You are here

thinktime

OpenSTEM: Gravitational waves have been detected, Einstein was right | Science Alert

Planet Linux Australia - 3 hours 57 min ago

http://www.sciencealert.com/live-update-big-gravitational-wave-announcement-is-happening-right-now

After 100 years of searching, an international team of physicists has confirmed the existence of Einstein’s gravitational waves, marking one of the biggest astrophysical discoveries of the past century. It’s a huge deal, because it not only improves our understanding of how the Universe works, it also opens up a whole new way of studying it.

Categories: thinktime

Craige McWhirter: LCA2016 Revisited - Fuzz all the things

Planet Linux Australia - 5 hours 37 min ago

I actually saw this talk by Erik de Castro Lopo but didn't write about it as I arrived late and ended up sitting within arm's reach of the lectern... that and to be honest it's taken me this second viewing for it to sink in anyway.

With focus a on C / C++ Erik used his experiences with libsndfile and FLAC to provide examples of fuzzing.

The fuzzing technique provides:

  • A method to test a program with random input.
  • Provide a great leap forward in effectiveness.
  • Allows you to find bugs before they're reported.
  • Recommends AFL (American Fuzzy Lop)
  • Spends some time walking through how AFL works and how to use it.
  • Walked through sanitizers.
  • Provides a demo you can clone from git and use.
  • Covered the pro and cons rather extensively.
  • Took a walk through some SSH code as example of code not designed to be fuzzed and to underscore coding with fuzzing in mind from the start.
  • Provided a live demo and other cases.

An excellent talk, well worth watching if this is your field of endeavour.

Categories: thinktime

Milton Glaser's rule

Seth Godin - Thu 11th Feb 2016 21:02
There are few illustrators who have a more recognizable look (and a longer productive career) than Milton Glaser. Here's the thing: When he started out, he wasn't THE Milton Glaser. He was some guy hoping for work. The rule, then,...        Seth Godin
Categories: thinktime

Craige McWhirter: LCA2016 Revisited - Using Linux features to make a hacker's life hard

Planet Linux Australia - Thu 11th Feb 2016 09:02

This talk by Kayne Naughton was the most talked about talk that I did not see while at LCA2016 in Geelong, so naturally it's the first talk I've watched revisiting the conference.

The allotted 40 minutes was clearly not long enough for Kayne to delve into his obviously deep knowledge of security in general and specifically the Linux space.

What resulted was a faced passed, informative, insightful and humorous take on Linux security, how to do it properly and how to effectively deter most would be hackers.

There's some genuine laugh-out-loud moments and plenty of 'oh's as Kayne drops the penny for us more than once.

A great talk that lived up to it's at-conference reputation.

Categories: thinktime

At the edges, it all falls apart

Seth Godin - Wed 10th Feb 2016 21:02
Extremism is rarely the thing we need. Absolutes let us off the hook, because they demand not to be negotiated. But absolutes usually bump into special cases that are truly hard to ignore. The good middles, the difficult compromises that...        Seth Godin
Categories: thinktime

The Leadership Workshop—one more time

Seth Godin - Wed 10th Feb 2016 04:02
Several weeks ago, we launched an experimental new form of seminar, an online sprint that ran entirely in a Slack room. As far as I can tell, this has never been tried before, but the 600 people who attended figured...        Seth Godin
Categories: thinktime

Pattern recognition is not the same as pattern matching

Seth Godin - Tue 09th Feb 2016 21:02
Pattern recognition is a priceless skill that comes with practice, with the experience of noticing. Noticing what works, what you've seen before, what might not work. Because pattern recognition is so valuable, some people have erroneously concluded that the way...        Seth Godin
Categories: thinktime

This week's sponsor: BUGHERD

a list apart - Mon 08th Feb 2016 23:02

BUGHERD. It’s like sticky notes for a website. Just point, click and send to create visual bug reports. Check out Bugherd.com

Categories: thinktime

Michael Still: Adolf Hitler: My Part in His Downfall

Planet Linux Australia - Mon 08th Feb 2016 21:02






ISBN: 9780241958094

LibraryThing

This is another book I read as a teenager and decided to re-read. Frankly, its great. Confused teenager signs up for the British Army (or is conscripted, its not totally clear) and ends up as an artillery gunner. Has hilarious adventures while managing to still be a scrawny nerd. I loved it. A light hearted look at a difficult topic.



Tags for this post: book spike_milligan combat ww2 biography

Related posts: Cryptonomicon; The Man in the Rubber Mask; Skimpy; The Crossroad; Don't Tell Mum I Work On The Rigs; Some Girls: My Life in a Harem Comment Recommend a book
Categories: thinktime

Audience participation

Seth Godin - Mon 08th Feb 2016 20:02
The way we engage with the humans who make stuff directly influences what we receive. Arms folded with a scowl on our face and skepticism on our minds… we get what we deserve. It’s up to us. Just about everything...        Seth Godin
Categories: thinktime

Michael Still: Halo: The Flood

Planet Linux Australia - Mon 08th Feb 2016 20:02






ISBN: 076532833X

LibraryThing

The reviews online for this book aren't great, and frankly they're right. The plot is predictable, and there isn't much character development. Just lots and lots of blow-by-blow combat. It gets wearing after a while, and I found this book at bit of a slog. Not recommended.



Tags for this post: book william_c_dietz combat halo engineered_human cranial_computer personal_ai aliens

Related posts: Halo: The Fall of Reach; The Last Colony ; The End of All Things; The Human Division; Old Man's War ; The Ghost Brigades Comment Recommend a book
Categories: thinktime

Stewart Smith: My linux.conf.au 2016 talk “Adventures in OpenPower Firmware” is up!

Planet Linux Australia - Mon 08th Feb 2016 15:02

Thanks to the absolutely amazing efforts of the LCA video team, they’ve already (only a few days after I gave it) got the video from my linux.conf.au 2016 talk up!

Abstract

In mid 2014, IBM released the first POWER8 based systems with the new Free and Open Source OPAL firmware. Since then, several members of the OpenPower foundation have produced (or are currently producing) machines based on the POWER8 processor with the OPAL firmware.

This talk will cover the POWER8 chip with an open source firmware stack and how it all fits together.

We will walk through all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system.

We’ll delve into:

– the time before you have RAM

– the time before you have thermal management

– the time before you have PCI

– runtime processor diagnostics and repair

– the bootloader (and extending it)

– building and flashing your own firmware

– using a simulator instead

– the firmware interface that Linux talks to

– device tree and OPAL calls

– fun in firmware QA and testing

View

Youtube: https://www.youtube.com/watch?v=a4XGvssR-ag

Download (webm): http://mirror.linux.org.au/linux.conf.au/2016/03_Wednesday/Costa_Hall/Adventures_in_OpenPower_Firmware.webm

Categories: thinktime

Craige McWhirter: Dipping My Toe Into Federated Social Media

Planet Linux Australia - Mon 08th Feb 2016 09:02

I've started dipping my toe into federated social media. During LCA2016 I stood up an instance of GNUSocial. You can find it here social.mcwhirter.io and if you're already in the federated social media universe, you can reach me as craige@social.mcwhirter.io.

Categories: thinktime

"I", "We" and "You"

Seth Godin - Sun 07th Feb 2016 20:02
One of the most profound ways to change your posture and the way you and your organization interact with customers and partners is to change your pronouns. Instead of saying "I" when you're ready to take credit, try "we." Instead...        Seth Godin
Categories: thinktime

Peter Lieverdink: Social! Space! Western Australia!

Planet Linux Australia - Sun 07th Feb 2016 20:02

A few weeks ago I noticed a retweet by ESA, asking for expression of interest from space enthusiasts to attend and social-media (verb) the inauguration of a new antenna at their New Norcia deep spacetracking site in Western Australia.

That site is used to communicate with deep space missions such as Rosetta and Gaia.

After some um-ing and ah-ing, I decided to apply. After all, when I'm on holiday elsewhere I try to visit observatories and other space related things and am always a bit disappointed when a fence keeps me at a distance.

Last week I got an email with the the happy news that I was one of the fifteen lucky people selected to attend!

 

So, over the next week you'll probably see a lot of space tweets from me with impressive radio hardware, behind the scenes looks at things, and a lot of excited people.

You can read more about #SocialSpaceWA on the ESA Social Space blog.

 

Tags: spaceSocialSpaceWAESAdeep spaceastronomy
Categories: thinktime

What investors want

Seth Godin - Sat 06th Feb 2016 21:02
They want you to put the money to use building an asset, something that works better and better over time, something that makes your project more profitable and more efficient. And they want you to use that asset to create...        Seth Godin
Categories: thinktime

Chris Neugebauer: linux.conf.au 2017 is coming to Hobart

Planet Linux Australia - Sat 06th Feb 2016 15:02

Yesterday at linux.conf.au 2016 in Geelong, I had the privilege of being able to introduce our plans for linux.conf.au 2017, which my team and I are bringing to Hobart next year. We’ll be sharing more with you over the coming weeks and months, but until then, here’s some stuff you might like to know:

The Dates

16–20 January 2017.

The Venue

We’re hosting at the Wrest Point Convention Centre. I was involved in the organisation of PyCon Australia 2012 and 2013, which used Wrest Point, and I’m very confident that they deeply understand the needs of our community. Working out of a Convention Centre will reduce the amount of work we need to do as a team to organise the main part of the conference, and will let us focus on delivering an even better social programme for you.

We’ll have preferred rates at the adjoining hotels, which we’ll make available to attendees closer to the conference. We will also have the University of Tasmania apartments available, if you’d rather stay at somewhere more affordable. The apartments are modern, have great common spaces, and were super-popular back when lca2009 was in Hobart.

The Theme

Our theme for linux.conf.au 2017 is The Future of Open Source. LCA has a long history as a place where people come to learn from people who actually build the world of Free and Open Source Software. We want to encourage presenters to share with us where we think their projects are heading over the coming years. These thoughts could be deeply technical: presenting emerging Open Source technology, or features of existing projects that are about to become part of every sysadmin’s toolbox.

Thinking about the future, though, also means thinking about where our community is going. Open Source has become massively successful in much of the world, but is this success making us become complacent in other areas? Are we working to meet the needs of end-users? How can we make sure we don’t completely miss the boat on Mobile platforms? LCA gets the best minds in Free Software to gather every year. Next year, we’ll be using that opportunity to help see where our world is heading.

 

So, that’s where our team has got so far. Hopefully you’re as excited to attend our conference as we are to put it on. We’ll be telling you more about it real soon now. In the meantime, why not visit lca2017.org and find out more about the city, or sign up to the linux.conf.au announcements list, so that you can find out more about the conference as we announce it!

Categories: thinktime

"There's no need for alarm"

Seth Godin - Fri 05th Feb 2016 20:02
Alarm is overrated. People say, "there's no need for alarm," as if that rule only applies right now, as if sometimes, there is a need for alarm. It turns out that there's never a need for alarm, because alarm doesn't...        Seth Godin
Categories: thinktime

Simon Lyall: Linux.conf.au 2016 – Friday – Session 3

Planet Linux Australia - Fri 05th Feb 2016 16:02

Lighting talks

  • New Zealand Open Source Society
    • nzoss.org.nz
  • LCA 2015 give-aways of ARM chromebooks
    • Linux on ARM chellenge
    • github/steven-ellis
  • Call to Arms
    • x86 != Linux
    • Please consider other archetectures
  • StackPtr
    • Open Source GPS and MAP sharing
    • Android client and IOS to come
    • Create a group, Add placemaps, Share location with a group
    • Also run OpenStreetmaps tileserver
    • stackptr.com/registration  – Invite code LCA2016
  • Hat Rack
    • code is in githug, but what about everything else?
    • How to ack stuff that isn’t code?
    • bit.do/LABHR    #LABHR
    • Recommend people, especially people not like you
    • github.com/LABHR/octohatrack
  • Pycon
    • Melbourne 12-16 August
    • DjangoCon Au, Science and Data Miniconf, Python in Education plus more on 1st day
    • CPF open in mid-March
    • Financial assistence programme
    • pycon-au.org
  • Kiwi PyCon
    • 2016 in dunedin
    • Town Hall
    • 9-11 September
    • kiwi.pycon.org
  • GovHack
    • Have fun
    • Open up the government data
    • 29-31 July across Aus and NZ
  • JMAP: a better way to email
    • Lots of email standards, all aweful
    • $Company API
    • json over https
    • Single API for email/cal/contacts
    • Mobile/battery/network friendly
    • Working now at fastmail
    • Support friendly (only uses http, just one port for everything).
    • Batches commands, uses OOB notification
    • Effecient
    • Upgrade path – JMAP proxy
    • http://jmap.io  , https://proxy.jmap.io/
  • Tools
    • “Devops is just a name for a Sysadmin without any experience”
    • Lets get back to unix principals with tools
  • Machine Learning Demo
  • Filk of technical – Lied about being technical/gadget type.
  • ChaosKey
    • Randomness at 1MB/s
    • Copied from OneRNG
    • 4x4mm QFN package attached to USB key
    • Driver in Linux 4.1 (good in 4.3)
    • Just works!
    • Building up smaller batches to test
    • Hoping around $30

 

Share

Categories: thinktime

Simon Lyall: Linux.conf.au 2016 – Friday – Session 2

Planet Linux Australia - Fri 05th Feb 2016 14:02

Free as in cheap gadgets: the ESP8266 by Angus Gratton

  • I missed the start of the talk but he was giving a history of the release and getting software support for it.
  • Arduino for ESP8266 very popular
  • 2015-2016 maturing
  • Lots of development boards
    • Sparkfun ESP8266 thing, Adafruid Hazaah, WeMOS D1
  • Common Projects
    • Lots of lighting projects, addressable LED strips
    • Wireless power monitoing projects
    • Copy of common projects. Smoke alarm project
    • ESPlant – speakers project built in Open Hardware Miniconf – solar powered gardening sensor
    • Moodlight kickstarter
  • Shortcomings
    • Not a lot of documentation compared to other micro-controllers. 1/10 that of similar products
    • Weird hardware behaviour. Unusual output
    • Default baud rate 74880 bps
    • Bad TLS – TLS v1.0, 1.1 only , RSA 512/1024 . 2048 might work
    • Other examples
  • FOSS in ESP8266
    • GCC , Lua , Arduino, Micro Python
    • axTLS , LWIP, max80211, wpa_supplicant
    • Wrapped APIs, almost no source, mostly missing attribution
    • Weird licenses on stuff
  • Does this source matter?
    • Anecdote: TLS random key same every time due to bad random function (later fixed). But still didn’t initially use the built-in random number generator.
  • Reverse Engineering
    • Wiki , Tools: foogod/xtobjdis , ScratchABit , radara2 (soon)
    • esp-open-rtos – based on the old version that was under MIT
    • mbedTLS – TLS 1.2 (and older) , RSA to 4096 and other stuff. Audited and maintained
    • Working on a testing setup for regression tests
  • For beginners
    • Start with Ardino
    • Look at dev board
  • Future
    • Hopefully other companies will see success and will bring their own products out
    • but with a more open licenses
    • ESP32 is coming, probably 1y away from being good and ready

secretd – another take on securely storing credentials by Tollef Fog Heen

  • Works for fastly
  • What is the problem?
    • Code can be secret
    • Configuration can be secret
    • Credentials are secret
  • Secrets start in the following and move to the next..
    • directly code
    • then a configuration file
    • then an pre-encrypted store
    • then an online store
  • Problems with stores
    • Complex or insecure
    • Manual work to re-encrypt
    • Updating is hard
    • Not support for dev/prod split
  • Requirements for a fix
    • Dynamic environment support
    • Central storage
    • Policy based access controls, live
    • APIs for updating
  • Use Case
    • Hardware (re)bootstrapping
    • Hands-of/live handling
    • PCI: auditing
    • Machine might have no persistent storage
  • Options
    • pwstore – pre-encrypted
    • chef-vault – pre-encrypted
    • Hashicorp Vault – distributed, complex, TTL on secrets
    • etcd – x509
  • Secretd
    • go
    • SQL
    • ssh
    • tree structure, keys are just strings
    • positive ACLs
    • PostgressSQL backend
    • Apache Licensed
  • Client -> json over ssh -> secret-shell -> unix socket ->  secretd -> postgressSQL
  • Missing
    • Encrypting secrets on disk
    • Admin tools/other UIs
    • Auditing
    • Tool integration
    • Enrolment key support
  • Demo
  • Questions:
    • Why not sqlite? – Cause  I wanted at database. Postgres more directly supported the data structure I wanted, also type support
    • Why do just use built-in postgress security stuff? – Features didn’t exist a year ago, also requires all users must exist as DB users.

 

Share

Categories: thinktime

Pages

Subscribe to kattekrab aggregator - thinktime