August 20, 2014

51: Engineering Nginx

1 hour 27 minutes

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Password gropers take spamtrap bait

Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post

He seems to have discovered another new weird phenomenon in his pop3 logs

"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"

Someone tried to log in to his service with an address that was known to be invalid

The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose

***

Inside the Atheros wifi chipset

Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014

He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development

There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards

Very technical talk; some parts might go over your head if you're not a driver developer

The raw video file is also available to download on archive.org

Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things

***

Trip report and hackathon mini-roundup

A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted

Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports

Bapt also has a BSDCan report detailing his work on ports and packages

Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout

Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function

Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure

***

DragonFly BSD 3.8.2 released

Although it was already branched, the release media is now available for DragonFly 3.8.2

This is a minor update, mostly to fix the recent OpenSSL vulnerabilities

It also includes some various other small fixes

***

Interview - Eric Le Blan - [email protected]

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial

This is a follow-up post, by the same author, about doing a similar thing with FreeBSD

He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs

The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.

***

Don't encrypt all the things

Another couple of interesting blog posts from Ted Unangst about encryption

It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good

After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie

He also talks a bit about some PGP weaknesses and a possible future replacement

He also has another, similar post entitled "in defense of opportunistic encryption"

***

New automounter lands in FreeBSD

The work on the new automounter has just landed in 11-CURRENT

With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option

Check the SVN viewer online to read over the man pages if you're not running -CURRENT

You can also read a bit about it in the recent newsletter

***

OpenSSH 6.7 CFT

It's been a little while since the last OpenSSH release, but 6.7 is almost ready

Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features

It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released

This version also officially supports being built with LibreSSL now

Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system

***

Feedback/Questions

David writes in

Lachlan writes in

Francis writes in

Frank writes in

Sean writes in

***

...more

View all episodes

By JT Pennington

4.9

8989 ratings