Show Notes: techsnap.systems/386

The post What Makes Google Cloud Different | TechSNAP 386 first appeared on Jupiter Broadcasting.

The OpenZFS summit just wrapped up and Allan shares the exciting new features coming to the file system, researchers warn about flaws in NTP & of course we’ve got some critical patches.

Plus a great batch of questions, a rockin’ round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

OpenZFS Dev Summit

• Earlier this week the OpenZFS Developers Summit was held, as well as the 10th Anniversary party for the open sourcing of ZFS
• The first day consisted of networking and presentations
• Videos:
  • Opening Keynote and OpenZFS Success Stories
  • OpenZFS Internals
  • Masked ZFS Send, and ZFS Send Compression
  • Live Migration of NFS shares with Zmotion
  • The birth of ZFS, with Jeff Bonwick
  • Declustered RAID
  • Eager Zero, improving performance on AWS and VMWare
  • Compressed ARC
  • Discontiguous Caching with ABD
  • Dedup Ceiling, Persistent L2ARC, and ZFS native TRIM/UNMAP
  • Sandboxing ZFS on Linux
  • Metadata Allocation Classes, and Ztour
  • Writeback Caching
  • Story Time / Q and A with Matt and Jeff
• The second day was a hackathon at Github’s offices. People worked on a number of different projects, and Nexenta provided prizes to the projects voted to be the best prototypes
• Hackathon Presentations
• During the hackathon, I worked on a new feature of ZFS to make it easier to tell what command line features the current version of ZFS supports, so my replication script can determine if a new feature is supported or not

Researchers warn about flaws in NTP

• NTP is one of the oldest protocols still in use on the Internet. The Network Time Protocol is used to keep a computer’s clock in sync. It is very important for many applications, including cryptography (if your clock is wrong, certificates cannot be verified, expired certificates may be accepted, one-time-passwords may not be valid yet or already expired, etc)
• “The importance of NTP was highlighted in a 2012 incident in which two servers run by the U.S. Navy rolled back their clocks 12 years, deciding it was the year 2000. Computers that checked in with the Navy’s servers and adjusted their clocks accordingly had a variety of problems with their phones systems, routers and authentication systems”
• Researchers from Boston University announced yesterday that it’s possible for an attacker to cause an organization’s servers to stopping checking the time altogether
• “This research was first disclosed on August 20, 2015 and made public on October 21, 2015.”
• “NTP has a rate-limiting mechanism, nicknamed the “Kiss O’ Death” packet, that will stop a computer from repeatedly querying the time in case of a technical problem. When that packet is sent, systems may stop querying the time for days or years, according to a summary of the research”
• Post by researchers
• PDF: Full research paper
• The researchers outline 4 different attacks against NTP:
  • Attack 1 (Denial of Service by Spoofed Kiss-o’-Death)
  • Attack 2 (Denial of Service by Priming the Pump)
  • Attack 3 (Timeshifting by Reboot)
  • Attack 4 (Timeshifting by Fragmentation)
• It is recommended you upgrade your version of NTP to ntp-4.2.8p4
• “With the virtual currency bitcoin, an inaccurate clock could cause the bitcoin client software to reject what is a legitimate transaction”
• The paper goes on to describe the amount of error that needs to be induced to cause a problem:
  • TLS Certificate: years. Make a valid certificate invalid by setting the time past its expiration date, or make an expired certificate valid by turning the clock back
  • HSTS: a year. This is a header sent by websites that says “This site will always use a secure connection”, for sanity’s sakes, this header has an expiration date set some time in the future, usually a year. If you forward the clock past then, you can trick a browsers into accepting an insecure connection.
  • DNSSEC: months.
  • DNS Caches: days.
  • Routing (if security is even enabled): days
  • Bitcoin: hours
  • API Authenticate: minutes
  • Kerberos: minutes
• Alternatives:
  • Ntimed
  • OpenNTPd
    • Interesting feature: It can validate the ‘sanity’ of the time returned by the NTP server by comparing it against the time in an HTTPS header from a set of websites you select, like Google.com etc. It doesn’t set the time based on that (too inaccurate), but if the value from the time server is more than a few seconds off from that, ignore that time server as it might be malicious
  • tlsdate
  • NTPSec (a fork of regular NTP being improved)
• Additional Coverage: ArsTechnica

Adobe and Oracle release critical patches

• Adobe has issued a patch to fix a zero-day vulnerability in its Flash Player software
• All users should upgrade to Flash 19.0.0.226
• If you are worried, consider switching Flash to Click-to-Play mode
• Oracle has also released its quarterly patch update for Java, addressing at least 25 security vulnerabilities
• “According to Oracle, all but one of those flaws may be remotely exploitable without authentication”
• All users are strongly encouraged to upgrade to Java 8 Update 65
• Again, consider using click-to-play mode, to avoid allowing unexpected execution of Java
• “The latest versions of Java let users disable Java content in web browsers through the Java Control Panel.”
• “Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java”

Feedback:

• Bandwidth vs the speed of light

• Unison and an encrypted remote-mounted filesystem

• ZFS pool configuration

• Chinese woman made platform shoes for penetration testing

Round up:

• Android 6.0 re-implements mandatory storage encryption for new devices
• A tale of software maintenance, or lack there of
• Apple’s claim of unbreakable iMessage encryption ‘basically lies’
• To follow up last weeks news that Zerodium/VUPEN will pay $1 – $3 million for an iOS 9 jailbreak, if they can keep it private, PANGU released their Jailbreak for 9.0 – 9.0.2 to the public
• Apple tells US Court that “accessing data stored on a locked iPhone would be “impossible” with devices using its latest operating system (iOS8 at the time)”
• Yahoo mail app for mobile is getting rid of passwords, and using push notifications for authentication
• Remote code exec hijack hole found in Huawei 4G USB modems
• Don’t be fooled by fake online reviews, part 2
• Teen Who Hacked CIA Director’s Email Tells How He Did It
• Cisco TALOS offers expert assistance to any hosting provider to finds they are hosting malicious content or actors
• Tim Berners-Lee warns Facebook against creating a walled garden, “don’t you dare make a phone that can only go to facebook.com.”
• Google switches to BoringSSL, but they don’t recommend that you do
• Battery Tests Find No iPhone 6s Chipgate Problems – Consumer Reports
• XVWA (Xtreme Vulnerable Web Application) is a PHP/MySQL application purposely built with one of each different type of classic vulnerability, to help security enthusiasts learn about application security

The post A Rip in NTP | TechSNAP 237 first appeared on Jupiter Broadcasting.

We celebrate the 24th birthday of Linux by looking back to it’s early days, discuss the new SSD optimized Linux file system, the rather normal things Linux is doing on Mainframes & how the community at large reacts to crowdfunding.

Plus some great follow up, some great discussion & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Become a supporter on Patreon:

Show Notes:

Pre-Show:

• dropbox/hackpad · GitHub

Hackpad is a web-based realtime wiki, based on the open source EtherPad collaborative document editor.

Catch Up:

Canonical Kills Desktop Ubuntu Software Center, Focuses on Mobile Apps

Desktop apps stores are dead, and their mobile-oriented equivalents are the future. That’s the message from Canonical, which has quietly made clear that it intends to jettison the Software Center in Ubuntu Linux to focus on mobile apps for Snappy Ubuntu Core.

DigitalOcean

• DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

How Linux was born, as told by Linus Torvalds himself | Ars Technica

• Happy Birthday, Linux! An OS At 24

It has been 24 long years since the first ever release of the Linux project on August 25, 1991, which is the core component of any GNU/Linux distribution. With this occasion we want to remind everyone that Linux is everywhere, even if you don’t see it. You use Linux when you search on Google, when you use your phone, when buy metro tickets, actually the whole Internet is powered by Linux. Happy Birthday, Linux!

A New Linux File-System Aims For Speed While Having ZFS/Btrfs-Like Features

This new file-system is Bcachefs. BcacheFS is based on _BCache, the Linux kernel block layer cache_for pairing a large-capacity hard drive with a low-capacity, high-performance solid-state drive to act as a cache. In developing this block layer cache, Kent Overstreet (the primary Bcache/Bcachefs) developer realized they were basically writing their own file-system in the process. He explained, “the bcache codebase has been evolving/metastasizing into a full blown, general purpose posix filesystem – a modern COW filesystem with checksumming, compression, multiple devices, caching, and eventually snapshots and all kinds of other nifty features…I and the other people working on bcache realized that what we were working on was, almost by accident, a good chunk of the functionality of a full blown filesystem – and there was a really clean and elegant design to be had there if we took it and ran with it.”

• A New Linux File-System Aims For Speed While Having ZFS/Btrfs-Like Features – Phoronix

• BcacheFS vs. EXT4 vs. Btrfs vs. XFS vs. F2FS – Phoronix

PERFORMANCE:

I’m not really focusing on performance while there’s still correctness issues to
work on – so there’s lots of things that still need to be further optimized, but
the current performance numbers are still I think good enough to be interesting.

Here’s some dbench numbers, running on a high end pcie flash device:

TING

• Ting – mobile that makes sense

IBM LinuxONE and Open Source Demo – YouTube

IBM Fellow Donna Dillenberger demonstrates the new IBM LinuxONE system for scalable financial trading at the LinuxCon 2015 conference. The demo show multiple data loads (live data from the S&P 500 and Tweets) streaming via Maria DB, MongoDB, Spark Analytics, Chef, Docker and PostgreSQL.

In this LinuxONE demo, even with drastic upticks in CPU Utilization during the Greek financial crisis, response times are still lightning fast.

Linux Academy

• Linux Academy | Linux and AWS Online Training

Open Source is about supporting those who support you.

But his most recent work is one that is of even more importance to everyone, even those that use Windows or Apple. NTP, or Network Time Protocol, is a fundamental component of our information society today. The NSF reached out to Eric and he’s taken up the task of recoding NTP. For more information read the post on his blog post: Yes, NTPsec is real and I am involved.

Runs Linux from the people:

• Send in a pic/video of your runs Linux.
• Please upload videos to YouTube and submit a link via email or the subreddit.

Support Jupiter Broadcasting on Patreon

The post Freedom Isn't Free | LINUX Unplugged 107 first appeared on Jupiter Broadcasting.

Have you heard of Ham Radio? It’s the original open source! We dive in and take you into a ham shack to see what Ham Radio is all about, how it can done on Linux, and how the principles and communities of open source so closely align with this old hobby.

Plus Linux hits over 1k games & the new distro that makes Fedora approachable & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Ham Radio Technician Question Pool

All of the questions you could be asked, available in .doc .pdf or even .txt

Now You’re Talking – Getting started with Ham Radio

This book is exactly right for someone who wants to become a ham radio operator. This book does two things. It is a self study course that will allow you to pass the Technician level FCC test. It is also a general introduction to all of ham radio, covering the highlights of all that can be done in amateur radio. It has just the right level of sophistication to give a good understanding of all facets of amateur radio but does not get into such extreme detail that it is overwhelming.

SVXLINK

SVXLink is an EchoLink client for Linux. This allows you to use Ham Radio on Linux through the internet without actually using radios.

KLog

KLog is a Linux Ham Radio logging program. it can be used as a contest logger or a general purpose logger.

LinPSK

LinPsk is a Psk31 program for Linux using Qt.

QRZ Ham Radio Practice Test

Test your skills by taking the practice exam and see how well you would do.

ARRL Ham Radio on Linux

At this point, since Ubuntu is beginning to look like a really viable alternative OS, the next big issue is whether it will support the ham radio applications that we want to run. Fortunately, the answer to this question is — yes it will.

— PICKS —

Runs Linux

Army Cyber Warfare

Sent in my Romeo S
https://www.youtube.com/watch?v=Fau1u1bHino&feature=youtu.be&t=2m40s

Desktop App Pick

ShellInABox

Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.

https://www.tecmint.com/shell-in-a-box-a-web-based-ssh-terminal-to-access-remote-linux-servers

Weekly Spotlight

Ozon OS Hydrogen Beta Available

Ozon OS “Hydrogen” beta is available for download. This is a Linux distribution based on Fedora, created by a collaboration between Numix Project and Nitrux S.A., “designed to not get into your way and and be simple, sleek and modern while focusing on helping you to get stuff done quickly“.

• Ozon OS Hydrogen Beta Available For Download ~ Web Upd8: Ubuntu / Linux blog

Atom Shell

Ozon OS “Hydrogen” beta ships with four GNOME Shell extensions installed by default: Atom Dock, Atom Launcher, Atom Panel and of course, User Themes so Ozon OS can use its cool GNOME Shell theme out of the box.

Atom Dock is, like its name suggest, a “dock” or application launcher/switcher, that’s displayed at the bottom of the screen and uses intellihide by default (it hides if it overlaps any window in the active window group, but it can be brought up using the mouse pointer). Just like the default GNOME Shell Dash (which is disabled in Ozon OS), you can pin applications to the dock, open a new application window and access the application view

Linux Action Show at LFNW | Offical LAS 2015 Shirt

We are releasing another set of LAS shirts in preparation for LinuxFest Northwest which is at the end of April 2015! We hope to color Bellingham Technical College with LAS supporters donning their favorite Linux podcast!

Our Past Picks

These are the weekly picks provided by the Jupiter Broadcasting podcast, the Linux Action Show.

This site includes a separate picks lists for the “Runs Linux”, Desktop Apps, Spotlight Picks, Android Picks, and Distro Picks.

— NEWS —

Steam hits 1,000 Linux games days after Valve’s big Steam Machine reveal

At the moment, there are 1005 games that support Linux and SteamOS on Steam. That’s out of 4817 total games for all platforms on Steam, or 20.8% of all the games on Steam. And that’s just games—not DLC items, software, demos, or trailers. But, if you expand the search to include everything, there’s 1856 items in the Linux + SteamOS category.

Google Open Source Blog: Bidding farewell to Google Code

Beginning today, we have disabled new project creation on Google Code. We will be shutting down the service about 10 months from now on January 25th, 2016.

The Linux Foundation wants to rein in its insult-spewing leader

On Monday, the Linux Foundation kinda sorta slapped him on the wrist when they issued a new “Code of Conflict” policy that declared “personal insults or abuse are not welcome.”

• Linux kernel patch releases “code of conduct”

Some would say that the center of the problem is Linus Torvalds himself, that his blunt and cavalier attitude towards dealing with other developers has lead to too much tension within the ranks. However, when one man holds such a massive responsibility for that much code (and the patches submitted therein), it only makes sense that he carry a sharp stick and tone. The problem comes when contributors begin calling out Torvalds publicly. This happened recently when Lennart Poettering called Torvalds out for encouraging hate speech and attacks. Poettering went so far to say that the Linux community is a “sick place to be in.”

• The Linux Kernel’s New ‘Play Nice’ Patch | Community | LinuxInsider

Whether this tactic pans out to solve the growing friction within the Linux kernel commuinity remains to be seen. This kind of effort tends to shift power from the individual to those who enforce the code, according to Rob Enderle, principal analyst at the Enderle Group.

NTP’s Fate Hinges On “Father Time”

In April, one of the open source code movement’s first and biggest success stories, the Network Time Protocol, will reach a decision point, writes Charlie Babcock. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks? Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

• Time, NTP, PTP etc. — PHKs Bikeshed

Login screen in Fedora 22 Workstation uses Wayland

Fedora 21 Workstationadded the ability to log in and run a Wayland session from the login screen (GDM), leaving the login screen itself running using the older X protocol. This is changing with a new feature in Fedora 22 enabling the login screen to run on Wayland by default.

— FEEDBACK —

• https://slexy.org/view/s20Wth7QZf

• Amazon.com: Hauppauge 610 USB-Live 2 Analog Video Digitizer and Video Capture Device: Electronics

• https://slexy.org/view/s2f1ofKAec

• https://slexy.org/view/s2y2XD8l2E

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Linux's Slice of HAM | LAS 356 first appeared on Jupiter Broadcasting.

This week, we’ll be talking to Henning Brauer about OpenNTPD and its recently revived portable version. After that, we’ll be discussing different ways to securely tunnel your traffic: specifically OpenVPN, IPSEC, SSH and Tor. All that and the latest news, coming up on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Strange timer bug in FreeBSD 11

• Peter Wemm wrote in to the FreeBSD -CURRENT mailing list with an interesting observation
• Running the latest development code in the infrastructure, the clock would stop keeping time after 24 days of uptime
• This meant things like cron and sleep would break, TCP/IP wouldn’t time out or resend packets, a lot of things would break
• A workaround until it was fixed was to reboot every 24 days, but this is BSD we’re talking about – uptime is our game
• An initial proposal was adding a CFLAG to the build options which makes signed arithmetic wrap
• Peter disagreed and gave some background, offering a different patch to fix the issue and detect it early if it happens again
• Ultimately, the problem was traced back to an issue with the recent clang 3.5 import
• It only affected -CURRENT, not -RELEASE or -STABLE, but was definitely a bizarre bug to track down

An OpenBSD mail server

• There’s been a recent influx of blog posts about building a BSD mail server for some reason
• In this fancy series of posts, the author sets up OpenSMTPD in its native OpenBSD home, whereas previous posts have been aimed at FreeBSD and Linux
• In addition to the usual steps, this one also covers DKIMproxy, ClamAV for scanning attachments, Dovecot for IMAP and also multiple choices of spam filtering: spamd or SpamAssassin
• It also shows you how to set up Roundcube for building a web interface, using the new in-base httpd
• That means this is more of a “complete solution” – right down to what the end users see
• The series is split up into categories so it’s very easy to follow along step-by-step

How DragonFlyBSD uses git

• DragonFlyBSD, along with PCBSD and EdgeBSD, uses git as its version control system for the system source code
• In a series of posts, Matthew Dillon (the project lead) details their internal setup
• They’re using vanilla git over ssh, with the developers’ accounts set to git-only (no shell access)
• The maintainers of the server are the only ones with shell access available
• He also details how a cron job syncs from the master to a public box that anyone can check out code from
• It would be interesting to hear about how other BSD projects manage their master source repository

Why not try PCBSD?

• ITwire, another more mainstream tech site, published a recent article about switching to PCBSD
• They interview a guy named Kris that we’ve never heard of before
• In the article, they touch on how easy it can potentially be for Linux users looking to switch over to the BSD side – lots of applications are exactly the same
• “With the growing adoption of systemd, dissatisfaction with Linux has reached proportions not seen in recent years, to the extent that people have started talking of switching to FreeBSD.”
• If you have some friends who complain to you about systemd all the time, this might be a good article to show them

Interview – Henning Brauer – henning@openbsd.org / @henningbrauer

OpenNTPD and its portable variant

News Roundup

Authenticated time in OpenNTPD

• We recorded that interview with Henning just a few days ago, and it looks like part of it may be outdated already
• While at the hackathon, some developers came up with an alternate way to get authenticated NTP responses
• You can now add an HTTPS URL to your ntpd.conf in addition to the time server pool
• OpenNTPD will query it (over TLS, with CA verification) and look at the date sent in the HTTPS header
• It’s not intended to be a direct time source, just a constraint to keep things within reason
• If you receive regular NTP packets that are way off from the TLS packet, those will be discarded and the server(s) marked as invalid
• Henning and Theo also weigh in to give some of the backstory on the idea
• Lots more detail can be found in Reyk’s email explaining the new feature (and it’s optional of course)

NetBSD at Open Source Conference 2015 Oita and Hamanako

• It’s been a while since we’ve featured one of these trip reports, but the Japanese NetBSD users group is still doing them
• This time the conferences were in Oita and Hamanako, Japan
• Machines running NetBSD included the CubieBoard2 Allwinner A20, Raspberry Pi and Banana Pi, Sharp NetWalker and a couple Zaurus devices
• As always, they took lots of pictures from the event of NetBSD on all these weird machines

Poudriere in a jail

• A common question we get about our poudriere tutorial is “how do I run it in a jail?” – this blog post is about exactly that
• It takes you through the networking setup, zpool setup, nginx setup, making the jail and finally poking the right holes in the jail to allow poudriere to work its magic

Bruteblock, another way to stop bruteforce

• We’ve mentioned a few different ways to stop ssh bruteforce attempts in the past: fail2ban, denyhosts, or even just with pf’s built-in rate limiting
• Bruteblock is a similar tool, but it’s not just for ssh logins – it can do a number of other services
• It can also work directly with IPFW, which is a plus if you’re using that as your firewall
• Add a few lines to your syslog.conf and bruteblock will get executed automatically
• The rest of the article takes you through the different settings you can configure for blocking

New iwm(4) driver and cross-polination

• The OpenBSD guys recently imported a new “iwm” driver for newer Intel 7260 wireless cards (commonly found in Thinkpads)
• NetBSD wasted no time in porting it over, giving a bit of interesting backstory
• According to Antti Kantee, “it was created for OpenBSD by writing and porting a NetBSD driver which was developed in a rump kernel in Linux userspace”
• Both projects would appreciate further testing if you have the hardware and can provide useful bug reports
• Maybe FreeBSD and DragonFly will port it over too, or come up with something that’s partially based on the code

PC-BSD current images

• The first of our PC-BSD -CURRENT images should be available this weekend
• This image will be tagged 11.0-CURRENTFEB2015, with planned monthly updates
• For the more adventurous this will allow testing both FreeBSD and PC-BSD bleeding edge

Feedback/Questions

• Antonio writes in
• Richard writes in
• Charlie writes in
• Ben writes in

Mailing List Gold

• A systematic effort
• GCC’s lunch
• Hopes and dreams

Discussion

Comparison of ways to securely tunnel your traffic

• OpenVPN, OpenBSD IKED, FreeBSD IPSEC, OpenSSH, Tor

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Right on time for this episode, the ISC NTPd team announced more security problems just a few days ago

The post Time for a Change | BSD Now 76 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be talking to Ian Sutton about his new BSD compatibility wrappers for various systemd dependencies. Don’t worry, systemd is not being ported to BSD! We’re still safe! We’ve also got all the week’s news and answers to your emails, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Introducing OPNsense, a pfSense fork

• OPNsense is a new BSD-based firewall project that was recently started, forked from the pfSense codebase
• Even though it’s just been announced, they already have a formal release based on FreeBSD 10 (pfSense’s latest stable release is based on 8.3)
• The core team includes a well-known DragonFlyBSD developer
• You can check out their code on Github now, or download an image and try it out – let us know if you do and what you think about it
• They also have a nice wiki and some instructions on getting started for new users
• We plan on having them on the show next week to learn a bit more about how the project got started and why you might want to use it – stay tuned

Code rot and why I chose OpenBSD

• Here we have a blog post about rotting codebases – a core banking system in this example
• The author tells the story of how his last days spent at the job were mostly removing old, dead code from a giant project
• He goes on to compare it to OpenSSL and the heartbleed disaster, from which LibreSSL was born
• Instead of just bikeshedding like the rest of the internet, OpenBSD “silently started putting the beast into shape” as he puts it
• The article continues on to mention OpenBSD’s code review process, and how it catches any bugs so we don’t have more heartbleeds
• “In OpenBSD you are encouraged to run current and the whole team tries its best to make current as stable as it can. You know why? They eat their own dog food. That’s so simple yet so amazing that it blows my mind. Developers actually run OpenBSD on their machines daily.”
• It’s a very long and detailed story about how the author has gotten more involved with BSD, learned from the mailing lists and even started contributing back – he says “In summary, I’m learning more than ever – computing is fun again”
• Look for the phrase “Getting Started” in the blog post for a nice little gem

ZFS vs HAMMER FS

• One of the topics we’ve seen come up from time to time is how FreeBSD’s ZFS and DragonFly’s HAMMER FS compare to each other
• They both have a lot of features that traditional filesystems lack
• A forum thread was opened for discussion about them both and what they’re typically used for
• It compares resource requirements, ideal hardware and pros/cons of each
• Hopefully someone will do another new comparison when HAMMER 2 is finished
• This is not to be confused with the other “hammer” filesystem

Portable OpenNTPD revived

• With ISC’s NTPd having so many security vulnerabilities recently, people need an alternative NTP daemon
• OpenBSD has developed OpenNTPD since 2004, but the portable version for other operating systems hasn’t been actively maintained in a few years
• The older version still works fine, and is in FreeBSD ports and NetBSD pkgsrc, but it would be nice to have some of the newer features and fixes from the native version
• Brent Cook, who we’ve had on the show before to talk about LibreSSL, decided it was time to fix this
• While looking through the code, he also found some fixes for the native version as well
• You can grab it from Github now, or just wait for the updated release to hit the repos of your OS of choice

Interview – Ian Sutton – ian@kremlin.cc

BSD replacements for systemd dependencies

News Roundup

pkgng adds OS X support

• FreeBSD’s next-gen package manager has just added support for Mac OS X
• Why would you want that? Well.. we don’t really know, but it’s cool
• The author of the patch may have some insight about what his goal is though
• This could open up the door for a cross-platform pkgng solution, similar to NetBSD’s pkgsrc
• There’s also the possibility of pkgng being used as a packaging format for MacPorts in the future
• While we’re on the topic of pkgng, you can also watch bapt‘s latest presentation about it from ruBSD 2014 – “four years of pkg“

Secure secure shell

• Almost everyone watching BSD Now probably uses OpenSSH and has set up a server at one point or another
• This guide provides a list of best practices beyond the typical “disable root login and use keys” advice you’ll often hear
• It specifically goes in-depth with server and client configuration with the best key types, KEX methods and encryption ciphers to use
• There are also good explanations for all the choices, based both on history and probability
• Minimal backwards compatibility is kept, but most of the old and insecure stuff gets disabled
• We’ve also got a handy chart to show which SSH implementations support which ciphers, in case you need to support Windows users or people who use weird clients

Dissecting OpenBSD’s divert(4)

• PF has a cool feature that not a lot of people seem to know about: divert
• It lets you send packets to userspace, allowing you to inspect them a lot easier
• This blog post, the first in a series, details all the cool things you can do with divert and how to use it
• A very common example is with intrusion detection systems like Snort

Screen recording on FreeBSD

• This is a neat article about a topic we don’t cover very often: making video content on BSD
• In the post, you’ll learn how to make screencasts with FreeBSD, using kdenlive and ffmpeg
• There are also notes about getting a USB microphone working, so you can do commentary on whatever you’re showing
• It also includes lots of details and helpful screenshots throughout the process
• You should make cool screencasts and send them to us

Feedback/Questions

• Camio writes in
• ezpzy writes in
• Emett writes in
• Ben writes in
• Laszlo writes in

Mailing List Gold

• Protocol X97
• My thoughts echoed
• Vulnerability sample

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – we’ve highlighted some pretty cool BSD blog posts recently, but you need to tell us if you write one!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post System Disaster | BSD Now 71 first appeared on Jupiter Broadcasting.

It’s our last episode of 2014, and we’ll be chatting with Dan Langille about the upcoming BSDCan conference. We’ll find out what’s planned and what sorts of presentations they’re looking for. As usual, answers to viewer-submitted questions and all the week’s news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More conference presentation videos

• Some more of the presentation videos from AsiaBSDCon are appearing online
• Masanobu Saitoh, Developing CPE Routers Based on NetBSD
• Reyk Floeter, VXLAN and Cloud-based Networking with OpenBSD
• Jos Jansen, Adapting OS X to the enterprise
• Pierre Pronchery & Guillaume Lasmayous, Carve your NetBSD
• Colin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)
• The “bsdconferences” YouTube channel has quite a lot of interesting older BSD talks too – you may want to go back and watch them if you haven’t already

OpenBSD PIE enhancements

• ASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem
• They only work with dynamic libraries and binaries, so if you have any static binaries, they don’t get the same treatment
• For example, the default shells (and many other things in /bin and /sbin) are statically linked
• In the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose
• With this and a few related commits, OpenBSD fixes this by introducing static self-relocation
• More and more CPU architectures are being tested and getting support too; this isn’t just for amd64 and i386 – VAX users can rest easy
• It’ll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities
• As always, it starts with a letter from the president of the foundation – this time it’s about encouraging students and new developers to get involved
• The article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)
• You can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too
• There are also sections about the FreeBSD Journal‘s progress, a new staff member and a testimonial from NetApp
• It’s a very long report, so dedicate some time to read all the way through it
• This year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too
• As we go into 2015, consider donating to whichever BSD you use, it really can make a difference

Modernizing OpenSSH fingerprints

• When you connect to a server for the first time, you’ll get what’s called a fingerprint of the host’s public key – this is used to verify that you’re actually talking to the same server you intended to
• Up until now, the key fingerprints have been an MD5 hash, displayed as hex
• This can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to
• This new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint
• You can add a “FingerprintHash” line in your ssh_config to force using only the new type
• There’s also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers – also useful if you’re not 100% confident in any single key type
• The new options should be in the upcoming 6.8 release

Interview – Dan Langille – info@bsdcan.org / @bsdcan

Plans for the BSDCan 2015 conference

News Roundup

Introducing ntimed, a new NTP daemon

• As we’ve mentioned before in our tutorials, there are two main daemons for the Network Time Protocol – ISC’s NTPd and OpenBSD’s OpenNTPD
• With all the recent security problems with ISC’s NTPd, Poul-Henning Kamp has been working on a third NTP daemon
• It’s called “ntimed” and you can try out a preview version of it right now – it’s in FreeBSD ports or on Github
• PHK also has a few blog entries about the project, including status updates

OpenBSD-maintained projects list

• There was recently a read on the misc mailing list asking about different projects started by OpenBSD developers
• The initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)
• A developer compiled a new list from all of the replies to that thread into a nice organized webpage
• Most people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more
• This page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout)

Monitoring network traffic with FreeBSD

• If you’ve ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you
• It’ll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)
• This is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike

Trapping spammers with spamd

• This is a blog post about OpenBSD’s spamd – a spam email deferral daemon – and how to use it for your mail
• It gives some background on the greylisting approach to spam, rather than just a typical host blacklist
• “Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will “temporarily reject” any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation.”
• The post also shows how to combine it with PF and other tools for a pretty fancy mail setup
• You can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc
• You might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd

Feedback/Questions

• Sean writes in
• Brandon writes in
• Anders writes in
• David writes in
• Kyle writes in

Mailing List Gold

• NTP code comparison – 192870 vs. 2898
• NICs have feelings too
• Just think about it

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if you do anything cool with BSD, tell us about it
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Have a happy new year – make 2015 the year you finally switch over to BSD

The post Daemons in the North | BSD Now 70 first appeared on Jupiter Broadcasting.

The TrueCrypt project has shut down, and we’ll run down what we think is the most likely answer to this sudden mystery is.

Plus the good news for openSSL, the top 10 Windows configuration mistakes, and big batch of your questions, our answers, and much much more!

Thanks to:

— Show Notes: —

TrueCrypt shuts down unexpectedly

• TrueCrypt is a cross-platform image or whole disk encryption system
• The website for TrueCrypt changed yesterday, stating that “it may contain unfixed security issues”
• The page states now that Windows XP is EOL and all supported versions of Windows support ‘BitLocker’ disk encryption, TrueCrypt is no longer necessary
• The website provides information about transitioning data from TrueCrypt to the OS disk encryption system for various different OSs
• The website has been updated with version 7.2 of TrueCrypt, which only allows the user to decrypt their files, not encrypt any new files
• This was originally thought to be a hack of the site, or a hoax
• The new binary is signed with the correct key, the same as previous versions of TrueCrypt, suggesting that this post is legitimate
• While the code is available, the license is restrictive
• The developers of TrueCrypt are anonymous
• GIST tracking various bits of information and speculating about possible causes
• ThreatPost coverage
• One of the suspicious things about the announcement is the recommendation to use BitLocker, the authors of TrueCrypt had previously expressed concerns about how BitLocker stores the secret keys in the TPM (Trusted Platform Module), which may also allow the NSA to access the secret key
• There is some speculation that this could be a ‘warrant canary’, the authors’ way to telling the public that they were forced to do something to TrueCrypt, or divulge something about TrueCrypt
• However, it is more likely that the developers just no longer have an interest in maintaining TrueCrypt
• The last major version release was 3 years ago, and the most recent release before the announcement was over a year ago. An actively developed project would likely have had at least some maintenance releases in that time
• The code for TrueCrypt was being audited after a crowdfunding effort. The first phase of the audit found no obvious backdoors, but the actual cryptography had not been analyzed yet.
• Additional Coverage – Krebs On Security

Core Infrastructure Initiative provides OpenSSL with 2 full time developers and funds a security audit

• The CII has announced its Advisory board and the list of projects it is going to support
• Advisory Board members include:
• longtime Linux kernel developer and open source advocate Alan Cox
• Matt Green of Open Crypto Audit Project
• Dan Meredith of the Radio Free Asia’s Open Technology Fund
• Eben Moglen of Software Freedom Law Center
• Bruce Schneier of the Berkman Center for Internet & Society at Harvard Law School
• Eric Sears of the MacArthur Foundation
• Ted T’so of Google and the Linux kernel community
• Projects identified as core infrastructure:
• Network Time Protocol
• OpenSSH
• OpenSSL
• Open Crypto Audit Project to conduct security audit of OpenSSL
• The security audit will be difficult due to the lack of a consistent style in the code and the maze of ifdef and ifndef segments
• the OCAP (Open Crypto Audit Project) team, which includes Johns Hopkins professor and cryptographer Matthew Green and Kenn White, will now have the money to fund an audit of OpenSSL
• OCAP was originally created by a crowdfunded project to audit TrueCrypt

The top 10 windows server security misconfigurations

• NCCGroup does what it calls ‘Build Surveys’, where they check production environments to ensure they are configured properly
• The following is the result of an analysis of their last 50 such surveys:
  • Missing Microsoft Patches: 82%
  • Insufficient Auditing: 50%
  • Third-Party Software Updates: 48%
  • Weak Password Policy: 38%
  • UAC Disabled for Administrator Account: 34%
  • Disabled Host-Based Firewall: 34%
  • Clear Text Passwords and Other Sensitive Information: 24%
  • Account Lockout Disabled: 20%
  • Out-of-Date Virus Definitions: 18%
  • No Antivirus Installed: 12%
• Conclusions: Everyone makes the same mistakes, over and over
• Most of these problems are trivial to fix
• Part of the problem is this culture of ‘patch averseness’, partly this is the fault of software vendors often issuing patches that break more things than they fix, but in general Microsoft has actually done a good job of ensuring their patches apply smoothly and do not break things
• Part of this is the fact that they only issue updates once a month, and only once they have been tested
• In the study, most of the machines that were missing patches, were missing patches that were more than a year old, so it isn’t just conservatism, but just a complete lack of proper patch management

Feedback:

• FreeBSD Developers Summit

• BSDCan 2014 videos

• Replacing failed disk in Freenas

• Am I too old?

• Bacula Retention and Storage Guidance

• VLAN Tag You\’re It

• Virtualisation as a Work LAN Solution

• devops is specialization

• DevOps – Wikipedia, the free encyclopedia

• Can you please talk about load balancing?

• Update on me not getting a job.

Round-Up:

• DISH Teams Up with Coinbase to Become Largest Company to Accept Bitcoin
• Post Mortem at Joyent — Opps, I accidently rebooted every server in the data center at once
• Official Google Blog: Getting to work on diversity at Google
• PeakScale’s list of PostMortems from all around the web
• YouTube starts rating U.S. ISPs, puts its weight behind settlement-free peering
• Why you don’t want to use AES-XTS encryption for anything except FDE
• Apple Forgets to Renew SSL Certificate, Breaking OS X Software Update [Fixed]
• Security concerns about HTTP/2.0 — rushing to finish and cutting corners
• Separate from the recent eBay hack, an XSS vulnerability that has not been fixed
• Last night on IRC to topic changes to VGA, and Peter Wemm dug out his old dual cpu Pentium 90mhz running FreeBSD
• Windows XP hack to get updates — Not a great idea

The post Tales from the TrueCrypt | TechSNAP 164 first appeared on Jupiter Broadcasting.

We\’ll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we\’ve got a tutorial on how to run your own NTP server. News, your feedback and even… the winner of our tutorial contest! It\’s a big show, so stay tuned to BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD foundation\’s 2013 fundraising results

• The FreeBSD foundation finally counted all the money they made in 2013
• $768,562 from 1659 donors
• Nice little blog post from the team with a giant beastie picture
• \”We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon.\”
• A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook)

OpenSSH 6.5 released

• We mentioned the CFT last week, and it\’s finally here!
• New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein\’s Curve25519 (now the default when both clients support it)
• Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA
• Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can\’t even attempt to login
• New bcrypt private key type, 500,000,000 times harder to brute force
• Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one
• Portable version already in FreeBSD -CURRENT, and ports
• Lots more bugfixes and features, see the full release note or our interview with Damien
• Work has already started on 6.6, which can be used without OpenSSL!

Crazed Ferrets in a Berkeley Shower

• In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: \”It’s actually stood up fairly well to the test of time, but it’s fourteen years old now.\”
• This is basically an updated version about why he uses the BSD license, in response to recent idiocy from Richard Stallman
• Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL
• Check out the full post if you\’re one of those people that gets into license arguments
• The takeaway is \”BSD is about making the world a better place. For everyone.\”

OpenBSD on BeagleBone Black

• Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi
• A blog post about installing OpenBSD on a BBB from.. our guest for today!
• He describes it as \”everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black\”
• It goes through the whole process, details different storage options and some workarounds
• Could be a really fun weekend project if you\’re interested in small or embedded devices

This episode was brought to you by

Interview – Ted Unangst – tedu@openbsd.org / @tedunangst

OpenBSD\’s signify infrastructure

Tutorial

Running an NTP server

News Roundup

Getting started with FreeBSD

• A new video and blog series about starting out with FreeBSD
• The author has been a fan since the 90s and has installed it on every server he\’s worked with
• He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users
• The first video is the installation, then he goes on to packages and other topics – 4 videos so far

More OpenBSD hackathon reports

• As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience
• He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work
• This summary goes into detail about all the stuff he got done there

X11 in a jail

• We\’ve gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!
• A new tunable option will let jails access /dev/kmem and similar device nodes
• Along with a change to DRM, this allows full X11 in a jail
• Be sure to check out our jail tutorial and jailed VNC tutorial for ideas
• Ongoing Discussion

PCBSD weekly digest

• 10.0 \”Joule Edition\” finally released!
• AMD graphics are now officially supported
• GNOME3, MATE and Cinnamon desktops are available
• PCBSD also got a mention in eweek

Feedback/Questions

• Justin writes in: https://slexy.org/view/s21VnbKZsH
• Daniel writes in: https://slexy.org/view/s2nD7RF6bo
• Martin writes in: https://slexy.org/view/s2jwRrj7UV
• Alex writes in: https://slexy.org/view/s201koMD2c
  + unofficial FreeBSD RPI Images
• James writes in: https://slexy.org/view/s2AntZmtRU
• John writes in: https://slexy.org/view/s20bGjMsIQ

• All the tutorials are posted in their entirety at bsdnow.tv
• The ssh tutorial has been updated with some new 6.5 stuff
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: if you\’re on FreeBSD 8.3 for some reason, upgrade soon – it\’s reaching EOL
• Reminder: if you\’re using pkgng, be sure to update to 1.2.6 for a security issue
• The winner of the tutorial contest is… Dusko! We didn\’t get as many submissions as we wanted, but his Nagios monitoring tutorial was extremely well-done. It\’ll be featured in a future episode. Congrats! Send us a picture when it arrives.
• Allan got his pillow in the mail as well, it\’s super awesome

The post Time Signatures | BSD Now 23 first appeared on Jupiter Broadcasting.

We\’ve got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE – yes it\’s finally here! We\’re gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we\’ll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We\’ve got a round of your questions and the latest news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 10.0-RELEASE is out

• The long awaited, giant release of FreeBSD is now official and ready to be downloaded
• One of the biggest releases in FreeBSD history, with tons of new updates
• Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system… the list goes on and on
• Start up your freebsd-update or do a source-based upgrade right now!

OpenSSH 6.5 CFT

• Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5
• Huge, huge release, focused on new features rather than bugfixes (but it includes those too)
• New ciphers, new key formats, new config options, see the mailing list for all the details
• Should be in OpenBSD 5.5 in May, look forward to it – but also help test on other platforms!
• We\’ll talk about it more when it\’s released

DIY NAS story, FreeNAS 9.2.1-BETA

• Another new blog post about FreeNAS!
• \”I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS\”
• Really long article with lots of nice details about his setup, why you might want a NAS, etc.
• Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes

OpenBSD needed funding for electricity.. and they got it

• Briefly mentioned at the end of last week\’s show, but has blown up over the internet since
• OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments
• They needed about $20,000 to cover electric costs for the server rack in Theo\’s basement
• Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations
• From Bob Beck, \”we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation\”
• This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large

This episode was brought to you by

Interview – Colin Percival – cperciva@freebsd.org / @twitter

FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics

Tutorial

Bandwidth monitoring and testing

News Roundup

pfSense talk at Tokyo FreeBSD Benkyoukai

• Isaac Levy will be presenting \”pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments\”
• He\’s also going to be looking for help to translate the pfSense documentation into Japanese
• The event is on February 17, 2014 if you\’re in the Tokyo area

m0n0wall 1.8.1 released

• For those who don\’t know, m0n0wall is an older BSD-based firewall OS that\’s mostly focused on embedded applications
• pfSense was forked from it in 2004, and has a lot more active development now
• They switched to FreeBSD 8.4 for this new version
• Full list of updates in the changelog
• This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no!

Ansible and PF, plus NTP

• Another blog post from our buddy Michael Lucas
• There\’ve been some NTP amplification attacks recently in the news
• The post describes how he configured ntpd on a lot of servers without a lot of work
• He leverages pf and ansible for the configuration
• OpenNTPD is, not surprisingly, unaffected – use it

ruBSD videos online

• Just a quick followup from a few weeks ago
• Theo and Henning\’s talks from ruBSD are now available for download
• There\’s also a nice interview with Theo

PCBSD weekly digest

• 10.0-RC4 images are available
• Wine PBI is now available for 10
• 9.2 systems will now be able to upgrade to version 10 and keep their PBI library

Feedback/Questions

• Sha\’ul writes in: https://slexy.org/view/s2WQXwMASZ
• Kjell-Aleksander writes in: https://slexy.org/view/s2H0FURAtZ
• Mike writes in: https://slexy.org/view/s21eKKPgqh
• Charlie writes in (and gets a reply): https://slexy.org/view/s21UMLnV0G
• Kevin writes in: https://slexy.org/view/s2SuazcfoR

Contest

• We\’ll be giving away a handmade FreeBSD pillow – yes you heard right
• All you need to do is write a tutorial for the show
• Submit your BSD tutorial write-ups to feedback@bsdnow.tv
• Check bsdnow.tv/contest for all the rules, details, instructions and a picture of the pillow.

• All the tutorials are posted in their entirety at bsdnow.tv
• The poudriere tutorial got a couple fixes and modernizations
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Stop commenting on the Jupiterbroadcasting pages and Youtube! We don\’t read those!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Tendresse for Ten | BSD Now 21 first appeared on Jupiter Broadcasting.