This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
More BSDCan 2015 videos
Almost as if we said it would happen last week, more BSD-related presentation videos have been uploadedAlexander Motin, Feature-rich and fast SCSI target with CTL and ZFSDaichi Goto, FreeBSD for High Density ServersKen Moore, Lumina-DEKevin Bowling, FreeBSD Operations at Limelight NetworksMaciej Pasternacki, Jetpack, a container runtime for FreeBSDRay Percival, Networking with OpenBSD in a virtualized environmentReyk Floeter, Introducing OpenBSD's new httpdStill more to come, hopefully***
OpenBSD httpd rewrite support
One of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite supportThere were concerns about regex code being too complicated and potentially allowing another attack surface, so that was outInstead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindingsIn the mailing list post, he shows an example of how to use it for redirects and provides the diff if you'd like to give it a try nowIt's since been committed to -current, so you can try it out with a snapshot too***
SSH 2FA on FreeBSD
We've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authenticationThis article serves as a sort of "roundup" on different methods to set up two-factor authentication on FreeBSDIt touches on key pairs with a server-side password, google authenticator and a few other variationsWhile the article is focused on FreeBSD, a lot of it can be easily applied to the others tooOpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems***
NetBSD 7.0-RC1 released
NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (11 months ago)Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1They're looking for as much testing as possible, so give it a try and report your findings to the release engineering team***
Interview - Sean Chittenden -
[email protected] / @seanchittenden
News Roundup
OpenSMTPD and Dovecot
We've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the lastThis blog post about it has something not mentioned before: virtual domains and virtual usersThis means you can easily have "[email protected]" and "[email protected]" both go to a local user on the box (or a different third address) It also covers SSL certificates, blocking spam and setting up IMAP access, the usualNow might also be a good time to test out OpenSMTPD 5.7.1-rc1, which we'll cover in more detail when it's released...***
OctoPkg, a QT frontend to pkgng
A PC-BSD user has begun porting over a graphical package management utility from Arch linux called OctopiObviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacmanThere are some basic instructions on how to get it built and running on the github pageAfter some testing, it'll likely make its way to the FreeBSD ports treeTools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over***
AFL vs. mandoc, a quantitative analysis
Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFLIt's meant to be accompanying material to his BSDCan talk, which already covered nine topicsmandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying inputThe article breaks down the 45 different bugs that were found, based on their root causeIf you're interested in secure coding practices, this'll be a great one to read***
OpenZFS conference videos
Videos from the second OpenZFS conference have just started to show upThe first talk is by, you guessed it, Matt AhrensIn it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked onThere are also videos from Nexenta and HGST, talking about how they use and contribute to OpenZFS***
Feedback/Questions
Bryson writes inKevin writes in***
View all episodes
