Leaping Over Tumbleweed | LINUX Unplugged 118

Leaping Over Tumbleweed | LINUX Unplugged 118

New versions of openSUSE leap and Fedora have hit the web. The chairmen of openSUSE joins us to answer our hard questions & we follow up on Fedora 23.

Plus the big upset with Debian this week, ransomware that targets Linux systems & way more than we can fit into this description!

Thanks to:



Linux Academy

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:


Show Notes:



Glucosio is trying to drum up support for it’s free and open source app for Android that helps people with diabetes manage their diabetes and support diabetes research.

Linux Academy

Fedora 23 Wrap Up

Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2.

Fedora 23 KDE Plasma Desktop features Plasma 5.4.0, KDE Frameworks 5.15, and KDE Applications 15.08. Plasma 5.4 includes a new audio applet, Application Dashboard, updated breeze icon theme, KRunner autocompletion, and Networks applet with graphs. Notable changes in KDE Applications 15.08 are Frameworks 5 based Kontact suite app and file manager Dolphin. Additionally, Firefox is now the default web browser.

Today, the Fedora Project is proud to announce the launch of a new publication platform for Fedora contributors: the Fedora Community Blog. The Fedora Community Blog intends to better connect the different projects, groups, and efforts going on in the community every day. Teams are encouraged to share their goals, achievements, and calls for assistance on this blog to help improve the overall interconnectedness of the community.

Fedora 24 schedule with a current release date of May 17, 2016. Fedora 24 Alpha is slated for release on March 1st, 2016, and the Beta has a release date of April 12th, 2016.

These dates may change as development on Fedora 24 progresses, so always check the schedule for the most accurate version of the Fedora 24 schedule.


New encryption ransomware targets Linux systems

Many of the systems that have been affected by the malware were infected when attackers exploited a vulnerability in the Magento CMS. A critical vulnerability patch for Magneto, which is used to power a number of e-commerce sites, was published on October 31. Doctor Web researchers currently place the number of victims in the “at least tens” range, but attacks on other vulnerable content management systems could increase the number of victims dramatically.

In order to run, the malware has to be executed with administrator-level privileges. Using 128-bit AES crypto, the malware encrypts the contents of all users’ home directories and any files associated with websites running on the systems. It then goes through the whole directory structure of mounted volumes, encrypting a variety of file types. In each directory it encrypts, it drops a text file called README_FOR_DECRYPT.txt. This demands payment and provides a link to a Tor “hidden service” site via a Tor gateway.

Bitdefender researchers discovered that when it generates the AES keys, the malicious program uses a weak source of random data — the time and date at the moment of encryption.

This time stamp is easy to determine by looking at when the AES key files were created on disk. Therefore, researchers are able to reverse the process and recover the AES keys without needing to decrypt them, making the RSA public and private keys pointless.

The tool created and released by Bitdefender is a script written in Python that determines the initialization vectors and AES encryption keys by analyzing the files encrypted by the ransomware program. It then decrypts the files and fixes their permissions on the system.

“If you can boot your compromised operating system, download the script and run it under the root user,” the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the tool.


An abrupt End to Debian Live

Therefore, after having founded Debian Live back in 2006 and having by now almost 10 years continuously worked on it, without further ado:

Debian Live is dead, hijacked by the debian-cd and the debian-installer Teams

The live.debian.net server will be shut down end of month, the Git repositories are read-only as of now and mirrored to GitHub for archival

No, the story is more like this:

  • Debian live is created, widely used including by debian, but perhaps in some way not “officially” Debian (though this is unclear).
  • Debian CD team has some outstanding bugs with debian-live, which some members (but apparently not the lead dev) are aware of (or at least, not aware that they are major problems for debian-cd).
  • Someone creates a “successor” project called debian-live-ng that fixes these bugs, rather than fixing them in debian-live.
  • Debian CD is going to use this new project.
  • Lead developer of debian-live finds out about this scenario only when someone tries to push a package with the name live-build-ng (which conflicts with the live-* namespace used by debian-live), only to encounter a Debian CD team already dead-set on replacing and deprecating his project and overloading the package namespace with their new project without further discussion.

Or, in short, diplomacy, courtesy, and basic communication were neglected, and the inevitable happened.

Support Jupiter Broadcasting on Patreon

Question? Comments? Contact us here!