asiabsdcon – Jupiter Broadcasting

Store all the Things | BSD Now 130

chris — Thu, 25 Feb 2016 11:25:33 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Allan is back from the Storage Summit in Silicon Valley! We are going to get his thoughts on how the conference went, plus bring you the latest ZFS info discussed. That plus the usual BSD news is headed your way right now!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

– Show Notes: –

Headlines

OpenBSD website operators urged to fix mind-alteringly bad bug

We start off a bit light-hearted this week, with the important, breaking news that finally a long-standing OpenBSD bug has been addressed for the HTTP daemon.
Specifically? It changes the default 404 page fonts away from Comic Sans, to a bit more crowd-pleasing alternative:

“For some reason the httpd status pages (e.g. 404) use the Comic Sans typeface. This patch removes comic sans and sets the typeface to the default sans-serif typeface of the client.
“This lowers the number of people contacting website maintainers with typeface complaints bordering on harassment”.
+ Operators running HTTPD are highly encouraged to update their systems to the latest code, right now……… No seriously, we are waiting for you. Get it done now and then we’ll continue with the show.

Registration for AsiaBSDCon 2016 is now open + Talk Schedule

After a few delays, the registration for AsiaBSDCon has now opened!
The conference starts in less than two weeks! now, so be sure to get signed up ASAP.
In addition the schedule has been posted, and here’s some of the highlights of this year’s conference.
In addition to FreeBSD and NetBSD dev summits on the first two days, we have some excellent tutorials being given this year by Kirk, Gnn, Dru and more! (https://2016.asiabsdcon.org/program.html.en)
The regular paper talks also have lots of good ones this year, including this crazy encrypted boot loader one given by our very own Allan Jude!

OPENBSD ON AWS : AN UNEXPECTED JOURNEY

We have a blog post from Antoine Jacoutot, talking about the process of getting OpenBSD up and running in AWS
It starts with his process of creating an AMI from scratch, which ended up not being that bad:

create and loopback-mount a raw image containing a UFS filesystem
extract the OpenBSD base sets (which are just regular tarballs) and kernel
enable console output (so that one could “aws ec2 get-console-output”)
install the boot loader on the image
then use the ec2 tools to import the RAW image to S3, convert it into a volume (ec2-import-volume) which we can snapshot (ec2-create-snapshot) and create an AMI from (ec2-register)

The blog post also has a link to a script which automates this process, so don’t be daunted if you didn’t quite follow all of that.
Thanks to the recently landed DomU support, the final pieces of the puzzle fell into place, allowing OpenBSD to function as a proper guest (with networking!)
Next it details the process of injecting a public SSH key into the instances for instant remote access.
An ec2-init.sh script was created (also on github) which does the following:
setting the hostname
installing the provided SSH public key to /root/.ssh/authorized_keys
executing user-data (if it starts with a shebang)
displaying the host SSH fingerprints on the console (to match cloud-init)
With that done, OpenBSD is pretty much AWS ready! He then gives a brief walkthrough of setting up nginx for new users, but if you’ve already done this before then the instance is ready for you to hacking on.

Start thinking of ideas for things with FreeBSD for Google’s 2016 Summer of Code

Students and Developers, listen up! It’s time to start thinking about GSoC again, and FreeBSD is looking to update its project ideas page.
There’s some good ones on the list, plus ones that should be pruned (such as GELI boot), but now is the time to start adding new ones before we get too deep into the process.
This goes for the other BSD’s as well, start thinking about your proposals, or if you are developer, which projects would be a good fit for mentoring.
(Improving the Linux Compat layer is one I think should be done!)
Guide to getting started with kernel hacking
One of the things that’s been asked frequently is how to contribute towards the efforts to bring updated DRM / X drivers to the FreeBSD kernel.
Jean-Sébastien Pédron has started a great guide on the Wiki which details how to get started with the porting effort, and that developers need not be afraid of helping.

Storage Summit Roundup

Earlier this week a number of developers from FreeBSD, as well as various vendors that use FreeBSD, or provide products used with FreeBSD met for a Storage Summit, to discuss the future of these technologies
The summit was co-located with the USENIX FAST (Filesystems And Storage Technologies) conference
The summit was sponsored by the FreeBSD Foundation and FlightAware
After a short introduction, the event opened with a Networking Synergy panel
The focus of this panel was to see if there were techniques and lessons learned in improving the networking stack over the last 10 years that could be applied to improving the storage stack
A lot of time was spent discussing issues like multi-queue support, CPU scheduling, and ways to modernize the stack
CAM Scheduling & Locking Revamp
- No notes posted
User Space Storage Stack
- One of the user space storage stacks discussed was Diskmap
- Like netmap, but for disks (diskmap)
- Kernel bypass for accessing disks
- Ilias Marinos, who is working on diskmap at Cambridge University, described diskmap to the group
A design discussion then followed in which the memory management was covered as that’s an issue for any sort of “IO” map system
- Action Items:
Discuss with Luigi the idea of code merges
Need a reset path API
Kernel buffer mapping for reliability
Support for other interfaces (SATA/SCSI)
GEOM layer adaptation
Adapting to New Storage Technologies
- This working group was led by Adrian Palmer, from Seagate
- SMR
- Persistent Memory
- Session 1: Device Identification and the structural requirements
  - Agenda: We’ll look over the Identification nuances and what needs to change to support the structure. Support for IO order guarantees, forward-write only requirements, new commands and topology. Dig into CAM and GEOM layers. Solutions should be fast and have as few code paths as possible
  - Results: Small audience. We talked about zoned characteristics, and how it can be used in various workloads, projected to be implemented in years
- Session 2: Information dissemination and consumption
  - Agenda: Where and how will information from the report_zones command be gathered, stored, combined and used. This will include userspace storage and multi-volume management. Will CAM store this data, or will GEOM? How frequently will this need to be queried/updated/verified from the drive?
  - Results: Merged with ZFS working group to discuss SMR. Came up with idea that could be implemented as circular buffer zone type. Began to discuss solutions among developers
ZFS
- During the first session we discussed how to improve dedup support
  + A dedup throttle or cap was discussed. When the size of the DDT grows beyond this size, new entries would not be deduped.
  - An alternative to this was also discussed, where when the DDT reached the cap size, it would remove a random entry with only a single reference from the DDT to make room for the new entry. When a block is going to be freed, if it is not found in the DDT, it is assumed to have only 1 reference, and removed.
  - There was also discussion of replacing the DDT with an in-memory hash table and a “log” of increment/decrement operations, that is periodically compacted. The hash table is recreated from the log at pool import time. This would reduce the in-memory footprint of the DDT, as well as speed up all write operations as adding an entry to the dedup log will be less expensive than updating the DDT.
  - There was also discussion of using dedicated device(s) for the DDT, either using the DDT on SSD work by Nexenta, or the Metadata Classes work by Intel
- The first session also discussed Secure Delete and related things
  - The desire for an implementation of TRIM that uses the “secure erase” functionality provided by some disks was expressed
  - Overwriting sectors with patterns of garbage may be insufficient because SSDs may internally remap where a specific LBA physically resides
  - The possibility of using something like the “eager zero” feature to periodically write zeros over all free blocks in the pool to erase any lingering data fragments
  - Problems with the FreeBSD TRIM implementation were discussed, as well as looking at ways to implement the new ZFS TRIM implementation on FreeBSD
  - ABD (ARC Buf Data) was discussed, a new design that lessens the requirement for contiguous memory. Only a small area of contiguous blocks is reserved at boot, and compressed ARC blocks are constructed of scatter-gather lists of individual pages
- The second session combined with the SMR group and talked about SMR support in ZFS
  - Later in the second session ZFS Encryption was also discussed, mostly with a focus on what the use cases are
- The third session combined all of the groups for an overview of upcoming ZFS features including device removal and channel programs
- There was also a request for code review, for mostly finished projects like Persistent L2ARC, Writeback cache, and Large dnode support
Hallway Track
- ZFS / VFS Interaction
- Adrian Palmer has been a FreeBSD hobbyist since FreeBSD 7, and I think I managed to convince him to start contributing

News Roundup

One Week with NetBSD 7.0: Back to Unix basics

The author of this blog series is sending a week using NetBSD 7.0, following a previous series on Solaris 10
“This is actually familiar territory, as I’ve been using BSD variants almost exclusively since 2006. My recent SunOS explorations were triggered last summer by OpenBSD having choked on my current laptop’s NVIDIA card, and from what I could see at the time, FreeBSD had the same problem, although I now know NVIDIA drivers exist for that system. The thing that keeps me from going all-in with FreeBSD 10.x, however, is the fact that Firefox crashes and leaves “core dump” messages in its wake, and I’m just not a Chrome kinda guy.”
“For those with a catholic taste in Unix, NetBSD is a keg party at the Vatican. If you’re an absolute Unix beginner, or have been living on Ubuntu-based Linux distros for too long, then you may feel stranded at first by NetBSD’s sparseness. You’ll find yourself staring into the abyss and seeing only a blinking cursor staring back. If you have the presence of mind to type startx, you’ll be greeted by twm, a window manager offering little more than an xterm window with the same blinking cursor until you learn how to configure the .twmrc file to include whatever applications you want or need in the right-click menu.”
“As for NetBSD itself, I can’t think of any major productivity applications that can’t be installed, and most multimedia stuff works fine.”
Issues the author hopes to sort out in later posts:
- Audio playback (youtube videos in Firefox)
- Wireless
- Flash
- Digital Camera SD Card readability, video playback
- Audacity
- A “fancy” desktop like Gnome 2, KDE, or xfce
In a follow-up post, the author got LibreOffice installed and sorted out the audio issues they were having
In a later follow-up XFCE is up and running as well

ZFS is for Containers in Ubuntu 16.04

As you may have heard, Ubuntu 16.04 will include ZFS — baked directly into Ubuntu — supported by Canonical
“ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background. To our delight, we’re happy to make to OpenZFS available on every Ubuntu system.”
What does “supported by Canonical” mean?
“You’ll find zfs.ko automatically built and installed on your Ubuntu systems. No more DKMS-built modules”
“The user space zfsutils-linux package will be included in Ubuntu Main, with security updates provided by Canonical”
The article then provides a quick tutorial for setting up Linux Containers (LXC) backed by ZFS
In the example, ZFS is backed by a file on the existing disk, not by a real disk, and with no redundancy
However, the setup script seems to support using real block devices
The Software Freedom Conservancy is expected to issue a statement detailing their opinion on the legalities and licensing issues of bundling ZFS with Linux.

Polling is a Hack: Server Sent Events (EventSource) with gevent, Flask, nginx, and FreeBSD

A tutorial on setting up ‘Server-Sent Events’, also know as EventSource in javascript, to notify website clients of new data, rather than having the javascript constantly poll for new data.
The setup uses FreeBSD, nginx, gevent, Python, and the Flask framework
The tutorial walks through setting a basic Python application using the Flask framework
Then setting up the client side in Javascript
Then for the server side setup, it covers installing and configuring nginx, and py-supervisor on FreeBSD
The tutorial also includes links to additional resources and examples, including how to rate limit the Flash application

Why FreeBSD?

An excellent article written by Hamza Sheikh, discussing why FreeBSD is now his clear choice for learning UNIX.
The article is pretty well written and lengthy, but has some great parts which we wanted to share with you:

There were many rough edges in the Linux world and some of them exist even today. Choosing the right distribution (distro) for the task at hand is always the first and most difficult decision to make. While this is a strength of the Linux community it is also its weakness. This is exacerbated with the toxic infighting within the community in the last few years.

A herd of voices believes it is their right to bring down a distro community because it is not like their distro of choice. Forking upstream projects has somehow become taboo. Hurling abuse in mailing lists is acceptable. Helping new users is limited to lambasting their distro of choice. Creating conspiracy theories over software decisions is the way to go. Copyleft zealots roam social media declaring non-copyleft free software heretic abominations. It all boils down to an ecosystem soured by the presence of maniacs who have the loudest voices and they seem to be everywhere you turn.

Where is the engineering among all this noise? Btrfs – baking for a long time – is still nowhere near ZFS in stability or feature parity. systemd is an insatiable entity that feeds on every idea in sight and just devours indiscriminately. Wayland was promised years ago and its time has yet to arrive. Containers are represented by Docker that neither securely contains applications nor makes them easy to manage in production. Firewalling is dithering between firewalld, nftables, etc. SystemTap cannot match DTrace.

In the same time span what do various BSDs offer? pf, CARP, ZFS, Hammer, OpenSSH, jails, pkgsrc, (software) ports, DTrace, hardware portability; just to name a few. Few would deny that BSDs have delivered great engineering with free software licenses to the entire world. To me they appear to be better flag bearers of free software with engineering to back it.

He then goes through some of the various BSD’s and the specifics on why FreeBSD was the logical choice for his situation. But at the end has a great summary on the community as a whole:

Finally – and maybe repeating myself here – I have nothing but praise for the community. Be it BSD Now, mailing lists, Reddit, Twitter, LFNW, or SeaGL, people have encouraged me, answered my questions, and filed bugs for me. I have been welcomed and made a part of the community with open arms.
These reasons are (good) enough for me to use FreeBSD and contribute to it.

BeastieBits

OPNsense 16.1.3 released

Copies of “FreeBSD Mastery: Specialty Filesystems” seen in the wild

pfsense training available in Europe

LiteBSD now has 50 ports in its ports tree

Ports tree locked for OpenBSD 5.9

“FreeBSD Filesystem Fun” at March semibug

Event #46 — Embedded Platforms (BSD, OpenWRT, Plan 9 & Inferno)

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
…

The post Store all the Things | BSD Now 130 first appeared on Jupiter Broadcasting.

Virginia BSD Assembly | BSD Now 105

chris — Thu, 03 Sep 2015 05:42:04 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

It’s already our two-year anniversary! This time on the show, we’ll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year’s vBSDCon. What’s it have to offer in that’s different in the BSD conference space? We’ll find out!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD hypervisor coming soon

Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled “vmm”
Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
One thing to note: this isn’t just a port of something like Xen or Bhyve; it’s all-new code, and Mike explains why he chose to go that route
He also answered some basic questions about the requirements, when it’ll be available, what OSes it can run, what’s left to do, how to get involved and so on

Why FreeBSD should not adopt launchd

Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we’ve learned)
In this article, the author talks about why he thinks this is a bad idea
He doesn’t oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself – this is also explained in more detail
The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
Reddit had quite a bit to say about this one, some in agreement and some not

DragonFly graphics improvements

The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
You should also see some power management improvements, longer battery life and various other bug fixes
If you’re running DragonFly, especially on a laptop, you’ll want to get this stuff on your machine quick – big improvements all around

OpenBSD tames the userland

Last week we mentioned OpenBSD’s tame framework getting support for file whitelists, and said that the userland integration was next – well, now here we are
Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
It’s still a work-in-progress version; there’s still more to be added (including the file path whitelist stuff)
Some classic utilities are even being reworked to make taming them easier – the “w” command, for example
The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
More discussion can be found on HN, as one might expect
If you’re a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release

Interview – Scott Courtney – vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

We first heard about OPNsense back in January, and they’ve since released nearly 40 versions, spanning over 5,000 commits
This is their first big status update, covering some of the things that’ve happened since the project was born
There’s been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more – the report touches on a little of everything

LibreSSL nukes SSLv3

With their latest release, LibreSSL began to turn off SSLv3 support, starting with the “openssl” command
At the time, SSLv3 wasn’t disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
They’ve now flipped the switch, and the process of complete removal has started
From the Undeadly summary, “This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!”
With this change and a few more to follow shortly, LibreSSL won’t actually support SSL anymore – time to rename it “LibreTLS”

FreeBSD MPTCP updated

For anyone unaware, Multipath TCP is “an ongoing effort of the Internet Engineering Task Force’s (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.”
There’s been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
Some big performance gains can be had with MPTCP, but only if both the client and server systems support it – getting it into the FreeBSD kernel would be a good start

UEFI and GPT in OpenBSD

There hasn’t been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should “just work” with GPT (once everything’s in)
The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
BSD Now anniversary shirts are no longer available, and should be shipping out very soon (if they haven’t already) – big thanks to everyone who bought one (183 sold!)
This week is the last episode written/organized by TJ

The post Virginia BSD Assembly | BSD Now 105 first appeared on Jupiter Broadcasting.

pkg remove freebsd-update | BSD Now 84

chris — Thu, 09 Apr 2015 12:17:12 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

On this week’s mini-episode, we’ll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We’ll find out, and also get to a couple of your emails while we’re at it, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Xen dom0 in FreeBSD 11-CURRENT

FreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now
The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base
It’s currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we’ll likely see it when 11.0 comes out
How will this affect interest in Bhyve?

A tale of two educational moments

Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project
It’s split into two stories: one that could’ve gone better, and one that went really well
For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies
Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours – but wasn’t so encouraging about getting it committed
In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user’s workflow considerably with just a few tips
The lesson to take away from this is that we can all help out to encourage and assist new users – everyone was a newbie once

What’s coming in NetBSD 7

We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn’t been released and there hasn’t been much public info about it
This blog post outlines some of the bigger features that we can expect to see when it actually does come out
Their total platform count is now over 70, so you’d be hard-pressed to find something that it doesn’t run on
There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)
Many ARM boards now have full SMP support
Clang has also finally made its way into the base system, something we’re glad to see, and it should be able to build the base OS on i386, AMD64 and ARM – other architectures are still a WIP
In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc
NetBSD’s in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0
Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on

OpenZFS office hours

We mentioned a couple weeks back that the OpenZFS office hours series was starting back up
They’ve just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter
In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more

Interview – Baptiste Daroussin – bapt@freebsd.org

Packaging the FreeBSD base system with pkgng

Discussion

Packaging the FreeBSD base system with pkgng (follow-up)

Feedback/Questions

Mailing List Gold

ok feedback@

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Writing articles or blog posts (or making videos) about what you do with BSD is great for advocacy and promotion, so do it and send them all to us
We’ll be back next week with a regular full episode

The post pkg remove freebsd-update | BSD Now 84 first appeared on Jupiter Broadcasting.

woN DSB | BSD Now 83

chris — Thu, 02 Apr 2015 12:24:15 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week on the show, we’ll be talking to Kamila Součková, a Google intern. She’s been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week’s news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Major changes coming in PCBSD 11

The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they’ve been known to do lately with NTP daemons and firewalls)
Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users
To solve this, they’ve ported over Linux’s iptables, giving users a much more straightforward configuration
While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward
Since the FreeBSD kernel doesn’t support it natively, all filesystem calls will be through FUSE from now on – performance is Good Enough
People often complain about PCBSD’s huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager
To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile – easy peasy
As we’ve mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its “life preserver” utility, making it simple to manage multiple snapshots too
To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users’ files – hope you had that stuff backed up

NetBSD and FreeBSD join forces

The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from
What’s more, none of them have any specific areas they focus on or anything like that (they’re all basically the same)
That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases… say hello to FretBSD
Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated – the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server
As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load
With FretBSD, your toaster can now run ZFS, so you’ll never need to worry about the bread becoming silently corrupted again

Puffy in the cloud

If you’ve ever wanted to set up a backup server, especially for family members or someone who’s not as technology-savvy, you’ve probably realized there are a lot of options
This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon
Doing it this way with your own setup, you can control all the security aspects – disk encryption, firewall rules, who can access what and from where, etc
He also mentions our pf tutorial being helpful in blocking script kiddies from hammering the box
Be sure to encourage your less-technical friends to always back up their important data

NetBSD at AsiaBSDCon

Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo
It includes a wrap-up of the event, as well as a list of presentations that NetBSD developers gave
Have you ever wanted even more pictures of NetBSD running on lots of devices? There’s a never-ending supply, apparently
At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded pictures of all of them
There’s also a video of an OMRON LUNA-II running the luna68k port

Interview – Kamila Součková – kamila@ksp.sk / @anotherkamila

BSD conferences, Google Summer of Code, various topics

News Roundup

FreeBSD foundation March update

The FreeBSD foundation has published their March update for fundraising and sponsored projects
In the document, you’ll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update
They also mention our interview with the foundation president – be sure to check it out if you haven’t

Inside OpenBSD’s new httpd

BSD news continues to dominate mainstream tech news sites… well not really, but they talk about it once in a while
The SD Times is featuring an article about OpenBSD’s in-house HTTP server, after seeing Reyk’s AsiaBSDCon presentation about it (which he’s giving at BSDCan this year, too)
In this article, they talk about the rapid transition of webservers in the base system – apache being replaced with nginx, only to be replaced with httpd shortly thereafter
Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in
The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)

Using poudriere without OpenSSL

Last week we talked about using LibreSSL in FreeBSD for all your ports
One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to
This blog post shows how to completely strip OpenSSL out of the poudriere build jails, something that’s a lot more difficult than you’d think
If you’re a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly

HAMMER and GPT in OpenBSD

Someone, presumably a Google Summer of Code student, wrote in to the lists about his HAMMER FS porting proposal
He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)
There’s no word yet on if it will be accepted, but it’s an interesting idea to explore, especially when you consider that HAMMER really only has one developer
In more disk-related news, Ken Westerback has been committing quite a lot of GPT-related fixes recently
Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone’s guess

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – tell us what you’d like to see on future episodes
Just a reminder: we don’t really check YouTube or anything like that, so please email us if you want your comments to be seen
Also, if you want to come on for an interview, or know of someone who’s doing something interesting with BSD, let us know
We want to dedicate this week’s episode to the chairman of the EuroBSDCon foundation, Paul Schenkeveld – he’s been a great asset to all the BSD communities over the years, and just recently passed away (he’s also the one that encouraged Kamila to do an interview with us)
He was especially known for his work in keeping EuroBSDCon fair and balanced to all the BSDs, something that we hope other conferences will also push for going forward
Check his FOSDEM talk, as well as our interview and BSDTalk’s interview if you haven’t seen the man before
Thanks for all the work you did, and rest in peace

The post woN DSB | BSD Now 83 first appeared on Jupiter Broadcasting.

Puffy in a Box | BSD Now 81

chris — Thu, 19 Mar 2015 09:37:38 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’re back from AsiaBSDCon! This week on the show, we’ll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They’re getting BSD in the hands of Windows admins who don’t even realize it. We also have all this week’s news and answer to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Using OpenBGPD to distribute pf table updates

For those not familiar, OpenBGPD is a daemon for the Border Gateway Protocol – a way for routers on the internet to discover and exchange routes to different addresses
This post, inspired by a talk about using BGP to distribute spam lists, details how to use the protocol to distribute some other useful lists and information
It begins with “One of the challenges faced when managing our OpenBSD firewalls is the distribution of IPs to pf tables without manually modifying /etc/pf.conf on each of the firewalls every time. This task becomes quite tedious, specifically when you want to distribute different types of changes to different systems (eg administrative IPs to a firewall and spammer IPs to a mail server), or if you need to distribute real time blacklists to a large number of systems.”
If you manage a lot of BSD boxes, this might be an interesting alternative to some of the other ways to distribute configuration files
OpenBGPD is part of the OpenBSD base system, but there’s also an unofficial port to FreeBSD and a “work in progress” pkgsrc version

Mounting removable media with autofs

The FreeBSD foundation has a new article in the “FreeBSD from the trenches” series, this time about the sponsored autofs tool
It’s written by one of the autofs developers, and he details his work on creating and using the utility
“The purpose of autofs(5) is to mount filesystems on access, in a way that’s transparent to the application. In other words, filesystems get mounted when they are first accessed, and then unmounted after some time passes.”
He talks about all the components that need to work together for smooth operation, how to configure it and how to enable it by default for removable drives
It ends with a real-world example of something we’re all probably familiar with: plugging in USB drives and watching the magic happen
There’s also some more advanced bonus material on GEOM classes and all the more technical details

The Tor Browser on BSD

The Tor Project has provided a “browser bundle” for a long time, which is more or less a repackaged Firefox with many security and privacy-related settings preconfigured and some patches applied to the source
Just tunneling your browser through a transparent Tor proxy is not safe enough – many things can lead to passive fingerprinting or, even worse, anonymity being completely lost
It has, however, only been released for Windows, OS X and Linux – no BSD version
“[…] we are pushing back against an emerging monoculture, and this is always a healthy thing. Monocultures are dangerous for many reasons, most importantly to themselves.”
Some work has begun to get a working port on BSD going, and this document tells about the process and how it all got started
If you’ve got porting skills, or are interested in online privacy, any help would be appreciated of course (see the post for details on getting involved)

OpenSSH 6.8 released

Continuing their “tick tock” pattern of releases alternating between new features and bugfixes, the OpenSSH team has released 6.8 – it’s a major upgrade, focused on new features (we like those better of course)
Most of the codebase has gone through refactoring, making it easier for regression tests and improving the general readability
This release adds support for SHA256-hashed, base64-encoded host key fingerprints, as well as making that the default – a big step up from the previously hex-encoded MD5 fingerprints
Experimental host key rotation support also makes it debut, allowing for easy in-place upgrading of old keys to newer (or refreshed) keys
You can now require multiple, different public keys to be verified for a user to authenticate (useful if you’re extra paranoid or don’t have 100% confidence in any single key type)
The native version will be in OpenBSD 5.7, and the portable version should hit a ports tree near you soon
Speaking of the portable version, it now has a configure option to build without OpenSSL or LibreSSL, but doing so limits you to Ed25519 key types and ChaCha20 and AES-CTR ciphers

NetBSD at AsiaBSDCon

The NetBSD guys already have a wrap-up of the recent event, complete with all the pictures and weird devices you’d expect
It covers their BoF session, the six NetBSD-related presentations and finally their “work in progress” session
There was a grand total of 34 different NetBSD gadgets on display at the event

Interview – Lawrence Teo – lteo@openbsd.org / @lteo

OpenBSD at Calyptix

News Roundup

HardenedBSD introduces Integriforce

A little bit of background on this one first: NetBSD has something called veriexec, used for checking file integrity at the kernel level
By doing it at the kernel level, similar to securelevels, it offers some level of protection even when the root account is compromised
HardenedBSD has introduced a similar mechanism into their “secadm” utility
You can list binaries in the config file that you want to be protected from changes, then specify whether those can’t be run at all, or if they just print a warning
They’re looking for some more extensive testing of this new feature

More s2k15 hackathon reports

A couple more Australian hackathon reports have poured in since the last time
The first comes from Jonathan Gray, who’s done a lot of graphics-related work in OpenBSD recently
He worked on getting some newer “Southern Islands” and “Graphics Core Next” AMD GPUs working, as well as some OpenGL and DRM-related things
Also on his todo list was to continue hitting various parts of the tree with American Fuzzy Lop, which ended up fixing a few crashes in mandoc
Ted Unangst also sent in a report to detail what he hacked on at the event
With a strong focus on improving SMP scalability, he tackled the virtual memory layer
His goal was to speed up some syscalls that are used heavily during code compilation, much of which will probably end up in 5.8
All the trip reports are much more detailed than our short summaries, so give them a read if you’re interested in all the technicalities

DragonFly 4.0.4 and IPFW3

DragonFly BSD has put out a small point release to the 4.x branch, 4.0.4
It includes a minor list of fixes, some of which include a HAMMER FS history fix, removing the no-longer-needed “new xorg” and “with kms” variables and a few LAGG fixes
There was also a bug in the installer that prevented the rescue image from being installed correctly, which also gets fixed in this version
Shortly after it was released, their new IPFW2 firewall was added to the tree and subsequently renamed to IPFW3 (since it’s technically the third revision)

NetBSD gets Raspberry Pi 2 support

NetBSD has announced initial support for the second revision of the ever-popular Raspberry Pi board
There are -current snapshots available for download, and multiprocessor support is also on the way
The NetBSD wiki page about the Raspberry Pi also has some more information and an installation guide
The usual Hacker News discussion on the subject
If anyone has one of these little boards, let us know – maybe write up a blog post about your experience with BSD on it

OpenIKED as a VPN gateway

In our first discussion segment, we talked about a few different ways to tunnel your traffic
While we’ve done full tutorials on things like SSH tunnels, OpenVPN and Tor, we haven’t talked a whole lot about OpenBSD’s IPSEC suite
This article should help fill that gap – it walks you through the complete IKED setup
From creating the public key infrastructure to configuring the firewall to configuring both the VPN server and client, this guide’s got it all

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you’re in or around the Troy, New York area, our listener Brian is giving a presentation about ports on OpenBSD at the Rensselaer Polytechnic Institute this Friday at 4:00PM
If anyone else in the audience is doing something similar or organizing any kind of BSD event, let us know and we’ll be glad to mention it
Look forward to seeing the AsiaBSDCon interviews in upcoming episodes

The post Puffy in a Box | BSD Now 81 first appeared on Jupiter Broadcasting.

The PC-BSD Tour II | BSD Now 80

chris — Thu, 12 Mar 2015 08:42:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’re away at AsiaBSDCon this week, but we’ve still got a packed episode for you. First up is a sequel to the “PC-BSD tour” segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation’s 15th anniversary. We’ll return next week with a normal episode of BSD Now – which is of course, the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Special segment

Demystifying Boot Environments in PC-BSD

Interview – Justin Gibbs – gibbs@freebsd.org / @freebsdfndation

The FreeBSD foundation’s 15th anniversary

Discussion

How PC-BSD got started

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We’ll be back from AsiaBSDCon next week with lots of great interviews hopefully

The post The PC-BSD Tour II | BSD Now 80 first appeared on Jupiter Broadcasting.

Just the Essentials | BSD Now 68

chris — Thu, 18 Dec 2014 11:28:19 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week, we’ll be talking with Michael Lucas about his newest BSD book, “FreeBSD Mastery: Storage Essentials.” It’s got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We’ve also got the usual round of news & answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD vs FreeBSD security features

From the author of both the OpenBSD and FreeBSD secure gateway articles we’ve featured in the past comes a new entry about security
The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
This is definitely one of the most in-depth and complete articles we’ve seen in a while – the author seems to have done his homework
If you’re looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques – be sure to read the whole thing
There are also some good comments on DaemonForums and lobste.rs that you may want to read

The password? You changed it, right?

Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he’s seen recently
He apparently reads his auth logs when he gets bored at an airport
This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
More than 700 IPs have tried to get into Peter’s BSD boxes using these names in combination with weak passwords
Lots more details, including the lists of passwords and IPs, can be found in the full article
If you’re using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don’t have a “d-link” user anyway)

Get started with FreeBSD, an intro for Linux users

Another new BSD article on a mainstream technology news site – seems we’re getting popular
This article is written for Linux users who may be considering switching over to BSD and wondering what it’s all about
It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
“Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other *BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like”

Interview – Michael W. Lucas – mwlucas@michaelwlucas.com / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

The OpenSMTPD guys, particularly Gilles, have posted an update on what they’ve been up to lately
As of 5.6, it’s become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they’ve had to deal with
There’s also another post that goes into detail on their upcoming filtering API – a feature many have requested
The API is still being developed, but you can test it out now if you know what you’re doing – full details in the article
OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out

OpenCrypto changes in FreeBSD

A little while back, we talked to John-Mark Gurney about updating FreeBSD’s OpenCrypto framework, specifically for IPSEC
Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
The ICM and GCM modes of AES were added, and both include support for AESNI
There’s a new port – “nist-kat” – that can be used to test the new modes of operation
Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
Code was also borrowed from both OpenBSD and NetBSD to make this possible

First thoughts on OpenBSD’s httpd

Here we have a blog post from a user of OpenBSD’s new homegrown web server that made its debut in 5.6
The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
Be sure to check our interview with Reyk about the new httpd if you’re curious on how it got started
Also, if you’re running the version that came with 5.6, there’s a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7

Steam on PCBSD

One of the most common questions people who want to use BSD as a desktop ask us is “can I run games?” or “can I use steam?”
Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it’s already possible to use it with WINE
This video shows how to get Steam set up on PCBSD using the Windows version
There are also some instructions in the video description to look over

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if it’s anything related to BSD, we wanna hear about it
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
Next week will be the prerecorded holiday episode where we read all the stories of how you got into BSD, should be pretty fun

The post Just the Essentials | BSD Now 68 first appeared on Jupiter Broadcasting.

Conference Connoisseur | BSD Now 66

chris — Thu, 04 Dec 2014 11:40:12 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show, we’ll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We’ve also got answers to all your emails and the latest news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

BSD-powered digital library in Africa

You probably haven’t heard much about Nzega, Tanzania, but it’s an East African country without much internet access
With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
The school’s workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it

pfSense 2.2 status update

With lots of people asking when the 2.2 release will be done, some pfSense developers have provided a status update
2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
All these things have taken more time than previously expected
The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release

Recommended hardware threads

A few threads on caught our attention this week, all about hardware recommendations for BSD setups
In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
Everyone gave some good recommendations for low power, Atom-based systems
The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
If you’re thinking about building your first BSD box – server, router, NAS, whatever – these might be some good links to read

Interview – Paul Schenkeveld – freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD – for reals

Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
After being a Linux guy for 20(!) years, he’s ready to switch his systems over, and is looking for some helpful guides to transition
In the comments, a lot of new switchers offer some advice and reading material
If any of the listeners have some things that were helpful along your switching journey, maybe send ’em this guy’s way

Running FreeBSD as a Xen Dom0

Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet

HardenedBSD updates and changes

a.out is the old executable format for unix
“The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968”
FreeBSD, on which HardenedBSD is based, switched away from a.out in FreeBSD 3.0
A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
Package Building Update: more consistent repo, no more i386 packages

Feedback/Questions

Mailing List Gold

All the tutorials are posted in their entirety at bsdnow.tv
If you’re in New York’s Capital District, there’s a meeting for the BSD users group on December 9th
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s a tutorial you’d like to see, or maybe someone you want us to interview, let us know!
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
Reminder: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in.

The post Conference Connoisseur | BSD Now 66 first appeared on Jupiter Broadcasting.

BSDって聞いたことある？ | BSD Now 59

chris — Thu, 16 Oct 2014 11:44:27 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show we’ll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

BSD talks at XDC 2014

This year’s Xorg conference featured a few BSD-related talks
Matthieu Herrb, Status of the OpenBSD graphics stack
Matthieu’s talk details what’s been done recently in Xenocara the OpenBSD kernel for graphics (slides here)
Jean-Sébastien Pédron, The status of the graphics stack on FreeBSD
His presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here)
Francois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD
Francois’ talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here)

FreeBSD Quarterly Status Report

The FreeBSD project has a report of their activities between July and September of this year
Lots of ARM work has been done, and a goal for 11.0 is tier one support for the platform
The release includes reports from the cluster admin team, release team, ports team, core team and much more, but we’ve already covered most of the items on the show
If you’re interested in seeing what the FreeBSD community has been up to lately, check the full report – it’s huge

Monitoring pfSense logs using ELK

If you’re one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you
ELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs
It works with lots of different things that output logs and can be sent to one central server for displaying
This post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs

Some updates to IPFW

Even though PF gets a lot of attention, a lot of FreeBSD people still love IPFW
While mostly a dormant section of the source tree, some updates were recently committed to -CURRENT
The commit lists the user-visible changes, performance changes, ABI changes and internal changes
It should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE
Also check this blog post for some more information and fancy graphs

Interview – Hiroki Sato (佐藤広生) – hrs@freebsd.org / @hiroki_sato

BSD in Japan, technology conferences, various topics

News Roundup

pfSense on Hyper-V

In case you didn’t know, the latest pfSense snapshots support running on Hyper-V
Unfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now
The author of the post tells about his experience running pfSense and gives lots of links to read if you’re interested in doing the same
He also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code

OpenBSD as a daily driver

A curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS
The overall consensus is that it works great for that, stays out of your way and is quite reliable
Caveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating
If you’re considering running OpenBSD as a “daily driver,” check all the comments for more information and tips

Getting PF log statistics

The author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs
He usually investigates any IPs of interest with whois, nslookup, etc. – but this gets repetitive quickly, so..
He sets out to find the best way to gather firewall log statistics
After coming across a perl script to do this, he edited it a bit and is now a happy, lazy admin once again
You can try out his updated PF script here

FlashRD 1.7 released

In case anyone’s not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment
This new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building
It also includes fixes for 4k drives and lots of various other improvements
If you’re interested in learning more, take a look at some of the slides and audio from the main developer on the website

Feedback/Questions

Mailing List Gold

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – don’t be shy, we love suggestions for things you’d like to see in future episodes
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post BSDって聞いたことある？ | BSD Now 59 first appeared on Jupiter Broadcasting.

Documentation is King | BSD Now 30

chris — Thu, 27 Mar 2014 21:38:46 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We chat with Warren Block to discuss BSD documentation efforts and future plans. If you\’ve ever wondered about the scary world of mailing lists, today\’s tutorial will show you the basics of how to get help and contribute back. There\’s lots to get to today, so sit back and enjoy some BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD on a Sun T5120

Our buddy Ted Unangst got himself a cool Sun box
Of course he had to write a post about installing and running OpenBSD on it
The post goes through some of the quirks and steps to go through in case you\’re interested in one of these fine SPARC machines
He\’s also got another post about OpenBSD on a Dell CS24-SC server

Bhyvecon 2014 videos are up

Like we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon
The talks have apparently already been uploaded!
Subjects include Bhyve\’s past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization
Lots more detail in the videos, so check \’em all out

Building a FreeBSD wireless access point

We\’ve got a new blog post about creating a wireless access point with FreeBSD
After all the recent news of consumer routers being pwned like candy, it\’s time for people to start building BSD routers
The author goes through a lot of the process of getting one set up using good ol\’ FreeBSD
Using hostapd, he\’s able to share his wireless card in hostap mode and offer DHCP to all the clients
Plenty of config files and more messy details in the post

Switching from Synology to FreeNAS

The author has been considering getting a NAS for quite a while and documents his research
He was faced with the compromise of convenience vs. flexibility – prebuilt or DIY
After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice
The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
Speaking of FreeNAS…

This episode was brought to you by

Interview – Warren Block – wblock@freebsd.org

FreeBSD\’s documentation project, igor, doceng

Tutorial

The world of BSD mailing lists

News Roundup

HAMMER2 work and notes

Matthew Dillon has posted some updated notes about the development of the new HAMMER version
The start of a cluster API was committed to the tree
There are also links to design document, a freemap design document, that should be signed with a digital signing software from the
sodapdf esign site

BSD Breaking Barriers

Our friend MWL gave a talk at NYCBSDCon about BSD \”breaking barriers\”
\”What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We\’ll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years.\”
He also has another upcoming talk, (or \”webcast\”) called \”Beyond Security: Getting to Know OpenBSD\’s Real Purpose\”
\”OpenBSD is frequently billed as a high-security operating system. That\’s true, but security isn\’t the OpenBSD Project\’s main goal. This webcast will introduce systems administrators to OpenBSD, explain the project\’s mission, and discuss the features and benefits.\”
It\’s on May 27th and will hopefully be recorded

FreeBSD in a chroot

Finch, \”FreeBSD running IN a CHroot,\” is a new project
It\’s a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)
All the details and some interesting use cases are on the github page
He really needs to change the project name though

PCBSD weekly digest

Lots of bugfixes for PCBSD coming down the tubes
LZ4 compression is now enabled by default on the whole pool
The latest 10-STABLE has been imported and builds are going
Also the latest GNOME and Cinnamon builds have been imported and much more

Feedback/Questions

Bostjan writes in (IRC suggests md5deep)
Don writes in
kaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams)
Harri writes in

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
We wanted to give the Bay Area FreeBSD Users Group a special mention, if you\’re in the San Francisco Bay Area, there\’s a very healthy BSD community there and they regularly have meet-ups
If you listened to the audio-only version of this week\’s episode, you\’re really missing out on Warren\’s fun animations in the interview!

The post Documentation is King | BSD Now 30 first appeared on Jupiter Broadcasting.

P.E.F.S. | BSD 29

chris — Thu, 20 Mar 2014 22:58:57 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We\’re back from AsiaBSDCon! This week we\’ll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we\’ll give you a step by step guide on how to actually use it. There\’s also the usual round of your questions and we\’ve got a lot of news to catch up on, so stay tuned to BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

AsiaBSDCon wrap-up chat

bhyvecon Tokyo videos and slides

Headlines

Using OpenSSH Certificate Authentication

SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates – you can add certificates to any current authentication method you\’re using
They\’re not really that complex, there just isn\’t a lot of documentation on how to use them – this post tries to solve that
There\’s the benefit of not needing a known_hosts file or authorized_users file anymore
The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication

Back to FreeBSD, a new series

Similar to the \”FreeBSD Challenge\” blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
\”So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10\”
He\’s starting off with PCBSD since it\’s easy to get working with dual graphics
Should be a fun series to follow!

OpenBSD\’s recent experiments in package building

If you\’ll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk – OpenBSD\’s version is called dpb
Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
This article goes through some of his findings and plans for future versions that increase performance
We\’ll be showing a tutorial of dpb on the show in a few weeks

Securing FreeBSD with 2FA

So maybe you\’ve set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
This post walks us through the process of locking down an ssh server with 2FA
With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections

Interview – Gleb Kurtsou – gleb.kurtsou@gmail.com

PEFS

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

Registration is finally open!
The prices are available along with a full list of presentations
Tutorial sessions for various topics as well
You have to go

Big changes for OpenBSD 5.6

Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
They\’ve also imported nginx into base a few years ago, but now have finally removed Apache
Sendmail is also no longer the default MTA, OpenSMTPD is the new default
Will BIND be removed next? Maybe so
They\’ve also discontinued the hp300, mvme68k and mvme88k ports

Getting to know your portmgr lurkers

The \”getting to know your portmgr\” series makes its return
This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
How he got into FreeBSD? He \”wanted a unix system that I could understand and that would not get bloated as time goes by\”
Mentions why he\’s still heavily involved with the project and lots more

PCBSD weekly digest

Work has started to port Pulseaudio to PCBSD 10.01 (why?)
There\’s a new \”pc-mixer\” utility being worked on for sound management as well
New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
PCBSD 10.0.1 was released too

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
The pkgng, ZFS, OpenBSD router and FreeBSD desktop tutorials have gotten some updates and fixes
If you were using the automatic errata checking script in the router tutorial, you need to redownload the new, fixed version (they rearranged some stuff on the website and broke it)
A few weeks\’ worth of new tutorials were uploaded ahead of time for the benefit of everyone, no point in holding them hostage – go check \’em all out
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
Dusko, the winner of our tutorial contest, sent us a picture with his awesome FreeBSD pillow!

The post P.E.F.S. | BSD 29 first appeared on Jupiter Broadcasting.

Worst Server Practices | TechSNAP 154

chris — Thu, 20 Mar 2014 17:57:35 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

25k UNIX systems spread infections to over half a million Windows boxes, and the method of attack simply put, is brilliant we’ll share the details!

Google DNS gets hijacked we’ll explain how, and then a great big batch of your question, a rocking round up, and much much more!

On this week’s TechSNAP!

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Allan’s Trip

Operation Windigo

The attack leverages previously compromised (how is unknown) servers, and using them to scan for other hosts to compromise, serve malware, infect sites hosted on the compromised servers with malware, and to send spam
Victims have included cPanel and Kernel.org (the official Linux kernel archive)
“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,”
During an analysis of stolen credentials, the researchers found:
- 66% of the stolen passwords contained only alpha numeric characters
- 41% of the stolen credentials were for the root user
Remote login as root should never be allowed. Disable root login over SSH and login as a regular user and use su or sudo. If you use sudo you should read Sudo Mastery and probably SSH Mastery too.
The researchers also found 23 victims running Windows 98, and 1 running Windows 95
“We found an official mirror of CentOS packages infected with Linux/Ebury. Fortunately, no package files were seemingly altered by the malicious operators. However knowing that Linux RPM packages are cryptographically signed such tampering is probably infeasible”
However, amateur administrators have been conditioned to accept unknown GPG keys for CentOS repositories.
When users visit an infected site, Windows users are given malware, Mac users are served ads for dating sites, and iPhone users are served ads for “strong pornography”, likely as these are each the most profitable way to exploit such users
The operators maintain control on the infected servers by installing a backdoor in the OpenSSH instance. The backdoor provides them with a remote root shell even if local credentials are changed on the infected host
The attackers used a number of techniques to remain stealthy:
- Use Unix pipes as much as possible when deploying their backdoor to avoid landing files on the filesystem
- Leave no trace in log files when using the backdoor
- Change original signatures in the package manager for the modified file
- Avoid exfiltrating information when a network interface is in promiscuous mode
- Use POSIX shared memory segments with random system user owners to store stolen credentials
- Inject code at runtime into three OpenSSH binaries instead of modifying the original OpenSSH files on disk
- Change OpenSSH daemon configuration in memory instead of on disk
Centralize their backdoor in a library instead of an executable (libkeyutils.so)
Researcher PDF

Google Public DNS (8.8.8.8) suffers brief BGP hijack redirecting it to Venezuela

At approximately 17:23 UTC on March 15th, a router on the British Telecom Latin America network (BT LATAM, AS 7908) in Venezuela began announcing 8.8.8.8/32
A /32 prefix is unusual, most BGP routers will not propagate such short prefixes, only passing routes of /24 or larger. This resulted in the bad route not spreading as far, however because routing tables always take the ‘most specific’ match, it resulted in more of the traffic being rerouted than would have normally been the case
This resulted in most all traffic in Venezuela and Brazil, among other networks, including a University Network in Florida, to be misdirected to a server in Venezuela
The false BGP (Border Gateway Protocol) announcement was retracted 23 minutes later
It is possible that this was an effort by the Venezuelan government to intercept traffic bound for the Google Public DNS service, and it was accidently leaked upstream, disrupting the internet outside of Venezuela
Similar cases have happened in Pakistan and other countries attempting to block Youtube and other services
The network that sent the request, Madory said, “leaked other internal routes earlier in the day. So I suppose someone was tinkering with the network over the weekend. We see routing goof-ups like this almost every day.”
Additional Coverage
There are BCPs and RFCs that cover ways to prevent this kind of hijacking, by only allowing ASs to announce prefixes they control, however there is a lot of administrative overhead, especially when an ISP announces routes for its customers
There is another system, RPKI, that allows a network to specify which AS numbers are allowed to announce an IP block, as well as specifying the maximum prefix length, to prevent someone from announcing a more specific prefix (like in this case)
However RPKI has not yet received wide adoption
Providers ignore routing and DNS security

Feedback:

Round Up:

The post Worst Server Practices | TechSNAP 154 first appeared on Jupiter Broadcasting.

A Sixth pfSense | BSD 25

chris — Thu, 20 Feb 2014 21:25:32 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\’ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

EuroBSDCon and AsiaBSDCon

This year, EuroBSDCon will be in September in Sofia, Bulgaria
They\’ve got a call for papers up now, so everyone can submit the talks they want to present
There will also be a tutorial section of the conference
AsiaBSDCon will be next month, in March!
All the info about the registration, tutorials, hotels, timetable and location have been posted
Check the link for all the details on the talks – if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!

FreeBSD 10 on Ubiquiti EdgeRouter Lite

The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
This article goes through the process of installing and configuring FreeBSD on it to use as a home router
Lots of good pictures of the hardware and specific details needed to get you set up
It also includes the scripts to create your own images if you don\’t want to use the ones rolled by someone else
For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
Of course if you\’re more of an OpenBSD guy, you can always see our tutorial for that too

Signed pkgsrc package guide

We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
He goes through the process of signing packages with a public key and how to verify the packages when you install them
The author also happens to be an EdgeBSD developer

Big batch of OpenBSD hackathon reports

Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
In the third, jsg updated libdrm and mesa and did various work on xenocara
In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead – but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\’s done
In the fifth, claudio talks about some stuff he did for routing tables and misc. other things

This episode was brought to you by

Interview – Chris Buechler – cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

Our buddy from the Linux foundation continues his switching to BSD journey
In day 13, he covers some tips for new users, mentions trying things out in a VM first
In day 14, he starts setting up XFCE and X11, feels like he\’s starting over as a new Linux user learning the ropes again – concludes that ports are the way to go
In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
In day 16, he dives into the world of FreeBSD jails!

BSD books in 2014

BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
In this post, he details some of his plans for 2014
In includes at least one OpenBSD book, at least one FreeBSD book and…
Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
Check the link for all the details

How to build FreeBSD/EC2 images

Our friend Colin Percival details how to build EC2 images in a new blog post
Most people just use the images he makes on their instances, but some people will want to make their own from scratch
You build a regular disk image and then turn it into an AMI
It requires a couple ports be installed on your system, but the whole process is pretty straightforward

PCBSD weekly digest

This time around we discuss how you can become a developer
Kris also details the length of supported releases
Expect lots of new features in 10.1

Feedback/Questions

Sean writes in: https://slexy.org/view/s216xJoCVG
Jake writes in: https://slexy.org/view/s2gLrR3VVf
Niclas writes in: https://slexy.org/view/s21gfG3Iho
Steffan writes in: https://slexy.org/view/s2JNyw5BCn
Antonio writes in: https://slexy.org/view/s2kg3zoRfm
Chris writes in: https://slexy.org/view/s2ZwSIfRjm

Our email backlog is pretty much caught up. Now\’s a great time to send us something – questions, stories, ideas, requests for something you want to see, anything
All the tutorials are posted in their entirety at bsdnow.tv
The OpenBSD router tutorial got a couple improvements and fixes
Just because our tutorial contest is over doesn\’t mean you can\’t submit any, we would love if more listeners wrote up a tutorial on interesting things they\’re doing with BSD
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
The BSD Now shirt design has been finalized, we have the files and are working out the printing details… expect them to be available in early-to-mid March!

The post A Sixth pfSense | BSD 25 first appeared on Jupiter Broadcasting.

Collecting SSHells | BSD Now 12

chris — Fri, 22 Nov 2013 09:46:15 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week we\’ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\’s future plans and much more. After that, if you\’ve ever wondered what all this SSH stuff is about, today\’s tutorial has got you covered. We\’ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now – the place to B.. SD.

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Faces of FreeBSD

The FreeBSD foundation is publishing articles on different FreeBSD developers
This one is about Colin Percival (cperciva@), the ex-security officer
Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
Running series with more to come

Lots of BSD presentation videos uploaded

EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\’s presentation video
Most of us never get to see the dev summit talks since they\’re only for developers
AsiaBSDCon 2013 videos also up finally
List of AsiaBSDCon presentation topics here
Our buddy Michael W Lucas gave an \”OpenBSD for Linux users\” talk at a Michigan Unix Users Group.
He says \”Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\”
Really informative presentation, pretty long, answers some common questions at the end

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
Just like in the last years, there will be both a BSD booth and a developer\’s room
The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
If you are in the area or want to go, check the show notes for details
NYCBSDCon is also accepting papers.
It\’ll be in New York City at the beginning of February 2014
If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!

FreeBSD foundation\’s year-end fundraising campaign

The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
As of today they have raised about half a million dollars, but still have a while to go
Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
They are preparing the debut of a new online magazine, the FreeBSD Journal
Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
Make your donation today over at freebsdfoundation.org, every little bit helps
Everyone involved with BSD Now made a donation last year and will do so again this year

Interview – Amitai Schlair – schmonz@netbsd.org / @schmonz

The NetBSD Foundation, pkgsrc, future plans
Can you start off by telling us a little bit about who you are and how you got involved with BSD in general?
What are all your roles with the NetBSD project? What \”hats\” do you wear?
What kind of tasks are assigned to the foundation? What does being on the board entail?
Since you\’re also very involved with pkgsrc, could you give us a brief overview of what pkgsrc is, and how it compares to something like ports?
What\’s planned for the next big release of NetBSD, and when can we expect it?
In what ways do you personally use NetBSD? Desktops, servers, toasters? All of the above?
If some of our listeners want to get involved with NetBSD and pkgsrc, where would you recommend they go to help out?
How can people find you? Anything else you\’d like to mention?
https://twitter.com/schmonz

Tutorial

A guide to SSH and tmux

OpenSSH and tmux, a match made in heaven
This guide shows how to do basic tasks with SSH
Persistent sessions with tmux increase productivity

News Roundup

PS4 released

Sony\’s Playstation 4 is finally released
As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
Link in the show notes contains the full list of BSD software they\’re using
Always good to see BSD being so widespread

BSD Mag November issue

Free monthly BSD magazine publishes another issue
This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
PDF linked in the show notes

pbulk builds made easy

NetBSD\’s pbulk tool is similar to poudriere, but for pkgsrc
While working on updating the documentation, a developer cleaned up quite a lot of code
He wrote a script that automates pbulk deployment and setup
The whole setup of a dedicated machine has been reduced to just three commands

PCBSD weekly digest

Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
Many PC-BSD programs received some necessary bug fixes and updates
Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM

Feedback/Questions

Peter writes in: https://slexy.org/view/s21oh3vP7t
Kjell-Aleksander writes in: https://slexy.org/view/s21zfqcWMP
Jordan writes in: https://slexy.org/view/s2ZmW77Odb
Christian writes in: https://slexy.org/view/s2BZq7xiyo
entransic writes in: https://slexy.org/view/s21xrk0M4k

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Collecting SSHells | BSD Now 12 first appeared on Jupiter Broadcasting.

Go Directly to Jail(8) | BSD Now 7

chris — Fri, 18 Oct 2013 10:26:57 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

On this week\’s show, you\’ll be getting the full jail treatment. We\’ll show you how to create and deploy BSD jails, as well as chatting with Poul-Henning Kamp – the guy who actually invented them! There\’s lots of interesting news items to cover as well.

So stay tuned to BSD Now – the place to B.. SD.

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD turns it up to 11

The -CURRENT branch is now known as 11
10 has been branched to -STABLE
10-BETA1 ISOs are available now
Will be the next -RELEASE, probably next year

Stopping the SSH bruteforce with OpenBSD and pf

The Hail Mary Cloud is an SSH bruteforce botnet that takes a different approach
While most botnets pound port 22 rapidly, THMB does it very slowly and passively
This makes prevention based on rate limiting more involved and complex
Nice long blog post about some potential solutions and what we\’ve learned

ZFS and GELI in bsdinstall coming soon

The man with the beard strikes again, new patch allows for ZFS-on-root installs
Supports GELI for disk encryption
Might be the push we need to make Michael W Lucas update his FreeBSD book

AsiaBSDCon 2014 announced

Will be held in Tokyo, 13-16 March, 2014
The conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and Mac OS X
Call for papers can be found here

Interview – Poul-Henning Kamp – phk@freebsd.org / @bsdphk

FreeBSD beginnings, md5crypt, jails, varnish and his… telescope project?

Tutorial

Everything you need to know about Jails

Last week we showed you how to run VNC in a jail, but people asked \”how do I make a jail in the first place?\”
This time around, we\’ll show you how to do exactly that
Jails are a dream come true for both security experts and clean freaks, keeping everything isolated
We\’ll be using the ezjail utility and making a basic jail setup

News Roundup

New pf queue system

Henning Brauer committed the new kernel-side bandwidth shaping subsystem
Uses the HFSC algorithm behind the scenes
ALTQ to be retired \”in a release or two\” – everyone should migrate soon

Dragonfly imports FreeBSD KMS driver

Hot on the trails of OpenBSD and later FreeBSD, Dragonfly gets AMD KMS
Ported over from the FreeBSD port

Weekly PCBSD feature digest

Weekly status update every Friday
Will be a \”highlight of what important features have been added, what major bugs have been fixed, and what is presently going on in general with the project.\”

Get paid to hack OpenSSH

Google has announced they will pay up to $3113.70 for security patches to OpenSSH
Patches can fix security or improve security
If you come up with something, send it to the OpenSSH guys

Feedback/Questions

Darren writes in: https://slexy.org/view/s24RmwvEvE
Kjell-Aleksander writes in: https://slexy.org/view/s2wFcFk9Yz
Ryan writes in: https://slexy.org/view/s23e920gNG
Alexander writes in: https://slexy.org/view/s2usxPqO9k

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Go Directly to Jail(8) | BSD Now 7 first appeared on Jupiter Broadcasting.