Episode 029: P.E.F.S.
This episode was brought to you by
- SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
- They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
- There's the benefit of not needing a knownhosts file or authorizedusers file anymore
- The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication
- Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
- "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
- He's starting off with PCBSD since it's easy to get working with dual graphics
- Should be a fun series to follow!
- If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
- Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
- This article goes through some of his findings and plans for future versions that increase performance
- We'll be showing a tutorial of dpb on the show in a few weeks
- So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
- This post walks us through the process of locking down an ssh server with 2FA
- With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections
Interview - Gleb Kurtsou - firstname.lastname@example.org
PEFS (security audit results here)
- Registration is finally open!
- The prices are available along with a full list of presentations
- Tutorial sessions for various topics as well
- You have to go
- Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
- OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
- They've also imported nginx into base a few years ago, but now have finally removed Apache
- Sendmail is also no longer the default MTA, OpenSMTPD is the new default
- Will BIND be removed next? Maybe so
- They've also discontinued the hp300, mvme68k and mvme88k ports
- The "getting to know your portmgr" series makes its return
- This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
- How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
- Mentions why he's still heavily involved with the project and lots more
- Work has started to port Pulseaudio to PCBSD 10.0.1
- There's a new "pc-mixer" utility being worked on for sound management as well
- New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
- PCBSD 10.0.1 was released too
- All the tutorials are posted in their entirety at bsdnow.tv
- The pkgng, ZFS, OpenBSD router and FreeBSD desktop tutorials have gotten some updates and fixes
- If you were using the automatic errata checking script in the router tutorial, you need to redownload the new, fixed version (they rearranged some stuff on the website and broke it)
- A few weeks' worth of new tutorials were uploaded ahead of time for the benefit of everyone, no point in holding them hostage - go check 'em all out
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to email@example.com
- Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
- Dusko, the winner of our tutorial contest, sent us a picture with his awesome FreeBSD pillow!
- The AsiaBSDCon 2014 proceedings are out