July 02, 2014

44: Base ISO 100

1 hour 45 minutes

This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

pfSense 2.1.4 released

The pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release

Included within are eight security fixes, most of which are pfSense-specific

OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)

It also includes a large number of various other bug fixes

Update all your routers!

***

DragonflyBSD's pf gets SMP

While we're on the topic of pf...

Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas

Stemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware

Altering your configuration's ruleset can also help speed things up, he found

When will OpenBSD, the source of pf, finally do the same?

***

ChaCha usage and deployment

A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5

This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20

OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it

Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not

Unfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm

***

BSDMag June 2014 issue

The monthly online BSD magazine releases their newest issue

This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities

The free pdf file is available for download as always

***

Interview - Craig Rodrigues - [email protected]

FreeBSD's continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures

In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns

With signify, now everything is fully downloaded and verified before tar is even invoked

The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post

Be sure to also read the original post from Adam, lots of good information

***

FreeBSD 9.3-RC2 is out

As the -RELEASE inches closer, release candidate 2 is out and ready for testing

Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things

The updated bsdconfig will use pkgng style packages now too

A lesser known fact: there are also premade virtual machine images you can use too

***

pkgsrcCon 2014 wrap-up

In what may be the first real pkgsrcCon article we've ever had!

Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event

Unfortunately no recordings to be found...

***

PostgreSQL FreeBSD performance and scalability

FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales

On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings

Lots of technical details if you're interested in getting the best performance out of your hardware

It also includes specific kernel options he used and the rest of the configuration

If you don't want to open the pdf file, you can use this link too

***

Feedback/Questions

James writes in

Klemen writes in

John writes in

Brad writes in

Adam writes in

***

...more

View all episodes

By JT Pennington

4.8

9191 ratings