Show Notes/Links: linuxunplugged.com/273

The post International Hat Machines | LINUX Unplugged 273 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/388

The post The One About eBPF | TechSNAP 388 first appeared on Jupiter Broadcasting.

Show Notes/Links: linuxunplugged.com/262

The post Tribes of Init | LINUX Unplugged 262 first appeared on Jupiter Broadcasting.

It’s already our two-year anniversary! This time on the show, we’ll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year’s vBSDCon. What’s it have to offer in that’s different in the BSD conference space? We’ll find out!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenBSD hypervisor coming soon

• Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
• From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled “vmm”
• Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
• Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
• One thing to note: this isn’t just a port of something like Xen or Bhyve; it’s all-new code, and Mike explains why he chose to go that route
• He also answered some basic questions about the requirements, when it’ll be available, what OSes it can run, what’s left to do, how to get involved and so on

Why FreeBSD should not adopt launchd

• Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
• One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we’ve learned)
• In this article, the author talks about why he thinks this is a bad idea
• He doesn’t oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself – this is also explained in more detail
• The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
• Reddit had quite a bit to say about this one, some in agreement and some not

DragonFly graphics improvements

• The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
• This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
• You should also see some power management improvements, longer battery life and various other bug fixes
• If you’re running DragonFly, especially on a laptop, you’ll want to get this stuff on your machine quick – big improvements all around

OpenBSD tames the userland

• Last week we mentioned OpenBSD’s tame framework getting support for file whitelists, and said that the userland integration was next – well, now here we are
• Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
• It’s still a work-in-progress version; there’s still more to be added (including the file path whitelist stuff)
• Some classic utilities are even being reworked to make taming them easier – the “w” command, for example
• The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
• More discussion can be found on HN, as one might expect
• If you’re a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release

Interview – Scott Courtney – vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

• We first heard about OPNsense back in January, and they’ve since released nearly 40 versions, spanning over 5,000 commits
• This is their first big status update, covering some of the things that’ve happened since the project was born
• There’s been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more – the report touches on a little of everything

LibreSSL nukes SSLv3

• With their latest release, LibreSSL began to turn off SSLv3 support, starting with the “openssl” command
• At the time, SSLv3 wasn’t disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
• They’ve now flipped the switch, and the process of complete removal has started
• From the Undeadly summary, “This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!”
• With this change and a few more to follow shortly, LibreSSL won’t actually support SSL anymore – time to rename it “LibreTLS”

FreeBSD MPTCP updated

• For anyone unaware, Multipath TCP is “an ongoing effort of the Internet Engineering Task Force’s (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.”
• There’s been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
• Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
• Some big performance gains can be had with MPTCP, but only if both the client and server systems support it – getting it into the FreeBSD kernel would be a good start

UEFI and GPT in OpenBSD

• There hasn’t been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
• Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
• This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
• Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should “just work” with GPT (once everything’s in)
• The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made

Feedback/Questions

• John writes in
• Mason writes in
• Earl writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• BSD Now anniversary shirts are no longer available, and should be shipping out very soon (if they haven’t already) – big thanks to everyone who bought one (183 sold!)
• This week is the last episode written/organized by TJ

The post Virginia BSD Assembly | BSD Now 105 first appeared on Jupiter Broadcasting.

This week on the show, we’ll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We’ve also got answers to all your emails and the latest news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More BSD presentation videos

• The MeetBSD video uploading spree continues with a few more talks, maybe this’ll be the last batch
• Corey Vixie, Web Apps in Embedded BSD
• Allan Jude, UCL config
• Kip Macy, iflib
• While we’re on the topic of conferences, AsiaBSDCon’s CFP was extended by one week
• This year’s ruBSD will be on December 13th in Moscow
• Also, the BSDCan call for papers is out, and the event will be in June next year
• Lastly, according to Rick Miller, “A potential vBSDcon 2015 event is being explored although a decision has yet to be made.”

BSD-powered digital library in Africa

• You probably haven’t heard much about Nzega, Tanzania, but it’s an East African country without much internet access
• With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
• They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
• The school’s workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it

pfSense 2.2 status update

• With lots of people asking when the 2.2 release will be done, some pfSense developers have provided a status update
• 2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
• All these things have taken more time than previously expected
• The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release

Recommended hardware threads

• A few threads on caught our attention this week, all about hardware recommendations for BSD setups
• In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
• Everyone gave some good recommendations for low power, Atom-based systems
• The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
• For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
• If you’re thinking about building your first BSD box – server, router, NAS, whatever – these might be some good links to read

Interview – Paul Schenkeveld – freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD – for reals

• Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
• After being a Linux guy for 20(!) years, he’s ready to switch his systems over, and is looking for some helpful guides to transition
• In the comments, a lot of new switchers offer some advice and reading material
• If any of the listeners have some things that were helpful along your switching journey, maybe send ’em this guy’s way

Running FreeBSD as a Xen Dom0

• Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
• This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
• Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
• The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet

HardenedBSD updates and changes

• a.out is the old executable format for unix
• “The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968”
• FreeBSD, on which HardenedBSD is based, switched away from a.out in FreeBSD 3.0
• A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
• However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
• HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
• Package Building Update: more consistent repo, no more i386 packages

Feedback/Questions

• Boris writes in
• Alex writes in
• Chris writes in
• Robert writes in
• Jake writes in

Mailing List Gold

• Real world authpf use
• The great perl event of 2014

• All the tutorials are posted in their entirety at bsdnow.tv
• If you’re in New York’s Capital District, there’s a meeting for the BSD users group on December 9th
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s a tutorial you’d like to see, or maybe someone you want us to interview, let us know!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in.

The post Conference Connoisseur | BSD Now 66 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be talking with Justin Cormack about NetBSD rump kernels. We’ll learn how to run them on other operating systems, what’s planned for the future and a lot more. As always, answers to viewer-submitted questions and all the news for the week, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

EuroBSDCon 2014 talks and tutorials

• The 2014 EuroBSDCon videos have been online for over a month, but unannounced – keep in mind these links may be temporary (but we’ll mention their new location in a future show and fix the show notes if that’s the case)
• Arun Thomas, BSD ARM Kernel Internals
• Ted Unangst, Developing Software in a Hostile Environment
• Martin Pieuchot, Taming OpenBSD Network Stack Dragons
• Henning Brauer, OpenBGPD turns 10 years
• Claudio Jeker, vscsi and iscsid iSCSI initiator the OpenBSD way
• Paul Irofti, Making OpenBSD Useful on the Octeon Network Gear
• Baptiste Daroussin, Cross Building the FreeBSD ports tree
• Boris Astardzhiev, Smartcom’s control plane software, a customized version of FreeBSD
• Michał Dubiel, OpenStack and OpenContrail for FreeBSD platform
• Martin Husemann & Joerg Sonnenberger, Tool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD
• Taylor R Campbell, The entropic principle: /dev/u?random and NetBSD
• Dag-Erling Smørgrav, Securing sensitive & restricted data
• Peter Hansteen, Building The Network You Need With PF
• Stefan Sperling, Subversion for FreeBSD developers
• Peter Hansteen, Transition to OpenBSD 5.6
• Ingo Schwarze, Let’s make manuals more useful
• Francois Tigeot, Improving DragonFly’s performance with PostgreSQL
• Justin Cormack, Running Applications on the NetBSD Rump Kernel
• Pierre Pronchery, EdgeBSD, a year later
• Peter Hessler, Using routing domains or tables in a production network
• Sean Bruno, QEMU user mode on FreeBSD
• Kristaps Dzonsons, Bugs Ex Ante
• Yann Sionneau, Porting NetBSD to the LatticeMico32 open source CPU
• Alexander Nasonov, JIT Code Generator for NetBSD
• Masao Uebayashi, Porting Valgrind to NetBSD and OpenBSD
• Marc Espie, parallel make, working with legacy code
• Francois Tigeot, Porting the drm-kms graphic drivers to DragonFly
• The following talks (from the Vitosha track room) are all currently missing:
• Jordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)
• Theo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)
• Kris Moore, Snapshots, Replication, and Boot-Environments
• Kirk McKusick, An Introduction to the Implementation of ZFS
• John-Mark Gurney, Optimizing GELI Performance
• Emmanuel Dreyfus, FUSE and beyond, bridging filesystems
• Lourival Vieira Neto, NPF scripting with Lua
• Andy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel
• Stefano Garzarella, Software segmentation offloading for FreeBSD
• Ted Unangst, LibreSSL
• Ed Maste, The LLDB Debugger in FreeBSD
• Philip Guenther, Secure lazy binding
• Shawn Webb, Introducing ASLR In FreeBSD

OpenBSD adopts SipHash

• Even more DJB crypto somehow finds its way into OpenBSD’s base system
• This time it’s SipHash, a family of pseudorandom functions that’s resistant to hash bucket flooding attacks while still providing good performance
• After an initial import and some clever early usage, a few developers agreed that it would be better to use it in a lot more places
• It will now be used in the filesystem, and the plan is to utilize it to protect all kernel hash functions
• Some other places that Bernstein’s work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in signify and SSH

FreeBSD 10.1-RELEASE

• FreeBSD’s release engineering team likes to troll us by uploading new versions just a few hours after we finish recording an episode
• The first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE
• The vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)
• Bhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS
• Lots of new ARM hardware is supported now, including SMP support for most of them
• A new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time
• 10.1 is the first to support UEFI booting on amd64, which also has serial console support now
• Lots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions
• It’s a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so grab an ISO or upgrade today
• Check the detailed release notes for more information on all the changes
• Also take a look at some of the known problems to see if you’ll be affected by any of them
• PC-BSD was also updated accordingly with some of their own unique features and changes

arc4random – Randomization for All Occasions

• Theo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec
• The presentation is mainly about OpenBSD’s arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time
• It begins with some interesting history on OpenBSD and how it became a security-focused OS – in 1996, their syslogd got broken into and “suddenly we became interested in security”
• The talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses
• There’s some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms’ usage of it
• Very detailed and informative presentation, and the slides can be found here
• A great quote from the beginning: “We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a “whole-system’s” approach: trying to change everything in the ecosystem that’s under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we’re able to do research and the minute that we decide that something isn’t right, we’ll design an alternative for it and push it in. And if it ends up breaking everybody’s machines from the previous stage to the next stage, that’s fine because we’ll end up in a happier place.”

Interview – Justin Cormack – justin@netbsd.org / @justincormack

NetBSD on Xen, rump kernels, various topics

News Roundup

The FreeBSD foundation’s biggest donation

• The FreeBSD foundation has a new blog post about the largest donation they’ve ever gotten
• From the CEO of WhatsApp comes a whopping one million dollars in a single donation
• It also has some comments from the donor about why they use BSD and why it’s important to give back
• Because the FreeBSD Foundation is a 501(c)(3) it must show that it has support of the general public, not just a small number of large donors. That is why individual donations are so important
• Donate even just $5, just to increase the number of names on the donors list
• Don’t know what to get your favourite FreeBSD developer for Christmas? Donations can be dedicated to others
• Spread the money around, donate to the foundation of each BSD you use when you can – every little bit helps: OpenBSD, NetBSD and DragonFly
• You use OpenSSH don’t you? gzip (bsd licensed gzip is from NetBSD)?, newfs_msdos (making FAT(32) file systems for USB devices etc, also from NetBSD)

OpenZFS Dev Summit 2014 videos

• Videos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies
• Matt Ahrens, opening keynote
• Raphael Carvalho, Platform Overview: ZFS on OSv
• Brian Behlendorf, Platform Overview: ZFS on Linux
• Prakash Surya, Platform Overview: illumos
• Xin Li, Platform Overview: FreeBSD
• All platforms, Group Q&A Session
• Dave Pacheco, Manta
• Saso Kiselkov, Compression
• George Wilson, Performance
  Tim Feldman, Host-Aware SMR
• Pavel Zakharov, Fast File Cloning
• The audio is pretty poor on all of them unfortunately

BSDTalk 248

• Our friend Will Backman is still busy getting BSD interviews as well
• This time he sits down with Matthew Dillon, the lead developer of DragonFly BSD
• We’ve never had Dillon on the show, so you’ll definitely want to give this one a listen
• They mainly discuss all the big changes coming in DragonFly’s upcoming 4.0 release

MeetBSD 2014 videos

• The presentations from this year’s MeetBSD conference are starting to appear online as well
• Kirk McKusick, A Narrative History of BSD
• Jordan Hubbard, FreeBSD: The Next 10 Years
• Brendan Gregg, Performance Analysis
• The slides can be found here

Feedback/Questions

• Dominik writes in
• Steven writes in
  • Chromebook porting
  • Dragonfly patch
• Florian writes in
• Richard writes in
• Kevin writes in

Mailing List Gold

• Contributing without code
• Compression isn’t a CRIME
• Securing web browsers

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you’ve worked on any cool BSD-related projects, write about it and send it in; we’d love to feature more community content
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Rump Kernels Revisited | BSD Now 64 first appeared on Jupiter Broadcasting.

This time on the show, we’ve got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week’s news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Updates to FreeBSD’s random(4)

• FreeBSD’s random device, which presents itself as “/dev/random” to users, has gotten a fairly major overhaul in -CURRENT
• The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
• Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
• Pluggable modules can now be written to add more sources of entropy
• These changes are expected to make it in 11.0-RELEASE, but there hasn’t been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

• We’ve talked about getting more BSD-based Tor nodes a few times in previous episodes
• The “tor-relays” mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
• With the security features and attention to detail, it makes for an excellent dedicated Tor box
• More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
• A few users are even saying they’ll convert their Linux nodes to OpenBSD to help out
• Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
• The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

• SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
• It’s now enabled by default in FreeBSD’s ports tree, and the pkgng packages will have it as well – but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
• This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
• If you were using the temporary “new Xorg” or SSP package repositories instead of the default ones, you need to switch back over
• NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
• Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

• While we’ve discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
• The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
• Most agree that, if it’s for a business especially, it’s worth the extra money to go with something that’s well known in the BSD community
• They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
• Through the comments, we also find out that QuakeCon runs OpenBSD on their network
• Hopefully most of our listeners are running some kind of BSD as their gateway – try it out if you haven’t already

Interview – Kristaps Džonsons – kristaps@openbsd.org

Mandoc, historical man pages, various topics

Tutorial

Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

• Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
• From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
• As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

• The lovable “getting to know your portmgr” series makes its triumphant return
• This time around, they interview Alex, one of the portmgr lurkers that joined just this month
• “How would you describe yourself?” “Too lazy.”
• Another post includes a short interview with Emanuel, another new lurker
• We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD’s ARM port gets SMP

• The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
• This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
• NetBSD’s release team is working on getting these changes into the 7 branch before 7.0 is released
• There are also a few nice pictures in the article

A high performance mid-range NAS

• This blog post is about FreeNAS and optimizing iSCSI performance
• It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
• There are some nice graphs and lots of detail if you’re interested in tweaking some of your own settings
• They conclude “there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload”

Feedback/Questions

• Heto writes in
• Brad writes in
• Tyler writes in
• Tim writes in
• Brad writes in

Mailing List Gold

• Suspicious contributions
• La puissance du fromage
• Nothing unusual here

• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router tutorial now has a new section on bandwidth throttling
• We’ll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
• Speaking of that, Peter Hansteen’s Book of PF auction raised a total of $3,050 for the OpenBSD foundation
• As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – we do the show for you guys, so let us know if there’s something specific you’d like to see covered (especially new tutorial ideas)
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post A Man's man(1) | BSD Now 63 first appeared on Jupiter Broadcasting.

One of the worlds most prolific spammers gets profiled & the technical details are fascinating. New Apple malware is getting everyones attention, but why iOS trusts the code is really the more fascinating story, we’ll explain.

Plus a great batch of questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

MeetBSD

• MeetBSD2014 – UCL all of the things

Spammers are always developing new tactics

• Prolific spammer Michael Persaud has been caught sending spam yet again
• The 37-year-old from San Diego was the first spammer to have been criminally prosecuted, 13 years ago
• By following a string of clues in the details used to register 1100 new domains used to send spam, researcher Ron Guilmette was able to track the source of the spam back to Persuad
• What makes this case specially interesting was the technique used to send the spam
• The chain of events starts with a block of IP addresses getting added to a blacklist, and the owner of those IP addresses being notified of the fact
• The owner of the IP addresses was adamant that the spam was not coming from their network, as they do not host any spammers
• When Cisco provided evidence that the spam was in fact coming from their IP addresses, further investigation revealed that that block of addresses was not actually in use
• The block of IPs was not being announced via BGP by the owner of the IP space, thus the IPs were dormant (unannounced)
• The spammers had looked around the internet, found ranges of dormant IP addresses, and announced those themselves, in effect moving the hosting for that IP range to their hosting provider, instead of that of the owner
• This allowed the spammers to send spam from ‘clean’ IP addresses, that had never been used to send spam before
• The spammer in question claims he did not know the IP addresses were hijacked, that the ISP he was using was selling him ‘stolen’ IPs without his knowledge
• Persuad made this seem like a common occurrence, but it isn’t, and the researchers are not buying it

• “In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy”

• Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door Audiobook | Brian Krebs | Audible.com

Google launches new network security testing tool: nogotofail

• SSL/TLS has seen a number of major vulnerabilities lately, including Heartbleed, Apple’s goto fail, GNUTLS and NSS both having certificate verification flaws, and most recently the POODLE vulnerability
• To help researchers and administrators test for these vulnerabilities, Google has released nogotofail, a new testing tool
• “allows developers to set up an infrastructure through which they can run known attacks against the target application. It has the ability to execute various attacks that require man-in-the-middle position, which is one of the key components of many of the known attacks on SSL/TLS, including POODLE, BEAST and others“
• “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS“
• The tool can be deployed on Clients, Routers, and VPNs to automatically detect connections between clients and servers that are vulnerable to any of the known flaws
• Project on GitHub

Feedback:

• Homeserver / SSH / Permissions or SPOUSAL APPROVAL

• Printers with public IPs?

• 10Gb NIC query

• ZFS on Linux and ECC RAM?

• Healthcare vendor negligent of POODLE

• Daniel Blair on Twitter: “Hey @ChrisLAS I am wearing my #TechSNAP 100th episode shirt while getting interviewed after #innovateordiedays https://t.co/4UwbBTJ0sl #rep”

Round-Up:

• WireLurker Mac OS X Malware Found, Shut Down
• New, harder to detect version of the Backoff Point-of-Sales malware found in the wild. Old version still infecting more than 1000 point of sales systems
• FBI Holds Secret Meeting To Scare Congress Into Backdooring Phone Encryption
• Linksys patches more routers for flaw found in July. Flaws Include allowing attackers to steal password database
• Secure Messaging Scorecard | Electronic Frontier Foundation
• Next weeks Microsoft Patch Tuesday will be a big one, 16 patches covering IE, Windows, Exchange, Office and more
• Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite
• American Express proposes new tokenized payment cards, unique code for each merchant, transaction type, or device.

The post Apple Approved Malware | TechSNAP 187 first appeared on Jupiter Broadcasting.

We’re away at MeetBSD this week, but we’ve still got a great show for you. We’ll be joined by Pawel Dawidek, who’s done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We’ll get to hear how that came about, what he’s up to now and a whole lot more. We’ll be back next week with a normal episode of BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Interview – Pawel Jakub Dawidek – pjd@freebsd.org

Porting ZFS, GEOM, GELI, Capsicum, various topics

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if you write any blog posts about BSD, send ’em our way
• Usually, you can watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• We’ll be back with a regular episode next week, and maybe even some new interviews

The post Gift from the Sun | BSD Now 62 first appeared on Jupiter Broadcasting.

This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD’s IPSEC stack. We’ll learn what he’s adding, what needed to be fixed and how we’ll benefit from the changes. As always, answers to your emails and all of this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSD panel at Phoenix LUG

• The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD
• It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience
• They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy
• It was a good “real world” example of things potential switchers are curious to know about
• They closed by concluding that more diversity is always better, and even if you’ve got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea

Book of PF signed copy auction

• Peter Hansteen (who we’ve had on the show) is auctioning off the first signed copy of the new Book of PF
• All the profits from the sale will go to the OpenBSD Foundation
• The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD’s versions (which still use ALTQ, among other differences)
• If you’re interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf – and the money will also go to a good cause
• Michael Lucas has challenged Peter to raise more for the foundation than his last book selling – let’s see who wins
• Pause the episode, go bid on it and then come back!

FreeBSD Foundation goes to EuroBSDCon

• Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report
• They also sponsored four other developers to go
• The foundation was there “to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD”
• They also have a second report from Kamil Czekirda
• A total of $2000 was raised at the conference

OpenBSD 5.6 released

• Note: we’re doing this story a couple days early – it’s actually being released on November 1st (this Saturday), but we have next week off and didn’t want to let this one slip through the cracks – it may be out by the time you’re watching this
• Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6
• It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features
• 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it
• You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)
• ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed
• This will serve as a “transitional” release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound
• Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions
• As always, 5.6 comes with its own song and artwork – the theme this time was obviously LibreSSL
• Be sure to check the full changelog (it’s huge) and pick up a CD or tshirt to support their efforts
• If you don’t already have the public key releases are signed with, getting a physical CD is a good “out of bounds” way to obtain it safely
• Here are some cool images of the set
• After you do your installation or upgrade, don’t forget to head over to the errata page and apply any patches listed there

Interview – John-Mark Gurney – jmg@freebsd.org / @encthenet

Updating FreeBSD’s IPSEC stack

News Roundup

Clang in DragonFly BSD

• As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang on i386/amd64 almost exclusively
• Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly
• We’d love to see more BSDs switch to Clang/LLVM eventually, it’s a lot more modern than the old GCC most are using

reallocarray(): integer overflow detection for free

• One of the less obvious features in OpenBSD 5.6 is a new libc function: “reallocarray()”
• It’s a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost
• Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature
• OpenBSD’s explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too

Switching from Linux blog

• A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux
• After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)
• So far, he’s put up a few posts about his initial thoughts, some documentation he’s going through and his experiments so far
• It’ll be an ongoing series, so we may check back in with him again later on

Owncloud in a FreeNAS jail

• One of the most common emails we get is about running Owncloud in FreeNAS
• Now, finally, someone made a video on how to do just that, and it’s even jailed
• A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend
• If you’re looking for an easy way to back up and sync your files, this might be worth a watch

Feedback/Questions

• Ernõ writes in
• David writes in
• Kamil writes in
• Torsten writes in
• Dominik writes in

Mailing List Gold

• That’s not our IP
• Is this thing on?

• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router, dpb, PXE autoinstall and patched ISO building tutorials have all been updated for 5.6
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – tell us how we’re doing or what you’d like to see in future episodes
• You can usually watch live Wednesdays at 2:00PM Eastern (18:00 UTC), but…
• We’ll be in California at MeetBSD next week, so there will be a prerecorded episode
• Speaking of conferences, the operatingsystems.io event has gotten a few more BSD speakers – check it out if you’re in London on November 25th

The post IPSECond Wind | BSD Now 61 first appeared on Jupiter Broadcasting.

It’s our 50th episode, and we’re going to show you how to protect your internet traffic with a BSD-based VPN. We’ll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

MeetBSD 2014 is approaching

• The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
• MeetBSD has an “unconference” format, which means there will be both planned talks and community events
• All the extra details will be on their site soon
• It also has hotels and various other bits of useful information – hopefully with more info on the talks to come
• Of course, EuroBSDCon is coming up before then

First experiences with OpenBSD

• A new blog post that leads off with “tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven’t tried before”
• The author read the famous “BSD for Linux users” series (that most of us have surely seen) and decided to give BSD a try
• He details his different OS and distro history, concluding with how he “eventually became annoyed at the poor quality of Linux userland software”
• From there, it talks about how he used the OpenBSD USB image and got a fully-working system
• He especially liked the simplicity of OpenBSD’s “hostname.if” system for network configuration
• Finally, he gets Xorg working and imports all his usual configuration files – seems to be a happy new user!

NetBSD rump kernels on bare metal (and Kansai OSC report)

• When you’re developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
• However, NetBSD’s rump kernels – a very unique concept – make this process a lot easier
• This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
• Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
• While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight

OpenSSL and LibreSSL updates

• OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
• Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
• LibreSSL released a new version to address most of the vulnerabilities, but wasn’t affected by some of them
• Whichever version of whatever SSL you use, make sure it’s patched for these issues
• DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, FreeBSD (outside of -CURRENT) and NetBSD are not

Interview – Robert Watson – rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

• If you use git (like a certain host of this show) then you’ve probably considered setting up your own server
• This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
• It even shows you how to set up multiple repos with key-based user separation and other cool things
• The author of the post is also a listener of the show, thanks for sending it in!

Backup devices for small businesses

• In this article, different methods of data storage and backup are compared
• After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
• He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
• It also goes over some of the hardware specifics in the FreeNAS Mini

A new Xenocara interview

• As a follow up to last week’s OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
• If you’re not familiar with Xenocara, it’s OpenBSD’s version of Xorg with some custom patches
• In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
• Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it’s natural for him to do a lot of the maintainership work there

Building a high performance FreeBSD samba server

• If you’ve got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what’s the best solution?
• FreeBSD, ZFS and Samba obviously!
• The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
• This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
• It doesn’t even require the newest or best hardware with the right changes, pretty cool

Feedback/Questions

• An interesting Reddit thread or two
• PB writes in
• Sean writes in
• Steve writes in
• Lachlan writes in
• Justin writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• We want to give a special thanks to our viewer Adam (aka bsdx) for writing most of today’s OpenVPN tutorial
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post VPN, My Dear Watson | BSD Now 50 first appeared on Jupiter Broadcasting.

How a hardware failure in Indonesia took Google down in California, stealing Crypto keys from virtual machines, and the trouble with Sophos. And an inside look at how Netflix crams so much storage into a teclo near you.

Plus a big batch of your questions, a packed round up, and so much more…

On this week’s of TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show: