Coming up this week, we’ll be talking with Michael Lucas about his newest BSD book, “FreeBSD Mastery: Storage Essentials.” It’s got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We’ve also got the usual round of news & answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More BSD conference videos

• We mentioned it a few times, but the “New Directions in Operating Systems” conference was held in November in the UK
• The presentations videos are now online, with a few BSD-related talks of interest
• Antti Kantee, Rump kernels and why / how we got here
• Franco Fichtner, An introduction to userland networking
• Robert Watson, New ideas about old OS security
• Lots of other interesting, but non-BSD-related, talks were also presented, so check the full list if you’re interested in operating systems in general
• The 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never)
• Kirk McKusick, An Overview of Security in the FreeBSD Kernel
• Matthew Ahrens, OpenZFS ensures the continued excellence of ZFS
• Eric Allman, Bambi Meets Godzilla: They Elope – Open Source Meets the Commercial World
• Scott Long, Modifying the FreeBSD kernel Netflix streaming servers
• Dru Lavigne, ZFS for the Masses
• Kris Moore, Snapshots, Replication, and Boot Environments
• David Chisnall, The Future of LLVM in the FreeBSD Toolchain
• Luba Tang, Bold, fast optimizing linker for BSD
• John Hixson, Introduction to FreeNAS development
• Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
• Michael Dexter, Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite
• Peter Grehan, Nested Paging in Bhyve
• Martin Matuška, Deploying FreeBSD systems with Foreman and mfsBSD
• James Brown, Analysys of BSD Associate Exam Results
• Mindaugas Rasiukevicius, NPF – progress and perspective
• Luigi Rizzo, Netmap as a core networking technology
• Michael W. Lucas, Sudo: You’re Doing it Wrong (not from a BSD conference, but still good)
• Should make for some great material to watch during the holidays

OpenBSD vs FreeBSD security features

• From the author of both the OpenBSD and FreeBSD secure gateway articles we’ve featured in the past comes a new entry about security
• The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
• It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
• This is definitely one of the most in-depth and complete articles we’ve seen in a while – the author seems to have done his homework
• If you’re looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques – be sure to read the whole thing
• There are also some good comments on DaemonForums and lobste.rs that you may want to read

The password? You changed it, right?

• Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he’s seen recently
• He apparently reads his auth logs when he gets bored at an airport
• This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
• More than 700 IPs have tried to get into Peter’s BSD boxes using these names in combination with weak passwords
• Lots more details, including the lists of passwords and IPs, can be found in the full article
• If you’re using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don’t have a “d-link” user anyway)

Get started with FreeBSD, an intro for Linux users

• Another new BSD article on a mainstream technology news site – seems we’re getting popular
• This article is written for Linux users who may be considering switching over to BSD and wondering what it’s all about
• It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
• “Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other *BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like”

Interview – Michael W. Lucas – mwlucas@michaelwlucas.com / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

• The OpenSMTPD guys, particularly Gilles, have posted an update on what they’ve been up to lately
• As of 5.6, it’s become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
• Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they’ve had to deal with
• There’s also another post that goes into detail on their upcoming filtering API – a feature many have requested
• The API is still being developed, but you can test it out now if you know what you’re doing – full details in the article
• OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out

OpenCrypto changes in FreeBSD

• A little while back, we talked to John-Mark Gurney about updating FreeBSD’s OpenCrypto framework, specifically for IPSEC
• Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
• The ICM and GCM modes of AES were added, and both include support for AESNI
• There’s a new port – “nist-kat” – that can be used to test the new modes of operation
• Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
• Code was also borrowed from both OpenBSD and NetBSD to make this possible

First thoughts on OpenBSD’s httpd

• Here we have a blog post from a user of OpenBSD’s new homegrown web server that made its debut in 5.6
• The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
• He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
• Be sure to check our interview with Reyk about the new httpd if you’re curious on how it got started
• Also, if you’re running the version that came with 5.6, there’s a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7

Steam on PCBSD

• One of the most common questions people who want to use BSD as a desktop ask us is “can I run games?” or “can I use steam?”
• Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it’s already possible to use it with WINE
• This video shows how to get Steam set up on PCBSD using the Windows version
• There are also some instructions in the video description to look over

Feedback/Questions

• Charlie writes in
• Sean writes in
• Predrag writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if it’s anything related to BSD, we wanna hear about it
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Next week will be the prerecorded holiday episode where we read all the stories of how you got into BSD, should be pretty fun