This time on the show, we’ll be chatting with Jed Reynolds about ZFS. He’s been using it extensively on a certain other OS, and we can both learn a bit about the other side’s implementation. Answers to your questions and all this week’s news, coming up on BSD Now – the place to B.. SD.
Thanks to:
Direct Download:
Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube
RSS Feeds:
MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed
– Show Notes: –
Headlines
Playing with sandboxing
- Sandboxing and privilege separation are popular topics these days – they’re the goal of the new “shill” scripting language, they’re used heavily throughout OpenBSD, and they’re gaining traction with the capsicum framework
- This blog post explores capsicum in FreeBSD, some of its history and where it’s used in the base system
- They also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls
- Check our interview about capsicum from a while back if you haven’t seen it already
OpenNTPD on by default
- OpenBSD has enabled ntpd by default in the installer
- In nearly every case, you’re going to want to have your clock synced via NTP
- With the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks
- Lots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases
- For those who might be curious, they’re using the “pool.ntp.org” cluster of addresses and google for HTTPS constraints (but these can be easily changed)
FreeBSD workshop in Landshut
- We mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event
- The installfest instead became a “FreeBSD workshop” session, introducing curious new users to some of the flagship features of the OS
- They covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible
- If you’re in south Germany and want to give similar introduction talks or Q&A sessions about the other BSDs, get in touch
- We’ll hear more from him about how it went in the feedback section today
Swap encryption in DragonFly
- Doing full disk encryption is very important, but something that people sometimes overlook is encrypting their swap
- This can actually be more important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)
- DragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab
- There was another way to do it previously, but this is a lot easier
- You can achieve similar results in FreeBSD by adding “.eli” to the end of the swap device in fstab, there are a few steps to do it in NetBSD and swap in OpenBSD is encrypted by default
- A one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible
Interview – Jed Reynolds – jed@bitratchet.com / @jed_reynolds
Comparing ZFS on Linux and FreeBSD
News Roundup
USB thermometer on OpenBSD
- So maybe you’ve got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?
- This blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD
- Wouldn’t you know it, OpenBSD has a native “ugold” driver to support it with the sensors framework
- How useful such a device would be is another story though
- BSDCan Dan just bought 5 of these to bring to the #EmbeddedBSDCan hackithon. Bring your embedded devices and cool gadgets with you to BSDCan and hang out in the hackers lounge, see what we can put together.
NAS4Free now on ARM
- We talk a lot about hardware for network-attached storage devices on the show, but ARM doesn’t come up a lot
- That might be changing soon, as NAS4Free has just released some ARM builds
- These new (somewhat experimental) images are based on FreeBSD 11-CURRENT
- Included in the announcement is a list of fully-supported and partially-supported hardware that they’ve tested it with
- If anyone has experience with running a NAS on slightly exotic hardware, write in to us
pkgsrcCon 2015 CFP and info
- This year’s pkgsrcCon will be in Berlin, Germany on July 4th and 5th
- They’re looking for talk proposals and ideas for things you’d like to see
- If you or your company uses pkgsrc, or if you’re just interested in NetBSD in general, it would be a good event to check out
BSDTalk episode 253
- BSDTalk has released another new episode
- In it, he interviews George Neville-Neil about the 2nd edition of “The Design and Implementation of the FreeBSD Operating System”
- They discuss what’s new since the last edition, who the book’s target audience is and a lot more
- We’re up to 90 episodes now, slowly catching up to Will…
Feedback/Questions
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s someone you want us to talk to on a future episode, you gotta tell us
- Let us know if you guys have any ideas for our big 100th episode