1 00:00:00,001 --> 00:00:19,360 What's up everybody? Welcome to Freedom Tech Wrap. My name is Marks and on this show we discuss the 2 00:00:19,360 --> 00:00:25,080 latest developments that affect privacy, speech, and the technologies you can use to have a more 3 00:00:25,080 --> 00:00:30,360 independent life. We live in a highly connected world and Freedom Tech lets you decide how you 4 00:00:30,360 --> 00:00:35,500 want to connect and where you want your data to live. When I'm not making this show, I'm spending 5 00:00:35,500 --> 00:00:41,660 time with family and friends and I also work on a developer platform called OpenSecret that brings 6 00:00:41,660 --> 00:00:48,420 strong privacy and encryption to the apps you use every day. If you're an app developer, check out 7 00:00:48,420 --> 00:00:54,520 what we're building over at OpenSecret.cloud and see how you can add stronger privacy and freedom 8 00:00:54,520 --> 00:01:02,380 technology to your existing stack. Together, let's enable privacy by default. Aside from my personal 9 00:01:02,380 --> 00:01:08,000 affiliation with OpenSecret, Freedom Tech Wrap is an independent show. You can support what we're 10 00:01:08,000 --> 00:01:13,700 doing by sharing the show with others and by sending us value in your Podcasting 2.0 enabled 11 00:01:13,700 --> 00:01:23,960 app. Your support and feedback are greatly appreciated. And now on to the news. First up today, we bring news from one of the 12 00:01:23,960 --> 00:01:32,520 biggest privacy tools invented and that is the Tor network. The Tor network has been undergoing a spoofing 13 00:01:32,520 --> 00:01:38,820 attack over the last month or so. It's an IP spoofing attack and they've announced that they have finally 14 00:01:38,820 --> 00:01:46,360 mitigated it and shared some information about it and there's still cleanup going on. But what happened 15 00:01:46,360 --> 00:01:53,400 is at the end of October, Tor directory authorities and relay operators and even the Tor project sysadmin 16 00:01:53,400 --> 00:01:59,960 team started receiving abuse complaints from their providers about port scanning going on on the network. 17 00:01:59,960 --> 00:02:07,340 And these complaints were a coordinated attack, an IP spoofing attack, where attackers spoofed non-exit 18 00:02:07,340 --> 00:02:14,960 relays and other Tor related IPs to trigger abuse reports aimed at disrupting the Tor project and the Tor network. 19 00:02:14,960 --> 00:02:22,840 So they were purposely using the prevention tools that were meant to safeguard the network and doing a denial of service 20 00:02:22,840 --> 00:02:36,780 of sorts against the network by spoofing fake abuse reports. The Tor community along with InterSecLab and then it says the support of Andrew 21 00:02:36,780 --> 00:02:44,040 Morris and the team at GrayNoise, they all worked together. They identified where the spoof packets were coming from and they shut it down 22 00:02:44,040 --> 00:02:52,600 on November 7th earlier this month. So they have a great write up on their blog. You can check it out to learn more about it. They do 23 00:02:52,600 --> 00:03:00,360 say that there's still work ahead. We need to support relay operators in getting their accounts reinstated and assist providers in unblocking IPs for 24 00:03:00,360 --> 00:03:09,960 Tor directly, directory authorities. So great work by the community and the teams over there. And I'd also recommend if you want to help support the 25 00:03:09,960 --> 00:03:22,040 Tor network, you can either donate to them or you can actually run your own relay, a non-exit relay or an exit relay and help keep the whole network thriving. 26 00:03:22,040 --> 00:03:36,220 Next up, we have final news from the court proceedings of Roman Sterlinov, who used Bitcoin Fog. And he has been sentenced to 12 and a half years for allegedly running the Bitcoin Fog network. 27 00:03:36,220 --> 00:03:49,960 But he still claims and his lawyer still claims that he was but a user, not the person running the network. In fact, the network still has continued to run even while he has been in custody. 28 00:03:49,960 --> 00:03:51,960 No BS Bitcoin. 29 00:03:51,960 --> 00:04:08,080 The website did a whole write up of this. Quick, quick side note. No BS Bitcoin does great journalistic work and bringing the news to many of us every day. So I recommend going over there and donating to them and helping support their work. 30 00:04:08,080 --> 00:04:21,780 But I just want to call out so he was sentenced to 12 and a half years for allegedly running the service. But what I find somewhat disturbing is the use of chain analysis. 31 00:04:21,780 --> 00:04:38,420 In this court case, and then specifically the judges comments and the judges take on the chain analysis research that was provided as evidence to get Sterlinov thrown into prison and get the sentence. 32 00:04:38,420 --> 00:04:49,140 No BS Bitcoin says at trial, Judge Moss defended chain analysis is reactor software as quote, sufficiently reliable. 33 00:04:49,140 --> 00:04:51,660 Adding that, and again, 34 00:04:51,660 --> 00:05:10,100 quoting, it doesn't need to, at least as offered in this case, offer, you know, absolute precision. So if it were right, you know, only 90% of the time or only 80% of the time, I think it would still be valuable for offering the evidence that the government is seeking to offer it for. 35 00:05:10,100 --> 00:05:21,100 That is incredibly dangerous precedent to say that we are going to depend on this tool that promotes itself as being scientific. 36 00:05:21,100 --> 00:05:21,600 scientific, 37 00:05:21,600 --> 00:05:39,780 evidence of, you know, cryptographic proof that someone is has done something on the network. Yeah, they can only be 80 to 90% Sure, probably less, I would guess. We should not be using that to lock somebody up for 12 and a half years, especially when it's a crime, like money laundering, which is debatable if it should even be a crime at all. Okay. Next up, we have a case that we're going to talk about today. We're going to talk about the 38 00:05:39,780 --> 00:05:46,960 when it's a crime like money laundering, which is debatable if it should even be a crime at all. 39 00:05:46,960 --> 00:05:56,520 Okay. Next up, we have Plub Lab. Plub Lab has announced their Top Builder Season 2. 40 00:05:56,520 --> 00:06:02,320 If you don't remember, this is a competition they started last year that ran for a few weeks, 41 00:06:02,320 --> 00:06:09,380 and it brought together a bunch of different builders to pit themselves, not just against 42 00:06:09,380 --> 00:06:14,600 each other, but also work together. And they've announced Season 2 of this. There's a prize money 43 00:06:14,600 --> 00:06:20,280 at the end. Here are some of the details if you are interested. Top Builder is an intense 44 00:06:20,280 --> 00:06:24,500 competition designed to discover the next wave of innovators in the Bitcoin ecosystem. 45 00:06:24,500 --> 00:06:32,600 Apply before December 31st to participate in this Bitcoin-only competition. Win up to $15,000. 46 00:06:32,600 --> 00:06:39,300 It's an eight-week educational program that is an exciting blend of builder sessions, 47 00:06:39,300 --> 00:06:44,220 workshops, announcements, and speaker panels, all designed to foster learning and rapid growth 48 00:06:44,220 --> 00:06:51,960 within the Bitcoin community. This all culminates at Plub Lab Startup Day on Thursday, March 13th, 49 00:06:51,960 --> 00:06:59,960 2025, which coincides also with South by Southwest and the Bitcoin Takeover event that happens here 50 00:06:59,960 --> 00:07:08,100 in Austin, Texas with South by. So if you are interested in not only trying to win the grand 51 00:07:08,100 --> 00:07:09,280 prize of $15,000, but also winning the grand prize of $15,000, you can win the grand prize of $15,000, 52 00:07:09,280 --> 00:07:18,240 but really to get this experience building with a cohort of other Bitcoin companies and projects, 53 00:07:18,240 --> 00:07:22,820 go ahead and apply. You can go to topbuilder.dev. That's all one word, 54 00:07:22,820 --> 00:07:27,200 topbuilder.dev, and apply by December 31st. 55 00:07:27,200 --> 00:07:38,220 The last news item of the day is not one that you would expect, but here we are. And this is 56 00:07:38,220 --> 00:07:39,260 The World of Sports. 57 00:07:39,260 --> 00:07:39,460 The World of Sports. 58 00:07:39,460 --> 00:07:42,680 Specifically, college football in the United States. 59 00:07:42,680 --> 00:07:50,660 Texas Tech University, which is a school in Texas, has concerns over unencrypted communication. 60 00:07:50,660 --> 00:07:56,080 For this, we're heading over to the Lubbock Avalanche Journal that details the story. 61 00:07:56,080 --> 00:08:01,820 Big 12 tells Texas Tech football rest of conference helmet talks haven't been hacked. 62 00:08:01,820 --> 00:08:07,260 So what's going on here is that this year in college football, coaches gained the ability 63 00:08:07,260 --> 00:08:09,240 to communicate with one of the players. And they're going to be talking about the 64 00:08:09,240 --> 00:08:16,360 players on the field just before a play starts. So they're able to radio in and give some 65 00:08:16,360 --> 00:08:22,480 instructions. And then 15 seconds before the play begins, the communication is cut off. 66 00:08:22,480 --> 00:08:28,300 Well, what many schools were not aware of is that these communications are happening 67 00:08:28,300 --> 00:08:33,560 over unencrypted channels. And so somebody with a scanner and who knows how to tune in 68 00:08:33,560 --> 00:08:38,800 to the right frequency could listen to what was going on. In my opinion, the response from the 69 00:08:38,800 --> 00:08:45,320 conference and from the quote unquote experts are saying, yeah, it's not a big deal because, you 70 00:08:45,320 --> 00:08:49,180 know, how can you really act on the information that's being given to a player right before? 71 00:08:49,180 --> 00:08:54,100 It'd be very difficult for an opposing team to listen and respond. I think that's irrelevant 72 00:08:54,100 --> 00:08:59,860 here. I do think that it's possible for people to respond in that time, but I still think it's 73 00:08:59,860 --> 00:09:04,420 irrelevant. They should be using encryption. Turns out there was an option to use encryption. 74 00:09:04,420 --> 00:09:08,780 They just had to update all the systems or use another option. 75 00:09:08,780 --> 00:09:13,620 That was provided called CoachCom. So even though everybody's telling Texas Tech, 76 00:09:13,620 --> 00:09:18,140 don't worry about it. Nothing bad is happening here. Texas Tech has made the correct decision 77 00:09:18,140 --> 00:09:22,460 in my mind to use the option to turn on encryption. So now when they talk to their 78 00:09:22,460 --> 00:09:27,400 player on the field, it is using an encrypted channel. This just goes along with the prevailing 79 00:09:27,400 --> 00:09:33,840 mood that we all have in general. And that is we just use the service and expect it's going to be 80 00:09:33,840 --> 00:09:38,260 fine for us. And then we find out later that it's unencrypted and that's no good. 81 00:09:38,800 --> 00:09:42,980 We should have our things encrypted by default. Let's turn on privacy by default. 82 00:09:42,980 --> 00:09:48,720 Okay, let's move on to our data breach story of the week, courtesy of some Chinese hackers. 83 00:09:48,720 --> 00:09:55,700 It says Chinese hackers exploit Fortinet VPN zero day to steal credentials. And this is by 84 00:09:55,700 --> 00:10:02,240 way of bleeping computer. And they talk about how the VPN service Fortinet was made aware 85 00:10:02,240 --> 00:10:07,880 back in July of a vulnerability that allowed 86 00:10:07,880 --> 00:10:15,240 credentials from users to be sniffed out by a service running on the same computer. 87 00:10:15,240 --> 00:10:21,100 So what was happening is that the credentials were stored in memory while the VPN service was running. 88 00:10:21,100 --> 00:10:28,700 And then there was an ability for another service running on the same device that knew how to go in 89 00:10:28,700 --> 00:10:33,480 and grab those credentials. They were made aware of it. According to a believing computer, 90 00:10:33,480 --> 00:10:37,140 they did not do anything to fix the problem and do an update. 91 00:10:37,500 --> 00:10:43,160 And so now there's actually evidence that some Chinese hackers have been exploiting this in the wild 92 00:10:43,160 --> 00:10:50,500 and have been getting username and password credentials from computers running the Fortinet 93 00:10:50,500 --> 00:10:58,660 software. So I just recommend that be watching for updates to Fortinet and maybe don't use it 94 00:10:58,660 --> 00:11:04,200 for now until you see an update. Maybe find a different VPN service. This is all up to you. 95 00:11:04,200 --> 00:11:07,120 I'm just giving you the information that there is a lot of information out there. 96 00:11:07,120 --> 00:11:09,120 There is this hack out there in the wild. 97 00:11:09,120 --> 00:11:15,520 Okay, let's go into project updates. 98 00:11:15,520 --> 00:11:23,040 First up, we have, speaking of VPNs, we have Moldad. Moldad has released their browser 14.0. 99 00:11:23,040 --> 00:11:28,880 From their release, they say, "Today we announced the stable release of Moldad browser 14.0 100 00:11:28,880 --> 00:11:35,120 based on Firefox ESR 128 and incorporates a year's worth of changes from Firefox. As part of this 101 00:11:35,120 --> 00:11:36,400 process, we've also completed our annual ESR 128 update. We're going to be able to update the 102 00:11:36,400 --> 00:11:36,740 entire ESR 128 database and the entire ESR 128 database. We're going to be able to update the entire ESR 128 database. 103 00:11:36,740 --> 00:11:41,740 ESR transition audit where we review Firefox's changelog for issues that may 104 00:11:41,740 --> 00:11:46,000 negatively affect the privacy and security of Mullvad browser users and 105 00:11:46,000 --> 00:11:51,860 disable any problematic patches where necessary. So, check it out. They've got 106 00:11:51,860 --> 00:11:56,120 some other updates including picture-in-picture and screenshots as well 107 00:11:56,120 --> 00:12:01,340 as different security levels. Go check out their full changelog. Mullvad browser 14.0. 108 00:12:01,340 --> 00:12:09,500 We have OpenHAB with a release 4.3.0 milestone 4 update. So, they've 109 00:12:09,500 --> 00:12:14,580 been working on this big update for a while and monthly they give updates and 110 00:12:14,580 --> 00:12:19,940 so they've just given the milestone 4 update. OpenHAB, if you aren't familiar, is 111 00:12:19,940 --> 00:12:27,520 an open system, an open platform for controlling all of the devices in your 112 00:12:27,520 --> 00:12:30,960 house, all the smart home devices that you have. 113 00:12:30,960 --> 00:12:37,200 So, scoot on over to OpenHAB's GitHub page if you want to see the latest 114 00:12:37,200 --> 00:12:45,000 developments in milestone 4. Okay, on the media front we have Jellyfin with 10.10.0. 115 00:12:45,000 --> 00:12:50,580 Jellyfin is a free software media system for hosting all of your own media 116 00:12:50,580 --> 00:12:55,380 content and watching it on your devices in your home or away from your home. Some 117 00:12:55,380 --> 00:12:58,840 of the highlights they have, they have media segments. The Jellyfin server now 118 00:12:58,840 --> 00:13:02,500 supports the management of media segments. This means that we store some 119 00:13:02,500 --> 00:13:06,940 additional information for certain time spans on a video that clients can then 120 00:13:06,940 --> 00:13:12,160 use to provide additional actions. For example, when there is a media segment of 121 00:13:12,160 --> 00:13:17,160 the type intro, a client may display a button to skip that particular segment. 122 00:13:17,160 --> 00:13:22,080 They have improvements with playback, transcoding, something called trick play, 123 00:13:22,080 --> 00:13:27,000 they have metadata changes and web changes. There's a lot in this update so 124 00:13:27,000 --> 00:13:33,360 go check it out Jellyfin 10.10.0. Vaultwarden is out with an update. If you use 125 00:13:33,360 --> 00:13:38,940 Vaultwarden for storing your passwords you can do that on a start OS, you know 126 00:13:38,940 --> 00:13:43,260 start 9 server. I think Umbral also has it as well so you can host your own 127 00:13:43,260 --> 00:13:49,600 password manager. Well Vaultwarden has an update 1.32.5 and in this one the 128 00:13:49,600 --> 00:13:55,200 biggest change is that they have support now for SSH key storage. You can 129 00:13:55,200 --> 00:13:59,700 store your SSH secrets in Vaultwarden and have them synchronized across your 130 00:13:59,700 --> 00:14:06,360 devices. Vaultwarden by the way is a back-end that talks to the API of 131 00:14:06,360 --> 00:14:11,640 Bitwarden so you can use Bitwarden clients to access your Vaultwarden 132 00:14:11,640 --> 00:14:17,940 storage. Now speaking of home operating systems we have Umbral out with a big 133 00:14:17,940 --> 00:14:25,200 update. Umbral OS 1.3 has been released. From their tweet the major features are 134 00:14:25,200 --> 00:14:30,540 swappable apps, effortlessly switch between Bitcoin node, Bitcoin knots and 135 00:14:30,540 --> 00:14:37,020 Libra relay, Orelectors, Fulcrum and Electrum X. New features also include 136 00:14:37,020 --> 00:14:42,560 Cloudflare DNS and factory reset. It's faster and smoother, enjoy a 137 00:14:42,560 --> 00:14:51,140 snappier UI and essential bug fixes. So go check out Umbral for the 1.3 update. 138 00:14:51,140 --> 00:14:56,880 Last up on our list is a newcomer to my Freedom Tools list that I have and that 139 00:14:56,880 --> 00:15:05,960 is FreeCAD 1.0. So FreeCAD is an open source software for doing 3D parametric 140 00:15:05,960 --> 00:15:13,380 modeling. If you've ever done architecture you use CAD to draft up a 141 00:15:13,380 --> 00:15:17,660 building, draft up a room. There are tons of other uses for it too. That's just how 142 00:15:17,660 --> 00:15:21,060 you know AutoCAD is how I first got introduced to this type of product. 143 00:15:21,060 --> 00:15:25,680 But FreeCAD is a Freedom Tech open source version that looks really 144 00:15:25,680 --> 00:15:28,320 powerful. You can go check it out on their website. It's not just for 145 00:15:28,320 --> 00:15:33,720 architecture designs, all sorts of 3D modeling that you can do. But you know 146 00:15:33,720 --> 00:15:38,400 congratulations to them. Shipping 1.0 is always a difficult thing to do. So FreeCAD 147 00:15:38,400 --> 00:15:44,100 1.0 open source 3D parametric modeler. 148 00:15:44,100 --> 00:15:50,980 Okay well that's it for news and updates this week. This is Freedom Tech Graphics 149 00:15:50,980 --> 00:16:16,100 and I'm your host, Frank. Thanks for listening and remember to live independent. Later. 150 00:16:16,100 --> 00:16:42,680 This week's song is an ode to Bitcoin reaching new heights and venturing into places we've never 151 00:16:42,680 --> 00:16:46,020 been before. This is Crow Joe with... 152 00:16:46,020 --> 00:16:48,020 Out on the Open Range. 153 00:16:48,020 --> 00:16:58,020 ♪ ♪ 154 00:16:58,020 --> 00:17:03,020 ♪ ♪ 155 00:17:08,020 --> 00:17:12,020 ♪ ♪ 156 00:17:12,020 --> 00:17:14,020 ♪ ♪ 157 00:17:16,020 --> 00:17:17,940 ♪ ♪ 158 00:17:17,940 --> 00:17:21,940 ♪ ♪ 159 00:17:21,940 --> 00:17:25,940 ♪ Introduced by pistol round ♪ 160 00:17:25,940 --> 00:17:29,940 ♪ Trailer echo gunshot sound ♪ 161 00:17:29,940 --> 00:17:33,940 ♪ Bodies laying on the ground ♪ 162 00:17:33,940 --> 00:17:37,940 ♪ Out on the open range ♪ 163 00:17:37,940 --> 00:17:41,940 ♪ ♪ 164 00:17:41,940 --> 00:17:43,940 ♪ ♪ 165 00:17:45,940 --> 00:18:04,120 I don't know where I go 166 00:18:04,120 --> 00:18:08,700 It's like a band from a western picture show 167 00:18:08,700 --> 00:18:12,540 It's damn, it's the one I know 168 00:18:12,540 --> 00:18:16,060 Out on the open range 169 00:18:16,060 --> 00:18:23,360 Lonesome valley, deserts, air 170 00:18:23,360 --> 00:18:27,700 Some struck nation by moonlight splatter 171 00:18:27,700 --> 00:18:31,760 The long end of nowhere 172 00:18:31,760 --> 00:18:35,240 Out on the open range 173 00:18:35,240 --> 00:18:58,240 guitar solo 174 00:18:58,240 --> 00:19:02,260 Rusty cattle, robin strings 175 00:19:02,260 --> 00:19:05,220 Gunfire, bazze, stick-em-up 176 00:19:05,220 --> 00:19:08,220 The gangs back in the satire 177 00:19:08,220 --> 00:19:11,000 And up the ranks 178 00:19:11,000 --> 00:19:14,200 Out on the open range 179 00:19:14,200 --> 00:19:18,520 Out on the open range 180 00:19:18,520 --> 00:19:20,720 Out on 181 00:19:20,720 --> 00:19:23,220 guitar solo