pf – Jupiter Broadcasting

FreeBSD, Corona: Fight! | BSD Now 343

Wes Payne — Thu, 26 Mar 2020 04:00:00 +0000

Show Notes/Links: https://www.bsdnow.tv/343

The post FreeBSD, Corona: Fight! | BSD Now 343 first appeared on Jupiter Broadcasting.

Firewall Fun | TechSNAP 421

Wes Payne — Fri, 24 Jan 2020 00:15:00 +0000

Show Notes: techsnap.systems/421

The post Firewall Fun | TechSNAP 421 first appeared on Jupiter Broadcasting.

I’ll Fix Everything | BSD Now 101

chris — Thu, 06 Aug 2015 10:10:54 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week, we’ll be talking with Adrian Chadd about an infamous reddit thread he made. With a title like “what would you like to see in FreeBSD?” and hundreds of responses, well, we’ve got a lot to cover…

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD, from distribution to project

Ted Unangst has yet another interesting blog post up, this time covering a bit of BSD history and some different phases OpenBSD has been through
It’s the third part of his ongoing series of posts about OpenBSD removing large bits of code in favor of smaller replacements
In the earliest days, OpenBSD collected and maintained code from lots of other projects (Apache, lynx, perl..)
After importing new updates every release cycle, they eventually hit a transitional phase – things were updated, but nothing new was imported
When the need arose, instead of importing a known tool to do the job, homemade replacements (OpenNTPD, OpenBGPD, etc) were slowly developed
In more recent times, a lot of the imported code has been completely removed in favor of the homegrown daemons
More discussion on HN and reddit

Remote ZFS mirrors, the hard way

Backups to “the cloud” have become a hot topic in recent years, but most of them require trade-offs between convenience and security
You have to trust (some of) the providers not to snoop on your data, but even the ones who allow you to locally encrypt files aren’t without some compromise
As the author puts it: “We don’t need live synchronisation, cloud scaling, SLAs, NSAs, terms of service, lock-ins, buy-outs, up-sells, shut-downs, DoSs, fail whales, pay-us-or-we’ll-deletes, or any of the noise that comes with using someone else’s infrastructure.”
This guide walks you through setting up a FreeBSD server with ZFS to do secure offsite backups yourself
The end result is an automatic system for incremental backups that’s backed (pun intended) by ZFS
If you’re serious about keeping your important data safe and sound, you’ll want to give this one a read – lots of detailed instructions

Various DragonFlyBSD updates

The DragonFly guys have been quite busy this week, making an assortment of improvements throughout the tree
Intel ValleyView graphics support was finally committed to the main repository
While on the topic of graphics, they’ve also issued a call for testing for a DRM update (matching Linux 3.16’s and including some more Broadwell fixes)
Their base GCC compiler is also now upgraded to version 5.2
If your hardware supports it, DragonFly will now use an accelerated console by default

QuakeCon runs on OpenBSD

QuakeCon, everyone’s favorite event full of rocket launchers, recently gave a mini-tour of their network setup
For such a crazy network, unsurprisingly, they seem to be big fans of OpenBSD and PF
In this video interview, one of the sysadmins discusses why he chose OpenBSD, what he likes about it, different packet queueing systems, how their firewalls and servers are laid out and much more
He also talks about why they went with vanilla PF, writing their ruleset from the ground up rather than relying on a prebuilt solution
There’s also some general networking talk about nginx, reverse proxies, caching, fiber links and all that good stuff
Follow-up questions can be asked in this reddit thread
The host doesn’t seem to be that familiar with the topics at hand, mentioning “OpenPF” multiple times among other things, so our listeners should get a kick out of it

Interview – Adrian Chadd – adrian@freebsd.org / @erikarn

Rethinking ways to improve FreeBSD

News Roundup

CII contributes to OpenBSD

If you recall back to when we talked to the OpenBSD foundation, one of the things Ken mentioned was the Core Infrastructure Initiative
In a nutshell, it’s an organization of security experts that helps facilitate (with money, in most cases) the advancement of the more critical open source components of the internet
The group is organized by the Linux foundation, and gets its multi-million dollar backing from various big companies in the technology space (and donations from volunteers)
To ensure that OpenBSD and its related projects (OpenSSH, LibreSSL and PF likely being the main ones here) remain healthy, they’ve just made a large donation to the foundation – this makes them the first “platinum” level donor as well
While the exact amount wasn’t disclosed, it was somewhere between $50,000 and $100,000
The donation comes less than a month after Microsoft’s big donation, so it’s good to see these large organizations helping out important open source projects that we depend on every day

Another BSDCan report

The FreeBSD foundation is still getting trip reports from BSDCan, and this one comes from Mark Linimon
In his report, he mainly covers the devsummit and some discussion with the portmgr team
One notable change for the upcoming 10.2 release is that the default binary repository is now the quarterly branch – Mark talks a bit about this as well
He also gives his thoughts on using QEMU for cross-compiling packages and network performance testing

Lumina 0.8.6 released

The PC-BSD team has released another version of Lumina, their BSD-licensed desktop environment
This is mainly a bugfix and performance improvement release, rather than one with lots of new features
The on-screen display widget should be much faster now, and the configuration now allows for easier selection of default applications (which browser, which terminal, etc)
Lots of non-English translation updates and assorted fixes are included as well
If you haven’t given it a try yet, or maybe you’re looking for a new window manager, Lumina runs on all the BSDs

More c2k15 hackathon reports

Even more reports from OpenBSD’s latest hackathon are starting to pour in
The first one is from Alexandr Nedvedicky, one of their brand new developers (the guy from Oracle)
He talks about his experience going to a hackathon for the first time, and lays out some of the plans for integrating their (very large) SMP PF patch into OpenBSD
Second up is Andrew Fresh, who went without any specific plans, but still ended up getting some UTF8 work done
On the topic of ARMv7, “I did enjoy being there when things weren’t working so [Brandon Mercer] could futilely try to explain the problem to me (I wasn’t much help with kernel memory layouts). Fortunately others overheard and provided words of encouragement and some help which was one of my favorite parts of attending this hackathon.”
Florian Obser sent in a report that includes a little bit of everything: setting up the hackathon’s network, relayd and httpd work, bidirectional forwarding detection, airplane stories and even lots of food
Paul Irofti wrote in as well about his activities, which were mainly focused on the Octeon CPU architecture
He wrote a new driver for the onboard flash of a DSR-500 machine, which was built following the Common Flash Interface specification
This means that, going forward, OpenBSD will have out-of-the-box support for any flash memory device (often the case for MIPS and ARM-based embedded devices)

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post I'll Fix Everything | BSD Now 101 first appeared on Jupiter Broadcasting.

Lost Technology | BSD Now 96

chris — Thu, 02 Jul 2015 10:22:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week, we’ll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He’ll tell us what makes these old (and often forgotten) machines so interesting. As usual, we’ve also got answers to your emails and all this week’s news on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Out with the old, in with the less

Our friend Ted Unangst has a new article up, talking about “various OpenBSD replacements and reductions”
“Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.”
In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure
It starts off with a lesser-known SCSI driver that “tried to do too much” being replaced with three separate drivers
“Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver.”
In contrast to that example, he goes on to cite mandoc as taking a very non “unixy” direction, but at the same time being smaller and simpler than all the tools it replaced
The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)
He also talks about the rewritten “file” utility: “Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it.”
Finally, sudo in OpenBSD’s base system is moving to ports soon, and the article briefly describes a new tool that may or may not replace it, called “doas”
There’s also a nice wrap-up of all the examples at the end, and the “Pruning and Polishing” talk is good complementary reading material

SMP steroids for PF

An Oracle employee that’s been porting OpenBSD’s PF to an upcoming Solaris release has sent in an interesting patch for review
Attached to the mail was what may be the beginnings of making native PF SMP-aware
Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind – this is just one piece of the puzzle
The initial response has been quite positive though, with some back and forth between developers and the submitter
For now, let’s be patient and see what happens

DragonFly 4.2.0 released

DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes
i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release
Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there’s a wiki page about configuring it
They’ve also switched the default compiler to GCC 5, though why they’ve gone in that direction instead of embracing Clang is a mystery
The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools
Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement
There was also some hacker news discussion you can check out, as well as upgrade instructions

OpenSMTPD 5.7.1 released

The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently
Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default
The long-awaited filter API is now enabled by default, though still considered slightly experimental
Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)
Many more small additions and bugfixes were made, so check the changelog for the full list
Starting with 5.7.1, releases are now cryptographically signed to ensure integrity
This release has gone through some major stress testing to ensure stability – Gilles regularly asks their Twitter followers to flood a test server with thousands of emails per second, even offering prizes to whoever can DDoS them the hardest
OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately
Let’s all encourage Kris to stop procrastinating on switching from Postfix

Interview – Jun Ebihara (蛯原純) – jun@soum.co.jp / @ebijun

Lesser-known CPU architectures, embedded NetBSD devices

News Roundup

FreeBSD foundation at BSDCan

The FreeBSD foundation has posted a few BSDCan summaries on their blog
The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: “Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people.”
He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily
Their second trip report is from Ahmed Kamal, who flew in all the way from Egypt
A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum’s about MINIX and NetBSD
There are also two more wrap-ups from Zbigniew Bodek and Vsevolod Stakhov, so you’ve got plenty to read

OpenBSD from a veteran Linux user perspective

In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time
“For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an ‘old-school’ Linux admin, and I’ve felt out of place with the latest changes on the system administration.”
The post is a collection of his thoughts about what’s different between Linux and BSD, what surprised him as a beginner – admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags
One of the things that surprised him (in a positive way) was the documentation: “OpenBSD’s man pages are so nice that RTFMing somebody on the internet is not condescending but selfless.”
He also goes through some of the basics, installing and updating software, following different branches
It concludes with “If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern.”

FreeBSD on the desktop, am I crazy

Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up – this time about FreeBSD on the desktop
He begins with a bit of forewarning for potential Linux switchers: “It certainly wasn’t an easy journey, and I’m tempted to say do not try this at home to anybody who isn’t going to leverage any of FreeBSD’s strong points. Definitely don’t try FreeBSD on the desktop if you haven’t used it on servers or virtual machines before. It’s got less in common with Linux than you might think.”
With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd
The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash
Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well
In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too

OpenIKED and Cisco CSR 1000v IPSEC

This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED
What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud
There are lots of details (and example configuration files) for using IKEv2 and OpenBSD’s built-in IKE daemon
It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that’s afraid to try them… don’t be

HardenedBSD improves stack randomization

The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area
In their initial implementation, the stack randomization was a random gap – this update makes the base address randomized as well
They’re now stacking the new on top of the old as well, with the goal being even more entropy
This change triggered an ABI and API incompatibility, so their major version has been bumped

OpenSSH 6.9 released

The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes
There are a couple new things though – the “AuthorizedKeysCommand” config option now takes custom arguments
One very notable change is that the default cipher has changed as of this release
The traditional pairing of AES128 in counter mode with MD5 HMAC has been replaced by the ever-trendy ChaCha20-Poly1305 combo
Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to “no” by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they’re under 1024 bits
Many small bugs fixes and improvements were also made, so check the announcement for everything else
The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We’d love to see more participation from the listeners – get in touch with us if you’re doing something interesting you’d like to talk about (or have already written about)
If you’re using DNSCrypt on your router to protect your DNS lookups, as mentioned in a few of our tutorials, you may want to consider switching the authoritative resolver away from OpenDNS (since Cisco recently bought them and doesn’t have the best security record)

The post Lost Technology | BSD Now 96 first appeared on Jupiter Broadcasting.

Builder’s Insurance | BSD Now 94

chris — Thu, 18 Jun 2015 10:30:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show, we’ll be chatting with Marc Espie. He’s recently added some additional security measures to dpb, OpenBSD’s package building tool, and we’ll find out why they’re so important. We’ve also got all this week’s news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

BSDCan 2015 videos

BSDCan just ended last week, but some of the BSD-related presentation videos are already online
Allan Jude, UCL for FreeBSD
Andrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?
Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernel
Brooks Davis, CheriBSD: A research fork of FreeBSD
Giuseppe Lettieri, Even faster VM networking with virtual passthrough
Joseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD
Olivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over Internet
Peter Hessler, Using routing domains / routing tables in a production network
Ryan Lortie, a stitch in time: jhbuild
Ted Unangst, signify: Securing OpenBSD From Us To You
Many more still to come…

Documenting my BSD experience

Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it’s finally time to give BSD a try
“That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in.”
In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks
The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you’re into that)
You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into
He’s also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon
His second post explores replacing the firewall on his self-described “over complicated home network” with an OpenBSD box
After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing
All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand
Getting to hear experiences like this are very important – they show areas where all the BSD developers’ hard work has paid off, but can also let us know where we need to improve

PC-BSD starts experimental HardenedBSD builds

The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated
They’re not the first major FreeBSD-based project to offer an alternate build – OPNsense did that a few weeks ago – but this might open the door for more projects to give it a try as well
With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won’t have
Time will tell if more projects and products like FreeNAS might be interested too

C-states in OpenBSD

People who run BSD on their notebooks, you’ll want to pay attention to this one
OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode
According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life
If you’re running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings

NetBSD at Open Source Conference 2015 Hokkaido

The Japanese NetBSD users group never sleeps, and they’ve hit yet another open source conference
As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)
We’ll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms

Interview – Marc Espie – espie@openbsd.org / @espie_openbsd

Recent improvements to OpenBSD’s dpb tool

News Roundup

Introducing xhyve, bhyve on OS X

We’ve talked about FreeBSD’s “bhyve” hypervisor a lot on the show, and now it’s been ported to another OS
As the name “xhyve” might imply, it’s a port of bhyve to Mac OS X
Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future
It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer
There are also a few examples on how to use it

4K displays on DragonFlyBSD

If you’ve been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you’ll be pleased to know that 4K displays work just fine
Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas
Some GUI applications might look weird on such a huge resolution,
HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience

Sandboxing port daemons on OpenBSD

We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD’s base as chrooted by default – things from ports or packages don’t always get the same treatment
This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn’t chroot by default
It goes through the process of manually building a sandbox with all the libraries you’ll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it
With a few small changes, similar tricks could be done on the other BSDs as well – everybody has chroots

SmallWall 1.8.2 released

SmallWall is a relatively new BSD-based project that we’ve never covered before
It’s an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits
They’ve just released the first official version, so you can give it a try now
If you’re interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks…

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Builder's Insurance | BSD Now 94 first appeared on Jupiter Broadcasting.

PIE in the Sky | BSD Now 85

chris — Thu, 16 Apr 2015 11:18:11 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This time on the show, we’ll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He’ll tell us what types of attacks it prevents, and why it’s such a big deal. We’ve also got answers to questions from you in the audience and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Solaris’ networking future is with OpenBSD

A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
What’s more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
This blog post goes through some of the backstory of the two firewalls
PF is in a lot of places – other BSDs, Mac OS X and iOS – but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
“Many of the world’s largest corporations and government agencies are heavy Solaris users, meaning that even if you’re neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD’s PF for their filtering needs, we will all be benefiting even more from the OpenBSD project’s emphasis on correctness, quality and security”
You’re welcome, Oracle

BAFUG discussion videos

The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
Lastly, Kip Macy gave a talk titled “network stack changes, user-level FreeBSD”
The main two subjects there are some network stack changes, and how to get more people contributing, but there’s also open discussion about a variety of FreeBSD topics
If you’re close to the Bay Area in California, be sure to check out their group and attend a meeting sometime

More than just a makefile

If you’re not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
As it turns out, the ports system really isn’t that different from a binary package manager – they are what’s used to create binary packages, after all
The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
After that, he shows you how to get your new port tested, if you’re interesting in doing some porting yourself, and getting involved with the rest of the community
This post is very long and there’s a lot more to it, so check it out (and more discussion on Hacker News)

Securing your home fences

Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
We hear from a lot of users who want to set up some kind of BSD-based firewall, but don’t hear back from them after they’ve done it.. until now
In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
The post covers all the hardware you’ll need, getting the OS installed to a flash drive or SD card and going through the whole process
Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
If you don’t have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
We love super-detailed guides like this, so everyone should write more and send them to us immediately

Interview – Pascal Stumpf – pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM’s new libFuzzer

We’ve discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
It looks like LLVM is going to have their own fuzzing tool too now
The Clang and LLVM guys are no strangers to this type of code testing, but decided to “close the loop” and start fuzzing parts of LLVM (including Clang) using LLVM itself
With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future

HardenedBSD upgrades secadm

The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
We covered both the secadm tool and integriforce in previous episodes, but the short version is that it’s a way to prevent files from being altered (even as root)
Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now

RAID5 returns to OpenBSD

OpenBSD’s softraid subsystem, somewhat similar to FreeBSD’s GEOM, has had experimental RAID5 support for a while
However, it was exactly that – experimental – and required a recompile to enable
With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
Now it’s on by default, and there’s a call for testing being put out, so grab a snapshot and put the code through its paces
The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the “do you want to enable DUIDs?” question entirely

pkgng 1.5.0 released

Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
The “provides” and “requires” support is finally in a regular release
A new “-r” switch will allow for direct installation to a chroot or alternate root directory
Memory usage should be much better now, and some general code speed-ups were added
This version also introduces support for Mac OS X, NetBSD and EdgeBSD – it’ll be interesting to see if anything comes of that
Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)

p2k15 hackathon reports

There was another OpenBSD hackathon that just finished up in the UK – this time it was mainly for ports work
As usual, the developers sent in reports of some of the things they got done at the event
Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn’t provide any hardware documentation, as well as updating some of the games in ports
Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all – he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview, or know someone else who might be interesting to hear from, let us know

The post PIE in the Sky | BSD Now 85 first appeared on Jupiter Broadcasting.

Pipe Dreams | BSD Now 73

chris — Thu, 22 Jan 2015 13:48:41 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show we’ll be chatting with David Maxwell, a former NetBSD security officer. He’s got an interesting project called Pipecut that takes a whole new approach to the commandline. We’ve also got answers to viewer-submitted questions and all this week’s headlines, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD quarterly status report

The FreeBSD team has posted an updated on some of their activities between October and December of 2014
They put a big focus on compatibility with other systems: the Linux emulation layer, bhyve, WINE and Xen all got some nice improvements
As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure
The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs
FreeBSD’s forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)
Git was promoted from beta to an officially-supported version control system (Kris is happy)
The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints
Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more “cloud” services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements
Check out the full report for all the details that we didn’t cover

OpenBSD package signature audit

“Linux Audit” is a website focused on auditing and hardening systems, as well as educating people about securing their boxes
They recently did an article about OpenBSD, specifically their ports and package system and signing infrastructure
The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed
Package signature formats and public key distribution methods are also touched on
After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future
If you haven’t seen our episode about signify with Ted Unangst, that would be a great one to check out after reading this

Replacing a Linux router with BSD

There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one
The poster begins with “I’m in the camp that doesn’t trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I’d run Windows NT, not Linux. So I’ve decided to migrate my homebrew router/firewall/samba server to one of the BSDs.”
A lot of people were quick to recommend OPNsense and pfSense, being that they’re very easy to administer (requiring basically no BSD knowledge at all)
Other commenters suggested a more hands-on approach, setting one up yourself with FreeBSD or OpenBSD
If you’ve been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through
Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you’ll have to wade through some of that to get to the good information

LibreSSL in FreeBSD and OPNsense

A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)
The reasoning being that updates in base tend to lag behind, whereas the port can be updated for security very quickly
OPNsense developers are looking into switching away from OpenSSL to LibreSSL’s portable version, for both their ports and base system, which would be a pretty huge differentiator for their project
Some ports still need fixing to be compatible though, particularly a few python-related ones
If you’re a FreeBSD ports person, get involved and help squash some of the last remaining bugs
A lot of the work has already been done in OpenBSD’s ports tree – some patches just need to be adopted
More and more upstream projects are incorporating LibreSSL patches in their code – let your favorite software vendor know that you’re using it

Interview – David Maxwell – david@netbsd.org / @david_w_maxwell

Pipecut, text processing, commandline wizardry

News Roundup

Jetpack, a new jail container system

A new project was launched to adapt FreeBSD jails to the “app container specification”
While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker
It’s a similar project to iocage or bsdploy, which we haven’t talked a whole lot about
There was also some discussion about it on Hacker News

Separating base and package binaries

All of the main BSDs make a strong separation between the base system and third party software
This is in contrast to Linux where there’s no real concept of a “base system” – more recently, some distros have even merged all the binaries into a single directory
A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies
Read the comments for the full explanation, but having things separated really helps keep things organized

Updated i915kms driver for FreeBSD

This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward
This update does not introduce Haswell support just yet, but was required before the Haswell bits can be added

Year of the OpenBSD desktop

Here we have an article about using OpenBSD as a daily driver for regular desktop usage
The author says he “ran fifty thousand different distributions, never being satisfied”
After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook
He also used FreeBSD between versions 7 and 9, finding a “a mostly harmonious environment,” but regressions lead him to give up on desktop *nix once again
Starting with 2015, he’s back and is using OpenBSD on a Thinkpad x201
The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup
He apparently used our desktop tutorial – thanks for watching!

Unattended FreeBSD installation

A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE
His goal was to have a setup similar to Redhat’s “kickstart” or OpenBSD’s autoinstall
The article shows you how to set up DHCP and TFTP, with no NFS share setup required
He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We’re thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It’s meant to be informative like a tutorial, but more of a “free discussion” format. If you have any subjects you want us to explore, or even just a good name for it, send in an email. We may incorporate guests too, so if you’d like to join us for something like that, let us know.
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Pipe Dreams | BSD Now 73 first appeared on Jupiter Broadcasting.

A Man’s man(1) | BSD Now 63

chris — Thu, 13 Nov 2014 13:16:48 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This time on the show, we’ve got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week’s news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Updates to FreeBSD’s random(4)

FreeBSD’s random device, which presents itself as “/dev/random” to users, has gotten a fairly major overhaul in -CURRENT
The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
Pluggable modules can now be written to add more sources of entropy
These changes are expected to make it in 11.0-RELEASE, but there hasn’t been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

We’ve talked about getting more BSD-based Tor nodes a few times in previous episodes
The “tor-relays” mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
With the security features and attention to detail, it makes for an excellent dedicated Tor box
More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
A few users are even saying they’ll convert their Linux nodes to OpenBSD to help out
Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
It’s now enabled by default in FreeBSD’s ports tree, and the pkgng packages will have it as well – but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
If you were using the temporary “new Xorg” or SSP package repositories instead of the default ones, you need to switch back over
NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

While we’ve discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
Most agree that, if it’s for a business especially, it’s worth the extra money to go with something that’s well known in the BSD community
They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
Through the comments, we also find out that QuakeCon runs OpenBSD on their network
Hopefully most of our listeners are running some kind of BSD as their gateway – try it out if you haven’t already

Interview – Kristaps Džonsons – kristaps@openbsd.org

Mandoc, historical man pages, various topics

Tutorial

Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

The lovable “getting to know your portmgr” series makes its triumphant return
This time around, they interview Alex, one of the portmgr lurkers that joined just this month
“How would you describe yourself?” “Too lazy.”
Another post includes a short interview with Emanuel, another new lurker
We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD’s ARM port gets SMP

The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
NetBSD’s release team is working on getting these changes into the 7 branch before 7.0 is released
There are also a few nice pictures in the article

A high performance mid-range NAS

This blog post is about FreeNAS and optimizing iSCSI performance
It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
There are some nice graphs and lots of detail if you’re interested in tweaking some of your own settings
They conclude “there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload”

Feedback/Questions

Mailing List Gold

All the tutorials are posted in their entirety at bsdnow.tv
The OpenBSD router tutorial now has a new section on bandwidth throttling
We’ll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
Speaking of that, Peter Hansteen’s Book of PF auction raised a total of $3,050 for the OpenBSD foundation
As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – we do the show for you guys, so let us know if there’s something specific you’d like to see covered (especially new tutorial ideas)
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post A Man's man(1) | BSD Now 63 first appeared on Jupiter Broadcasting.

DES Challenge IV | BSD Now 47

chris — Thu, 24 Jul 2014 11:44:16 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week on the show!

We’ve got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like.

The latest news, answers to your emails and even some LibreSSL drama, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

g2k14 hackathon reports

Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
Lots of work got done – in just the first two weeks of July, there were over 1000 commits to their CVS tree
Some of the developers wrote in to document what they were up to at the event
Bob Beck planned to work on kernel stuff, but then “LibreSSL happened” and he spent most of his time working on that
Miod Vallat also tells about his LibreSSL experiences
Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we’ll be interviewing him next week!)
Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
Martin Pelikan integrated read-only ext4 support
Vadim Zhukov did lots of ports work, including working on KDE4
Theo de Raadt created a new, more secure system call, “sendsyslog” and did a lot of work with /etc, sysmerge and the rc scripts
Paul Irofti worked on the USB stack, specifically for the Octeon platform
Sebastian Benoit worked on relayd filters and IPv6 code
Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
Stefan Sperling fixed a lot of issues with wireless drivers
Florian Obser did many things related to IPv6
Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
Matthieu Herrb worked on updating and modernizing parts of xenocara

FreeBSD pf discussion takes off

A thread started on the freebsd-questions and freebsd-current mailing lists this week concerning FreeBSD’s version of pf being old and seemingly unmaintained (unfortunately people didn’t always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
Straight from the SMP FreeBSD pf maintainer: “no one right now [is actively developing pf on FreeBSD]” and “Following OpenBSD on features would be cool, but no bulk imports would be made again. Bulk imports produce bad quality of port,
and also pf in OpenBSD has no multi thread support”
Baptiste Daroussin was quick to point out that multi-thread support is not the only difference between FreeBSD and OpenBSD versions of pf, including work that was done to support VIMAGE (network virtualization, to support have entire network stacks in jails)
Baptiste Daroussin also reports on his efforts to update FreeBSD pf. He ran into problems and after breaking pf on head, his changes were reverted. He reports that he is still interested in porting individual OpenBSD pf features that are relevant to him, but not in a ‘full sync’ or being the overall maintainer of FreeBSD pf
The project is looking for volunteers to continue the work. Mentorship is available for a number of people familiar with the FreeBSD networking stack, and Henning Brauer (one of the authors of OpenBSD pf) has stated his willingness to help on a number of occasions, and candidates can apply to the FreeBSD Foundation for funding
Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
FreeBSD’s pf man pages are lacking, and some of FreeBSD’s documentation still links to OpenBSD’s pages, which are not compatible anymore
The discussion also touched on importing pf patches from pfSense, although the license that these patches are under is not clear at this time
Things quickly got off topic as further disagreement among individual developers vs. users derailed the conversation somewhat
Many users are very vocal about wanting it updated, saying they are willing to deal with the syntax change and it is worth the benefits
Some developers wonder which features of OpenBSD pf users actually want, other than just ‘the latest shiny’
Currently the only known problem with FreeBSD pf is with ipv6 fragments, and the VIMAGE subsystem
Gleb Smirnoff, author of the FreeBSD-specific SMP patches, says Henning’s claims about OpenBSD’s improved speed are “uncorroborated claims” (but neither side has provided any public benchmarks)
Olivier Cochard-Labbé (of the BSD Router Project) provided his benchmarks from Nov 2013 of packet forwarding rates with various configurations of FreeBSD 9.2 and 10, vs OpenBSD 5.4. Here is the raw data and scripts to reproduce and a graph of the results
There seem to be many opinions about what to do about pf, but so far no one willing to do the work

LibreSSL progress update

LibreSSL’s first few portable releases have come out and they’re making great progress, releasing 2.0.3 two days ago
Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
However, there has already been some drama… with Linux users
There was a problem with Linux’s PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
This “problem” doesn’t affect OpenBSD’s native implementation, only the portable version
The developers decide to weigh in to calm the misinformation and rage
A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now – remember to say thanks, guys
Ted Unangst has a really good post about the whole situation, definitely check it out
As a follow-up from last week, bapt says they’re working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly – if you’re a port maintainer, please test your ports against it

Preparation for NetBSD 7

The release process for NetBSD 7.0 is finally underway
The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
If you run NetBSD, that’ll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
They’re also looking for some help updating documentation and fixing any bugs that get reported
Another formal announcement will be made when the beta binaries are up

Interview – Dag-Erling Smørgrav – des@freebsd.org / @RealEvilDES

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

BSDCan ports and packages WG

Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
There’s also some detail about the signing infrastructure and different mirrors
Ports people and source people need to talk more often about ABI breakage
The post also includes information about pkg 1.3, the old pkg tools’ EOL, the quarterly stable package sets and a lot more (it’s a huge post!)

Cross-compiling ports with QEMU and poudriere

With recent QEMU features, you can basically chroot into a completely different architecture
This article goes through the process of building ARMv6 packages on a normal X86 box
Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
The poudriere-devel port now has a “qemu user” option that will pull in all the requirements
Hopefully this will pave the way for official pkgng packages on those lesser-used architectures

Cloning FreeBSD with ZFS send

For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
This post shows his entire process in creating a mirror machine, using ZFS for everything
The “zfs send” and “zfs snapshot” commands really come in handy for this
He does the whole thing from a live CD, pretty impressive

FreeBSD Overview series

A new blog series we stumbled upon about a Linux user switching to BSD
In part one, he gives a little background on being “done with Linux distros” and documents his initial experience getting and installing FreeBSD 10
He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
Most of what he was used to on Linux was already in the default FreeBSD (except bash…)
Part two documents his experiences with pkgng and ports

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Last week we talked a bit about hardware compatibility, check out the NYC BSD Users’ Group’s dmesgd , a database of user submitted dmesg output from various hardware on various BSD’s. Help the community, submit your dmesg today!
If you want to come on for an interview or have a tutorial you’d like to see, let us know – we want to do what the viewers want to see
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post DES Challenge IV | BSD Now 47 first appeared on Jupiter Broadcasting.

Network Iodometry | BSD Now 46

chris — Thu, 17 Jul 2014 11:26:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’re back and this week we’ll be showing you how to tunnel out of a restrictive network using only DNS queries.

We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes.

All the latest news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

– Show Notes: –

Headlines

EuroBSDCon 2014 registration open

September is getting closer, and that means it’s time for EuroBSDCon – held in Bulgaria this year
Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
Tutorials, sessions, dev summits and everything else all have their own pricing as well
Registering between August 18th – September 12th will cost more for everything
You can register online here and check hotels in the area
The FreeBSD foundation is also accepting applications for travel grants

OpenBSD SMP PF update

A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
In a recent mailing list thread, Henning Brauer addresses some of the concerns
The short version is that too many things in OpenBSD are currently single-threaded for it to matter – just reworking PF by itself would be useless
He also says PF on OpenBSD is over four times faster than FreeBSD’s old version, presumably due to those extra years of development it’s gone through
There’s also been even more recent concern about the uncertain future of FreeBSD’s PF, being mostly unmaintained since their SMP patches
We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us

Introduction to NetBSD pkgsrc

An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
It also lists all the different bmake targets and their functions in relation to the porting process
Finally, the post details the whole process of creating a new port

FreeBSD 9.3-RELEASE

After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
The full list of changes is available, but it’s mostly a smaller maintenance release
Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated… and much more
If you haven’t jumped to the 10.x branch yet (and there are a lot of people who haven’t!) this is a worthwhile upgrade – 9.2-RELEASE will reach EOL soon
Good news, this will be the first release with PGP-signed checksums on the FTP mirrors – a very welcome change
9.2’s EOL was extended until December of this year
With that out of the way, the 10.1-RELEASE schedule was posted

Interview – Bryan Drewery – bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

We’ve previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
Using this setup, every user that logs in with a password will have an extra requirement before they can gain access – but users with public keys can login normally
It’s a really, really simple process once you have the port installed – full details on the page

Ditch tape backup in favor of FreeNAS

The author of this post shares some of his horrible experiences with tape backups for a client
Having constant, daily errors and failed backups, he needed to find another solution
With 1TB of backups, tapes just weren’t a good option anymore – so he switched to FreeNAS (after also ruling out a pre-built NAS)
The rest of the article details his experiences with it and tells about his setup

NetBSD vs FreeBSD, desktop experiences

A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try – especially since it has a native nVidia driver
“Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.”
He’s become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system

PCBSD not-so-weekly digest

Speaking of choices for a desktop system, it’s the return of the PCBSD digest!
Warden and PBI_add have gotten some interesting new features
You can now create jails “on the fly” when adding a new PBI to your application library
Bulk jail creation is also possible now, and it’s really easy
New Jenkins integration, with public access to Poudriere logs as well (https://builds.pcbsd.org)
PkgNG 1.3.0.rc2 testing for EDGE users

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We love hearing from listeners – tell us what you think of the show or what you’d like to see!
If you want to come on for an interview or have a tutorial you’d like to see, let us know
Congrats to the new FreeBSD core team members
The first (and second.. and third..) portable release of LibreSSL is available on the OpenBSD FTP sites, with a brief announcement email
Test it on your platform of choice, including building ports against it, and report your findings to either the LibreSSL team or the port maintainers so we can increase compatibility
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Network Iodometry | BSD Now 46 first appeared on Jupiter Broadcasting.

Base ISO 100 | BSD Now 44

chris — Thu, 03 Jul 2014 11:46:54 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This time on the show, we’ll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we’ll show you how to roll your own OpenBSD ISOs with all the patches already applied… ISO can’t wait!

This week’s news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

pfSense 2.1.4 released

The pfSense team has released 2.1.4, shortly after 2.1.3 – it’s mainly a security release
Included within are eight security fixes, most of which are pfSense-specific
OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
It also includes a large number of various other bug fixes
Update all your routers!

DragonflyBSD’s pf gets SMP

While we’re on the topic of pf…
Dragonfly patches their old[er than even FreeBSD’s] pf to support multithreading in many areas
Stemming from a user’s complaint, Matthew Dillon did his own work on pf to make it SMP-aware
Altering your configuration‘s ruleset can also help speed things up, he found
When will OpenBSD, the source of pf, finally do the same?

ChaCha usage and deployment

A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
OpenSSH offers it as a stream cipher now, OpenBSD uses it for it’s random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
Both Google’s fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
Unfortunately, this article has one mistake: FreeBSD does not use it – they still use the broken RC4 algorithm

BSDMag June 2014 issue

The monthly online BSD magazine releases their newest issue
This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, “saving time and headaches using the robot framework for testing,” an interview and an article about the increasing number of security vulnerabilities
The free pdf file is available for download as always

Interview – Craig Rodrigues – rodrigc@freebsd.org

FreeBSD’s continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end – this had the advantage of not requiring any extra disk space, but raised some security concerns
With signify, now everything is fully downloaded and verified before tar is even invoked
The pkg_add utility works a little bit differently, but it’s also been improved in this area – details in the post
Be sure to also read the original post from Adam, lots of good information

FreeBSD 9.3-RC2 is out

As the -RELEASE inches closer, release candidate 2 is out and ready for testing
Since the last one, it’s got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
The updated bsdconfig will use pkgng style packages now too
A lesser known fact: there are also premade virtual machine images you can use too

pkgsrcCon 2014 wrap-up

In what may be the first real pkgsrcCon article we’ve ever had!
Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
Unfortunately no recordings to be found…

PostgreSQL FreeBSD performance and scalability

FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
Lots of technical details if you’re interested in getting the best performance out of your hardware
It also includes specific kernel options he used and the rest of the configuration
If you don’t want to open the pdf file, you can use this link too

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
There, you’ll also find a link to Bob Beck’s LibReSSL talk from the end of May – we finally found a recording!
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview or have a tutorial you’d like to see, let us know
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
Next week Allan will be at BSDCam, so we’ll have a prerecorded episode then

The post Base ISO 100 | BSD Now 44 first appeared on Jupiter Broadcasting.

Package Design | BSD Now 43

chris — Thu, 26 Jun 2014 10:06:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

It’s a big show this week! We’ll be interviewing Marc Espie about OpenBSD’s package system and build cluster. Also, we’ve been asked many times “how do I keep my BSD box up to date?” Well, today’s tutorial should finally answer that. Answers to all your emails and this week’s headlines, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

EuroBSDCon 2014 talks and schedule

The talks and schedules for EuroBSDCon 2014 are finally revealed
The opening keynote is called “FreeBSD, looking forward to another 10 years” by jkh
Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
It looks like Theo even has a talk, but the title isn’t on the page… how mysterious
There are also days dedicated to some really interesting tutorials
Register now, the conference is on September 25-28th in Bulgaria
If you see Allan and Kris walking towards you and you haven’t given us an interview yet… well you know what’s going to happen
Why aren’t the videos up from last year yet? Will this year also not have any?

FreeNAS vs NAS4Free

More mainstream news covering BSD, this time with an article about different NAS solutions
In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
“One is pleasantly functional; the other continues devolving during a journey of pain” – uh oh, who’s the loser?

Quality software costs money, heartbleed was free

PHK writes an article for ACM Queue about open source software projects’ funding efforts
A lot of people don’t realize just how widespread open source software is – TVs, printers, gaming consoles, etc
The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish’s funding
The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
On that subject, “Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software”
Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive

Geoblock evasion with pf and OpenBSD rdomains

Geoblocking is a way for websites to block visitors based on the location of their IP
This is a blog post about how to get around it, using pf and rdomains
It has the advantage of not requiring any browser plugins or DNS settings on the users’ computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that…)
In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
It’s got all the details you need to set up a VPN-like system and bypass those pesky geographic filters

Interview – Marc Espie – espie@openbsd.org / @espie_openbsd

OpenBSD’s package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
Adam Langley has a blog post about it, why they did it and how they’re going to maintain it
You can easily browse the source code
Theo de Raadt also weighs in with how this effort relates to LibReSSL
More eyes on the code is good, and patches will be shared between the two projects

More BSD Tor nodes wanted

Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
If one vulnerability is found, a huge portion of the network would be useless – we need more variety in the network stacks, crypto, etc.
The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
Check out our Tor tutorial and help out the network, and promote BSD at the same time!

FreeBSD 10 OpenStack images

OpenStack, to quote Wikipedia, is “a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution.”
The article goes into detail about creating a FreeBSD instant, installing and converting it for use with “bsd-cloudinit”
The author of the article is a regular listener and emailer of the show, hey!

BSDday 2014 call for papers

BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
It was created in 2008 and is the only BSD conference around that area
The “call for papers” was issued, so if you’re around Argentina and use BSD, consider submitting a talk
Sysadmins, developers and regular users are, of course, all welcome to come to the event

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Just a reminder for those who don’t check the website, you’ll also find contact information for every guest we’ve ever had in the show notes – so if you have follow up questions for them, it’s easy to get in touch
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview or have a tutorial you’d like to see, let us know
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
Congrats to Matt Ahrens for getting FreeBSD commit access – hopefully lots of great ZFS stuff to come
A special 21st happy birthday to FreeBSD

The post Package Design | BSD Now 43 first appeared on Jupiter Broadcasting.

Demilitarized Tone | TechSNAP 166

chris — Thu, 12 Jun 2014 16:57:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Researchers develop an ultrasonic mesh network to extract data from computer networks, Feedly and Evernote get attacked, and something is amiss with Windows 7.

Then its a great batch of your feedback, our answers, and much much more!

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Exfiltrating data using an ultrasonic mesh network

Researchers at the Fraunhofer institute in Germany have developed a protocol based on an underwater communications protocol, to pass messages between laptops using their speakers
Fraunhofer Institute is famous for having invented the MP3 audio codec and being a significant contributor to the H.264/MPEG-4 AVC video codec.
The paper describes a ‘Covert Channel’ that can be used to circumvent firewalls and intrusion detection systems
The system uses ultrasonic sound, emitted by laptop speakers and received by laptop microphones
The range is about 20 meters and the provides about 20 bits/second of bandwidth
The general principle is to create a mesh network of laptops in order to exfiltrate data from a protected network or location
The proof of concept was created by installing a keylogger on a laptop, which would then send the data back to the attacker by emitting the ultrasonic (inaudible to the human ear) sounds, which would then be picked up by another infected machine and repeated, extending the transmission range
Eventually the signal may be able to reach a machine outside of the protected area or network, and be received by the attack, or re-transmitted by regular means
As a countermeasure, they suggest possibly disabling the speakers/microphone entirely
As a more useful countermeasure, they suggest a low-pass filter that would either remove the ultrasonic frequencies from the output, or shift them down to audible range so they can be detected by humans
The paper also discusses a host-based intrusion detection system that analyzes audio input and output for suspect signals
Full PDF

Feedly And Evernote Go Down As Attackers Demand Ransom

After restoring its services after Wednesday’s attack, the Feedly team reported in a blog post Thursday morning that it had been hit by a second DoS attack. As of late Thursday morning, Feedly is down again.
On Thursday June 12th Feedly Posted to their Blog: “2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us for money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.”
In Evernote’s case, the company noted yesterday evening that it was unavailable, and that it was working to neutralize a denial of service attack. A few hours later, a message on Evernote’s Twitter account said its service was restored – but it’s not out of the woods yet. “There may be a hiccup or two for the next 24 hours,” the tweet warned.
At least in Feedly’s case the attackers demanded a ransom to stop the attack.
It’s unknown as of now if the hackers are demanding ransom from Feedly on day two of the attack. The company has not responded to a request for comment.
Denial of service attack [Neutralized] – Feedly Blog
Feedly, Evernote And Others Become Latest Victims Of DDoS Attacks
BBC News – Feedly and Evernote struck by denial of service cyber-attacks
EuroBSDCon 2013 — Allan Jude — Mitigating DDoS Attacks at Layer 7

Microsoft patching flaws in Windows 8, but not Windows 7?

Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities.
The missing safe functions were part of Microsoft’s dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.
Researcher Moti Joseph and malware analyst Marion Marschalek (@pinkflawd) developed a capable diffing (comparison) tool dubbed DiffRay which would compare Windows 8 with 7, and log any safe functions absent in the older platform.
In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that were present in 8.
Including:
- bcrypt.dll!ConvertRsaPrivateBlobToFullRsa
- netlogon.dll!NlpAddResourceGroupsToSamInfo
- twext.dll!EscapeField (possible unpatched interger overflow in Windows 7, fixed in 8)
Slides
Video – What happens in Windows 7, stays in Windows 7

Feedback:

Round Up:

The post Demilitarized Tone | TechSNAP 166 first appeared on Jupiter Broadcasting.

AirPorts & Packages | BSD Now 40

chris — Thu, 05 Jun 2014 13:12:25 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

On this week\’s episode, we\’ll be giving you an introductory guide on OpenBSD\’s ports and package system.

There\’s also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware.

Lots of interesting news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

BSDCan 2014 talks and reports, part 2

More presentations and trip reports are still being uploaded
Ingo Schwarze, New Trends in mandoc
Vsevolod Stakhov, The Architecture of the New Solver in pkg
Julio Merino, The FreeBSD Test Suite
Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
There\’s also a trip report from Michael Dexter and another (very long and detailed) trip report from our friend Warren Block that even gives us some linkage, thanks!

Beyond security, getting to know OpenBSD\’s real purpose

Michael W Lucas (who, we learn through this video, has been using BSD since 1986) gave a \”webcast\” last week, and the audio and slides are finally up
It clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics
Some of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a \”pressure cooker for ideas,\” briefly touches on GPL vs BSDL, their \”do it right or don\’t do it at all\” attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans
Here\’s a direct link to the slides
Great presentation if you\’d like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too

FreeBSD vs Linux, a comprehensive comparison

Another blog post covering something people seem to be obsessed with – FreeBSD vs Linux
This one was worth mentioning because it\’s very thorough in regards to how things are done behind the scenes, not just the usual technical differences
It highlights the concept of a \”core team\” and their role vs \”contributors\” and \”committers\” (similar to a presentation Kirk McKusick did not long ago)
While a lot of things will be the same on both platforms, you might still be asking \”which one is right for me?\” – this article weighs in with some points for both sides and different use cases
Pretty well-written and unbiased article that also mentions areas where Linux might be better, so don\’t hate us for linking it

Expand FreeNAS with plugins

One of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework
With these plugins, you can greatly expand the feature set of your NAS via third party programs
This page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience
Some examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more
It then goes into more detail about each of them, how to actually install plugins and then how to set them up

Interview – Karl Lehenbauer – karl@flightaware.com / @flightaware

FreeBSD at FlightAware, BSD history, various topics

Tutorial

Ports and packages in OpenBSD

News Roundup

Code review culture meets FreeBSD

In most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree
This article describes Phabricator, an open source code review system that we briefly mentioned last week
Instructions for using it are on the wiki
While not approved by the core team yet for anything official, it\’s in a testing phase and developers are encouraged to try it out and get their patches reviewed
Just look at that fancy interface!!

Michael Lucas\’ next tech books

Sneaky MWL somehow finds his way into both our headlines and the news roundup
He gives us an update on the next BSD books that he\’s planning to release
The plan is to release three (or so) books based on different aspects of FreeBSD\’s storage system(s) – GEOM, UFS, ZFS, etc.
This has the advantage of only requiring you to buy the one(s) you\’re specifically interested in
\”When will they be released? When I\’m done writing them. How much will they cost? Dunno.\”
It\’s not Absolute FreeBSD 3rd edition…

CARP failover and high availability on FreeBSD

If you\’re running a cluster or a group of servers, you should have some sort of failover in place
But the question comes up, \”how do you load balance the load balancers!?\”
This video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying
Also mentions DNS-based load balancing as another option

PCBSD weekly digest

This time in PCBSD land, we\’re getting ready for the 10.0.2 release (ISOs here)
AppCafe got a good number of fixes, and now shows 10 random highlighted applications
EasyPBI added a \”bulk\” mode to create PBIs of an entire FreeBSD port category
Lumina, the new desktop environment, is still being worked on and got some bug fixes too

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview or have a tutorial you\’d like to see, let us know
Just a reminder, if you\’re using vnd (vnconfig) on OpenBSD for encryption, it\’s being retired for 5.7 – start planning to migrate your data to softraid
There were also some security advisories for FreeBSD recently, make sure you\’re all patched up
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post AirPorts & Packages | BSD Now 40 first appeared on Jupiter Broadcasting.

A BUG’s Life | BSD Now 38

chris — Thu, 22 May 2014 10:22:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We\’re back from BSDCan! This week on the show we\’ll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We\’ll get to hear their experiences of running one and maybe encourage some of you to start your own!

After that, we\’ve got a tutorial on the basics of NetBSD\’s package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD 11 goals and discussion

Something that actually happened at BSDCan this year…
During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
Slides from Dev Summit
Some of MWL\’s notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
There\’s also some notes from the devsummit virtualization session, mostly talking about bhyve
Lastly, he also provides some notes about ports and packages and where they\’re going

An SSH honeypot with OpenBSD and Kippo

Everyone loves messing with script kiddies, right?
This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
You can use this to get new 0day exploits or find weaknesses in your systems
OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications

NetBSD foundation financial report

The NetBSD foundation has posted their 2013 financial report
It\’s a very \”no nonsense\” page, pretty much only the hard numbers
In 2013, they got $26,000 of income in donations
The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
Be sure to donate to whichever BSDs you like and use!

Building a fully-encrypted NAS with OpenBSD

Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you\’re doing
This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require – this means the kernel itself is even protected
The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people\’s needs too
There\’s also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware – fantastic write up!

Interview – Brian Callahan & Aaron Bieber – admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

If you\’ve ever been an admin for a lot of FreeBSD boxes, you\’ve probably noticed that you get a lot of email
This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
From bad SSH logins to Zabbix alerts, it all adds up quickly
It highlights the periodic.conf file and FreeBSD\’s periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers

Doing cool stuff with OpenBSD routing domains

A blog post from our viewer and regular emailer, Kjell-Aleksander!
He manages some internally-routed IP ranges at his work, but didn\’t want to have equipment for each separate project
This is where OpenBSD routing domains and pf come in to save the day
The blog post goes through the process with all the network details you could ever dream of
He even named his networking equipment… after us

LibreSSL, the good and the bad

We\’re all probably familiar with OpenBSD\’s fork of OpenSSL at this point
However, \”for those of you that don\’t know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\”
This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
You need cryptographers, software engineers, software optimization specialists – there are a lot of roles that need to be filled
It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork – the main one being their aim for backwards compatibility

PCBSD weekly digest

Lots going on in PCBSD land this week, AppCafe has been redesigned
The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
In the more recent post, there\’s some further explanation of the PBI system and the reason for the transition
It\’s got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
Working on adding support for FDE with GELI using GRUB for 10.0.2
Any devs who can grock the GRUB geli code are welcome to contact Kris

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
Michael Lucas will be giving a live presentation next Tuesday, \”Beyond Security: Getting to Know OpenBSD’s Real Purpose\” so be sure to catch that
Preorders for the book of PF\’s third edition are up
We got a picture of a bunch of old FreeBSD CDs
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post A BUG's Life | BSD Now 38 first appeared on Jupiter Broadcasting.

Let’s Get RAID | BSD Now 36

chris — Fri, 09 May 2014 09:25:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show we\’ll be showing you how to set up RAID arrays in FreeBSD. There\’s also an interview with David Chisnall – of the FreeBSD core team – about the switch to Clang and a lot more.

Sit back and enjoy some BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD 5.5 released

If you ordered a CD set then you\’ve probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5
This is one of the biggest releases to date, with a very long list of changes and improvements
Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes… and a lot more
The full list of changes is HUGE, be sure to read through it all if you\’re interested in the details
If you\’re doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version
Also be sure to apply the errata patches on your new installations… especially those OpenSSL ones (some of which still aren\’t fixed in the other BSDs yet)
On the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change
Congrats to the whole team on this great release – 5.6 is going to be even more awesome with \”Libre\”SSL and lots of other stuff that\’s currently in development

FreeBSD foundation funding highlights

The FreeBSD foundation posts a new update on how they\’re spending the money that everyone donates
\”As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we\’ve done to help FreeBSD become the most innovative, reliable, and high-performance operation system\”
During this spring, they want to highlight the new UEFI boot support and newcons
There\’s a lot of details about what exactly UEFI is and why we need it going forward
FreeBSD has also needed some updates to its console to support UTF8 and wide characters
Hopefully this series will continue and we\’ll get to see what other work is being sponsored

OpenSSH without OpenSSL

The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional
Since it won\’t have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security
This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES (in counter mode) and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity
Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs
No support for RSA, DSA or ECDSA public keys – only Ed25519
It also includes a new buffer API and a set of wrappers to make it compatible with the existing API
Believe it or not, this was planned before all the heartbleed craziness
Maybe someday soon we\’ll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc… would be really cool

BSDMag\’s April 2014 issue is out

The free monthly BSD magazine has got a new issue available for download
This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online
Anyone can contribute to the magazine, just send the editors an email about what you want to write
No Linux articles this time around

Interview – David Chisnall – theraven@freebsd.org

The LLVM/Clang switch, FreeBSD\’s core team, various topics

Tutorial

RAID in FreeBSD and OpenBSD

News Roundup

BSDTalk episode 240

The original BSD podcaster Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest – mainly to talk about NTP and keeping reliable time
Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and… much more
GNN also talks a little about the Precision Time Protocol and how it\’s different than NTP
Two people we\’ve interviewed talking to each other, awesome
If you\’re interested in NTP, be sure to see our tutorial too

m2k14 trip reports

We\’ve got a few more reports from the recent OpenBSD hackathon in Morocco
The first one is from Antoine Jacoutot (who is a key GNOME porter, and gave us the screenshots for the OpenBSD desktop tutorial)
\”Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do\”
He got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports\’ compatibility with LibreSSL
Speaking of LibreSSL, there\’s an article all would-be portable version writers should probably read and take into consideration
Jasper Adriaanse also writes about what he got done over there
He cleaned up and fixed the puppet port to work better with OpenBSD

Why you should use FreeBSD on your cloud VPS

Here we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD
Starts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows
(Spoiler) the 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options
The post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS

PCBSD weekly digest

Big changes coming in the way PCBSD manages software
The PBI system, AppCafe and related tools are all going to use pkgng now
The AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree
New rating system coming soon and much more

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
The Tor and mailing list tutorials have gotten some fixes and updates
The OpenBSD router tutorial has also gotten a bit of a makeover, and now includes new scripts for 5.5 and signify
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
If any listeners have a collection of old FreeBSD or OpenBSD CDs, we\’d love for you to send in a picture of the whole set together so we can show it off
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
We will be at BSDCan next week – be sure to say hi if you run into us!

The post Let's Get RAID | BSD Now 36 first appeared on Jupiter Broadcasting.

Puffy Firewall | BSD Now 35

chris — Wed, 30 Apr 2014 23:49:53 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We\’re back again! On this week\’s packed show, we\’ve got one of the biggest tutorials we\’ve done in a while. It\’s an in-depth look at PF, OpenBSD\’s firewall, with some practical examples and different use cases.

We\’ll also be talking to Peter Hansteen about the new edition of \”The Book of PF.\” Of course, we\’ve got news and answers to your emails too, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

ALTQ removed from PF

The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current
There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the \”queue\” keyword with \”oldqueue\” in your pf.conf
As of 5.6, due about six months from now, you\’ll have to change your ruleset to the new syntax if you\’re using it for bandwidth shaping
After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem
This doesn\’t affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately

FreeBSD Quarterly Status Report

The quarterly status report from FreeBSD is out, detailing some of the project\’s ongoing tasks
Some highlights include the first \”stable\” branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added
We\’ve got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team
LOTS of details and LOTS of topics to cover, give it a read

OpenBSD\’s OpenSSL rewrite continues with m2k14

A mini OpenBSD hackathon begins in Morocco, Africa
You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning
We\’ve got two trip reports so far, hopefully we\’ll have some more to show you in a future episode
You can see some of the more interesting quotes from the tear-down or see everything
Apparently they are going to call the fork \”LibreSSL\” ….
What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!
We also got some mainstream news coverage and another post from Ted about the history of the fork
OpenBSD developer Reyk Floeter implemented privilege separation to store RSA keys in a separate process as an additional mitigation against key leakage from attacks such as heartbleed in relayd and OpenSMTPD
You can compile libressl for other OSes
Consider donating to the OpenBSD foundation – this fork will benefit all the other BSDs too

NetBSD 6.1.4 and 6.0.5 released

New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes
The main update is – of course – the heartbleed vulnerability
Also includes fixes for other security issues and even a kernel panic… on Atari
Patch your Ataris right now, this is serious business

Interview – Peter Hansteen – peter@bsdly.net / @pitrh

The Book of PF: 3rd edition

Tutorial

BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

For quite a while now, FreeBSD has had two versions of X11 in ports
The older, stable version was the default, but you could install a newer one by having \”WITH_NEW_XORG\” in /etc/make.conf
They\’ve finally made the switch for 10-STABLE and 9-STABLE
Check this wiki page for more info

GSoC-accepted BSD projects

The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what\’s planned
OpenBSD\’s list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon
The FreeBSD list was also posted
Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more
Good luck to all the students participating, hopefully they become full time BSD users

Complexity of FreeBSD VFS using ZFS as an example

HybridCluster posted the second part of their VFS and ZFS series
This new post has lots of technical details once again, definitely worth reading if you\’re a ZFS guy
Of course, also watch episode 24 for our interview with HybridCluster – they do really interesting stuff

PCBSD weekly digest

Preload has been ported over, it\’s a daemon that prefetches applications
PCBSD is developing their own desktop environment, Lumina (there\’s also an FAQ)
It\’s still in active development, but you can try it out by installing from ports
We\’ll be showing a live demo of it in a few weeks (when development settles down a bit)

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
It looks like OpenBSD 5.5 CD sets are already starting to show up in people\’s mail boxes – we\’ll have the full details of the release next week
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Puffy Firewall | BSD Now 35 first appeared on Jupiter Broadcasting.

BSD Now vs. BSDTalk | BSD Now 27

chris — Thu, 06 Mar 2014 23:41:07 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The long-awaited meetup is finally happening on today\’s show. We\’re going to be interviewing the original BSD podcaster, Will Backman, to discuss what he\’s been up to and what the future of BSD advocacy looks like. After that, we\’ll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We\’ve got answers to user-submitted questions and the latest news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD and OpenBSD in GSOC2014

The Google Summer of Code is a way to encourage students to write code for open source projects and make some money
Both FreeBSD and OpenBSD were accepted, and we\’d love for anyone listening to check out their GSOC pages
The FreeBSD wiki has a list of things that they\’d be interested in someone helping out with
OpenBSD\’s want list was also posted
DragonflyBSD and NetBSD were sadly not accepted this year

Yes, you too can be an evil network overlord

A new blog post about monitoring your network using only free tools
OpenBSD is a great fit, and has all the stuff you need in the base system or via packages
It talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)
There\’s also details about flowd and nfsen, more great tools to make network monitoring easy
If you\’re listening, Peter… stop ignoring our emails and come on the show! We know you\’re watching!

BSDMag\’s February issue is out

The theme is \”configuring basic services on OpenBSD 5.4\”
There\’s also an interview with Peter Hansteen
Topics also include locking down SSH, a GIMP lesson, user/group management, and…
Linux and Solaris articles? Why??

Changes in bcrypt

Not specific to any OS, but the OpenBSD team is updating their bcrypt implementation
There is a bug in bcrypt when hashing long passwords – other OSes need to update theirs too! (FreeBSD already has)
\”The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor \’b\’.\”
As long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward
Lots of specifics in the email, check the full post

This episode was brought to you by

Interview – Will Backman – bitgeist@yahoo.com / @bsdtalk

The BSDTalk podcast, BSD advocacy, various topics

Tutorial

Tracking and cross-compiling -CURRENT (NetBSD)

News Roundup

X11 no longer needs root

Xorg has long since required root privileges to run the main server
With recent work from the OpenBSD team, now everything (even KMS) can run as a regular user
Now you can set the \”machdep.allowaperture\” sysctl to 0 and still use a GUI

OpenSSH 6.6 CFT

Shortly after the huge 6.5 release, we get a routine bugfix update
Test it out on as many systems as you can
Check the mailing list for the full bug list

Creating an OpenBSD USB drive

Since OpenBSD doesn\’t distribute any official USB images, here are some instructions on how to do it
Step by step guide on how you can make your very own
However, there\’s some recent emails that suggest official USB images may be coming soon… oh wait

PCBSD weekly digest

New PBI updates that allow separate ports from /usr/local
You need to rebuild pbi-manager if you want to try it out
Updates and changes to Life Preserver, App Cafe, PCDM

Feedback/Questions

espressowar writes in: https://slexy.org/view/s2JpJ5EaZp
Antonio writes in: https://slexy.org/view/s2QpPevJ3J
Christian writes in: https://slexy.org/view/s2EZLxDfWh
Adam writes in: https://slexy.org/view/s21gEBZbmG
Alex writes in: https://slexy.org/view/s2RnCO1p9c

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We especially want to hear some tutorial ideas that you guys would like to see, so let us know
Also, if you\’re a NetBSD or DragonflyBSD guy listening, we want to talk to you! We\’d love more interviews related to those, whether you\’re a developer or not
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post BSD Now vs. BSDTalk | BSD Now 27 first appeared on Jupiter Broadcasting.

A Sixth pfSense | BSD 25

chris — Thu, 20 Feb 2014 21:25:32 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\’ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

EuroBSDCon and AsiaBSDCon

This year, EuroBSDCon will be in September in Sofia, Bulgaria
They\’ve got a call for papers up now, so everyone can submit the talks they want to present
There will also be a tutorial section of the conference
AsiaBSDCon will be next month, in March!
All the info about the registration, tutorials, hotels, timetable and location have been posted
Check the link for all the details on the talks – if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!

FreeBSD 10 on Ubiquiti EdgeRouter Lite

The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
This article goes through the process of installing and configuring FreeBSD on it to use as a home router
Lots of good pictures of the hardware and specific details needed to get you set up
It also includes the scripts to create your own images if you don\’t want to use the ones rolled by someone else
For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
Of course if you\’re more of an OpenBSD guy, you can always see our tutorial for that too

Signed pkgsrc package guide

We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
He goes through the process of signing packages with a public key and how to verify the packages when you install them
The author also happens to be an EdgeBSD developer

Big batch of OpenBSD hackathon reports

Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
In the third, jsg updated libdrm and mesa and did various work on xenocara
In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead – but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\’s done
In the fifth, claudio talks about some stuff he did for routing tables and misc. other things

This episode was brought to you by

Interview – Chris Buechler – cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

Our buddy from the Linux foundation continues his switching to BSD journey
In day 13, he covers some tips for new users, mentions trying things out in a VM first
In day 14, he starts setting up XFCE and X11, feels like he\’s starting over as a new Linux user learning the ropes again – concludes that ports are the way to go
In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
In day 16, he dives into the world of FreeBSD jails!

BSD books in 2014

BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
In this post, he details some of his plans for 2014
In includes at least one OpenBSD book, at least one FreeBSD book and…
Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
Check the link for all the details

How to build FreeBSD/EC2 images

Our friend Colin Percival details how to build EC2 images in a new blog post
Most people just use the images he makes on their instances, but some people will want to make their own from scratch
You build a regular disk image and then turn it into an AMI
It requires a couple ports be installed on your system, but the whole process is pretty straightforward

PCBSD weekly digest

This time around we discuss how you can become a developer
Kris also details the length of supported releases
Expect lots of new features in 10.1

Feedback/Questions

Sean writes in: https://slexy.org/view/s216xJoCVG
Jake writes in: https://slexy.org/view/s2gLrR3VVf
Niclas writes in: https://slexy.org/view/s21gfG3Iho
Steffan writes in: https://slexy.org/view/s2JNyw5BCn
Antonio writes in: https://slexy.org/view/s2kg3zoRfm
Chris writes in: https://slexy.org/view/s2ZwSIfRjm

Our email backlog is pretty much caught up. Now\’s a great time to send us something – questions, stories, ideas, requests for something you want to see, anything
All the tutorials are posted in their entirety at bsdnow.tv
The OpenBSD router tutorial got a couple improvements and fixes
Just because our tutorial contest is over doesn\’t mean you can\’t submit any, we would love if more listeners wrote up a tutorial on interesting things they\’re doing with BSD
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
The BSD Now shirt design has been finalized, we have the files and are working out the printing details… expect them to be available in early-to-mid March!

The post A Sixth pfSense | BSD 25 first appeared on Jupiter Broadcasting.

Tendresse for Ten | BSD Now 21

chris — Thu, 23 Jan 2014 21:58:45 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We\’ve got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE – yes it\’s finally here! We\’re gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we\’ll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We\’ve got a round of your questions and the latest news, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

FreeBSD 10.0-RELEASE is out

The long awaited, giant release of FreeBSD is now official and ready to be downloaded
One of the biggest releases in FreeBSD history, with tons of new updates
Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system… the list goes on and on
Start up your freebsd-update or do a source-based upgrade right now!

OpenSSH 6.5 CFT

Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5
Huge, huge release, focused on new features rather than bugfixes (but it includes those too)
New ciphers, new key formats, new config options, see the mailing list for all the details
Should be in OpenBSD 5.5 in May, look forward to it – but also help test on other platforms!
We\’ll talk about it more when it\’s released

DIY NAS story, FreeNAS 9.2.1-BETA

Another new blog post about FreeNAS!
\”I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS\”
Really long article with lots of nice details about his setup, why you might want a NAS, etc.
Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes

OpenBSD needed funding for electricity.. and they got it

Briefly mentioned at the end of last week\’s show, but has blown up over the internet since
OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments
They needed about $20,000 to cover electric costs for the server rack in Theo\’s basement
Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations
From Bob Beck, \”we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation\”
This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large

This episode was brought to you by

Interview – Colin Percival – cperciva@freebsd.org / @twitter

FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics

Tutorial

Bandwidth monitoring and testing

News Roundup

pfSense talk at Tokyo FreeBSD Benkyoukai

Isaac Levy will be presenting \”pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments\”
He\’s also going to be looking for help to translate the pfSense documentation into Japanese
The event is on February 17, 2014 if you\’re in the Tokyo area

m0n0wall 1.8.1 released

For those who don\’t know, m0n0wall is an older BSD-based firewall OS that\’s mostly focused on embedded applications
pfSense was forked from it in 2004, and has a lot more active development now
They switched to FreeBSD 8.4 for this new version
Full list of updates in the changelog
This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no!

Ansible and PF, plus NTP

Another blog post from our buddy Michael Lucas
There\’ve been some NTP amplification attacks recently in the news
The post describes how he configured ntpd on a lot of servers without a lot of work
He leverages pf and ansible for the configuration
OpenNTPD is, not surprisingly, unaffected – use it

ruBSD videos online

Just a quick followup from a few weeks ago
Theo and Henning\’s talks from ruBSD are now available for download
There\’s also a nice interview with Theo

PCBSD weekly digest

10.0-RC4 images are available
Wine PBI is now available for 10
9.2 systems will now be able to upgrade to version 10 and keep their PBI library

Feedback/Questions

Sha\’ul writes in: https://slexy.org/view/s2WQXwMASZ
Kjell-Aleksander writes in: https://slexy.org/view/s2H0FURAtZ
Mike writes in: https://slexy.org/view/s21eKKPgqh
Charlie writes in (and gets a reply): https://slexy.org/view/s21UMLnV0G
Kevin writes in: https://slexy.org/view/s2SuazcfoR

Contest

We\’ll be giving away a handmade FreeBSD pillow – yes you heard right
All you need to do is write a tutorial for the show
Submit your BSD tutorial write-ups to feedback@bsdnow.tv
Check bsdnow.tv/contest for all the rules, details, instructions and a picture of the pillow.

All the tutorials are posted in their entirety at bsdnow.tv
The poudriere tutorial got a couple fixes and modernizations
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Stop commenting on the Jupiterbroadcasting pages and Youtube! We don\’t read those!
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Tendresse for Ten | BSD Now 21 first appeared on Jupiter Broadcasting.