August 13, 2014

50: VPN, My Dear Watson

1 hour 27 minutes

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

MeetBSD 2014 is approaching

The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California

MeetBSD has an "unconference" format, which means there will be both planned talks and community events

All the extra details will be on their site soon

It also has hotels and various other bits of useful information - hopefully with more info on the talks to come

Of course, EuroBSDCon is coming up before then

***

First experiences with OpenBSD

A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"

The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try

He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"

From there, it talks about how he used the OpenBSD USB image and got a fully-working system

He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration

Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user!

***

NetBSD rump kernels on bare metal (and Kansai OSC report)

When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right

However, NetBSD's rump kernels - a very unique concept - make this process a lot easier

This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week

Also have a look back at episode 8 for our interview about rump kernels and what exactly they do

While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight

***

OpenSSL and LibreSSL updates

OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)

Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more

LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them

Whichever version of whatever SSL you use, make sure it's patched for these issues

DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)

***

Interview - Robert Watson - [email protected]

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

If you use git (like a certain host of this show) then you've probably considered setting up your own server

This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend

It even shows you how to set up multiple repos with key-based user separation and other cool things

The author of the post is also a listener of the show, thanks for sending it in!

***

Backup devices for small businesses

In this article, different methods of data storage and backup are compared

After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer

He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers

It also goes over some of the hardware specifics in the FreeNAS Mini

***

A new Xenocara interview

As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara

If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches

In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing

Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there

***

Building a high performance FreeBSD samba server

If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?

FreeBSD, ZFS and Samba obviously!

The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients

This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)

It doesn't even require the newest or best hardware with the right changes, pretty cool

***

Feedback/Questions

An interesting Reddit thread (or two)

PB writes in

Sean writes in

Steve writes in

Lachlan writes in

Justin writes in

***

...more

View all episodes

By JT Pennington

4.9

8989 ratings

August 13, 2014

50: VPN, My Dear Watson

1 hour 27 minutes

This episode was brought to you by

Headlines

MeetBSD 2014 is approaching

The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California

MeetBSD has an "unconference" format, which means there will be both planned talks and community events

All the extra details will be on their site soon

It also has hotels and various other bits of useful information - hopefully with more info on the talks to come

Of course, EuroBSDCon is coming up before then

***

First experiences with OpenBSD

A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"

The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try

He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"

From there, it talks about how he used the OpenBSD USB image and got a fully-working system

He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration

Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user!

***

NetBSD rump kernels on bare metal (and Kansai OSC report)

When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right

However, NetBSD's rump kernels - a very unique concept - make this process a lot easier

This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week

Also have a look back at episode 8 for our interview about rump kernels and what exactly they do

***

OpenSSL and LibreSSL updates

OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)

Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more

LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them

Whichever version of whatever SSL you use, make sure it's patched for these issues

DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)

***

Interview - Robert Watson - [email protected]

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

If you use git (like a certain host of this show) then you've probably considered setting up your own server

This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend

It even shows you how to set up multiple repos with key-based user separation and other cool things

The author of the post is also a listener of the show, thanks for sending it in!

***

Backup devices for small businesses

In this article, different methods of data storage and backup are compared

After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer

He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers

It also goes over some of the hardware specifics in the FreeNAS Mini

***

A new Xenocara interview

As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara

If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches

Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there

***

Building a high performance FreeBSD samba server

If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?

FreeBSD, ZFS and Samba obviously!

The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients

This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)

It doesn't even require the newest or best hardware with the right changes, pretty cool

***

Feedback/Questions

An interesting Reddit thread (or two)

PB writes in

Sean writes in

Steve writes in

Lachlan writes in

Justin writes in

***

...more

More shows like BSD Now

View all

Security Now (Audio)

1,970 Listeners

Software Engineering Radio - the podcast for professional software developers

272 Listeners

The Changelog: Software Development, Open Source

284 Listeners

LINUX Unplugged

265 Listeners

Python Bytes

215 Listeners

Late Night Linux

154 Listeners

Home Assistant Podcast

65 Listeners

CoRecursive: Coding Stories

189 Listeners

Kubernetes Podcast from Google

181 Listeners

Late Night Linux Family All Episodes

44 Listeners

Linux Dev Time

21 Listeners

Self-Hosted

135 Listeners

2.5 Admins

92 Listeners

Linux After Dark

29 Listeners

Oxide and Friends

47 Listeners

Share 50: VPN, My Dear Watson

Sign up to save your podcasts

50: VPN, My Dear Watson

50: VPN, My Dear Watson

More shows like BSD Now

Security Now (Audio)

Software Engineering Radio - the podcast for professional software developers

The Changelog: Software Development, Open Source

LINUX Unplugged

Python Bytes

Late Night Linux

Home Assistant Podcast

CoRecursive: Coding Stories

Kubernetes Podcast from Google

Late Night Linux Family All Episodes

Linux Dev Time

Self-Hosted

2.5 Admins

Linux After Dark

Oxide and Friends