mintCast 342 – Security Theater

Download

We would like to welcome Owen Peery to the team. He’s our new editor!

1:40 Wanderings
46:32 News
1:05:05 Security
1:22:05 Outro

First up, in our Wanderings, I’ve been testing out a new keyboard, Tony Hughes tries to remove a finger (again), Joe has been soldering and reading, Moss has been adding more distros,

Then, in our news, Pinta, Lutris and Mozilla

In security, we talk security recommendations and the NSA

BI-WEEKLY WANDERINGS:

  • Leo
    • Digging into some errors I got, last stream on Youtube. It was complaining that I was streaming at only 3500kbps. That was odd as I’ve always streamed at OBS’s default. Turns out, Youtube wants 4500kbps now. So, I cranked the video bitrate up to 6400 in OBS’s Output section. No errors!
    • Kernel 5.8 is smooth as silk
    • Got a new keyboard. A cheap mechanical with OUTEMU Red switches. Cost $35, but also came with a mouse pad and mouse. They’re all RGB of course, except for the mouse pad.
    • Been watching Star Trek Lower Decks. It’s hilarious. It’s a story of about 5 ensigns that work on the starship Cerritos. They’re not high ranking, and only get to do grunt work for the most part, but they find their niche and get their jobs done. I’ve never been much of a Trek fan, but this is seriously something I can see myself watching until the end of the series. It has the feel of Rick and Morty and Futurama fused together. Hijinks obviously ensue.
    • Star Trek: Lower Decks Season 1 Trailer
  • Tony H
    • So I managed to drill my finger in an accident while doing some work on the matchbox cars, it’s not good when a drill bit brakes while you are drilling a post out and you have the model held in your hand, the cut was very sore and the end of the finger is still numb from a little bit of nerve damage as a result. What with that and cutting myself while cooking my wife thinks I have a death wish.
    • As a result of the accident I haven’t been doing much in the way of restoration for the last couple of weeks but I have made some nice eBay buys which have resulted in the collection and spares to the restoration has grown a little larger, although I had to stop bidding on stuff as I wouldn’t have been around for any deliveries that may have arrived after I came away, it has probably saved me a few shekels.
    • For a little light relief I installed Ubuntu Touch on my OnePlus 1 and while it was a fairly painless process unlike trying to update Lineage OS to 17.1 on the same phone which I can’t get it to do, it is definitely NOT ready for prime time yet. All the apps seem to be web based and do not work very well, I was thinking of Using the phone as my Sat Nav for my car but as you need the internet even if it worked well, which it doesn’t then I would need to get a new sim card and data plan as it will not work on the GPS alone as it needs a web connection for the apps to work. I also tried to connect to the WiFi here at Woodbrooke and it will not connect to the login page to finish authorising access to the WiFi.
    • I’m continuing to play with Mint 20 Mate on the DHD laptop with the intention of this being my review for the September show. Given my findings so far It might be a short review as apart from the Snapd issue and a few programs being updated it is pretty much business as usual, so while I am here at Woodbrooke I’m having a look at a distro suggested by a listener, SparkyLinux and while it is based on Debian they do what Mint used to do with the LMDE (Linux Mint Debian Edition) and base one of the spins on the testing branch with a warning that it is not for those wanting a stable system or are new to Linux. Just to note that both iso’s will fit on a 2Gb Flash drive (or less than 1GB if you opt for one of the stable minimal GUI spins). So if you have an old one kicking around you were wondering what to use it for, then maybe SparkyLinux could be an option.    
    • I wrote the 4th in my Full Circle Magazine series on podcast production the first of which was in issue 159 at the end of July. I’m not a natural writer but I have been enjoying sharing what I have learned since starting on mintCast and DHD.
  • Moss
    • I installed Gecko ROLLING to my desktop. So now I have ROLLING on my desktop and STATIC on my laptop (equivalent to openSUSE Tumbleweed and Leap, respectively). 
    • On the 15th, I installed KDE neon, also to my desktop. Oddly, the announcement that neon was available based on 20.04 did not mention that you would still be installing the 18.04 version, and then be greeted with the Upgrade button. It took a few more button pushes to get the upgrade started, but it ran beautifully. I then ran updates and installed some of my more common additions, including Stacer 1.10. Stacer ran great, but Discover popped up and said there was an update to it. I ran the update. And now Stacer wouldn’t load, it said “program not found”. So I reinstalled from my .deb package and it worked again… and Discover said there was an update again. I have posted to the KDE neon user forum to report this issue and ask how I can get Discover to ignore the update. Apparently they think an app in the repo is newer than the same app from a .deb file, but why it disables the program to run the update is beyond me. Note to self: Check the repo to see if an application is there before installing saved .deb files.
    • I now have only one free partition each on my desktop and laptop. And I’m starting to have memory issues — not my computer, me, trying to remember what all I have installed. Updating has already gotten beyond the “fun” level.
    • I am tempted to install Releax Linux to my system even though it’s only 0.5beta. This is a fully independent distro out of India, with a new package manager and everything. It sounds really exciting. Maybe I should dig up Tony Hughes’ instructions and learn how to install it in a VM.
    • I posted a new blog to LinuxQuestions.org.
    • I did some performing on Thursday the 20th on Eurofilk, which is now happening every other Thursday. I got to play with Cecilia Eng, first time for me and she’s a legend, and a total of 9 others in the Zoom room, including my friend K.J. Noren. This is the first performing I’ve done since about 2 weeks after my accident. My shoulder hurt a lot more afterward, but I seem to have gained mobility.
    • We’re about ⅔ of the way through Blood Rites, the 6th Dresden Files book. Dresden missed a huge hint when he had a major data download from Thomas; there is no explanation for that miss. We’re enjoying the book, we just wish Dresden could be more successful stopping people from dying.
  • Joe
    • Watched a lot of YouTube and did some soldering
    • Took a break for a few days from reading but still got some in
      • Up to book 20 in Drizzt
      • Demon Accords book 16
      • Big Damn Hero
        • Firefly book, surprisingly good
    • Soldered some headphones
      • New MMCX connectors came in and got them set up on 2 sets of headphones.
      • Only need to redo one of the connections at this point
    • Was informed that I missed the 8th book of the Incarnations of Immortality series by Piers Anthony.  Although I am more than a little disillusioned by his work since he uses it as a platform to push his ideology on age of consent.
      • Also the book does not exist in audio format from what I can see so if I do read it, it will have to be text aloud
    • Attempted to make the macro keyboard, followed the instructions exactly but was not able to get it working.
      • Rechecked my soldering several times but it was solid
      • Only about 6 of the 12 keys would work.  
      • So I took it apart down to the board on the keypad and did continuity tests on the whole thing
      • Bad board and a slightly different pinout than was in the instructions but the different pinout shouldn’t be a concern
      • I could try to solder directly to the board and to the pins but that seems a little crazy even for me.  Although if I get bored enough you never know.
      • I have ordered a couple of different types of keyboards to give another try using different methods
      • Right before the show a test set of 4 mechanical keys showed up and I was able to get them wired in place although I still need to wire the Promicro and I need to 3D-print the case for it
      • Thinking about ordering a set of 90 MX Cherry Blues and 3d printing everything else
  • Tony W
    • Refinishing my basement practice/rehearsal/studio/home office space
      • Installed carpet to cover concrete floor
      • Covered the one concrete wall in this room with drywall/heavy cloth, for now
      • Have insulation and drywall ready to go for remaining walls/ceilings
      • Will most likely get a permit from county before installing drywall over electrical, ductwork etc
      • This involved disassembling all of my tech, my podcast setup, etc and almost did not set back up before today’s podcast
    • Updated to Mint 20
      • Upgrade was fairly seamless, but had a couple minor issues
        • The update did break my Grub.  Reinstalled Grub very easily using MX Linux live USB Boot Repair (courtesy of Ventoy)
        • The version of Mumble installed from Software Manager didn’t work, had to install the Flatpak
      • Installed Linux via Crouton on Acer Chromebook 314
          • Crostini was great, but somewhat useless to me as there is no direct access to hardware (particularly USB audio devices) 
        • Crouton gives you full Linux desktop courtesy of chroot
        • Process to install:
          • Have to turn on Developer mode (which erases local data)
          • Follow instructions to install via crosh (Chrome terminal)
          • Once installed, to enter Linux desktop: Sudo enter-chroot startxfce4 (or sudo startxfce4 as a shortcut)
        • From there, Ctrl/Alt/Shift Forward and Ctrl/Alt/Shift/Back to switch between ChromeOS and XFCE (or desktop of your choice)
        • Default is XFCE but Cinnamon, KDE, e17, LXDE and Unity are also available 
        • IT WORKED!!!  My audio interface works perfectly with XFCE running on the Chromebook. 
          • Audacity, Mumble, OBS studio ready to go
        • Downsides: 
          • Developer Mode
          • Not supported – ChromeOS updates can break it
          • Default install is 16.04.  I believe you can specify 18.04
        • I think I will be using this.  It’s a cheap, light portable device with 12 hour battery life that I can take on the go

THE NEWS

SECURITY UPDATE

  • NSA reveals SOMETHING about Russian hacks
  • Linux Malware and Securing Your System
    • CTT goes in early about preventive measures and turns his nose up at the idea that someone would be running kernels earlier than 3.7 because it was released in 2012. RHEL 6 is still on 2.6… Sure. For a desktop user, it’s probably not likely, but for Enterprise? The NSA and the FBI didn’t put out a report for grandma in her kitchen. They put it out for the military and other institutions that are slow moving. In some cases, RHEL 5 is still in use and in Extended Life Phase.
    • Don’t install untrusted kernel modules or unsigned kernels.
    • SecureBoot
    • CTT offers a script that does:
      • Turning on UFW
      • Limiting SSH (which prevents brute force/dictionary style attacks)
      • Opening 80/443
      • Denying everything else incoming
      • Allowing everything outgoing
    • The script is a little odd. While limiting SSH is good, much thought should be given to just using keys, and disabling password login altogether. Also, why open 80 and 443? You would really only need this if you’re hosting a website of some kind. Most tools use custom ports (i.e., Cockpit uses port 9090).
  • Alexa Can Be Hacked, Instagram Retains Deleted Data, Linux Malware Found By NSA & FBI – ThreatWire

Announcements:

Our next episode will be September 6, 2020 at 2 pm Central US Time, 7 pm UTC, 8 pm British Summer Time – https://www.timeanddate.com/worldclock/converter.html

Add Dallas Tx

Wrap-up:

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible … 

  • Londoner for his suggestion to use timeanddate.com
  • Hobstar for his work on the new logo
  • Josh for all his work on the website
  • Hacker Public Radio for the Mumble server we are using to record
  • Bytemark Hosting for hosting mintcast.org and our Mumble server
  • Archive.org for hosting our audio files
  • The Linux Mint development team for the fine distro we love to talk about.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive.org Hosting

We currently host our podcast at archive.org. If you had considered donating to mintCast, redirect those funds here.

Audacity

As an alternative we also use Audacity as our main audio editing tool so if you would prefer you can donate to them at:

https://www.audacityteam.org/donate/

mintCast on the Web

Episode Archives