A surprising new desktop environment, the latest on cross-distro snappy support & how to get the most out of Android without Play Services.
Plus a script to take over a running server and replacement it with FreeBSD, a fresh take on VPNs coming to a kernel near you & more!
Follow Up / Catch Up
- Amazon unveils Chime, looks to reinvent the conference call with new Skype and GoToMeeting competitor – GeekWire
Now, the Seattle tech juggernaut wants to reinvent how you conduct meetings and conference calls.
UKUI is developed by Ubuntu Kylin, the official Chinese-language spin of Ubuntu. It aims to provide ‘a simpler and more enjoyable experience for browsing, searching, and managing your computer’.
There are many good reasons of using Android without Google Play Services (the Google’s proprietary part of Android operating system), mostly to protect its privacy.
Google Play Services contain background processes used by Google not only to provide services (e.g., push notifications, accurate geolocation combining GPS, Wi-Fi and GSM, application installations and updates…) but also to track the device usage (location, used applications, permanent connection to Google servers…).
Custom roms such as the popular LineageOS (community fork of CyanogenMod) propose, by default, a Google-Play-Services-free version, with optional installation of Google Play Services.
GPlayWeb: A Web interface for GPlayCli
A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.
I am a little bit surprised, but I guess, there was enough pressure from the open-source community in Munich to cancel the motion to switch from Linux (Limux) to Windows. It was supposed to pass on Wednesday, but now, it is gone.
The story about getting snappy into other distributions
The story about getting snappy into other distributions
So here’s an update on what’s been going on and what’s to come.
takeover.sh: Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.
A script to completely take over a running Linux system remotely, allowing you
to log into an in-memory rescue environment, unmount the original root
filesystem, and do anything you want, all without rebooting. Replace one distro
with another without touching a physical console.
- StackExchange: How to shrink root filesystem without booting a livecd
- Instructions to replace a live Debian installation with Arch
In December 2003, I wrote a script for remotely upgrading a linux system to FreeBSD. I gave it a catchy name (“depenguinator”, inspired by the “Antichickenator” in Baldur’s Gate), announced it on a FreeBSD mailing list and on slashdot, and before long it was famous. Unfortunately, it didn’t take long for changes in the layout of FreeBSD releases to make the depenguination script stop working; so for the past three years I have been receiving emails asking me to update it to work with newer FreeBSD releases.
A few weeks ago, Richard Bejtlich came forward with an offer to pay me to make the necessary improvements (money doesn’t solve everything, but offering money certainly helps break the “I’ll do it when I have some free time” / “I never have any free time” deadlock). In the end I asked him to arrange for a donation to the FreeBSD Foundation instead of paying me, but his offer was enough of a prompt for me to spend ten hours revising and testing the depenguinator.
The key changes from before are as follows:
- The depenguinator now works with recent FreeBSD releases.
- The makefs code borrowed from NetBSD is updated, and as a result will compile on more recent versions of Linux.
- Instead of setting a root password, the depenguinator now installs an SSH public key.
- Instead of constructing a disk image which must be written to the first 40MB of the boot drive (which would often fail if that space contained an active filesystem), the depenguinator now constructs a disk image which can be written to a swap partition (after swapping is turned off, of course) and then booted via GRUB.
Use depenguinator 3.x to overwrite a remote linux server with a FreeBSD installer
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Today I’m releasing WireGuard, an encrypted and authenticated
tunneling virtual interface for the kernel.
The presentation will be divided up into several parts. First, there will be an overview of the problems with IPsec, OpenVPN, and other popular VPNs, outlining attacks and weaknesses. Next, the WireGuard idea of the “cryptokey routing table” will be introduced, and we’ll walk through several properties derived from it. This will transition into a discussion of the timer state mechanism, and how secure protocols are necessarily stateful, but it’s possible to make them appear stateless to the user by exhaustively defining all possible state transitions. Then we’ll get into the hardcore meat of the presentation: the cryptography and various crypto innovations behind WireGuard. We will discuss the triple Diffie-Hellman, the role of combining static and ephemeral keys, the performance and DoS-potential of Curve25519 point multiplication, using a PRF chaining for rotating keys, identity hiding and remaining silent on a network, and clever usage of authenticated encryption with additional data.
- FOSDEM 2017 – Interview with Jason A. Donenfeld<br/>WireGuard: Next Generation Secure Kernel Network Tunnel. Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination