Log4Shell Security Alert!

-- During The Show --

00:45 Steve's OpenSuse Experience

• Splash Screen
• Kernel Panic

03:10 Caller Ed

• Best VM server
• Proxmox
• Libvirt + Cockpit
• Ovirt

08:08 Sleuth Asked

• Is there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone.
• Alsa Mixer
• IceCast

09:58 TwoBit Asked

• Still using the Google Glass?
• Yes

10:43 Docker Server - Mathieu

• TLS/HTTPS is more than a cert
• HAProxy/Nginx Reverse Proxy
• Check documentation for the project
• Security is more than closing ports
• LetsEncrypt

19:25 Archiving Emails? - Jose

• Download an archive + Thunderbird

23:26 SIP Questions - Andrew

• 3CX SBC
• Upgrade Router to PFSense/OPNSense

28:10 Pick of the Week

• CasaOS
• Help Net Security Article
• Based on Docker
• Easy Self Hosted Services

30:23 Gadget of the Week

• M5stick
• $14 ESP32 Dev Kit

32:52 Centos 8 EOL

• ZDNet Article
• CentOS EOL Dec 31 2021
• Zero Day security patches until Jan 31 2022
• Options
  • Red Hat Proper
  • Free Red Hat Developer License's
  • CentOS Stream
  • Alma Linux
  • Cloud Linux OS
  • Rocky Linux

38:00 Toyota Makes Keyfob a Service

• The Drive Article
• Requiring subscription to use local keyfob functions

40:38 Pop!_OS 21.10 Released

• System76 Blog Post
• Tech preview of Pop!_OS 21.10 for the RaspberryPi
• System Refresh feature
• Lots of new features

42:44 Main Segment - log4j Vulnerability

• CVE-2021-44228
• Remote Code Execution
• Actively being exploited in the wild
• Used in embedded and IOT devices as well
• Minecraft Exploit Example
• 2.14.1 and earlier vulnerable
• Fixed in Log4j 2.15.0
• Github Attack Surface List
• Responsible disclosure was not followed
• Alternative mitigations available
• Flip the environmental variable ES JAVA OPTS= -D log4j2.formatMsgNoLookups=True
• Cloudflare Mitigation
• Help Net Security Article
• Fortune Article
• We Live Securtiy Article
• The Next Web Article

-- The Extra Credit Section --

For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!

This Episode's Podcast Dashboard

Phone Systems for Ask Noah provided by Voxtelesys

Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix

-- Stay In Touch --

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

live [at] asknoahshow.com

-- Twitter --

• Noah - Kernellinux
• Ask Noah Show
• Altispeed Technologies