This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent WX improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
OpenSMTPD for the whole family
Setting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accountsThis article talks about configuring a home mail server too, but even for the other people you live withAfter convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server tooIf you've ever run a mail server and had to deal with greylisting, you'll appreciate the struggle he went throughIn the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box***
NetBSD on the Edgerouter Lite
We've talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devicesThe EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)A NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog postThe process is fairly simple, and you can cross-compile your own installation image on any CPU architecture (even from another BSD!)OpenBSD and FreeBSD also have some support for these devices***
Bitrig at NYC*BUG
The New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John VernaleoJohn discussed Bitrig, an OpenBSD fork that we've talked about a couple times on the showHe talks about what they've been up to lately, why they're doing what they're doing, difference in supported platformsPorts and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences***
OPNsense, meet HardenedBSD
Speaking of forks, two FreeBSD-based forked projects we've mentioned on the show, HardenedBSD and OPNsense, have decided to join forcesBackporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebasePaired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interfaceWe'll cover more news on the collaboration as it comes out***
Interview - Mike Larkin -
[email protected] / @mlarkin2012
Memory protections in OpenBSD: WX, ASLR, PIE, SSP
News Roundup
A closer look at FreeBSD
The week wouldn't be complete without at least one BSD article making it to a mainstream tech siteThis time, it's a high-level overview of FreeBSD, some of its features and where it's usedBeing that it's an overview article on a more mainstream site, you won't find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensingIf you have any BSD-curious Linux friends, this might be a good one to send to them***
Linksys NSLU2 and NetBSD
The Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004"About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]"After doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux boxIf you've got one of these old devices kicking around, check out this write-up and get some BSD action on there***
OpenBSD disklabel templates
We've covered OpenBSD's "autoinstall" feature for unattended installations in the past, but one area where it didn't offer a lot of customization was with the disk layoutWith a few recent changes, there are now a series of templates you can use for a completely customized partition schemeThis article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabelCombine this new feature with our -stable iso tutorial, and you could deploy completely patched and customized images en masse pretty easily***
FreeBSD native ARM builds
FreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren't part of baseSome of the older board-specific kernel configuration files have been replaced, and now the "IMC6" target is usedThis goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen***
Feedback/Questions
Sean writes inRon writes inCharles writes inBostjan writes in***
View all episodes
