We\’re back from AsiaBSDCon! This week we\’ll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we\’ll give you a step by step guide on how to actually use it. There\’s also the usual round of your questions and we\’ve got a lot of news to catch up on, so stay tuned to BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

AsiaBSDCon wrap-up chat

• bhyvecon Tokyo videos and slides

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates – you can add certificates to any current authentication method you\’re using
• They\’re not really that complex, there just isn\’t a lot of documentation on how to use them – this post tries to solve that
• There\’s the benefit of not needing a known_hosts file or authorized_users file anymore
• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication

Back to FreeBSD, a new series

• Similar to the \”FreeBSD Challenge\” blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
• \”So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10\”
• He\’s starting off with PCBSD since it\’s easy to get working with dual graphics
• Should be a fun series to follow!

OpenBSD\’s recent experiments in package building

• If you\’ll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk – OpenBSD\’s version is called dpb
• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
• This article goes through some of his findings and plans for future versions that increase performance
• We\’ll be showing a tutorial of dpb on the show in a few weeks

Securing FreeBSD with 2FA

• So maybe you\’ve set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
• This post walks us through the process of locking down an ssh server with 2FA
• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections

Interview – Gleb Kurtsou – gleb.kurtsou@gmail.com

PEFS

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!
• The prices are available along with a full list of presentations
• Tutorial sessions for various topics as well
• You have to go

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
• They\’ve also imported nginx into base a few years ago, but now have finally removed Apache
• Sendmail is also no longer the default MTA, OpenSMTPD is the new default
• Will BIND be removed next? Maybe so
• They\’ve also discontinued the hp300, mvme68k and mvme88k ports

Getting to know your portmgr lurkers

• The \”getting to know your portmgr\” series makes its return
• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
• How he got into FreeBSD? He \”wanted a unix system that I could understand and that would not get bloated as time goes by\”
• Mentions why he\’s still heavily involved with the project and lots more

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.01 (why?)
• There\’s a new \”pc-mixer\” utility being worked on for sound management as well
• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
• PCBSD 10.0.1 was released too

Feedback/Questions

• Alex writes in
• Ben writes in
• Nick writes in
• Sami writes in
• Christopher writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• The pkgng, ZFS, OpenBSD router and FreeBSD desktop tutorials have gotten some updates and fixes
• If you were using the automatic errata checking script in the router tutorial, you need to redownload the new, fixed version (they rearranged some stuff on the website and broke it)
• A few weeks\’ worth of new tutorials were uploaded ahead of time for the benefit of everyone, no point in holding them hostage – go check \’em all out
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Dusko, the winner of our tutorial contest, sent us a picture with his awesome FreeBSD pillow!