hpr-knowledge-base/hpr_transcripts/hpr0879.txt

Episode: 879
Title: HPR0879: SMLR 009
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0879/hpr0879.mp3
Transcribed: 2025-10-08 04:00:46

---

Welcome to the Sunday Morning Linux Review with Tony Beams and Matt Enders.
Is episode nine for the week of December 11th, 2011.
Second week of December, Christmas shopping on the way.
Yeah, I don't do any Christmas shopping.
No, oh, you did it all on Black Friday.
No, I don't do any Christmas shopping.
I don't even buy my wife and president.
I say, you know where the bank card is.
Come with yourself something.
I just don't do any Christmas job.
She's the only person I've done.
I have shopped for.
And your wife?
No, I will get her something, but she's the only one.
Yeah, my wife absolutely buys for everybody else, which is the same,
which is the purpose of having a wife, isn't it?
Okay, all your girls out there, please.
No, hey, Mal, I'm just kidding.
Kim loves doing it.
If she tried to have me do any of it, then she would freak out.
And yeah, my, because my wife is so into the deal.
She's, she like, she, she gets practically orgasmic,
saving 15 cents on something.
It's crazy.
It's just crazy.
That's funny.
But I did read something and I told her, but I don't think she really heard it.
I read this thing last, last week that says,
if you work more than nine minutes to save a dollar,
you have worked for less than minimum wage.
But what does that say when you have more time than money?
I don't know.
I agree what you're saying.
And when it comes to,
I'm just not a shopper.
I'm not a shopper.
When I need something, I go to a store and I buy it.
I don't go to five stores and look at prices.
No, I go to, I, I am like the retailers' wed tree.
I need something.
I walk into a store and I say, how much is it?
Here's the cash.
Matt, what's happening with the kernel?
Hey, thanks, Mike.
And then the kernel release news this week.
The latest RC release is 3.2-RC5.
It was released on Friday, 12.9 at 6 p.m. Eastern Standard Time.
It has been slightly over a week since the last RC release.
And RC5 is bigger in number of commits.
Many of the commits are small, so it is possible that the diff
will be smaller than both RC2 and RC4 work.
A big part of this release is that Ingo is back and had a backlog.
That isn't enough to explain it all.
There were XFS and butter IFS changes along with network updates
and the usual 50% of random driver updates.
Greg KH announced a release of the 2.6.32.50,
the 3.0.13 and the 3.1.5 stable kernels on 12.9.
The 2.6.32.50 kernel had 27 file changes, 164 insertions, and 54 deletions.
The 3.0.13 kernel had 93 files changed, 659 insertions, and 201 deletions.
And now I get ready for the 3.1.5 kernel because it had 135 file changes,
1170 insertions, and 471 deletions.
No small changes there.
Holy cow.
And now for our kernel quote of the week.
Hey Linus, stop working on subsurface.
The scuba diving log that doesn't suck during the week.
So you can get the latest RC out before 6 p.m.
Eastern time, so it's easier for me to do these updates.
Insert appropriate smiley here, not enders.
So he's out scuba diving and so ready here for you.
He's got this new project.
It's called subsurface.
It's a scuba diving logging program because he's a big scuba diver.
And he released an update for that on Wednesday.
So knock it off during the week with the subsurface stuff and stick with the kernel.
Do subsurface on the weekends.
Right.
So what does it do?
Like keep track of where you dive.
I'm not a scuba diver.
I've read peripherally about it.
You do stuff like log your dives, and then it logs how deep your dive was.
How much area you use, your rate of air use.
Oh wow.
I guess this kind of stuff divers would be interesting in.
Yeah, that would be good.
Cool.
Well, the kernel is just plugging along.
Just like you would expect the kernel to be.
Yeah, I have a hard time getting in the kernel because
it's hard enough for me just to understand what it does.
I mean, I understand like it's mods and the kernel does things.
And it needs support for devices.
But that's the extent of what I know.
Because I'm not a programmer.
Tony, what's going on with the Linux distributions this week?
Thanks, Mike.
Yeah, we have from DistroWatch.
We have quite a few releases this week.
We have Ubuntu, Privacy Remix, came out.
That looks interesting.
I wonder if that's something related to
the other, I wonder, does it, do you know,
would you look into this at all?
Does it have the...
Ubuntu Privacy?
Sure.
I'm looking right now at the DistroWatch website.
Oh, there I see it.
System to protect...
Oh yeah, yeah, yeah.
...fying and data theft.
Apart from others.
No, I have not looked into that at all.
I have no idea about it at all.
I didn't even know it existed until five seconds ago when you said
Ubuntu Privacy Remix.
Oh, yeah.
This includes the...
it used to jowr tour kind of like how tail does.
So, yeah, it looks like tail, but on Ubuntu.
I have no idea what tail is either.
It's a...
Don't tell me we talked about it.
It's a Privacy, really, live CD.
So you boot your computer off of that.
And then it gives you like total nananamil of the...
Ananamil?
Ananamil is that the way you're going for it, everybody?
Yes.
And it goes everything through the tour network.
You're browsing, you're email, you're...
So they don't know you're in and out of the tour network
where you're coming from.
So ideally, it's total...
You know, anonymous, but like we said,
there's always ways to track
if you can get inside the tour network, you can track it.
Anyways, the next one we have
is Turnkey Linux.
This is used a lot with the VPS or systems,
you know, like virtual private networks,
or not network systems, virtual private...
Oh, yeah, yeah, yeah, like so...
Like, yeah.
Like, I have a website that I have hosted on a VPS.
Right.
Okay.
Yeah, and they specifically have their images
up on the Amazon EC2 system.
What Turnkey does?
Turnkey does.
Yeah, so when I was looking at setting up an Amazon instance,
I saw a lot of their turnkey ones,
but I was...
I'd never heard of them at the time,
so I was kind of leery on how much.
And basically, what it is is they have a different image
for every application that you want to run.
So they have an image with just WordPress,
already set up and running.
All you have to do is plug in your stuff and go.
They have one, you know, for a mail server
and all sorts of things.
And there's a ton of them.
So it's really ideal for someone who wants to set up a server
and doesn't know a whole lot about just getting it working.
You know, they just want it to work
and plug the stuff in and go.
And it's fast.
So you don't have to spend the time trying to install updates,
install the programs, you know,
Apache, the Lampstack,
then WordPress, and then get going.
It's all ready to go.
Wow.
That sounds pretty cool because like the VPS that I bought,
well, hey, it was very cheap and cheap.
But when they did the install on it and fired it up for me,
I logged into it and it was like,
Debian, a release back.
So I had to change all my sources in it
and then upgrade to the latest Debian
and then I had to install the Lampstack.
And so yeah, that might be a good way to go.
Wow. Yeah.
Because I mean, it took me probably three hours
after the VPS was up and running
and I could log into it
to actually get a web server running on it.
Oh wow.
Yeah, I think they both something like 15 minutes
from, you know, choosing your turnkey
image off of the Amazon thing
until when the web site's running.
Well, it's something really fast like that.
That's pretty quick.
Yeah, and then we have ultimate,
you, the ultimate edition,
which is Linux Mint distribution.
Now, yeah, this cracks me up.
It's Linux Mint based, okay?
Now, Linux Mint is based on Ubuntu,
which is based on Debian.
So aren't we getting a little far from
like the original, what's going on there?
I mean, that's an awfully long upstream
for distribution, you know what I'm saying?
It sure is.
It's saying that it's based off of Mint 11,
which is based off of Ubuntu 11.4.
So it's a little bit behind,
but it's still ultimate.
It's a cool name.
And then Red Hat, they have a release 6.2.
And, you know, it's Red Hat.
They have the company behind it running it.
There's really not much more to say
than it's Red Hat.
Yeah.
KLOS 11 11 11.
Which was released on 12.11.
So we don't know where they get the 11 11 11 from.
Exactly.
Although it has a GUI installer now.
Wow, that brand new GUI installer thing
that every other distribution except Debian
has had for multiple, multiple years.
But Debian also now has had it for multiple years.
So yeah.
Well, this is interesting as it says
a hassle-free automatic installation.
Pre-installed Apache,
MySQL, PHP MyAdmin, and BlueFish.
We have BlueFish as an HTML editor.
I use it a lot actually.
It works really well.
Sweet.
And so yeah, that looks like they're trying
to be some type of a web server out of the box.
But then if you read on,
they've also got Firefox and Libra Office
and, you know, I bet,
and TweetDeck and GnuCache.
So are they trying to be a web server
or are they trying to be a desktop?
Or what are they trying to be there?
Maybe it's a, like a,
or a developer or web developers desktop.
So it already has Apache running.
All they have to do is plug the files in and go.
Ah, yes.
That makes sexual sense now.
I was trying to figure that out.
I didn't get web developer desktop.
But yeah, that would work out of the box pretty well
as a web developer desktop.
Nevermind.
Sorry, kale, guys.
And then SimPlace.
Is that how I, or Sim, yeah, place.
SimPlace, but didn't you miss one?
Hmm.
I don't think I did.
Did you miss Santa Was?
Oh, I did skip over there.
The Santa OS 6-1?
Yeah.
It cracks me up.
Santa OS 4 days after Debian,
I mean, 4 days after Red Hat has released 6.2.
The Santa OS team is right on top of it
and releases 6.1.
They're lagging behind there.
A little bit, a little bit.
Wow.
Anyway, so that's interesting.
Santa OS is a good system, though,
and being a community-based releases instead of...
And it's a development release, but that's okay.
Oh.
Sent us?
No, SimPlace.
SimPlace.
What did I say?
You said it was a regular release.
Let's...
Grab.
We're going to cut all that out.
I don't know.
You're going to work that out, but...
No, I don't know.
Maybe we'll just leave it in for...
For...
S&G.
The Distro of the Week,
according to DistroWatch,
calculated by website HitzPerday.
All right.
So, just before we talk about who's where...
I had a little clarification,
and apparently Matt knew this,
but their HitzPerday
is calculated on the DistroWatch's page.
Not the actual distributions page.
Right, because how would DistroWatch know
the HitzPerday on the Distributions page?
Right, I can't.
I thought maybe they were getting some kind of
you know, the stats from the Distributions.
Oh, yeah, yeah, yeah, yeah.
And a book, there's not going to inflate theirs
to never be number one alone.
So, no, no, it's...
It's only based on the ones they can actually count,
which are the HitzPerday of their page.
Of their page.
All right, so...
But if you're going to DistroWatch first,
and then say, oh, wow, let me check out CentOS
or whatever,
then you would land on the DistroWatch webpage for CentOS.
And then you would say, well, wait a minute,
this isn't CentOS.
And then, but there's a link on that page,
two CentOS.
So, it's almost a guarantee that
anybody clicking to the DistroWatch webpage
is then clicking through to the actual distributions webpage.
Sure.
Would be my guess.
Yeah.
So, number five this week is Debian
with 1367 Hitz.
And Fedora has the number four spot with 1427.
Ultimate with the new release of...
with Hitz of 1744 or 42.
You've bunded two with number two
at 1977 and Matt.
And then at number one,
we've got that minty goodness
with the blowaway number of 4115.
Holy cow.
And that's all I have for Distro's this week.
We had a lot of releases.
But interesting ones.
Sure.
Turnkey is pretty cool.
Yeah, I'm going to have to check that turnkey out.
That's pretty sweet 15 minutes to a website.
Instead of three hours just to get freaking a patchy running.
So, I don't know if they have those images on your...
No, they don't.
Your service.
But I definitely do know they're on the Amazon EC2.
But I have to look at that Amazon EC2.
From what I understand,
it's actually getting more affordable.
Yeah.
Well, they have the free version where you can use it for a year.
And it's like 768K or Mega Ram
with no hard drive space.
So, you're going to have to pay whatever for hard drive space.
Or maybe up to 15 gigs of space.
And then,
or 10 gigs, something like that.
With a single core CPU.
And then if you need it to crank it up for specific times,
it's like that's what we use for the MD log.
Yes.
On the weekends.
Crank it up.
And that doesn't cost that much to crank it up for just a repeated time.
No, for five hours it was, it's like two and a half dollars.
I don't know.
We were looking at it and last month,
last week or something,
Amazon charged just $5,35.
Yeah, last month.
So...
Is that what Mike replied?
Yeah, yeah, yeah, because there's a problem with the club's credit card.
It's coming out of the wrong account.
That's why we were looking at it.
Yeah.
They said this really doesn't belong in the show.
So...
Yeah.
So, that's what we have for distributors.
It's time for the tech news of the week.
All right.
Hey, thanks for that.
Now, we have Jay Query tells the real story about the plug-in site.
Or why you should have a backup more recent than a year old.
Jay Query plug-in site developers have finally told the real story in a blog posting.
The plug-in site went down about a week ago with just this message.
The plug-in site is currently unavailable.
We've been looking to provide a higher quality,
spam-free experience at the plug-in site for some time.
And we have decided to temporarily shut out the existing site.
We will be providing more details on the new plug-in site soon,
so that plug-in authors can hit the ground running with our new submission process.
Well, what really happened was in an attempt to clean up the spam using
Drupal Views Bolt Operations.
All of the plug-ins were deleted.
Oh, no.
And the only backup was a year old.
No way.
Yes.
What do we learn from this?
We learn backup more recent than a year and keep it somewhere.
Yes, often.
Yes.
The developers asked for forgiveness and some help in developing a completely new
plug-in site.
The plug-in site heated renovations for quite some time due to the spam issue
and because of how plug-ins were managed through the CMS that was cluttered and awkward.
They were planning on replacing the site when events caused an immediate need.
Yeah, they'd already been planning on replacing the site,
but then they kind of really screwed up and had to replace it right away.
How can you run a server and not run back up?
I don't know.
Yeah, and when I say events, I mean the accidental deletion and lack of a backup that was
the impetus to move to those plans of action.
The jQuery plug-in developers should...
No.
Jay, this is what the developers or the website guys are saying to the jQuery plug-in developers
is that you should create a GitHub presence, even if you just mirror your existing source code
management and then the new site that's being developed on GitHub, it's going to be at GitHub.
.com slash jQuery slash plug-ins.jQuery.com.
And there is currently no date for its launch.
Nice.
Now onto a bit of nastiness in the open source stuff that's going on out there.
Download.com was accused of wrapping NMAP in a Trojan installer.
Ooh.
NMAP author says CBS Interactive and CNUTSDownload.com are wrapping the open source
application in a proprietary installer. In the past, they have never altered the application
downloads they serve up. They have been changing that over the last six months.
Gordon, Fyodor Lyon.
Fyodor is his online handle.
Lays out his issues in a posting to the NMAP hackers mailing list.
He claims the installer does things like install the start now toolbar,
makes Bing the default search engine, and sets the user's home page to MSN.
Obviously, this is for the Microsoft NMAP download.
Right.
So, because if you're running Linux, it's in your repositories, and it would just be an apt-get
install NMAP away.
Yeah.
Well, I wonder what they're bending to the pressures of their users.
Yeah, this is.
Well, let's read on for what else is.
So, this is how a Trojan installer function.
If the installer is separated from the download and sent the virus total,
it shows that 10 of the 42 scanners they run it against,
identify it as a Trojan or AdWare installer.
Jeez.
Also, the NMAP trademark is displayed next to offers to install software
as if the NMAP organization supports these products.
As NMAP is not under the plain GPL, but under an enhanced version,
that specifically prohibits aggregation into a proprietary executable installer.
Download.com initially claimed its scheme is simple for developers to opt out of.
The opt-out is not automatic, though.
Download.com says all opt-out requests are carefully reviewed on a case-by-case basis.
Not merely fairly not.
Yeah.
Ryan is looking for a US copyright attorney and wants to get the word out to
hundreds of users who use Download.com every week to download NMAP.
CBS is Download.com site has been called out for this type of behavior before.
In August, extreme tech claimed similar behavior with the media player VLC.
According to an FAQ from CBS, this installer software was rolled out in July.
Well, after the fecal matter hit the fan on this, Download.com backpedaled in a big way.
In a statement, Sean Murphy, the vice president and general manager of Download.com said,
the bundling of this software was a mistake on our part and we apologized to the user
and developer communities for the unrest it caused, then adding that they had
reviewed all open source files in our catalog to ensure none are being bundled.
Ryan posted an update stating that Microsoft had been in contact with them and claimed
they didn't know they were sponsoring CNET to Trojan open source software.
Microsoft also stated that they had stopped the practice, which seems a little odd since they
said they were unaware that it was happening in the first place.
So now the Download.com installer changed to install the babel on toolbar, which did
different search engine redirection. And then CNET later removed that and is now installing
its own tech tracker tool for uploading, for updating downloaded software.
However, they are also restoring the direct download link which allows users to download files
without out having to download the download manager.
Who knows if these changes will call the controversy, the changes only affect open source software
and the proprietary freeware and trial software on Download.com will still have the download.com
installer packaging. A number of open source programs at Download.com still had an installer
wrapping them. There has been no general apology for bundling GPL software with closed source
installers from Download.com. So yeah, bit of nastiness from Download. And I used to use Download.com
all the time and I'll never get anything from them again though. I used it sparingly in the past,
not because I had something against them. It's just like there wasn't much on it that I actually
needed. But this definitely makes me not wanting to. I'm never going to go to your Download.com
again and I would I've always been the area of those installers that say no install this.
Well, and I haven't used it for a while. And because and when I always used to use it, that
that in Download Manager was always an option. But I would never use it. I'm like, I don't want
to need a Download Manager. I can manage my own downloads. Give me a break. And so I would just
always click on the direct download link. And I didn't even realize they'd taken that away.
That's how long it been since I've been there. Oh, yeah. I had to use a driver's guide this week
for that other operating system. And they they're doing the same thing now. They're wrapping all
the drivers in their own proprietary installer and an S and S to install these other things while
you unzip their drivers. Really? Yeah. Because I I've used driver's guide fairly heavily in the past.
I haven't used it in a while, but that's just crazy. And that was the place to go to get the the
drivers if you needed them for that other OS. Yeah. I know about five years ago. It was awesome.
You could get anything from there. You didn't have to sign up for it. And then for and then there's
a while they they're making you sign up. And now they're bundling all these other crap win with it.
I mean, I understand sites. There's administrative fees. Yeah. I don't know lately. I've been finding
because you know, it's not that my need for drivers is lessons, but I've been able to go to the
manufacturer's websites actually though and get them. Yeah, I generally go there. I've been able to go
to Dell's website or HP's website. Look up the model number and bam. They've got the drivers
right there. So yeah. And that's when it's when it's an OEM machine, then or whatever you want to
call it and you're a manufactured computer, then I always do that also because you that you know
they're and you know, because you know it's going to work with that hardware too. Exactly. But it's
when if you get a modem from a custom machine that you have to install a modem from this was five
years ago. But you have a modem. You have to install the drivers for it and it doesn't have a
manufacturer's ID on there at all. You have to like search the chip number. I've done that.
I have done that. So yeah. So then that's when you get into. Yeah. But think I do not do it with
Linux. That's right. It's all right there, baby. Yeah. On to our next story. Researchers at Google
have proposed a fix to the SSL dilemma. Did you even know there was an SSL dilemma? I heard
something about it. I was aware of the same problem for now. I was aware of an SSL dilemma because
we had talked about this SSL. SSL dilemma before. Google researchers Adam Langley and Ben
Laurie have proposed a new method for ensuring the trustworthiness of the public key infrastructure
underpinning HTTPS. Yeah. Now they're coming back. Yeah. Their idea is based on a public list of all
certificates ever issued by certificate authorities. The two problems with how the current system
works are. First, if an attacker can compromise any of the more than 100 certificate authorities
and acquire a certificate as Amazon.com and users would not be able to tell the fraudulent site
from the rear one. Second, the way the system currently works, Amazon would not be able to detect
the fraud either. Langley and Laurie believe that a public list would mitigate both problems.
Whenever a website offered up a certificate, the browser would check the supply certificate against
one of these public lists. If the browser did not find the certificate on any of the lists,
the site would be treated as untrusted. Companies would then be able to check these lists regularly
to locate any fraudulent certificates, which means that even if a criminal was able to obtain a
fake certificate, they could not use it effectively. Merkel's signature trees would be used to
maintain the integrity of the lists. The proposals might not be implemented, and if it is
no one knows what sort of time scale it would be on. Yeah, that's a pretty big change.
It takes a while. It's a huge change. But there's also other alternatives being proposed,
like Firefox's extension convergence. This is the one we talked about, that convergence thing,
which is being pursued by a security expert, Moxie Marlin spike.
But my question is, what is the problem with SSL again? Is it that- Well, because one of them
was compromised, one of the- I know, but with the- And being compromised, are they getting the
actual search from- Yeah, yeah, yeah. Some place in Iran was able to get- No, some place they were
getting searched. It was some place in Iran. The Iranian government says it wasn't us.
Was somebody just- Yeah, but you know, I ran the internet so locked down that yeah,
some little Joe Blow went out and did it. No, it was the Iranian government. And they actually
obtained certificates for eBay and things like that, and so that they could spoof those sites
could then be spoofed with HTTPS, and your browser wouldn't be able to tell, because it had a
certificate that was legit. But then how would this- if they have the search, the legit search,
then how- Because they compromised the certifier. So they replaced the- the search that's on
the certifier? No, they obtained a new search from the certifier that says this site is
ebay.com or whatever. Because I'm sure eBay- How would the-
And how would the search- Oh, so what- No, but they- they would had to add another
cert in for eBay. Right, they got a new cert. They got a new cert added into the current
certifier. Because they compromised that certifier. So when they obtained the
cert from that certifier, fraudulently, it just dropped right into that certifier's database.
No, that's what- That's my question is, if they obtain it, then there's no way to tell if they
have, you know, there's even another list wouldn't be able to tell you. But what an open list would
do would then ebay on a regular basis would have a crawler that crawled the lists. And then it would
say, what, that's not one of our server addresses. That cert's not legitimate. Oh, so it's on the- the
certified to go out and check on it. The- Currently, no, currently nobody can go check on it.
Right, but if in this new system it would be- the responsible would be on the certified group.
So like- Correct, to crawl the list regularly and make sure that nobody had to obtain.
Oh, it's in your own best interest to do that. Yeah, yeah. And ideally, if you have your own
web crawler, you could do it yourself, but- Yeah. So Google can do it. Oh, I and ebay can do it,
Amazon can do it. Yeah. And anybody who's big enough to- I wouldn't be able to- Yeah, you're not
paying thousands of dollars for a freaking cert either. Right. I'm personally using the self-generated
inserts for my HTTPS stuff, so- Yeah. And onto the next article- Androids Revenge on Apple's
iPhone and iPad. Could Apple be regretting its worldwide war on Android? A German court issued
a preliminary injunction on Motorola's behalf that prevents European sales of all Apple's 3G
enabled devices. Oh. Android power, Motorola mobility, soon to be a part of Google,
used a patent to thwart the competition. Apple has been using design and software patents in order
to attack Android worldwide, so I don't think this could have happened to a nicer company.
Regrettably, the patent being used method for performing a countdown function during a mobile
originated transfer for a packet radio system is an excellent example of brain-dead software
patents. It is almost as bad as Apple trying to block anybody from creating a rectangular phone
or tablet as it would infringe on their unique design. Jeez. They actually own that patent. No way.
Yeah. That's- That's any device. I mean, if it's not round- Yeah, then it's- Come on. The thing is,
like this- The thing- Like, things like this sadly are not unusual, but equate to a little more
than intellectual property IP blackmail. Just check out the US patent number 6,359,898,
and it's European Union equivalent, EP1010336B1, and then I think my copy and paste was crappy,
because now there's a question mark, which I don't believe was actually in the patent number,
and then 2003-03-19, which I'm assuming is the date that that was applied for. So- Yeah.
The first part is the patent number. You know, my first thought of this is Google's really
getting into that. They're going to be doing the same thing, but that's really the only way to stop
Apple from doing this against them. Exactly. You got to get a bigger hammer. And that was the whole
purpose of Google buying out Motorola Mobility. And I'll talk about that a little bit at the end too,
so- Alright, go ahead. At the end of the show or at the end of your article- At the end of this
article, they basically describe performing a countdown over a 3G connection, you know, like 10
seconds to complete your download, 3, 2, 1, download complete. That's obviously an original idea.
Right. So you say, why is it countdown mechanism so essential that a court would rule that Apple
would be in violation and unable to sell their products in Europe? Well, so does Apple,
which is why they have appealed using a fair, reasonable, and non-discriminary, which is known
as a fran defense. And then I have him brackets in my notes here. Tony, this is a link to a PDF
explains what a fran defense is. Please embed it. And then I big long link. We'll be on the show
notes. So this defense's core argument, basically, is that this feature is not an essential component
at the 3G mobile telephone. I, and I also assume you all, understand that, but the German court
wasn't going for it and issued the injection anyway. Well, it's the same thing that the
Apple's doing over here. So why? Exactly. So this will go on for a while in the court system
with suit and counter suit. And in the end, it will only delay the sale of Apple products in the EU.
But another side effect is that no matter where you buy your smartphone, it's going to cost you
more because these kind of court battles do not come cheap. I have a suggestion to all those
patent mongers and trolls. Hey, knock it off and just compete in the marketplace instead of the
courtroom. Exactly. So just build a better freaking mouse trap, man. People are going to buy the
better mouse trap. Let's stop locking shit up with silly ass crap. So that's my opinion on that.
Take it for what it's worth. I agree. Now, this is this whole thing is going out of control and
somebody big has to come up against it. Now, you know, Barnes Noble started that. Yeah. And you know,
and you know what? Well, I don't know that Google's actually, because Motorola is doing it.
And more Google hasn't actually bought Motorola yet. The purchase is in the process. And that's
what one thing else too. It really pisses me off about this. And I want to take Google to task on
this is they've let all these manufacturers of Android phones out there totally flounder and
be at the mercy of Microsoft and sign all these Microsoft agreements because they've been gigantic
pussies and not come to the defense of these Android phone manufacturers. Okay. I understand that
Microsoft is going after the manufacturers because they're an easier target than to go after the
actual creator of Android, which is Google. Okay. But Google, come on. They're suing these
manufacturers for using your product. Let's step it up here a little bit.
If Google would have helped out these manufacturers when this whole Microsoft crap started
happening with Android, it would all be over and done with by now. But Google totally dropped the
ball on it. And we're just giant pussies and not taking this fight to the to the mat. So yeah.
Anyway, that again is just my opinion. And on to the last story I have for today. It's not
really a news article, but it's about a new distro that came out. It's not a new distro, but they
had a new release and I was looking around and I found that it's pretty good and it's get top
quality open source security tools in one distro. If you could have just one toolkit for network
security, which one would you choose? I mean the one toolkit that had all of the functionality
you needed for securing, analyzing, monitoring, and validating your network. Would it be Backtrack?
Would it be Deft or Helix? Well, I've used two of those and I have found the distro that I think
kicks their ass. After you have checked out network security toolkit and ST, I believe you will
also you will choose it also. This live DVD is based on Fedora. NST was designed to bring you
easy access to the best open source network security applications. It should run on most
any x86 or x86 64 platform. The intent of this distribution is to provide network security
administrators with a complete set of tools. Most of the tools in insecure.org's top 100 security
tools are in this kit. An advanced web user interface is provided for system administrators,
navigation, automation, geolocation, and configuration for many of the network and security
applications in the distribution. They've created basically a web UI to help you use these tools.
Awesome. So yeah, it's really nice because I have actually used Backtrack quite a bit and Deft a
little bit and you have to understand how each tool works and be able to use each tool individually
in those other distributions. What I liked about NST was this web UI which gives you one web-based
interface to use these tools. It was really nice. That is awesome. And some of the tools that it
comes with, and I have a long list of my show notes that will be on the website, but I'm only
going to mention a couple. It comes with AirCRAC and G, it comes with AirSnort, it comes with Bandwidth
D, which tracks network uses and builds HTML and graphs. Then it comes with Check DNS, DNS SNF,
Ether-Ape, Greenbone Security Assistant, which is a web-based interface to the open vulnerability
assessment scanner. So it makes using that tool much easier because if anybody ever even looked at
that tool, it's a nightmare. And then it also comes with Kismet and WireShark.
Installing NST is as simple and easy as enter today. After downloading the DVD image,
burn it out to a disk then pop it in and boot up. You can choose to either boot into a console
or a graphical mode. I recommend the graphical mode even though it is Genome 3. If your hardware
will not support Genome 3, you can opt to fall back on Classic Genome. After boot up, you will see
the default live installer. Enter the password NST2003 and let the desktop load. Once the desktop is
fully loaded, you can either take it for a test drive or jump right into the install. In order to
install it, you have to go to applications, system tools, install NST to hard drive.
Way to make it easy. Yep. If you have installed any Linux distribution before,
you will find no surprises here. When the installation is complete or the live version is up
and running, you can start experimenting with the tools. There are hundreds of available tools
here to help you monitor, secure, analyze and do practically anything else on your network.
Yeah, I thought it was awesome. I didn't get to play with it for very long. I played with it for
a couple of minutes and I thought it was a really... I actually had a laptop that had Backtrack
installed on it. I was installing Backtrack before Backtrack had an installer. When you just had
to basically DD to your hard drive and there were no updates and it was a mess. So I've used Backtrack
a lot and I really liked it but I'm telling you, I like this NST a lot better. Yeah, this
sounds awesome. There's a lot of the tools I heard of, some I haven't heard of and this looks
like a great system. Yeah. I definitely want to do it. This would be awesome to run as a VM
in your existing network or just throw another machine on the network. Sure.
Yeah. Are you going to put that in where you work? I plan on putting it in at one clients because
I have an extra machine that I can use as a server for it. Not every client has something that I
can just throw something on. But yeah, I've got a client where I'm going to install this I think
and just check it out pretty hard. Sweet. So I've got a couple articles this week. One is a hot
article I've heard three different podcasts talking about it this week and it's the Carrier IQ
thing. If you haven't heard about it, it's Carrier IQ is a company that has software on just about
every phone, a smartphone out there. Every Android phone. Android, Mac, Blackberry, they have
is Carrier IQs on all of them. Now Mac has said, oh, wait a minute, we're going to take it off
on the next release. No, no, no, on iPhones and if you go and read the actual website, it says this
there too on the one that exposed it. On iPhones, it's turned off. It's not turned on. If you turn on
debugging, then it comes on. Okay. But if you're just using the phone, normally it's turned off.
Yeah. So basically what we're getting at is Carrier IQ has this program on there that allows
carriers to figure out what went wrong on your phone and try to fix it. The problem with that is
it has the capability to record every single thing you do on your phone and then report it back
in a log. And there's been some debate on how much it actually does this and how much it doesn't.
One person I heard, they're saying that it just records what you type into the search bar.
Right. Well, somebody else says it just records what you punch numbers in on your phone.
Well, it depends. Carrier IQ actually has said that it records every keystroke. But the
Carrier IQ log itself is not plain text and not readily available to even if you have your
phone rooted and it's not plain text. The problem was they found a plain text log that also had
every keystroke captured on the phone. And Carrier IQ said that that was a modification that HTC
made. HTC did that? Yes. Not it was not part of the original Carrier IQ program. So it all
depends on the smartphone you're using to and what modifications they have made to it. Yeah.
So a lot of the, the one of the podcasts on the Twitter network, I think it was Twitter,
they were talking about it. And it made it sound, at first made it sound like it was all Android
and Android's horrible and they were saying, but then they went on to say that this is only on
Carriers. The carriers are putting this on the phone. Correct.
Not Android. Correct. It's not part of Android. It's an application that the carriers are adding
because like the one website, which is actually a university that does it, they tested like
3,557 phones or something like that from worldwide vendors. Okay. And they only found that on
phones that were distributed in the US, Canada and Puerto Rico. And they only found that on 42
phones. Oh, wow. So yeah, it's a lot smaller than what it was the first report exactly.
Yeah. So one carrier in the US that is not using it is T-Mobile. That's what I heard.
Although with the pending bio or that's actually been just, yeah, that's never going to,
AT&T's never going to be allowed to buy T-Mobile. So yeah. All your T-Mobile out there that
were waiting for it to happen. Forget about it. Forget about it.
Yeah. So that sounds interesting. Although it looks like the two class action lawsuits are still
going on or did you hear anything? I have not heard about any class action lawsuits. So this is.
Yeah. That's why on RS Technica, they have an article talking about that. And it's in the show
notes. So check it out. Also, the SFLC asked the congress. Oh, I thought I was going to get that
right. And apparently not. The software freedom law center has filed a request with the US Library
Congress for a DMCA exception that would allow users to freely decide what software they can install
and uninstall on the devices they owned. So this is the DMCA exception is something that I
did not look up for some reason. I mean, I looked up some information. But basically, it goes back
to the UEIF, or UEFI Secure Boot Setup. And so they're trying to say, wait a minute,
you know, we got to have this exception to allow people to install what they want. We can't just
lock out all of these devices from people installing programs. So this is a, this looks like a good
thing. Anything that's going to shut that UEFI shutdown for, or at least give it an off, give
the end user an off switch for it. Yeah. Come on. I mean, I bought the hardware. I should be able to do
what I want with the hardware. So go get them software freedom law center. Yeah, let's go for it.
Awesome. Arduino 1.0 is the released. A long time coming, this release brings a small but
important change to the to clean up the Arduino environment and language. Am I saying that right?
Yeah, adding lots of features of additional what we get halfway through a show and my brain just
melts down. You're only good for 45 minutes. Apparently, maybe I need a second coffee. Basically,
I was telling you, one of our first shows, we were talking about little hardware devices that were
like open hardware. Right. And I had said that there wasn't a Ubuntu or a Linux development
software for Arduino. And but they released 1.0. Apparently, the people I was talking to didn't know
about it. Yeah, because well, they said they only released it on 11 30. So it wasn't. Yeah,
that's long ago. It was like two weeks ago. Yeah, so that's that looks exciting because
a lot of hackers are going to be wanting to use these little devices. Now they can use Linux with
a stable release for their development for that. So it looks exciting. And then also we have the
gnome show extensions. They have a website that's opened up or launched. This actually launched
before last week's show. And I forgot to talk about it. Didn't get my notes and just skip my mind.
It only works in Firefox, presently. So it's the website only works in Firefox. That's what it says.
I don't know what to do if that is. And perhaps in the last week, they fixed it. I mean, it comes up
in Chrome. But apparently there's some parts of it that doesn't work. And I don't know why
that's saying that, but check it out. So you can get there right now. And it's an HTTPS website
for those of you that are interested in it. At least they have an HTTPS version running because
that's where I went. It took me that to that one. The link I clicked. And I don't know. It looks
like it's, I mean, I can click on stuff and it opens. And I do get a warning that says you do not
appear to have an up to date version of gnome three. So you won't be able to install these extensions
because I'm currently running LXDE. It's my desktop. So yeah. So they're warning me that this site's
really useless for me. But yeah, yeah, I get that same warning too because I'm using unity.
But it's got to be working because if it wasn't working, you wouldn't get that warning.
Right. Well, maybe I wonder if it's like the installer part that you click and install.
Oh, that only works in the Firefox. I don't know. But in Chrome, the website obviously comes up
in as working. So yeah, well, people should just use standards. I agree. Even if it's HTML5,
that isn't like an actual standard yet. Yeah, it's close enough. But yeah, it's close enough.
And there's browsers out there that support it. Every browser supports it. Every major browser
is currently supports HTML5. They're latest features. Including the, I should have to say it, i.e.
But not eight. You have to get nine, right? No, eight supports it. Oh, does it? Yep. Okay.
Yeah, so that's my articles for the week. We, I worked the entire week on setting up a
new laptop for us. That's hopefully doing this recording as we speak. And we won't have to do this show
a second time. It looks like it hasn't crashed yet. But I'm having a video problem on it.
And I'm having a hard time getting xorg.com file created because the problem of the video is it's a
Dell C810. And the monitor on it isn't being recognized by x. So it just throws out some random,
not random, even if you drop it down to like the VESA, VESA won't. Yeah, no, it's, I have to put in a
kernel mod to, or kernel, yeah, my, no, what is it called? A kernel module? No, it's at boot like
in grub. You have to type in no mode set. Oh, whatever. And you know, it's a kernel option.
Yes. And then, and then if we get x running, it's fine. Otherwise, the screen just goes white.
You can make that permanent, you know, so you don't have to stop the boot process every time.
I did do that. Yeah. I found the file for grub to and go in and the defaults and say,
now put this on every kernel. So that's doing it now, but currently, so we got a 1024x768 screen,
which I'm happy to live with that, except for this laptop puts it, it does not stretch the whole
screen to 1024x768. It just puts whatever pixels are 1024 in the middle. And then, so it's only
using like half the screen. Yeah, not even half. We have a 1024x768 little square in the center of
this monitor, which I find rather amusing because Tony's the one that has to use it.
It's a 15 inch monitor on this laptop, which I'm actually looking at about a 12 inch monitor.
No, it's not even 12 inches, Tony. It's like, it's like eight. It's like, it's the screen of a tablet.
I think. And I'm like, man, I gotta use this thing because it's awesome. It has a huge screen
and look what I'm looking at. So if anybody has, it's like trying to, it's trying to record and edit
the podcast on your cell phone. Exactly. So email me and tell me what I can do to get one created.
I've tried a couple different commands. There's a crap. I'll put them in the show notes or
something. I can't because it, or you know, I've got them on the, let me see if I can open
this laptop and check it out. It's recording now. So open doesn't crash the recording while I do this.
So xRander has an option where you can type it in and it will,
it'll give you the mode line that you can stick in. But I don't know where to put that in
in the xorg file. And the mode line tells you all the specs on, on the monitor. I think you just
put it in the, in the, in the beginning of the xorg.com file and you'll be fine. Okay. And then
you can do like x, xorg space, dash dash configure. And that will actually create an xorg file.
But then it doesn't put in the right drivers or, and then when I try to use that file,
the x just crashes. So I don't know what I'm doing wrong. And I've edited xorg files
between the past and they've worked great. But for on this, I've done that too. Like we're
ahead problems with, with getting a good xorg.com file. I would do things like throwing
nop Xedian, where xorg work perfectly. And then just copy out that their xorg.com file,
you know, to like a thumb drive and then boot back into the other system and copy and paste that
into the other system and then WAMO BAMO. Maybe I should go back. Maybe I should go back older,
because I tried to nop, you went to 910 disk. Maybe I need to go back to like, you went to 6.
Or whatever, when they started their life CDs or a nop Xedian and maybe get the xorg
conf off of that. But the only thing I'm worried about is, you know, xorg has changed their
standards over the years. Right, right. So if I throw an old file in there, is that xorg,
oldxorg.com file actually going to work. Right. Anyway, if you have any thoughts, email me
Tony at smlr.us or shows or show, I'm sorry, it's show at smlr.us and they'll come to us.
We currently have no user feedback for the week. So apparently people like to listen to us,
but they don't like to talk to us. That's fine. I'm just happy people are downloading and listening.
Yep. Keep it up. So, Matt, you said, or we'll come to your house and kill your puppies. Tony,
edit that out. And Matt, you said you looked at the stats this morning? I did. And they're looking
pretty good actually. We have a total downloads of 1,584 with 413 in December alone.
So, yeah, it's kind of our last show, which was 008. We had 59 MP3 downloads and 8 ogg. So,
for some reason, freedom haters are really beaten the freedom lovers. So, oh, no. Freedom haters.
Hey, we are music for this week. It's going to be by bread sucks and it's not because he sucks.
That's not that's his real name. Right. He's actually. I love his music and Tony hopes you
will. I didn't I haven't decided on which song we're going to play, but it's by him.
It'll be in the show notes. All right. Check out the show notes and it'll be there. All right.
That's all I have, Tony. Sounds good. Have a good week. See y'all.
You've been listening to the Sunday Morning Linux review. This has been Episode 9 for the week of
December 11th, 2011. Featured Music of the Week.
Don't say that I'm a nice assistant. It's such a nice day. Be on the next day. Don't
say that I'm a nice assistant. I'm a nice assistant. I'm a nice assistant.
Did you?
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited
Feelin' so excited, it's the best thing I've ever felt For you know, feelin' so excited