May 13, 2015

89: Exclusive Disjunction

1 hour 3 minutes

This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent WX improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

OpenSMTPD for the whole family

Setting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accounts

This article talks about configuring a home mail server too, but even for the other people you live with

After convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server too

If you've ever run a mail server and had to deal with greylisting, you'll appreciate the struggle he went through

In the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box

***

NetBSD on the Edgerouter Lite

We've talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devices

The EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)

A NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog post

The process is fairly simple, and you can cross-compile your own installation image on any CPU architecture (even from another BSD!)

OpenBSD and FreeBSD also have some support for these devices

***

Bitrig at NYC*BUG

The New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John Vernaleo

John discussed Bitrig, an OpenBSD fork that we've talked about a couple times on the show

He talks about what they've been up to lately, why they're doing what they're doing, difference in supported platforms

Ports and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences

***

OPNsense, meet HardenedBSD

Speaking of forks, two FreeBSD-based forked projects we've mentioned on the show, HardenedBSD and OPNsense, have decided to join forces

Backporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebase

Paired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interface

We'll cover more news on the collaboration as it comes out

***

Interview - Mike Larkin - [email protected] / @mlarkin2012

Memory protections in OpenBSD: WX, ASLR, PIE, SSP

News Roundup

A closer look at FreeBSD

The week wouldn't be complete without at least one BSD article making it to a mainstream tech site

This time, it's a high-level overview of FreeBSD, some of its features and where it's used

Being that it's an overview article on a more mainstream site, you won't find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensing

If you have any BSD-curious Linux friends, this might be a good one to send to them

***

Linksys NSLU2 and NetBSD

The Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004

"About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]"

After doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux box

If you've got one of these old devices kicking around, check out this write-up and get some BSD action on there

***

OpenBSD disklabel templates

We've covered OpenBSD's "autoinstall" feature for unattended installations in the past, but one area where it didn't offer a lot of customization was with the disk layout

With a few recent changes, there are now a series of templates you can use for a completely customized partition scheme

This article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabel

Combine this new feature with our -stable iso tutorial, and you could deploy completely patched and customized images en masse pretty easily

***

FreeBSD native ARM builds

FreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren't part of base

Some of the older board-specific kernel configuration files have been replaced, and now the "IMC6" target is used

This goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen

***

Feedback/Questions

Sean writes in

Ron writes in

Charles writes in

Bostjan writes in

***

...more

View all episodes

By JT Pennington

4.8

9191 ratings