If no contact is made before 3rd February 2017, then you and/or the DNJ.TO website may face further police action. This may include steps to disrupt revenue made from advertisements and/or payment services; alongside internet infrastructure disruption,” PIPCU writes.

TorrentFreak spoke to one of the people behind DNJ.to, who doesn’t appear to be impressed by the threatening language. Since the site has no direct ties with the UK, they plan to disregard the letter.

“They accuse us of breaking the UK Law but we have no relation to the UK nor do any of us live there. We don’t even try to actively drive UK traffic to the blog. In fact we completely don’t care about the UK,” DNJ.to’s operator says.

The various enforcement threats also fail to make an impact. While PIPCU had some success in convincing advertising networks to ban ‘pirate’ sites, there are many lined up who are still eager to take the traffic.

Similarly, there are also plenty of webhosting providers who are more than happy to service these type of sites as long as they pay, despite the enforcement efforts from PIPCU and others.

“It’s not like they haven’t already been trying this for years. Is it working? Nope, its not. Did they ever take a look how many new advertising companies are opening every month? They would be happy if PIPCU would close some of the big [advertising networks].

“We get like five advertising offers a week from ad networks who beg us to join them. There are tons of hosting providers who absolutely don’t care about so-called ‘copyright infringement’,” DNJ.to’s operator adds.

Of course, this doesn’t mean that the letters are entirely useless.

It’s certainly possible that some smaller sites that will fold when facing PIPCU’s strong language. However, it’s clear that DNJ.to plans to keep its site running as usual.

A full copy of PIPCU’s letter is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The command-line, for cybersec

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/01/the-command-line-for-cybersec.html

On Twitter I made the mistake of asking people about command-line basics for cybersec professionals. A got a lot of useful responses, which I summarize in this long (5k words) post. It’s mostly driven by the tools I use, with a bit of input from the tweets I got in response to my query.

bash

By command-line this document really means bash.

There are many types of command-line shells. Windows has two, ‘cmd.exe’ and ‘PowerShell’. Unix started with the Bourne shell ‘sh’, and there have been many variations of this over the years, ‘csh’, ‘ksh’, ‘zsh’, ‘tcsh’, etc. When GNU rewrote Unix user-mode software independently, they called their shell “Bourne Again Shell” or “bash” (queue “JSON Bourne” shell jokes here).

Bash is the default shell for Linux and macOS. It’s also available on Windows, as part of their special “Windows Subsystem for Linux”. The windows version of ‘bash’ has become my most used shell.

For Linux IoT devices, BusyBox is the most popular shell. It’s easy to clear, as it includes feature-reduced versions of popular commands.

man

‘Man’ is the command you should not run if you want help for a command.

Man pages are designed to drive away newbies. They are only useful if you already mostly an expert with the command you desire help on. Man pages list all possible features of a program, but do not highlight examples of the most common features, or the most common way to use the commands.

Take ‘sed’ as an example. It’s used most commonly to do a search-and-replace in files, like so:

$ sed ‘s/rob/dave/’ foo.txt

This usage is so common that many non-geeks know of it. Yet, if you type ‘man sed’ to figure out how to do a search and replace, you’ll get nearly incomprehensible gibberish, and no example of this most common usage.

I point this out because most guides on using the shell recommend ‘man’ pages to get help. This is wrong, it’ll just endlessly frustrate you. Instead, google the commands you need help on, or better yet, search StackExchange for answers.

You might try asking questions, like on Twitter or forum sites, but this requires a strategy. If you ask a basic question, self-important dickholes will respond by telling you to “rtfm” or “read the fucking manual”. A better strategy is to exploit their dickhole nature, such as saying “too bad command xxx cannot do yyy”. Helpful people will gladly explain why you are wrong, carefully explaining how xxx does yyy.

If you must use ‘man’, use the ‘apropos’ command to find the right man page. Sometimes multiple things in the system have the same or similar names, leading you to the wrong page.

apt-get install yum

Using the command-line means accessing that huge open-source ecosystem. Most of the things in this guide do no already exist on the system. You have to either compile them from source, or install via a package-manager. Linux distros ship with a small footprint, but have a massive database of precompiled software “packages” in the cloud somewhere. Use the “package manager” to install the software from the cloud.

On Debian-derived systems (like Ubuntu, Kali, Raspbian), type “apt-get install masscan” to install “masscan” (as an example). Use “apt-cache search scan” to find a bunch of scanners you might want to install.

On RedHat systems, use “yum” instead. On BSD, use the “ports” system, which you can also get working for macOS.

If no pre-compiled package exists for a program, then you’ll have to download the source code and compile it. There’s about an 80% chance this will work easy, following the instructions. There is a 20% chance you’ll experience “dependency hell”, for example, needing to install two mutually incompatible versions of Python.

Bash is a scripting language

Don’t forget that shells are really scripting languages. The bit that executes a single command is just a degenerate use of the scripting language. For example, you can do a traditional for loop like:

$ for i in $(seq 1 9); do echo $i; done

In this way, ‘bash’ is no different than any other scripting language, like Perl, Python, NodeJS, PHP CLI, etc. That’s why a lot of stuff on the system actually exists as short ‘bash’ programs, aka. shell scripts.

Few want to write bash scripts, but you are expected to be able to read them, either to tweek existing scripts on the system, or to read StackExchange help.

File system commands

The macOS “Finder” or Windows “File Explorer” are just graphical shells that help you find files, open, and save them. The first commands you learn are for the same functionality on the command-line: pwd, cd, ls, touch, rm, rmdir, mkdir, chmod, chown, find, ln, mount.

The command “rm –rf /” removes everything starting from the root directory. This will also follow mounted server directories, deleting files on the server. I point this out to give an appreciation of the raw power you have over the system from the command-line, and how easy you can disrupt things.

Of particular interest is the “mount” command. Desktop versions of Linux typically mount USB flash drives automatically, but on servers, you need to do it manually, e.g.:

$ mkdir ~/foobar
$ mount /dev/sdb ~/foobar

You’ll also use the ‘mount’ command to connect to file servers, using the “cifs” package if they are Windows file servers:

# apt-get install cifs-utils
# mkdir /mnt/vids
# mount -t cifs -o username=robert,password=foobar123  //192.168.1.11/videos /mnt/vids

Linux system commands

The next commands you’ll learn are about syadmin the Linux system: ps, top, who, history, last, df, du, kill, killall, lsof, lsmod, uname, id, shutdown, and so on.

The first thing hackers do when hacking into a system is run “uname” (to figure out what version of the OS is running) and “id” (to figure out which account they’ve acquired, like “root” or some other user).

The Linux system command I use most is “dmesg” (or ‘tail –f /var/log/dmesg’) which shows you the raw system messages. For example, when I plug in USB drives to a server, I look in ‘dmesg’ to find out which device was added so that I can mount it. I don’t know if this is the best way, it’s just the way I do it (servers don’t automount USB drives like desktops do).

Networking commands

The permanent state of the network (what gets configured on the next bootup) is configured in text files somewhere. But there are a wealth of commands you’ll use to view the current state of networking, make temporary changes, and diagnose problems.

The ‘ifconfig’ command has long been used to view the current TCP/IP configuration and make temporary changes. Learning how TCP/IP works means playing a lot with ‘ifconfig’. Use “ifconfig –a” for even more verbose information.

Use the “route” command to see if you are sending packets to the right router.

Use ‘arp’ command to make sure you can reach the local router.

Use ‘traceroute’ to make sure packets are following the correct route to their destination. You should learn the nifty trick it’s based on (TTLs). You should also play with the TCP, UDP, and ICMP options.

Use ‘ping’ to see if you can reach the target across the Internet. Usefully measures the latency in milliseconds, and congestion (via packet loss). For example, ping NetFlix throughout the day, and notice how the ping latency increases substantially during “prime time” viewing hours.

Use ‘dig’ to make sure DNS resolution is working right. (Some use ‘nslookup’ instead). Dig is useful because it’s the raw universal DNS tool – every time they add some new standard feature to DNS, they add that feature into ‘dig’ as well.

The ‘netstat –tualn’ command views the current TCP/IP connections and which ports are listening. I forget what the various options “tualn” mean, only it’s the output I always want to see, rather than the raw “netstat” command by itself.

You’ll want to use ‘ethtool –k’ to turn off checksum and segmentation offloading. These are features that break packet-captures sometimes.

There is this new fangled ‘ip’ system for Linux networking, replacing many of the above commands, but as an old timer, I haven’t looked into that.

Some other tools for diagnosing local network issues are ‘tcpdump’, ‘nmap’, and ‘netcat’. These are described in more detail below.

ssh

In general, you’ll remotely log into a system in order to use the command-line. We use ‘ssh’ for that. It uses a protocol similar to SSL in order to encrypt the connection. There are two ways to use ‘ssh’ to login, with a password or with a client-side certificate.

When using SSH with a password, you type “ssh username@servername”. The remote system will then prompt you for a password for that account.

When using client-side certificates, use “ssh-keygen” to generate a key, then either copy the public-key of the client to the server manually, or use “ssh-copy-id” to copy it using the password method above.

How this works is basic application of public-key cryptography. When logging in with a password, you get a copy of the server’s public-key the first time you login, and if it ever changes, you get a nasty warning that somebody may be attempting a man in the middle attack.

$ ssh rgraham@scanner2.erratasec.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

When using client-side certificates, the server trusts your public-key. This is similar to how client-side certificates work in SSL VPNs.

You can use SSH for things other than loging into a remote shell. You can script ‘ssh’ to run commands remotely on a system in a local shell script. You can use ‘scp’ (SSH copy) to transfer files to and from a remote system. You can do tricks with SSH to create tunnels, which is popular way to bypass the restrictive rules of your local firewall nazi.

openssl

This is your general cryptography toolkit, doing everything from simple encryption, to public-key certificate signing, to establishing SSL connections.

It is extraordinarily user hostile, with terrible inconsistency among options. You can only figure out how to do things by looking up examples on the net, such as on StackExchange. There are competing SSL libraries with their own command-line tools, like GnuTLS and Mozilla NSS that you might find easier to use.

The fundamental use of the ‘openssl’ tool is to create public-keys, “certificate requests”, and creating self-signed certificates. All the web-site certificates I’ve ever obtained has been using the openssl command-line tool to create CSRs.

You should practice using the ‘openssl’ tool to encrypt files, sign files, and to check signatures.

You can use openssl just like PGP for encrypted emails/messages, but following the “S/MIME” standard rather than PGP standard. You might consider learning the ‘pgp’ command-line tools, or the open-source ‘gpg’ or ‘gpg2’ tools as well.

You should learn how to use the “openssl s_client” feature to establish SSL connections, as well as the “openssl s_server” feature to create an SSL proxy for a server that doesn’t otherwise support SSL.

Learning all the ways of using the ‘openssl’ tool to do useful things will go a long way in teaching somebody about crypto and cybersecurity. I can imagine an entire class consisting of nothing but learning ‘openssl’.

netcat (nc, socat, cyptocat, ncat)

A lot of Internet protocols are based on text. That means you can create a raw TCP connection to the service and interact with them using your keyboard. The classic tool for doing this is known as “netcat”, abbreviated “nc”. For example, connect to Google’s web server at port and type the HTTP HEAD command followed by a blank line (hit [return] twice):

$ nc www.google.com 80
HEAD / HTTP/1.0

HTTP/1.0 200 OK
Date: Tue, 17 Jan 2017 01:53:28 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP=”This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info.”
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: NID=95=o7GT1uJCWTPhaPAefs4CcqF7h7Yd7HEqPdAJncZfWfDSnNfliWuSj3XfS5GJXGt67-QJ9nc8xFsydZKufBHLj-K242C3_Vak9Uz1TmtZwT-1zVVBhP8limZI55uXHuPrejAxyTxSCgR6MQ; expires=Wed, 19-Jul-2017 01:53:28 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding

Another classic example is to connect to port 25 on a mail server to send email, spoofing the “MAIL FROM” address.

There are several versions of ‘netcat’ that work over SSL as well. My favorite is ‘ncat’, which comes with ‘nmap’, as it’s actively maintained. In theory, “openssl s_client” should also work this way.

nmap

At some point, you’ll need to port scan. The standard program for this is ‘nmap’, and it’s the best. The classic way of using it is something like:

# nmap –A scanme.nmap.org

The ‘-A’ option means to enable all the interesting features like OS detection, version detection, and basic scripts on the most common ports that a server might have open. It takes awhile to run. The “scanme.nmap.org” is a good site to practice on.

Nmap is more than just a port scanner. It has a rich scripting system for probing more deeply into a system than just a port, and to gather more information useful for attacks. The scripting system essentially contains some attacks, such as password guessing.

Scanning the Internet, finding services identified by ‘nmap’ scripts, and interacting with them with tools like ‘ncat’ will teach you a lot about how the Internet works.

BTW, if ‘nmap’ is too slow, using ‘masscan’ instead. It’s a lot faster, though has much more limited functionality.

Packet sniffing with tcpdump and tshark

All Internet traffic consists of packets going between IP addresses. You can capture those packets and view them using “packet sniffers”. The most important packet-sniffer is “Wireshark”, a GUI. For the command-line, there is ‘tcpdump’ and ‘tshark’.

You can run tcpdump on the command-line to watch packets go in/out of the local computer. This performs a quick “decode” of packets as they are captured. It’ll reverse-lookup IP addresses into DNS names, which means its buffers can overflow, dropping new packets while it’s waiting for DNS name responses for previous packets (which can be disabled with -n):

# tcpdump –p –i eth0

A common task is to create a round-robin set of files, saving the last 100 files of 1-gig each. Older files are overwritten. Thus, when an attack happens, you can stop capture, and go backward in times and view the contents of the network traffic using something like Wireshark:

# tcpdump –p -i eth0 -s65535 –C 1000 –W 100 –w cap

Instead of capturing everything, you’ll often set “BPF” filters to narrow down to traffic from a specific target, or a specific port.

The above examples use the –p option to capture traffic destined to the local computer. Sometimes you may want to look at all traffic going to other machines on the local network. You’ll need to figure out how to tap into wires, or setup “monitor” ports on switches for this to work.

A more advanced command-line program is ‘tshark’. It can apply much more complex filters. It can also be used to extract the values of specific fields and dump them to a text files.

Base64/hexdump/xxd/od

These are some rather trivial commands, but you should know them.

The ‘base64’ command encodes binary data in text. The text can then be passed around, such as in email messages. Base64 encoding is often automatic in the output from programs like openssl and PGP.

In many cases, you’ll need to view a hex dump of some binary data. There are many programs to do this, such as hexdump, xxd, od, and more.

grep

Grep searches for a pattern within a file. More important, it searches for a regular expression (regex) in a file. The fu of Unix is that a lot of stuff is stored in text files, and use grep for regex patterns in order to extra stuff stored in those files.

The power of this tool really depends on your mastery of regexes. You should master enough that you can understand StackExhange posts that explain almost what you want to do, and then tweek them to make them work.

Grep, by default, shows only the matching lines. In many cases, you only want the part that matches. To do that, use the –o option. (This is not available on all versions of grep).

You’ll probably want the better, “extended” regular expressions, so use the –E option.

You’ll often want “case-insensitive” options (matching both upper and lower case), so use the –i option.

For example, to extract all MAC address from a text file, you might do something like the following. This extracts all strings that are twelve hex digits.

$ grep –Eio ‘[0-9A-F]{12}’ foo.txt

Text processing

Grep is just the first of the various “text processing filters”. Other useful ones include ‘sed’, ‘cut’, ‘sort’, and ‘uniq’.

You’ll be an expert as piping output of one to the input of the next. You’ll use “sort | uniq” as god (Dennis Ritchie) intended and not the heresy of “sort –u”.

You might want to master ‘awk’. It’s a new programming language, but once you master it, it’ll be easier than other mechanisms.

You’ll end up using ‘wc’ (word-count) a lot. All it does is count the number of lines, words, characters in a file, but you’ll find yourself wanting to do this a lot.

csvkit and jq

You get data in CSV format and JSON format a lot. The tools ‘csvkit’ and ‘jq’ respectively help you deal with those tools, to convert these files into other formats, sticking the data in databases, and so forth.

It’ll be easier using these tools that understand these text formats to extract data than trying to write ‘awk’ command or ‘grep’ regexes.

strings

Most files are binary with a few readable ASCII strings. You use the program ‘strings’ to extract those strings.

This one simple trick sounds stupid, but it’s more powerful than you’d think. For example, I knew that a program probably contained a hard-coded password. I then blindly grabbed all the strings in the program’s binary file and sent them to a password cracker to see if they could decrypt something. And indeed, one of the 100,000 strings in the file worked, thus finding the hard-coded password.

tail -f

So ‘tail’ is just a standard Linux tool for looking at the end of files. If you want to keep checking the end of a live file that’s constantly growing, then use “tail –f”. It’ll sit there waiting for something new to be added to the end of the file, then print it out. I do this a lot, so I thought it’d be worth mentioning.

tar –xvfz, gzip, xz, 7z

In prehistorical times (like the 1980s), Unix was backed up to tape drives. The tar command could be used to combine a bunch of files into a single “archive” to be sent to the tape drive, hence “tape archive” or “tar”.

These days, a lot of stuff you download will be in tar format (ending in .tar). You’ll need to learn how to extract it:

$ tar –xvf something.tar

Nobody knows what the “xvf” options mean anymore, but these letters most be specified in that order. I’m joking here, but only a little: somebody did a survey once and found that virtually nobody know how to use ‘tar’ other than the canned formulas such as this.

Along with combining files into an archive you also need to compress them. In prehistoric Unix, the “compress” command would be used, which would replace a file with a compressed version ending in ‘.z’. This would found to be encumbered with patents, so everyone switched to ‘gzip’ instead, which replaces a file with a new one ending with ‘.gz’.

$ ls foo.txt*
foo.txt
$ gzip foo.txt
$ ls foo.txt*
foo.txt.gz

Combined with tar, you get files with either the “.tar.gz” extension, or simply “.tgz”. You can untar and uncompress at the same time:

$ tar –xvfz something .tar.gz

Gzip is always good enough, but nerds gonna nerd and want to compress with slightly better compression programs. They’ll have extensions like “.bz2”, “.7z”, “.xz”, and so on. There are a ton of them. Some of them are supported directly by the ‘tar’ program:

$ tar –xvfj something.tar.bz2

Then there is the “zip/unzip” program, which supports Windows .zip file format. To create compressed archives these days, I don’t bother with tar, but just use the ZIP format. For example, this will recursively descend a directory, adding all files to a ZIP file that can easily be extracted under Windows:

$ zip –r test.zip ./test/

dd

I should include this under the system tools at the top, but it’s interesting for a number of purposes. The usage is simply to copy one file to another, the in-file to the out-file.

$ dd if=foo.txt of=foo2.txt

But that’s not interesting. What interesting is using it to write to “devices”. The disk drives in your system also exist as raw devices under the /dev directory.

For example, if you want to create a boot USB drive for your Raspberry Pi:

# dd if=rpi-ubuntu.img of=/dev/sdb

Or, you might want to hard erase an entire hard drive by overwriting random data:

# dd if=/dev/urandom of=/dev/sdc

Or, you might want to image a drive on the system, for later forensics, without stumbling on things like open files.

# dd if=/dev/sda of=/media/Lexar/infected.img

The ‘dd’ program has some additional options, like block size and so forth, that you’ll want to pay attention to.

screen and tmux

You log in remotely and start some long running tool. Unfortunately, if you log out, all the processes you started will be killed. If you want it to keep running, then you need a tool to do this.

I use ‘screen’. Before I start a long running port scan, I run the “screen” command. Then, I type [ctrl-a][ctrl-d] to disconnect from that screen, leaving it running in the background.

Then later, I type “screen –r” to reconnect to it. If there are more than one screen sessions, using ‘-r’ by itself will list them all. Use “-r pid” to reattach to the proper one. If you can’t, then use “-D pid” or “-D –RR pid” to forced the other session to detached from whoever is using it.

Tmux is an alternative to screen that many use. It’s cool for also having lots of terminal screens open at once.

curl and wget

Sometimes you want to download files from websites without opening a browser. The ‘curl’ and ‘wget’ programs do that easily. Wget is the traditional way of doing this, but curl is a bit more flexible. I use curl for everything these days, except mirroring a website, in which case I just do “wget –m website”.

The thing that makes ‘curl’ so powerful is that it’s really designed as a tool for poking and prodding all the various features of HTTP. That it’s also useful for downloading files is a happy coincidence. When playing with a target website, curl will allow you do lots of complex things, which you can then script via bash. For example, hackers often write their cross-site scripting/forgeries in bash scripts using curl.

node/php/python/perl/ruby/lua

As mentioned above, bash is its own programming language. But it’s weird, and annoying. So sometimes you want a real programming language. Here are some useful ones.

Yes, PHP is a language that runs in a web server for creating web pages. But if you know the language well, it’s also a fine command-line language for doing stuff.

Yes, JavaScript is a language that runs in the web browser. But if you know it well, it’s also a great language for doing stuff, especially with the “nodejs” version.

Then there are other good command line languages, like the Python, Ruby, Lua, and the venerable Perl.

What makes all these great is the large library support. Somebody has already written a library that nearly does what you want that can be made to work with a little bit of extra code of your own.

My general impression is that Python and NodeJS have the largest libraries likely to have what you want, but you should pick whichever language you like best, whichever makes you most productive. For me, that’s NodeJS, because of the great Visual Code IDE/debugger.

iptables, iptables-save

I shouldn’t include this in the list. Iptables isn’t a command-line tool as such. The tool is the built-in firewalling/NAT features within the Linux kernel. Iptables is just the command to configure it.

Firewalling is an important part of cybersecurity. Everyone should have some experience playing with a Linux system doing basic firewalling tasks: basic rules, NATting, and transparent proxying for mitm attacks.

Use ‘iptables-save’ in order to persistently save your changes.

MySQL

Similar to ‘iptables’, ‘mysql’ isn’t a tool in its own right, but a way of accessing a database maintained by another process on the system.

Filters acting on text files only goes so far. Sometimes you need to dump it into a database, and make queries on that database.

There is also the offensive skill needed to learn how targets store things in a database, and how attackers get the data.

Hackers often publish raw SQL data they’ve stolen in their hacks (like the Ashley-Madisan dump). Being able to stick those dumps into your own database is quite useful. Hint: disable transaction logging while importing mass data.

If you don’t like SQL, you might consider NoSQL tools like Elasticsearch, MongoDB, and Redis that can similarly be useful for arranging and searching data. You’ll probably have to learn some JSON tools for formatting the data.

Reverse engineering tools

A cybersecurity specialty is “reverse engineering”. Some want to reverse engineer the target software being hacked, to understand vulnerabilities. This is needed for commercial software and device firmware where the source code is hidden. Others use these tools to analyze viruses/malware.

The ‘file’ command uses heuristics to discover the type of a file.

There’s a whole skillset for analyzing PDF and Microsoft Office documents. I play with pdf-parser. There’s a long list at this website:
https://zeltser.com/analyzing-malicious-documents/

There’s a whole skillset for analyzing executables. Binwalk is especially useful for analyzing firmware images.

Qemu is useful is a useful virtual-machine. It can emulate full systems, such as an IoT device based on the MIPS processor. Like some other tools mentioned here, it’s more a full subsystem than a simple command-line tool.

On a live system, you can use ‘strace’ to view what system calls a process is making. Use ‘lsof’ to view which files and network connections a process is making.

Password crackers

A common cybersecurity specialty is “password cracking”. There’s two kinds: online and offline password crackers.

Typical online password crackers are ‘hydra’ and ‘medusa’. They can take files containing common passwords and attempt to log on to various protocols remotely, like HTTP, SMB, FTP, Telnet, and so on. I used ‘hydra’ recently in order to find the default/backdoor passwords to many IoT devices I’ve bought recently in my test lab.

Online password crackers must open TCP connections to the target, and try to logon. This limits their speed. They also may be stymied by systems that lock accounts, or introduce delays, after too many bad password attempts.

Typical offline password crackers are ‘hashcat’ and ‘jtr’ (John the Ripper). They work off of stolen encrypted passwords. They can attempt billions of passwords-per-second, because there’s no network interaction, nothing slowing them down.

Understanding offline password crackers means getting an appreciation for the exponential difficulty of the problem. A sufficiently long and complex encrypted password is uncrackable. Instead of brute-force attempts at all possible combinations, we must use tricks, like mutating the top million most common passwords.

I use hashcat because of the great GPU support, but John is also a great program.

WiFi hacking

A common specialty in cybersecurity is WiFi hacking. The difficulty in WiFi hacking is getting the right WiFi hardware that supports the features (monitor mode, packet injection), then the right drivers installed in your operating system. That’s why I use Kali rather than some generic Linux distribution, because it’s got the right drivers installed.

The ‘aircrack-ng’ suite is the best for doing basic hacking, such as packet injection. When the parents are letting the iPad babysit their kid with a loud movie at the otherwise quite coffeeshop, use ‘aircrack-ng’ to deauth the kid.

The ‘reaver’ tool is useful for hacking into sites that leave WPS wide open and misconfigured.

Remote exploitation

A common specialty in cybersecurity is pentesting.

Nmap, curl, and netcat (described above) above are useful tools for this.

Some useful DNS tools are ‘dig’ (described above), dnsrecon/dnsenum/fierce that try to enumerate and guess as many names as possible within a domain. These tools all have unique features, but also have a lot of overlap.

Nikto is a basic tool for probing for common vulnerabilities, out-of-date software, and so on. It’s not really a vulnerability scanner like Nessus used by defenders, but more of a tool for attack.

SQLmap is a popular tool for probing for SQL injection weaknesses.

Then there is ‘msfconsole’. It has some attack features. This is humor – it has all the attack features. Metasploit is the most popular tool for running remote attacks against targets, exploiting vulnerabilities.

Text editor

Finally, there is the decision of text editor. I use ‘vi’ variants. Others like ‘nano’ and variants. There’s no wrong answer as to which editor to use, unless that answer is ‘emacs’.

Conclusion

Obviously, not every cybersecurity professional will be familiar with every tool in this list. If you don’t do reverse-engineering, then you won’t use reverse-engineering tools.

On the other hand, regardless of your specialty, you need to know basic crypto concepts, so you should know something like the ‘openssl’ tool. You need to know basic networking, so things like ‘nmap’ and ‘tcpdump’. You need to be comfortable processing large dumps of data, manipulating it with any tool available. You shouldn’t be frightened by a little sysadmin work.

The above list is therefore a useful starting point for cybersecurity professionals. Of course, those new to the industry won’t have much familiarity with them. But it’s fair to say that I’ve used everything listed above at least once in the last year, and the year before that, and the year before that. I spend a lot of time on StackExchange and Google searching the exact options I need, so I’m not an expert, but I am familiar with the basic use of all these things.

An updated FSF high-priority project list

Post Syndicated from corbet original http://lwn.net/Articles/711876/rss

The Free Software Foundation has reworked its high-priority
project list
to reflect its view of computing in 2017. See the
changelog
for a list of the changes that were made. Among other
things, the Gnash
flash player has fallen off the list. “Smart phones are the most
widely used form of personal computer today. Thus, the need for a fully
free phone operating system is crucial to the proliferation of software
freedom.

Compute Module 3 Launch!

Post Syndicated from James Adams original https://www.raspberrypi.org/blog/compute-module-3-launch/

Way back in April of 2014 we launched the original Compute Module (CM1) which was based around the BCM2835 processor of the original Raspberry Pi. CM1 was a great success and we’ve seen a lot of uptake from various markets, particularly in IoT and home and factory automation. Not to be outdone by its bigger Raspberry Pi brother, the Compute Module is also destined for space!

Compute Module 3

Since releasing the original Compute Module we’ve launched 2 further generations of much faster Raspberry Pi boards, so today we bring you the shiny new Compute Module 3 (CM3) which is based on the Raspberry Pi 3 hardware, providing twice the RAM and roughly 10x the CPU performance of the original module. We’ve been talking about the Compute Module 3 since the launch of the Raspberry Pi 3, and we’re already excited to see NEC displays, an early adopter, launching their CM3-enabled display solution.

Compute Module 3

The idea of the Compute Module was to provide an easy and cost effective route to producing customised products based on the Pi hardware and software platform. The thought was to provide the ‘team in a garage’ with easy access to the same technology as the big guys. The module takes care of the complexity of routing out the processor pins, the high speed RAM interface and core power supply and allows a simple carrier board to provide just what is needed in terms of external interfaces and form factor. The module uses a standard DDR2 SODIMM form factor, sockets for which are made by several manufacturers and are easily available and inexpensive.

In fact today we are launching two versions of Compute Module 3. The first is the ‘standard’ CM3 which has a BCM2837 processor at up to 1.2GHz with 1GByte RAM (the same as Pi3) and 4Gbytes of on-module eMMC flash. The second version is what we are calling ‘Compute Module 3 Lite’ (CM3L) which still has the same BCM2837 and 1Gbyte of RAM but brings the SD card interface to the module pins so a user can wire this up to an eMMC or SD card of their choice.

Back side of CM3 (left) and CM3L (right).

We are also releasing an updated version of our get-you-started breakout board, the Compute Module IO Board V3 (CMIO3). This board provides the necessary power to the module and gives you the ability to program the module’s Flash memory (for the non-Lite versions) or use an SD card (Lite versions), access the processor interfaces in a slightly more friendly fashion (pin headers and flexi connectors, much like the Pi) and provides the necessary HDMI and USB connectors so that you have an entire system that can boot Raspbian (or the OS of your choice). This board provides both a starting template for those who want to design with the Compute Module, and a quick way to start experimenting with the hardware and building and testing a system before going to the expense of fabricating a custom board. The CMIO3 can accept an original Compute Module, CM3 or CM3L.

Comprehensive information on the Compute Modules is available in the relevant hardware documentation section of our website and includes a datasheet and schematics.

With the launch of CM3 and CM3 Lite we are not obsoleting the original Compute Module, as we still see this as a valid product in its own right being a lower cost and lower power option where the performance of a CM3 would be overkill.

CM3 and CM3L are priced at $30 and $25 respectively (excluding tax and shipping) and this price applies to any size order. The original Compute Module is also reduced to $25. Our partners RS and Premier Farnell are also providing full development kits which include all you need to get started designing with the Compute Module 3.

The CM3 is largely backwards compatible with CM1 designs which have followed our design guidelines. The caveats are that the module is 1mm taller than the original module and the processor core supply (VBAT) can draw significantly more current and consequently the processor itself will run much hotter under heavy CPU load – i.e. designers need to consider thermals based on expected use cases.

CM3 (left) is 1mm taller than CM1 (right)

We’re very glad to finally be launching the Compute Module 3, and we’re excited to see what people do with it. Head on over to our partners element14 and RS Components to buy yours today!

The post Compute Module 3 Launch! appeared first on Raspberry Pi.

Security advisories for Friday

Post Syndicated from jake original http://lwn.net/Articles/711577/rss

Arch Linux has updated ark (code
execution), bind (multiple vulnerabilities), docker (privilege escalation), flashplugin (multiple vulnerabilities), irssi (multiple vulnerabilities), lib32-flashplugin (multiple vulnerabilities), and libvncserver (two vulnerabilities).

CentOS has updated java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities) and kernel (three vulnerabilities).

Debian has updated rabbitmq-server (authentication bypass).

Debian-LTS has updated asterisk
(two vulnerabilities, one from 2014).

Fedora has updated docker (F25:
privilege escalation), libgit2 (F24: multiple vulnerabilities),
and pcsc-lite (F24: privilege escalation).

Gentoo has updated postgresql
(multiple vulnerabilities, two from 2015), runc (privilege escalation), and seamonkey (multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities), php-ZendFramework2 (parameter injection), unzip (two vulnerabilities, one from 2014),
and webmin (largely unspecified).

Oracle has updated java-1.6.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities) kernel 2.6.39 (OL6; OL5:multiple vulnerabilities), kernel
3.8.13
(OL7; OL6: multiple vulnerabilities), and kernel 4.1.12 (OL7; OL6: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: three vulnerabilities).

Thursday’s security updates

Post Syndicated from jake original http://lwn.net/Articles/711446/rss

Debian has updated bind9 (three
vulnerabilities), ikiwiki (three
vulnerabilities), and python-pysaml2 (XML
external entity attack).

Debian-LTS has updated libav (two
vulnerabilities).

Fedora has updated compat-guile18 (F25; F24:
insecure directory creation), mingw-flac
(F25: three vulnerabilities from 2015), qpid-java (F25: information disclosure), and
springframework-security (F25: security
constraint bypass).

openSUSE has updated flash-player
(13.2: multiple vulnerabilities).

Red Hat has updated memcached
(RHMAP4.2: two vulnerabilities).

Slackware has updated bind
(denial of service), gnutls (multiple
vulnerabilities), and irssi (multiple vulnerabilities).

SUSE has updated bind (SLE12-SP2,SP1; SLE12; SLE11-SP4,SP3: three vulnerabilities) and flash-player (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated bind9 (three
vulnerabilities) and libvncserver (two vulnerabilities).

Security updates for Wednesday

Post Syndicated from ris original http://lwn.net/Articles/711316/rss

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated tomcat7 (information disclosure).

Gentoo has updated bind (denial
of service), botan (two vulnerabilities),
c-ares (code execution), dbus (denial of service), expat (multiple vulnerabilities, one from
2012), flex (code execution), nginx (privilege escalation), ntfs3g (privilege escalation from 2015), p7zip (two code execution flaws), pgbouncer (two vulnerabilities), phpBB (two vulnerabilities), phpmyadmin (multiple vulnerabilities), vim (code execution), and vzctl (insecure ploop-based containers from 2015).

openSUSE has updated jasper
(42.2, 42.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: three vulnerabilities).

Red Hat has updated flash-plugin
(RHEL6: multiple vulnerabilities), kernel
(RHEL6.7: code execution), and kernel
(RHEL6: three vulnerabilities).

SUSE has updated freeradius-server (SLE12-SP1,2: insufficient
certificate verification) and LibVNCServer
(SLE11-SP4: two vulnerabilities).

Ubuntu has updated kernel (16.10; 16.04;
14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple
vulnerabilities), linux-lts-xenial (14.04:
three vulnerabilities), linux-raspi2 (16.10; 16.04:
two vulnerabilities), linux-snapdragon
(16.04: two vulnerabilities), linux-ti-omap4 (12.04: two vulnerabilities),
and webkit2gtk (16.04: multiple vulnerabilities).

Tuesday’s security advisories

Post Syndicated from ris original http://lwn.net/Articles/711185/rss

Arch Linux has updated icoutils (code execution).

CentOS has updated gstreamer-plugins-bad-free (C7: three code
execution vulnerabilities), gstreamer-plugins-good (C7: multiple
vulnerabilities), gstreamer1-plugins-bad-free (C7: multiple
vulnerabilities), and gstreamer1-plugins-good (C7: multiple vulnerabilities).

Debian-LTS has updated python-crypto (denial of service).

Gentoo has updated adobe-flash (multiple vulnerabilities), python (two vulnerabilities), and tiff (multiple vulnerabilities).

Mageia has updated nvidia304,
nvidia340
(three vulnerabilities) and xen (multiple vulnerabilities).

openSUSE has updated irssi (42.2, 42.1, 13.2; SPH for SLE12: multiple vulnerabilities).

Scientific Linux has updated subscription-manager (SL7: information disclosure).

2017-01-07 streaming

Post Syndicated from Vasil Kolev original https://vasil.ludost.net/blog/?p=3336

Малко наблюдения по stream-ването и платформите.
(днес stream-вах учредителното събрание на Да България (в която вече съм и член). По темата за Да България ще пиша някой друг път)

Facebook имат една от най-малоумните streaming платформи, на които съм попадал. Освен разните изисквания и горна граница на качеството (максимумът е 720p), event-ите им expire-ват доста бързо (т.е. не можеш да си го създадеш от предната вечер, като в youtube), на едно-две прекъсвания приключват и event-а (ако се налага човек да си пипне настройките няколко пъти, трябва да го създава наново) и имат и лимит за продължителността (което е особено дразнещо). Като за капак, човек ако няма flash не може да си пусне stream-а да е live каквото и да прави, та докато си правех тестовете се наложи да си ползвам виртуалката с windows (и тестовия facebook account на жената).

Youtube пък имат едно малко неразбирателство с ffmpeg, че пращат някакъв keepalive по RTMP сесията, който ffmpeg-а го няма за нищо, не го чете и в един момент едни tcp буфери се напълват (говорим за 16-тина байта на минута-две, та отнема няколко часа, че да се прояви) и се троши връзката. Слава богу, не махат event-а толкова бързо, колкото facebook и може да се рестартира.

Моя си streaming server си работеше най-добре (един nginx с mod_nginx_rtmp). Понеже имаше малко проблеми да reencode-вам всичко локално, бълвах на 10mbps директно изхода от хардуерния encoder до marla, от там дърпах с 3 ffmpeg-а и качвах смачкания на 1mbps stream до facebook, youtube и до същия nginx, за да мога да си го гледам.

И да си имам редът за бълване до facebook (понеже ми отне един следобед да го докарам както трябва, най-вече заради борбата с оня flash) – двете важни неща за -g 45 (може и 60), имат изискване за keyframe поне на всеки 2 секунди, и -r 30, понеже изискват 30-кадрово видео. Другото е стандартно – H.264, AAC, 44100hz (и моно звук, понеже такъв ми подаваха). Добавката с -af volume=60d трябва да се махне за всички, на които не им подават звук на ужасяващо ниски нива.

(за всички, които имаха забележки за звука, няма хубав automatic gain control, който бих могъл да сложа, за да изравнява добре нивата на това, което влиза. В залата микрофоните се чуваха с различна сила, много хора знаеха къде да говорят и нямаше и как да се направи нещо повече. Аз лично щях да търся начин да окича колкото мога повече от участниците с headset-ове, което па екипът ни много много го мрази)

ffmpeg -i rtmp://strm.ludost.net/st/XXXXX -r 30 -c:v libx264  -b:v 1000k -s 1280x720 -preset:v veryfast -threads 6 -minrate 1000k -r 30 -g 45 -maxrate 1000k \
	-c:a libfaac -ar 44100 -ac 1 -b:a 128k -af 'volume=60d' -f flv 'rtmp://rtmp-api.facebook.com:80/rtmp/XXXXXX'

Иначе е неприятно, че трябва да живеем на proprietary кодеци. При някакви скорошни тестове около FOSDEM пак се оказа, че VP9 още няма как да се encode-ва в близо до реално време без поне два пъти процесорната мощ, нужна за H.264, има малко поддръжка и никакъв хардуер, който може да го дава.

Build your own Death Star…sort of

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/build-your-own-death-star-sort-of/

Why it’s taken me seven months to type ‘Star Wars Raspberry Pi’ into Google is beyond me. But this morning, as I sat on a bus in traffic with BB8 in my bag and memories of watching Rogue One last night, the thought finally came to me.

Cut to a few moments later, as I eagerly scrolled through the Interactive Persistence of Vision Globe website from the School of Electronic and Electrical Engineering team at the University of Leeds.

POV Globe Death Star

The project was originally launched a few years back by a MEng student group consisting of Thomas Carpenter, Oliver Peel, Adam Clarkson, and Laurence Bird, with supervision from Craig Evans. It uses a ring of RGB LEDs, rotating on an axis at 300rpm, to display an image.

POV Globe

A Raspberry Pi sits within the rotating build, offering HDMI connectivity to allow images to be sent to the LEDs via a decoder.

Images can be sent to the globe from any smart device, allowing you to display a map with your own chosen coordinates, visual temperature readings, and much more. This makes the globe useful for marketing and education, as well as good ol’ fashioned fun and total planet destruction.

A Spherical Persistence of Vision Display – 3rd year project

Warning – contains flashing images* Students from the School of Electronic and Electrical Engineering create a Spherical Persistence of Vision Display in their 3rd year group project.

The team go into a lot more detail on their website, explaining the components used and how the globe was built. If you’re interested in the ins and outs, head to their site.

Given it’s been a few years since the launch of the globe, we’d love to hear what its builders are up to now. If you know, leave an update in the comments below.

The post Build your own Death Star…sort of appeared first on Raspberry Pi.

‘Game of Thrones’ Most Torrented TV-Show of 2016

Post Syndicated from Ernesto original https://torrentfreak.com/game-of-thrones-most-torrented-tv-show-of-2016-161226/

got6For several years in a row Game of Thrones has been the most pirated TV-show, and this year the interest is once again overwhelming.

Game of Thrones has the honor of becoming the most-downloaded TV show through BitTorrent for the fifth year in a row.

This means that its half-decade reign remains unchallenged, despite reports to the contrary.

Although there was no new swarm record, traffic-wise the interest was roughly on par with last year. The highest number of people actively sharing an episode across several torrents was 350,000 at its peak, this was right after the season finale came online.

This doesn’t necessarily mean that there’s no growth in piracy. A lot of people have made the switch from torrents to streaming sites over the past months, which likely had an impact on the numbers.

This year there’s also an important newcomer with the science-fiction western ‘Westworld.’ The new show quickly gained popularity in pirate circles and is in third spot already, which is quite an achievement.

Finally, we see a continuation of the trend of downloaders showing an increased interest in high-quality video. In recent years, many pirates have moved from 480p copies to 720p and 1080p videos, in part thanks to better broadband availability.

Below we have compiled a list of the most torrented TV-shows worldwide (single episode) for 2016, together with the traditional ratings in the US. The ranking is compiled by TorrentFreak based on several sources, including statistics reported by public BitTorrent trackers.

We have decided to stop reporting download estimates in our yearly top lists. Due to various changes in the torrent index/tracker landscape it’s become more challenging to monitor downloads, so a ranked overview makes most sense.

Most downloaded TV-shows on BitTorrent, 2016

rank last year show
torrentfreak.com
1 (1) Game of Thrones
2 (2) The Walking Dead
3 (…) Westworld
4 (5) The Flash
5 (4) Arrow
6 (3) The Big Bang Theory
7 (7) Vikings
8 (…) Lucifer
9 (10) Suits
10 (…) The Grand Tour

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Backblaze 2016 Year in Review

Post Syndicated from Andy Klein original https://www.backblaze.com/blog/backblaze-2016-year-review/


It is hard to believe that 2016 is nearly over. It has been a busy year as Backblaze continued to grow. We have 30% more employees, 30% more hard drives, and 45% more data than this time last year. Here are a few of our highlights from 2016.

20 Billion Files Restored. There are many reasons why someone requests a file to be restored, from a crashed computer to downloading a photo of grandma to your smartphone to show the family. In November, Backblaze restored its 20 billionth file and 10 lucky winners won some goodies from Backblaze.

30% more hard drives. We’ll finish out this year with over 72,000 hard drives spinning in our data center. That’s up from 56,224 at the beginning of 2016. Our Hard Drive Stats continue to draw interest and generate great discussions each time we publish our quarterly reviews. By the way, in late January, keep an eye out for the 2016 Hard Drive Stats Year-in-Review blog post and sign up now for the webinar on February 2nd.

In case your invitation was lost in the mail and you missed the party, the hard drive turned 60 in September 2016. Still, you can check out our “A History of Hard Drives” post and get your hard drives facts back on track in time for the new year.

In July we got the chance to tell the amazing story of “How Una Got Her Stolen Laptop Back”. A thief absconded with Una’s laptop, then it trekked across three continents for 18 months. Thanks to Una’s perseverance and a little help from Backblaze, Una and her wayward laptop were happily reunited.

Backblaze B2 Cloud Storage was launched in June to rave reviews. The launch included integration partners like Synology, CloudBerry, OpenIO, and more. Launched with a complete Web GUI, CLI and API, application developers, IT professionals and many others have embraced B2 as the way to economically store their data in the cloud.

Storage Pod 6.0 was introduced in April 2016. We upgraded the chassis to support 60 drives and with 8 TB drives installed we have a 480 TB 4U storage server. We’ve now deployed over 100 of these 60-drive chassis with 40 of them having 8 TB drives. And 10 TB drives are next…

On April 1st, Backblaze introduced our new product, Catblaze Cloud Backup, which backs up an unlimited amount of your cat photos and videos for just $5/month/computer. Also in April, Backblaze celebrated our 9th birthday.

In 2016 we updated the Backblaze Backup client four times.

In February, we discovered that when you upgraded Adobe Creative Cloud to version 3.5.2.206 you could break Backblaze. After a fun weekend of finger pointing and twitter exchanges, Adobe released a fix.

In January, we introduced our wildly popular Restore Return Refund program for Backblaze backup customers. If you order a flash drive or hard drive restore from Backblaze and then return the drive to us within 30 days we will refund you the purchase price of the restore. Of course you can opt to keep the drive, in which case your payment will cover the purchase of the drive.

Dropbox and Backblaze

Throughout the year we’ve worked hard to bring you nearly 50 blog posts focused on everything related to backing up your laptop or desktop. Along the way we covered topics like, “How to Backup your iPhone”, “How Backblaze and Dropbox work together” and many more.

For the third consecutive year, Backblaze was named as one of the fastest growing technologies companies in the United States. The Technology Fast 500 program is run by the good folks at Deloitte, and the award is based on a company’s revenue increase over a specific period of time (either 4 or 5 years).

Have a safe and enjoyable holiday season. Here’s to an even better 2017.

The post Backblaze 2016 Year in Review appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.