May 21, 2014

38: A BUG's Life

1 hour 28 minutes

We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD 11 goals and discussion

Something that actually happened at BSDCan this year...

During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE

Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support

A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more

There's also some notes from the devsummit virtualization session, mostly talking about bhyve

Lastly, he also provides some notes about ports and packages and where they're going

***

An SSH honeypot with OpenBSD and Kippo

Everyone loves messing with script kiddies, right?

This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD

It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely

You can use this to get new 0day exploits or find weaknesses in your systems

OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications

***

NetBSD foundation financial report

The NetBSD foundation has posted their 2013 financial report

It's a very "no nonsense" page, pretty much only the hard numbers

In 2013, they got $26,000 of income in donations

The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else

Be sure to donate to whichever BSDs you like and use!

***

Building a fully-encrypted NAS with OpenBSD

Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing

This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind

The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected

The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too

There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up!

***

Interview - Brian Callahan & Aaron Bieber - [email protected] & [email protected]

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email

This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them

From bad SSH logins to Zabbix alerts, it all adds up quickly

It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers

***

Doing cool stuff with OpenBSD routing domains

A blog post from our viewer and regular emailer, Kjell-Aleksander!

He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project

This is where OpenBSD routing domains and pf come in to save the day

The blog post goes through the process with all the network details you could ever dream of

He even named his networking equipment... after us

***

LibreSSL, the good and the bad

We're all probably familiar with OpenBSD's fork of OpenSSL at this point

However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk"

This article talks about some of the cryptographic development challenges involved with maintaining such a massive project

You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled

It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility

***

PCBSD weekly digest

Lots going on in PCBSD land this week, AppCafe has been redesigned

The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update

In the more recent post, there's some further explanation of the PBI system and the reason for the transition

It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion

***

Feedback/Questions

Antonio writes in

Daniel writes in

Sean writes in

tsyn writes in

Chris writes in

***

...more

View all episodes

By JT Pennington

4.9

8989 ratings