web02.fireside.fm Fri, 24 Apr 2026 11:46:04 -0500 Fireside (https://fireside.fm) Ask Noah Show - Episodes Tagged with “Log4shell” https://podcast.asknoahshow.com/tags/log4shell Tue, 14 Dec 2021 20:00:00 -0600 The Ask Noah Show is a weekly talk radio show where we focus on Linux and Open Source technology. We invite the community to participate live on the air 1-855-450-6624. The show airs Tuesdays at 6pm CT on asknoahshow.com and at KEQQ 88.3 FM in Grand Forks ND. It's a free call 1-855-450-NOAH so join us and start on your way to owning your operating system, your software, and technology. en-us episodic The community centered show where you are the content! Noah J. Chelliah The Ask Noah Show is a weekly talk radio show where we focus on Linux and Open Source technology. We invite the community to participate live on the air 1-855-450-6624. The show airs Tuesdays at 6pm CT on asknoahshow.com and at KEQQ 88.3 FM in Grand Forks ND. It's a free call 1-855-450-NOAH so join us and start on your way to owning your operating system, your software, and technology. no Noah J. Chelliah live@asknoahshow.com Episode 263: Log4Shell Security Alert! https://podcast.asknoahshow.com/263 a09a73ce-5cd2-48c3-b8dd-c96cb55d22b1 Tue, 14 Dec 2021 20:00:00 -0600 Noah J. Chelliah full Noah J. Chelliah Log4Shell has set the internet on fire this week. Noah and Steve dig into the details of this vulnerability as well as discuss what you can do to mitigate it. Pop_OS 21.10 is out, Toyota make their keyfob a service, and CentOS 8 goes EOL at the end of the year. 56:21 no -- During The Show -- 00:45 Steve's OpenSuse Experience Splash Screen Kernel Panic 03:10 Caller Ed Best VM server Proxmox (https://www.proxmox.com/en/) Libvirt (https://libvirt.org/) + Cockpit (https://cockpit-project.org/) Ovirt (https://www.ovirt.org/) 08:08 Sleuth Asked Is there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone. Alsa Mixer IceCast (https://icecast.org/) 09:58 TwoBit Asked Still using the Google Glass? Yes 10:43 Docker Server - Mathieu TLS/HTTPS is more than a cert HAProxy (https://www.haproxy.org/)/Nginx Reverse Proxy Check documentation for the project Security is more than closing ports LetsEncrypt (https://letsencrypt.org/) 19:25 Archiving Emails? - Jose Download an archive + Thunderbird 23:26 SIP Questions - Andrew 3CX SBC (https://www.3cx.com/docs/3cx-tunnel-session-border-controller/) Upgrade Router to PFSense/OPNSense 28:10 Pick of the Week CasaOS (https://www.casaos.io/) Help Net Security Article (https://www.helpnetsecurity.com/2021/12/13/casaos-home-cloud-system/) Based on Docker Easy Self Hosted Services 30:23 Gadget of the Week M5stick (https://shop.m5stack.com/products/m5stickc-plus-esp32-pico-mini-iot-development-kit?variant=35275856609444) $14 ESP32 Dev Kit 32:52 Centos 8 EOL ZDNet Article (https://www.zdnet.com/article/centos-linux-8-is-about-to-die-what-do-you-do-next/) CentOS EOL Dec 31 2021 Zero Day security patches until Jan 31 2022 Options Red Hat Proper Free Red Hat Developer License's CentOS Stream (https://www.centos.org/centos-stream/) Alma Linux (https://almalinux.org/) Cloud Linux OS Rocky Linux 38:00 Toyota Makes Keyfob a Service The Drive Article (https://www.thedrive.com/news/43329/toyota-made-its-key-fob-remote-start-into-a-subscription-service) Requiring subscription to use local keyfob functions 40:38 Pop!_OS 21.10 Released System76 Blog Post (https://blog.system76.com/post/670564272872488960/popos-2110-has-landed) Tech preview of Pop!_OS 21.10 for the RaspberryPi System Refresh feature Lots of new features 42:44 Main Segment - log4j Vulnerability CVE-2021-44228 Remote Code Execution Actively being exploited in the wild Used in embedded and IOT devices as well Minecraft Exploit Example (https://www.youtube.com/watch?v=7qoPDq41xhQ) 2.14.1 and earlier vulnerable Fixed in Log4j 2.15.0 Github Attack Surface List (https://github.com/YfryTchsGD/Log4jAttackSurface) Responsible disclosure was not followed Alternative mitigations available Flip the environmental variable ES JAVA OPTS= -D log4j2.formatMsgNoLookups=True Cloudflare Mitigation (https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/) Help Net Security Article (https://www.helpnetsecurity.com/2021/12/12/week-in-review-apache-log4j-0day-exploited-kali-linux-2021-4-released-patch-tuesday-forecast/) Fortune Article (https://fortune.com/2021/12/13/cyber-security-log4j-hacker-breach/) We Live Securtiy Article (https://www.welivesecurity.com/2021/12/13/log4shell-vulnerability-what-we-know-so-far/) The Next Web Article (https://thenextweb.com/news/log4j-bug-internet-open-source-contributors-analysis) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/263) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) -- During The Show --

00:45 Steve's OpenSuse Experience

  • Splash Screen
  • Kernel Panic

03:10 Caller Ed

08:08 Sleuth Asked

  • Is there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone.
  • Alsa Mixer
  • IceCast

09:58 TwoBit Asked

  • Still using the Google Glass?
  • Yes

10:43 Docker Server - Mathieu

  • TLS/HTTPS is more than a cert
  • HAProxy/Nginx Reverse Proxy
  • Check documentation for the project
  • Security is more than closing ports
  • LetsEncrypt

19:25 Archiving Emails? - Jose

  • Download an archive + Thunderbird

23:26 SIP Questions - Andrew

  • 3CX SBC
  • Upgrade Router to PFSense/OPNSense

28:10 Pick of the Week

30:23 Gadget of the Week

32:52 Centos 8 EOL

  • ZDNet Article
  • CentOS EOL Dec 31 2021
  • Zero Day security patches until Jan 31 2022
  • Options

38:00 Toyota Makes Keyfob a Service

40:38 Pop!_OS 21.10 Released

  • System76 Blog Post
  • Tech preview of Pop!_OS 21.10 for the RaspberryPi
  • System Refresh feature
  • Lots of new features

42:44 Main Segment - log4j Vulnerability

-- The Extra Credit Section --

For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!

This Episode's Podcast Dashboard

Phone Systems for Ask Noah provided by Voxtelesys

Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix

-- Stay In Touch --

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

live [at] asknoahshow.com

-- Twitter --

Support Ask Noah Show

]]> -- During The Show --

00:45 Steve's OpenSuse Experience

  • Splash Screen
  • Kernel Panic

03:10 Caller Ed

08:08 Sleuth Asked

  • Is there software to send and receive audio over the network that work on phones and Linux machines? My usecase is I want to listen to podcasts from antennapod on my computer and to monitor jitsi and mumble from my phone.
  • Alsa Mixer
  • IceCast

09:58 TwoBit Asked

  • Still using the Google Glass?
  • Yes

10:43 Docker Server - Mathieu

  • TLS/HTTPS is more than a cert
  • HAProxy/Nginx Reverse Proxy
  • Check documentation for the project
  • Security is more than closing ports
  • LetsEncrypt

19:25 Archiving Emails? - Jose

  • Download an archive + Thunderbird

23:26 SIP Questions - Andrew

  • 3CX SBC
  • Upgrade Router to PFSense/OPNSense

28:10 Pick of the Week

30:23 Gadget of the Week

32:52 Centos 8 EOL

  • ZDNet Article
  • CentOS EOL Dec 31 2021
  • Zero Day security patches until Jan 31 2022
  • Options

38:00 Toyota Makes Keyfob a Service

40:38 Pop!_OS 21.10 Released

  • System76 Blog Post
  • Tech preview of Pop!_OS 21.10 for the RaspberryPi
  • System Refresh feature
  • Lots of new features

42:44 Main Segment - log4j Vulnerability

-- The Extra Credit Section --

For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!

This Episode's Podcast Dashboard

Phone Systems for Ask Noah provided by Voxtelesys

Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix

-- Stay In Touch --

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

live [at] asknoahshow.com

-- Twitter --

Support Ask Noah Show

]]>