It's a storage showdown as Jim and Wes bust some performance myths about RAID and ZFS.

Plus our favorite features from Fedora 32, and why Wes loves DNF.

Links:

• What's new in Fedora 32 Workstation
• Fedora 32 ChangeSet
• Linux distro review: Fedora Workstation 32
• TechSNAP 428: RAID Reality Check
• ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner
• Understanding RAID: How performance scales from one disk to eight
• Find Jim on 2.5 Admins
• Find Wes on LINUX Unplugged
• TechSNAP 1: First episode of TechSNAP (in 2011!)
• TechSNAP 300: End of the Allan and Chris era (2017)
• TechSNAP 301: Enter Dan and Wes
• TechSNAP 347: A Farewell to Dan
• TechSNAP 348: Chris is back!
• TechSNAP 389: Jim's first time as a guest
• TechSNAP 390: Jim's second guest appearance
• TechSNAP 393: Chris says goodbye
• TechSNAP 395: Jim joins the show

Jim and Wes take the latest release of the Caddy web server for a spin, investigate Intel's Comet Lake desktop CPUs, and explore the fight over 5G between the US Military and the FCC.

Links:

• Caddy offers TLS, HTTPS, and more in one dependency-free Go Web server
• Caddy 2
• Caddy v2 Improvements [slightly out of date]
• Proposal: Permanently change all proprietary licensing to open source · Issue #2786 · caddyserver/caddy
• Revert "Implement Caddy-Sponsors HTTP response header" by lol768 · Pull Request #1866 · caddyserver/caddy
• Intel’s 10th generation desktop CPUs have arrived—still on 14nm
• Intel Comet Lake 10th Gen CPU release date, specs, price, and performance
• 10th Gen Intel® Core™ Desktop Processors
• US military is furious at FCC over 5G plan that could interfere with GPS
• The Pentagon's fight to kill Ligado's 5G network
• FCC Approves Ligado L-Band Application to Facilitate 5G & IoT

We dive deep into the world of RAID, and discuss how to choose the right topology to optimize performance and resilience.

Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Jim finally gets his hands on an AMD Ryzen 9 laptop, some great news about Wi-Fi 6e, and our take on FreeBSD on the desktop.

Plus Intel's surprisingly overclockable laptop CPU, why you shouldn't freak out about 5G, and the incredible creativity of the Demoscene.

Links:

• Asus ROG Zephyrus G14—Ryzen 7nm mobile is here, and it’s awesome
• Linux on Laptops: ASUS Zephyrus G14 with Ryzen 9 4900HS
• Intel’s 10th-generation H-series laptop CPUs break 5GHz | Ars Technica
• Wi-Fi 6E becomes official—the FCC will vote on rules this month
• Celebs share rumors linking 5G to coronavirus, nutjobs burn cell towers
• Not-actually Linux distro review: FreeBSD 12.1-RELEASE
• Not actually Linux distro review deux: GhostBSD
• MOD (file format) - Wikipedia
• AT&T.MOD (YouTube)
• DJ Moses Rising—Ice Cream Trance (YouTube)
• Farbrausch—The Product (64K Intro, 2000)
• Farbrausch—Poem to a Horse (64K Intro, 2002)
• Finland accepts the Demoscene on its national UNESCO list of intangible cultural heritage of humanity

We take a look at Cloudflare's impressive Linux disk encryption speed-ups, and explore how zoned storage tools like dm-zoned and zonefs might help mitigate the downsides of Shingled Magnetic Recording.

Plus we celebrate WireGuard's inclusion in the Linux 5.6 kernel, and fight some exFAT FUD.

Links:

• WireGuard VPN makes it to 1.0.0—and into the next Linux kernel — It's a good day for WireGuard users—DKMS builds will soon be behind us.
• Linux 5.6 Is The Most Exciting Kernel In Years With So Many New Features
• fs: New zonefs file system — zonefs is a very simple file system exposing each zone of a zoned block device as a file. This is intended to simplify implementation of application zoned block device raw access support by allowing switching to the well known POSIX file API rather than relying on direct block device file ioctls and read/write.
• Ama-ZNS! Zonefs File-System Will Land with Linux® 5.6
• What is Zoned Storage and the Zoned Storage Initiative? — Zoned Storage is a new paradigm in storage motivated by the incredible explosion of data. Our data-driven society is increasingly dependent on data for every-day life and extreme scale data management is becoming a necessity.
• Linux Kernel Support - ZonedStorage.io
• dm-zoned — The dm-zoned device mapper target exposes a zoned block device as a regular block device.
• Device Mapper - ZonedStorage.io
• What are PMR and SMR hard disk drives?
• Beware of SMR drives in PMR clothing — WD and Seagate are both submarining Drive-managed SMR (DM-SMR) drives into channels, disguised as "normal" drives.
• Beware of SMR drives in PMR clothing [Reddit]
• The exFAT filesystem is coming to Linux—Paragon software’s not happy about it — When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn't get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month's merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7—and Paragon doesn't seem happy about it.
• The New Microsoft exFAT File-System Driver Is Set To Land With Linux 5.7
• Speeding up Linux disk encryption - The Cloudflare Blog — Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers.
• Add inline dm-crypt patch and xtsproxy Crypto API patch

We take a look at AMD's upcoming line of Ryzen 4000 mobile CPUs, and share our first impressions of Ubuntu 20.04's approach to ZFS on root.

Plus Let's Encrypt's certificate validation mix-up, Intel's questionable new power supply design, and more.

Links:

• Let's Encrypt changes course on certificate revocation
• Revoking certain certificates on March 4
• Let's Encrypt: Incomplete revocation for CAA rechecking bug
• Pass authzModel by value, not reference
• The Complete Guide to CAA Records
• DNS Certification Authority Authorization
• AMD's 7nm Ryzen 4000 laptop processors are finally here
• How Intel is changing the future of power supplies with its ATX12VO spec
• Single Rail Power Supply ATX12VO Design Guide
• FreeNAS and TrueNAS are Unifying
• FreeNAS and TrueNAS are Unifying [Video Announcement]
• Ubuntu 20.04's zsys adds ZFS snapshots to package management
• ubuntu/zsys: zsys daemon and client for zfs systems

Cloudflare recently embarked on an epic quest to choose a CPU for its next-generation server build, so we explore the importance of requests per watt, the benefits of full memory encryption, and why AMD won.

Plus Mozilla's rollout of DNS over HTTPS has begun, a big milestone for Let's Encrypt, and more.

Links:

• Firefox continues push to bring DNS over HTTPS by default for US users - The Mozilla Blog
• The Facts: Mozilla’s DNS over HTTPs (DoH)
• Security/DOH-resolver-policy - MozillaWiki
• HTTPS for all: Let’s Encrypt reaches one billion certificates issued | Ars Technica
• Let’s Encrypt Has Issued a Billion Certificates - Let’s Encrypt - Free SSL/TLS Certificates
• Let’s Encrypt: A History - The Morning Paper
• Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months • The Register
• Ballot SC22: Reduce Certificate Lifetimes
• Google Chrome’s fear of Microsoft Edge is revealing its bad side
• Microsoft shares a roadmap for the new Microsoft Edge
• Microsoft Edge: Top Feedback Summary for March 4
• Download Microsoft Edge Insider Channels
• Flaw in billions of Wi-Fi devices left communications open to eavesdropping | Ars Technica
• kr00k: A serious vulnerability deep inside Wi-Fi encryption
• Kr00k Paper
• Technical Details of Why Cloudflare Chose AMD EPYC for Gen X Servers
• An EPYC trip to Rome: AMD is Cloudflare’s 10th-generation Edge server CPU
• Cloudflare’s Gen X: Servers for an Accelerated Future
• Impact of Cache Locality
• Gen X Performance Tuning
• Securing Memory at EPYC Scale
• Intel promises Full Memory Encryption in upcoming CPUs | Ars Technica

We explore the potential of heat-assisted magnetic recording and get excited about a possibly persistent L2ARC.

Plus Jim's journeys with Clear Linux, and why Ubuntu 18.04.4 is a maintenance release worth talking about.

Links:

• Ubuntu 18.04.4 LTS: here's what's new — It's not as shiny and exciting as entirely new versions, of course, but it does pack in some worthwhile security and bugfix upgrades, as well as support for more and newer hardware.
• 18.04.4 - Ubuntu Wiki
• MobaXterm — Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more.
• Linux distro review: Intel’s own Clear Linux OS — There's not much question that Clear Linux is your best bet if you want to turn in the best possible benchmark numbers. The question not addressed here is, what's it like to run Clear Linux as a daily driver? We were curious, so we took it for a spin.
• Clear Linux* Project — Clear Linux OS is an open source, rolling release Linux distribution optimized for performance and security, from the Cloud to the Edge, designed for customization, and manageability.
• swupd — Documentation for Clear Linux* project
• clr-boot-manager: Kernel & Boot Loader Management
• Cannot compile zfs for 5.5-rc2 · Issue #9745 · zfsonlinux/zfs
• Persistent L2ARC might be coming to ZFS on Linux — The primary ARC is kept in system RAM, but an L2ARC device can be created from one or more fast disks. In a ZFS pool with one or more L2ARC devices, when blocks are evicted from the primary ARC in RAM, they are moved down to L2ARC rather than being thrown away entirely. In the past, this feature has been of limited value, both because indexing a large L2ARC occupies system RAM which could have been better used for primary ARC and because L2ARC was not persistent across reboots.
• Persistent L2ARC by gamanakis · Pull Request #9582 · zfsonlinux/zfs — This feature implements a light-weight persistent L2ARC metadata structure that allows L2ARC contents to be recovered after a reboot. This significantly eases the impact a reboot has on read performance on systems with large caches.
• LINUX Unplugged 303: Stateless and Dateless — We visit Intel to figure out what Clear Linux is all about and explain a few tricks that make it unique.
• LINUX Unplugged Blog: Clear Linux OS 2019
• HAMR don’t hurt ’em: laser-assisted hard drives are coming in 2020 — Although the 2012 "just around the corner" HAMR drives seem to have been mostly vapor, the technology is a reality now. Seagate has been trialing 16TB HAMR drives with select customers for more than a year and claims that the trials have proved that its HAMR drives are "plug and play replacements" for traditional CMR drives, requiring no special care and having no particular poor use cases compared to the drives we're all used to.
• HAMR Milestone: Seagate Achieves 16TB Capacity on Internal HAMR Test Units
• Western Digital debuts 18TB and 20TB near-MAMR disk drives
• Previously on TechSNAP 341: HAMR Time — We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.

We take a look at a few exciting features coming to Linux kernel 5.6, including the first steps to multipath TCP.

Plus the latest Intel speculative execution vulnerability, and Microsoft's troubled history with certificate renewal.

Links:

• Oregon company makes top bid for Microsoft check - CNET
• Microsoft’s failures to renew: Teams, Hotmail, and Hotmail.co.uk | Ars Technica
• Microsoft Teams goes down after Microsoft forgot to renew a certificate - The Verge
• Browser review: Microsoft’s new “Edgium” Chromium-based Edge | Ars Technica
• Linus Torvalds pulled WireGuard VPN into the 5.6 kernel source tree | Ars Technica
• Ubuntu 20.04 LTS Adds WireGuard Support - Phoronix
• Multipath TCP Support Is Working Its Upstream - First Bits Landing With Linux 5.6 - Phoronix
• MultiPath TCP - Linux Kernel implementation
• Upstreaming multipath TCP
• LPC2019 - Multipath TCP Upstreaming - YouTube
• LPC2019 - Multipath TCP Upstreaming - Slides
• LPC2019 - Multipath TCP Upstreaming - Paper
• Using MultiPath TCP to enhance home networks
• Linux 5.6 Crypto Getting AVX/AVX2/AVX-512 Optimized Poly1305
• Poly1305
• CacheOut
• CacheOut Paper
• Intel Responds to ZombieLoad and CacheOut Attacks | Tom's Hardware
• New CacheOut Attack Targets Intel CPUs, Leaks Data From VMs And Secure Enclave

We explore the latest round of Windows vulnerabilities and Jim shares his journey adding OPNsense to his firewall family.

Plus a look back at Apollo-era audio that's still relevant today with the surprising story of the Quindar tones.

Links:

• Critical Vulnerabilities in Microsoft Windows Operating Systems
• Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
• NSA discovers a serious flaw in Windows 10
• Exploiting CVE-2020-0601
• CVE-2020-0601 POC
• NSA Cybersecurity Advisory on CryptoAPI Flaw
• Why can’t I get to the internet on my new OPNsense install?! - Jim's Blog
• OPNsense: a true open source security platform and more
• There's An Actual Name And Reason For Those Beeps You Hear In Recordings Of Astronauts In Space
• Quindar Tones
• Cap'n Crunch Whistle and the Secrets of the Little Blue Box

Compiling the Linux kernel with Clang has never been easier, so we explore this alternative compiler and what it brings to the ecosystem.

Plus Debian's continued init system debate, and our frustrations over 5G reporting.

Links:

• 5G Underwhelms in Its First Big Test - WSJ
• How South Korea built 5G, and what it's learning - RCR Wireless News
• After seven months, here’s what South Korea can teach us about 5G - CNA
• South Korea secures 4 million 5G subscribers | ZDNet
• Debian Developers Take To Voting Over Init System Diversity
• Debian GR Results
• General Resolution: Init systems and systemd
• Ringing In 2020 By Clang’ing The Linux 5.5 Kernel - Benchmarks Of GCC vs. Clang Built Kernels
• Using LLVM Clang To Compile The Linux Kernel Is Heating Up Again Thanks To Google
• Building the kernel with Clang - LWN
• ClangBuiltLinux
• Compiling the Linux kernel with LLVM tools (FOSDEM 2019)

From classifying cats to colorizing old photos we share our top tips and tools for starting your machine learning journey. Plus, learn why Nebula is our favorite new VPN technology, and how it can help simplify and secure your network.

Links:

• Introducing Nebula, the open source global overlay network from Slack
• nebula: A scalable overlay networking tool with a focus on performance, simplicity and security
• Nebula VPN routes between hosts privately, flexibly, and efficiently
• How to set up your own Nebula mesh VPN, step by step
• LINUX Unplugged 329: Flat Network Truthers
• Cloudy with a chance of neurons: The tools that make neural networks work
• Welcome To Colaboratory
• ImageColorizer Notebook
• DeOldify: A Deep Learning based project for colorizing and restoring old images (and video!)

As the rollout of 5G finally arrives, we take some time to explain the fundamentals of the next generation of wireless technology.

Plus the surprising performance of eero's mesh Wi-Fi, some great news for WireGuard, and an update on the Librem 5.

Links:

• T-Mobile launches 600MHz 5G across the US, but no one can use it yet
• Study confirms AT&T’s fake 5G E network is no faster than Verizon, T-Mobile or Sprint 4G
• 5G on the horizon: Here’s what it is and what’s coming
• Can 5G replace everybody’s home broadband?
• The Snapdragon 865 will make phones worse in 2020, thanks to mandatory 5G
• Librem 5 backers have begun receiving their Linux phones
• Amazon’s inexpensive Eero mesh Wi-Fi kit is shockingly good
• WireGuard VPN is a step closer to mainstream adoption

We explore the rapid adoption of machine learning, its impact on computer architecture, and how to avoid AI snake oil.

Plus so-so SSD security, and a new wireless protocol that works best where the Wi-Fi sucks.

Links:

• “Where the Wi-Fi sucks” is where a new wireless protocol does its magic
• Ubiquiti’s new “Amplifi Alien” is a mesh-capable Wi-Fi 6 router
• Self-encrypting deception: weaknesses in the encryption of solid state drives
• Securely erase a solid-state drive
• Solid state drive/Memory cell clearing - ArchWiki
• The Deep Learning Revolution and Its Implications for Computer Architecture and Chip Design
• Intel Core i9-10980XE—a step forward for AI, a step back for everything else
• How to recognize AI snake oil

Ubiquiti's troublesome new telemetry, Jim's take on the modern Microsoft, and why Project Silica just might be the future of long term storage.

Links:

• Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it? — Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.
• UI official: urgent, please answer | Ubiquiti Community
• Update: UniFi Phone Home/Performance Data Collection | Ubiquiti Community
• Possible example data
• Latest firmware with changes
• Microsoft’s Project Silica offers robust thousand-year storage | Ars Technica — Silica aims to replace both tape and optical archival discs as the media of choice for large-scale, (very) long duration cold storage.
• Project Silica
• The Future of Data Storage
• Microsoft Ignite 2019
• Microsoft Edge is coming to Linux. But will anybody use it? | Ars Technica — At Microsoft Ignite a slide announced that Microsoft's project to rebase its perennially unloved Edge browser on Google's open source project Chromium is well underway. Sharper-eyed attendees also noticed a promise for future Linux support.
• Has Microsoft Changed?
• This isn’t your father’s Microsoft

We share our simple approach to disk benchmarking and explain why you should always test your pain points.

Plus the basics of solid state disks and how to evaluate which model is right for you.

Links:

• History of hard disk drives — Wikipedia
• How to Buy the Right SSD: A Guide for 2019 — Tom's Hardware
• The Development and History of Solid State Drives (SSDs)
• Understanding IOPS, latency and storage performance
• FIO cheat sheet — Jim's Blog

We dive into Ubuntu 19.10's experimental ZFS installer and share our tips for making the most of ZFS on root. 

Plus why you may want to skip Nest Wifi, and our latest explorations of long range wireless protocols.

Links:

• Decoding LoRa: Realizing a Modern LPWAN with SDR — LoRa is an emerging Low Power Wide Area Network (LPWAN), a type of wireless communication technology suitable for connecting low power embedded devices over long ranges. This paper details the modulation and encoding elements that comprise the LoRa PHY, the structure of which is the result of the author’s recent blind analysis of the protocol. It also introduces grlora, an open source software defined implementation of the PHY that will empower wireless developers and security researchers to investigate this nascent protocol.
• Nest Wifi announced at Made by Google 2019 | Ars Technica — Google says that a two-piece Nest Wifi kit—one Nest Router and one Nest Point—should cover up to 3,800 square feet and 85% of homes. This claim, like most arbitrary claims of Wi-Fi coverage with no real detail, should be taken with several grains of salt.
• TP-LINK EAP series Business Wi-Fi Solution — The EAP Series Business Wi-Fi Solution incorporates EAP Series hardware, which provides a smooth, reliable wireless internet experience, and a powerful centralized management platform.
• Bloody Stupid Johnson | Discworld Wiki — Although evidently able in certain fields, Johnson is notorious for his complete inability to produce anything according to specification or common sense, or (sometimes) even the laws of physics.
• A Quick Look At EXT4 vs. ZFS Performance On Ubuntu 19.10 With An NVMe SSD — For those thinking of playing with Ubuntu 19.10's new experimental ZFS desktop install option in opting for using ZFS On Linux in place of EXT4 as the root file-system, here are some quick benchmarks looking at the out-of-the-box performance of ZFS/ZoL vs. EXT4 on Ubuntu 19.10 using a common NVMe solid-state drive.
• ubuntu/zsys: zsys daemon and client for zfs systems — It allows running multiple ZFS systems in parallel on the same machine, get automated snapshots, managing complex zfs dataset layouts separating user data from system and persistent data, and more.
• Ubuntu ZFS support in 19.10: ZFS on root · ~DidRocks — We are shipping ZFS On Linux version 0.8.1, with features like native encryption, trimming support, checkpoints, raw encrypted zfs transmissions, project accounting and quota and a lot of performance enhancements.
• Ubuntu ZFS support in 19.10: introduction · ~DidRocks — We want to support ZFS on root as an experimental installer option, initially for desktop, but keeping the layout extensible for server later on.
• A detailed look at Ubuntu’s new experimental ZFS installer | Ars Technica — If you're new to the ZFS hype train, you might wonder why a new filesystem option in an OS installer is a big deal. So here's a quick explanation: ZFS is a copy-on-write filesystem, which can take atomic snapshots of entire filesystems.

We peer into the future with a quick look at quantum supremacy, debate the latest DNS over HTTPS drama, and jump through the hoops of HTTP/3.

Plus when to use WARP, the secrets of Startpage, and the latest Ryzen release.

Links:

• Why big ISPs aren’t happy about Google’s plans for encrypted DNS
• Chromium Blog: Experimenting with same-provider DNS-over-HTTPS upgrade
• How to enable DNS-over-HTTPS (DoH) in Google Chrome
• What’s next in making Encrypted DNS-over-HTTPS the Default - Future Releases
• WARP is here
• The Technical Challenges of Building Cloudflare WARP
• mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
• HTTP/3: the past, the present, and the future
• Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
• QUIC Implementations
• Startpage.com - The world's most private search engine
• Google extends support lifespan for seven Lenovo Chromebooks to 2025
• Google’s Quantum Supremacy Announcement Shouldn't Be a Surprise
• Scott’s Supreme Quantum Supremacy FAQ
• AMD Ryzen Pro 3000 series desktop CPUs will offer full RAM encryption | Ars Technica

It's TechSNAP story time as we head out into the field with Jim and put Sure-Fi technology to the test.

Plus an update on Wifi 6, an enlightening Chromebook bug, and some not-quite-quantum key distribution.

Links:

• RF Chirp tech: Long distance, incredible penetration, low bandwidth | Ars Technica — Recently, I took the company's technology for a spin with a pair of hand-held demo communicators about the size of a kid's walkie-talkie. They don't do much—just light up with a signal strength reading on both devices, whenever a transmit button on either is pressed—but that's enough to get a good indication of whether the tech will work to solve a given problem.
• Wi-Fi 6 Is Officially Here: Certification Program Begins — Finally, along with the launch of the certification program itself, the Wi-Fi Alliance has already certified its first dozen devices.
• Say hello to 802.11ax: Wi-Fi 6 device certification begins today | Ars Technica — Today, the Wi-Fi Alliance launched its Wi-Fi Certified 6 program, which means that the standard has been completely finalized, and device manufacturers and OEMs can begin the process of having the organization certify their products to carry the Wi-Fi 6 branding.
• Someone sent us 21 more pictures of the leaked Pixel 4 XL - The Verge
• iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max: Hands-on with Apple’s new phones | Ars Technica
• Some Chromebooks mistakenly declared themselves end-of-life last week | Ars Technica — A lot of Chromebook and Chromebox users don't realize this, but all ChromeOS devices have an expiration date. Google's original policy was for devices to be supported for five years, but the company has recently extended that time to 6.5 years.
• LINUX Unplugged 318: Manjaro Levels Up
• Fear the Man in the Middle? This company wants to sell quantum key distribution | Ars Technica
• Gentle intro to Quantum Key Distribution (QKD) – Lahiru Madushanka
• The Super-Secure Quantum Cable Hiding in the Holland Tunnel - Bloomberg — Banks and governments are testing quantum key distribution technology to guard their closest secrets.
• Quantum Key Distribution - QKD — This paper provides an overview of quantum key distribution targeted towards the computer science community. A brief description of the relevant principles from quantum mechanics is provided before surveying the most prominent quantum key distribution protocols present in the literature.
• TechSNAP 403: Keeping Systems Simple
• Linux Headlines — Linux and open source headlines every weekday, in under 3 minutes.

We take a look at a few recent zero-day vulnerabilities for iOS and Android and find targeted attacks, bad assumptions, and changing markets.

Plus what to expect from USB4 and an upcoming Linux scheduler speed-up for AMD's Epyc CPUs.

Links:

• Google says hackers have put ‘monitoring implants’ in iPhones for years | Technology | The Guardian — Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
• Project Zero: A very deep dive into iOS Exploit chains found in the wild — We discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.
• Project Zero: In-the-wild iOS Exploit Chain 1 — This exploit provides evidence that these exploit chains were likely written contemporaneously with their supported iOS versions; that is, the exploit techniques which were used suggest that this exploit was written around the time of iOS 10. This suggests that this group had a capability against a fully patched iPhone for at least two years.  
• Project Zero: In-the-wild iOS Exploit Chain 3 — It’s difficult to understand how this error could be introduced into a core IPC library that shipped to end users. While errors are common in software development, a serious one like this should have quickly been found by a unit test, code review or even fuzzing.
• Project Zero: JSC Exploits — In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS.
• Project Zero: Implant Teardown — There is no visual indicator on the device that the implant is running. There's no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system. The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds.The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage.
• iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources — Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China.
• Google's Shocking Decision To Ignore A Critical Android Vulnerability In Latest Security Update — Despite immediately acknowledging the vulnerability and confirming in June that it will be fixed, Google had not provided an estimated time frame for the patch.
• Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn | Threatpost — “In the unlikely event an attacker succeeds in exploiting this bug, they would effectively have complete control over the target device,” he told Threatpost. Once an attacker obtains escalated privileges, “it means they could completely take over a device if they can convince a user to install and run their application,”
• Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED — "During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we've recently started refusing some them"
• Linux 5.4 Kernel To Bring Improved Load Balancing On AMD EPYC Servers — The scheduler topology improvement by SUSE's Matt Fleming changes the behavior as currently it turns out for EPYC hardware the kernel has failed to properly load balance across NUMA nodes on different sockets.
• USB4 is coming soon and will (mostly) unify USB and Thunderbolt | Ars Technica — The USB Implementers Forum published the official USB4 protocol specification. If your initial reaction was "oh no, not again," don't worry—the new spec is backward-compatible with USB 2 and USB 3, and it uses the same USB Type-C connectors that modern USB 3 devices do.