Corey G

Most updates to the Chromecast app don't warrant a full post around here, but hold crap, you guys. This one has backdrop history, finally. The app will now let you page through the last few images displayed on your Chromecast so you can find out what they were.

The app has a few layout changes to accommodate the new focus on backdrop history. Now you'll have a card for your active Chromecast(s) with a history icon below the image preview.

Read More

Chromecast App Updated With Backdrop History And Layout Tweaks [APK Download] was written by the awesome team at Android Police.

It's been a long time since we heard any news from Microsoft regarding Windows Media Center, and now it seems the company is driving the final nail into the coffin.

New Obama Administration Executive Order declares a cyber-national emergency and research advocates worry that sanctions could chill security research work.

OnLive will soon shut down.

Now with added colour options from Rose Colored Gaming

Texas representative John Carter, chairman of the subcommittee on Homeland Security appropriations, and who sits on various other defense-related subcommittees, is hearing about cyber a lot these days. As he put it, "cyber is just pounding me from every direction." That's just the first few seconds of the very entertaining video (above), where Carter tries to find the right words to express his concern over new encryption standards from Apple and others.

I'm pretty sure this 3 min clip of Rep. John Carter (R-TX) is going to be the new The Internet is a Series of Tubes http://t.co/ODkGFIzHGz

— Christopher Soghoian (@csoghoian) March 27, 2015

Thing is, as folksy as the language might come across, Carter's addressing a very important cybersecurity issue. What does it mean if some of the biggest companies in the world create a system so secure not even they themselves can crack it? Should tech companies be legally required to provide law enforcement a backdoor for investigations? They're serious issues... and they really are pounding us from every direction.

@snd_wagenseil To be fair, Ted Stevens was pretty close to being right too. The Internet is a series of pipes.

— Christopher Soghoian (@csoghoian) March 27, 2015

So if a phrase like "cyber is just pounding me from every direction" gets you to notice and care about this issue, then in some very bizarre way, the representative from Texas has done his job. He has also, presumably, given a few parody porn directors some terrible ideas.

Today we’re really happy to be sharing an awesome guest post written by Corban Raun. Corban has been working with Ansible for ~2 years and is responsible for developing our Ansible playbook!

He’s been trying to automate systems administration since he started learning linux many years ago. If you’d like to learn more, say thanks or ask any questions you can find Corban on Twitter (@corbanraun) and on his website. So without further ado, here’s his great article about Ansible – enjoy!

—-

As a Linux Systems Administrator, I came to a point in my career where I desperately needed a configuration management tool. I started looking at products like Puppet, Chef and SaltStack but I felt overwhelmed by the choice and wasn’t sure which tool to choose.

I needed to find something that worked, worked well, and didn’t take a lot of time to learn. All of the existing tools seemed to have their own unique way of handling configuration management, with many varying pros and cons. During this time a friend and mentor suggested I look into a lesser known product called Ansible.

No looking back

I have now been using Ansible exclusively for ~2 years on a wide range of projects, platforms and application stacks including Rails, Django, and Meteor web applications; MongoDB clustering; user management; CloudStack setup; and monitoring.

I also use Ansible to provision cloud providers like Amazon, Google, and DigitalOcean; and for any task or project that requires repeatable processes and a consistent environment (which is pretty much everything).

Credit DevOps Reactions – Continuous delivery

Ansible vs Puppet, Chef and Saltstack

One reason I chose Ansible was due to its ability to maintain a fully immutable server architecture and design. We will get to exactly what I mean later, but it’s important to note – my goal in writing this post is not compare or contrast Ansible with other products. There are many articles available online regarding that. In fact, some of the things I love about Ansible are available in other configuration management tools.

My hope with this article is actually to be able to give you some Ansible use cases, practical applications, and best practices; with the ulterior motive of persuading you that Ansible is a product worth looking into. That way you may come to your own conclusions about whether or not Ansible is the right tool for your environment.

Immutable Server Architecture

When starting a new project with Ansible, one of the first things to think about is whether or not you want your architecture to support Immutable servers. For the purposes of this article, having an Immutable server architecture means that we have the ability to create, destroy, and replace servers at any time without causing service disruptions.

As an example, lets say that part of your server maintenance window includes updating and patching servers. Instead of updating a currently running server, we should be able to spin up an exact server replica that contains the upgrades and security patches we want to apply. We can then replace and destroy the current running server. Why or how is this beneficial?

By creating a new server that is exactly the same as our current environment including the new upgrades, we can then proceed with confidence that the updated packages will not break or cause service disruption. If we have all of our server configuration in Ansible using proper source control, we can maintain this idea of Immutable architectures. By doing so we can keep our servers pure and unadulterated by those who might otherwise make undocumented modifications.

Ansible allows us to keep all of our changes centralized. One often unrealized benefit of this is that our Ansible configuration can be looked at as a type of documentation and disaster recovery solution. A great example of this can be found in the Server Density blog post on Puppet.

This idea of Immutable architecture also helps us to become vendor-agnostic, meaning we can write or easily modify an Ansible playbook which can be used across different providers. This includes custom datacenter layouts as well as cloud platforms such as Amazon EC2, Google Cloud Compute, and Rackspace. A really good example of a multi vendor Ansible playbook can be seen in the Streisand project.

Use Cases

Use Case #1: Security Patching

Ansible is an incredibly powerful and robust configuration management system. My favorite feature? Its simplicity. This can be seen by how easy it is to patch vulnerable servers.

Example #1: Shellshock

The following playbook was run against 100+ servers and patched the bash vulnerability in less than 10 minutes. The below example updates both Debian and Red Hat Linux variants. It will first run on half of all the hosts that are defined in an inventory file.

- hosts: all
  gather_facts: yes
  remote_user: craun
  serial: "50%"
  sudo: yes
  tasks:
    - name: Update Shellshock (Debian)
      apt: name=bash
           state=latest
           update_cache=yes
      when: ansible_os_family == "Debian"

    - name: Update Shellshock (RedHat)
      yum: name=bash
           state=latest
           update_cache=yes
      when: ansible_os_family == "RedHat"

Example #2: Heartbleed and SSH

The following playbook was run against 100+ servers patching the HeartBleed vulnerability. At the time, I also noticed that the servers needed an updated version of OpenSSH. The below example updates both Debian and RedHat linux variants. It will patch and reboot 25% of the servers at a time until all of the hosts defined in the inventory file are updated.

- hosts: all
  gather_facts: yes
  remote_user: craun
  serial: "25%"
  sudo: yes
  tasks:
    - name: Update OpenSSL and OpenSSH (Debian)
      apt: name={{ item }}
           state=latest
           update_cache=yes
      with_items:
        - openssl
        - openssh-client
        - openssh-server
      when: ansible_os_family == "Debian"

    - name: Update OpenSSL and OpenSSH (RedHat)
      yum: name={{ item }}
           state=latest
           update_cache=yes
      with_items:
        - openssl
        - openssh-client
        - openssh-server
      when: ansible_os_family == "RedHat"
  post_tasks:
    - name: Reboot servers
      command: reboot

Use Case #2: Monitoring

One of the first projects I used Ansible for was to simultaneously deploy and remove a monitoring solution. The project was simple: remove Zabbix and replace it with Server Density. This was incredibly easy with the help of Ansible. I ended up enjoying the project so much, I open sourced it.

One of the things I love about Ansible is how easy it is to write playbooks, and yet always have room to improve upon them. The Server Density Ansible playbook, is the result of many revisions to my original code that I started a little over a year ago. I continually revisit and make updates using newfound knowledge and additional features that have been released in the latest versions of Ansible.

Everything Else

Ansible has many more use cases than I have mentioned in this article so far, like provisioning cloud infrastructure, deploying application code, managing SSH keys, configuring databases, and setting up web servers. One of my favorite open source projects that uses Ansible is called Streisand. The Streisand project is a great example of how Ansible can be used with multiple cloud platforms and data center infrastructures. It shows how easy it is to take something difficult like setting up VPN services and turning it into a painless and repeatable process.

Already using a product like Puppet or SaltStack? You can still find benefits to using Ansible alongside other configuration management tools. Have an agent that needs to be restarted? Great! Ansible is agentless, so you could run something like:

ansible -i inventories/servers all -m service -a "name=salt-minion state=restarted" -u craun -K --sudo

From the command line to restart your agents. You can even use Ansible to install the agents required by other configuration management tools.

Best practices

In the last few years using Ansible I have learned a few things that may be useful should you choose to give it a try.

Use Ansible Modules where you can

When I first started using Ansible, I used the command and shell modules fairly regularly. I was so used to automating things with Bash that it was easy for me to fall into old habits. Ansible has many extremely useful modules. If you find yourself using the `command` and `shell` modules often in a playbook, there is probably a better way to do it. Start off by getting familiar with the modules Ansible has to offer.

Make your roles modular (i.e. reusable)

I used to maintain a separate Ansible project folder for every new application stack or project. I found myself copying the exact same roles from one project to another and making minor changes to them (such as Nginx configuration or vhost files). I found this to be inefficient and annoying as I was essentially repeating steps. It wasn’t until I changed employers that I learned from my teammates that there is much better way to set up projects. As an example, one thing Ansible lets you do is create templates using Jinja2. Let’s say we have an Nginx role with the following nginx vhost template:

server {
  listen 80;

  location / {
    return 302 https://$host$request_uri;
  }
}

server {
  listen 443 ssl spdy;
  ssl_certificate    /etc/ssl/certs/mysite.crt;
  ssl_certificate_key    /etc/ssl/private/mysite.key;
  server_name www.mysite.com 192.168.1.1;

  location / {
    root   /var/www/public;
    index  index.html index.htm;
  }
}

While the above example is more than valid, we can make it modular by adding some variables:

server {
  listen 80;

  location / {
    return 302 https://$host$request_uri;
  }
}

server {
  listen 443 ssl spdy;
  ssl_certificate    {{ ssl_certificate_path }};
  ssl_certificate_key    {{ ssl_key_path }};
  server_name {{ server_name }} {{ ansible_eth0.ipv4.address }};
  location / {
    root   {{ web_root }};
    index  index.html index.htm;
  }
}

We can then alter these variables within many different playbooks while reusing the same Nginx role:

- hosts: website
  gather_facts: yes
  remote_user: craun
  sudo: yes
  vars: 
    ssl_certificate_path: "/etc/ssl/certs/mysite.crt"
    ssl_key_path: "/etc/ssl/private/mysite.key"
    server_name: "www.mysite.com"
    web_root: "/var/www/public"
  roles:
    - nginx

Test, Rinse, Repeat

Credit DevOps Reactions – Writing Unit Tests

Test your changes, and test them often. The practice and idea of testing out changes is not a new one. It can, however become difficult to test modifications when both sysadmins and developers are making changes to different parts of the same architecture. One of the reasons I chose Ansible is its ability to be used and understood by both traditional systems administrators and developers. It is a true development operations tool.

For example, it’s incredibly simple to integrate Ansible with tools like HashiCorp’s Vagrant. By combining the tools, you and your developers will be more confident that what is in production can be repeated and tested in a local environment. This is crucial when troubleshooting configuration and application changes. Once you have verified and tested your changes with these tools you should have relatively high confidence that your changes should not break anything (remember what immutable means?).

What now?

As mentioned previously, my goal was not to compare Ansible to other products; afteral you can find uses for it in environments where you already have other configuration management tools in place; and some of the features I have talked about are even available in other products.

Hopefully this article gave you an idea as to why Ansible may be useful in your server architecture. If you only take one thing from this article, let it be this: Ansible can help you maintain and manage any server architecture you can imagine, and it’s a great place to get started in the world of automation.

The post Lessons from using Ansible exclusively for 2 years. appeared first on Server Density Blog.

Cyanogen Inc. has come off as feisty ever since it was founded, but in the last few months CEO Kirt McMaster has gotten downright aggressive. We've known for a while the company wants to make Android more independent of Google, but McMaster told Forbes recently that Cyanogen Inc. "is putting a bullet through Google’s head." What's that all about? As a hint of its bullet/head strategy, McMaster announced that Cyanogen will partner with Blu to release a phone later this year without any Google services.

Read More

Cyanogen Inc. Ramps Up The Rhetoric To Maximum Crazy, Will Partner With Blu To Launch A Phone Later This Year With No Google Apps was written by the awesome team at Android Police.

BitWhisper could snatch data from secure computer networks by monitoring heat output with a second, unassuming computer.

Google has announced the end of another service, and this one is a shocker—Google Code is going away on January 25th, 2016. That gives you about ten months to get your code off of Google's servers before it's gone forever. Why is Google breaking your heart like this? According to the company, Google Code simply isn't very popular anymore.

When Google Code was launched in 2006, there weren't many options for open source code repositories.

Read More

Google Code Will Shut Down In January 2016 Because Almost No One Uses It Anymore was written by the awesome team at Android Police.

• Update 1: 2015/03/01 1:43pm PST
  Here are some glitzy videos from Samsung official YouTube channel to tide you over.
• Update 2: 2015/03/01 1:44pm PST
  And here are a ton of high-quality press images, including the fancy new metal frames. Galaxy S6 press images [imgset]

We've seen them leaked to death, we've seen months of rumors and speculation. Now we have verified info on the real deal: Samsung's double flagship for 2015.

Read More

Samsung Makes The Galaxy S6 And Galaxy S6 Edge Official: Exynos Chips, Metal Frames, And Important Changes For Android's De Facto Flagship was written by the awesome team at Android Police.

Not the sexiest title for a blog post, I know. But as we’ve inhabited a variety of workplaces—including a garage in Menlo Park, a farmhouse in Denmark and an entire New York city block—we’ve learned something about what makes an office space great. And we’re excited to put that into practice, starting here at our home in Mountain View.

Today we’re submitting a plan to redevelop four sites—places where we already have offices but hope to significantly increase our square footage—to the Mountain View City Council. It's the first time we'll design and build offices from scratch and we hope these plans by Bjarke Ingels at BIG and Thomas Heatherwick at Heatherwick Studio will lead to a better way of working.

The idea is simple. Instead of constructing immoveable concrete buildings, we’ll create lightweight block-like structures which can be moved around easily as we invest in new product areas. (Our self-driving car team, for example, has very different needs when it comes to office space from our Search engineers.) Large translucent canopies will cover each site, controlling the climate inside yet letting in light and air. With trees, landscaping, cafes, and bike paths weaving through these structures, we aim to blur the distinction between our buildings and nature.

Of course, this project is about much more than just office space; it’s about doing more with the local community as well. So we’re adding lots of bike paths and retail opportunities, like restaurants, for local businesses. We also hope to bring new life to the unique local environment, from enhancing burrowing owl habitats to widening creek beds. And we’re committed to do everything we can to save energy—our recent agreement to offset our energy consumption in North Bayshore with renewable energy includes the development of this proposal.

We chose Mountain View for our headquarters 15 years ago because we love the beauty of the bay, the close proximity to great universities, the family-friendly environment and the chance to work in a city at the heart of Silicon Valley. Today, we want to create office spaces that don’t just provide a great home for Google, but which also work for the city that has given us so much.

We look forward to working with our neighbors at the City Council on this proposal—and the future of Mountain View’s North Bayshore.

Posted by David Radcliffe, Vice President, Real Estate

There are two kinds of physical keyboard users: those who never touch the 10-key area (that's the bit on the right that kinda looks like a calculator) and those who will only let you take their 10-key away when you pry it from their cold, dead hands. There's a reason you see a little add-on USB 10-key in that one aisle at Best Buy: data entry experts, especially those that work with Microsoft Excel, need those extra keys like Texans need 15-round ammo magazines.

Read More

Microsoft Releases An Android Keyboard Just For 10-Key Addicts To Use With Excel was written by the awesome team at Android Police.

Huge thanks to everyone who decided that last week was the right time to support my work and help me along towards my new workstation + triple-head setup.

A lot of folks have suggested that I set up a crowdfunding effort for the new machine so here goes. Let me know if you have any questions!

THANK YOU!!

A dark, snaking line across the lower half of the sun in this images from Feb. 10, 2015, shows a filament of solar material hovering above the sun's surface. This image was captured by NASA's Solar Dynamic Observatory.

Remember how Marriott hotels wanted to block WiFi hotspots and make everyone pay for internet access? It turns out giving Marriott money for lodging is maybe not a good idea in the first place. According to software developer Randy Westergren, it has been possible to access customer information on Marriott's servers without a password since the Android app was released in 2011.

The problem is that Marriott's Android app didn't use any sort of token or authorization data to access your reservations.

[Oops] Marriott's Android App Has Probably Been Leaking Credit Card Data For Years was written by the awesome team at Android Police.

You might have noticed a number of recent stories (like this one) claiming Google was abandoning some huge portion of Android users rather than fix WebView security holes. It's exactly the kind of thing that makes good clickbait. Google has now issued a statement on the security issues in Android 4.3 and earlier, basically pointing out it's not feasible to update old code forever and offering tips for avoiding potential exploits.

Google Issues Official Response To Concerns Over Jelly Bean WebView Security was written by the awesome team at Android Police.

Update: Plenty of readers are saying that they've received 5.0.1 with AT&T SIM cards. The decision to publish this post was made after my testing and another AP team member saying that he had yet to receive 5.0.1 on his device as well. It's possible that the rollout to devices with AT&T SIMs is just moving at a much slower pace than for ones with other SIMs, but regardless, there is still something unique going on with AT&T.

[Updated] PSA: If Your Nexus 6 Has An AT&T SIM Card, Your Android Updates Are Being Withheld, But It Doesn't Actually Matter was written by the awesome team at Android Police.

The idea behind Google's Android Work effort is to allow users of enterprise devices (whether BYOD or company-provided) to use the apps they're familiar with in one unified experience that keeps work and personal data separate. Work data will stay secure, with Android Work providing restrictions and controls for what can be done with the data, while personal data is readily accessible without needing to install any special third-party apps or launchers. 

Google Adds Work Chrome To The Play Store For Reasons Not Immediately Apparent was written by the awesome team at Android Police.

'An attacker who controls that dongle has full control of the vehicle,' says Digital Bond Labs' Corey Thuen.

HTC has been trying to complete a turnaround for the last few years, and the now thoroughly leaked M9 will be the make or break chance.

Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements.

Obama Goes On Record Against Encryption, Says It Should Exist But He Should Be Able To Decrypt It was written by the awesome team at Android Police.

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

For the past five years, Microsoft has been forced to offer first-time Windows users in Europe a choice of web browser. This was a result of an EU ruling in 2009, which found that Microsoft had been unfairly abusing its operating system monopoly to push Internet Explorer into the hands of millions of unwitting, unfortunate users. Now, however, Microsoft is once again free to make Internet Explorer the default web browser in Windows.

City lights shine brighter during the holidays when compared with the rest of the year, as shown using a new analysis of daily data from the NASA-NOAA Suomi National Polar-orbiting Partnership (Suomi NPP) satellite. Dark green pixels are areas where lights are 50 percent brighter, or more, during December. This new analysis of holiday lights uses an advanced algorithm, developed at NASA's Goddard Space Flight Center in Greenbelt, Maryland, that filters out moonlight, clouds and airborne particles in order to isolate city lights on a daily basis. The data from this algorithm provide high-quality satellite information on light output across the globe, allowing scientists to track when – and how brightly – people illuminate the night. A daily global dynamic dataset of nighttime lights is a new way for researchers to understand the broad societal forces impacting energy decisions and to look at how people use cities, from an energy perspective. > Full Story: NOAA/NASA Satellite Sees Holiday Lights Brighten Cities Image Credit: NASA's Earth Observatory/Jesse Allen

When the hackee becomes the hacker... In a somewhat amusing twist to the ongoing Sony Pictures hack and massive breach of sensitive files and unreleased films, the company is now fighting back. According to two unnamed sources, Sony is now using 'hundreds of computers' to perform a DDoS on websites where you can download the leaked data. Better yet, Sony is apparently using Amazon's cloud servers (AWS) to perform the DDoS. While I'm all for proactive security measures, Sony might be taking it a little bit too far here.

Comcast's new plan to use your Internet bandwidth for its own WiFi network is under fire in the courts thanks to a new lawsuit. Whether the company's actions are legal will hinge on customer consent and socialized cost.

Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony.

Seagate, using its new shingled magnetic recording (SMR) technology to cram more data into fewer platters, is preparing to launch an 8TB hard drive priced at just $260. For that low-low price (just over 3 cents per gig!) you get a three-year warranty and very low power consumption -- but certainly not performance. This 8TB drive is all about long-term storage and backups -- pair it with a new SSD and you'd have a very flexible, cost-effective storage setup.