Episode 032: PXE Dust
2014-04-09
Direct Download:
Video | HD Video | MP3 Audio | OGG Audio | Torrent
This episode was brought to you by
Headlines
FreeBSD ASLR status update
- Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD
- He's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)
- Work has also started on testing ASLR on ARM, using a Raspberry Pi
- He's giving a presentation at BSDCan this year about his ASLR work
- While we're on the topic of BSDCan...
BSDCan tutorials, improving the experience
- Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials
- The tutorials are called "Building the network you need with PF, the OpenBSD packet filter" and "Transitioning to OpenBSD 5.5" - both scheduled to last three hours each
- He's requesting anyone that'll be there to go ahead and contact him, telling him exactly what you'd like to learn
- There's also a bit of background information about the tutorials and how he's looking to improve them
- If you're interested in OpenBSD and going to BSDCan this year, hit him up
pkgsrc-2014Q1 released
- The new stable branch of pkgsrc packages has been built and is ready
- Python 3.3 is now a "first class citizen" in pkgsrc
- 14255 packages for NetBSD-current/x8664, 11233 binary packages built with clang for FreeBSD 10/x8664
- There's a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined
- They're also looking into signing packages
Only two holes in a heck of a long time, who cares?
- A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list
- He questions "what's the big deal" about OpenBSD's slogan being "Only two remote holes in the default install, in a heck of a long time!"
- Luckily, the community and Theo set the record straight about why you should care about this
- Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD
- It spawned a discussion about ease of management and Linux's poor security record, definitely worth reading
Interview - Dru Lavigne - dru@freebsd.org / @bsdevents
FreeBSD's documentation printing, documentation springs, various topics
Tutorial
Automatic, unattended OpenBSD installs with PXE
News Roundup
pfSense 2.1.1 released
- A new version of pfSense is released, mainly to fix some security issues
- Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router
- There are also some NIC driver updates and other things
- Of course if you want to learn more about pfSense, watch episode 25
- 2.1.2 is already up for testing too
FreeBSD gets UEFI support
- It looks like FreeBSD's battle with UEFI may be coming to a close?
- Ed Maste committed a giant list of patches to enable UEFI support on x86_64
- Look through the list to see all the details and information
- Thanks FreeBSD foundation!
Ideas for the next DragonflyBSD release
- Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release
- They're aiming for late May for the next version
- Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support
- Gasp, they're even considering dropping i386
PCBSD weekly digest
- Lots of new PBI updates for 10.0, new runtime implementation
- New support for running 32 bit applications in PBI runtime
- New default CD and DVD player, umplayer
- Latest GNOME 3 and Cinnamon merged, new edge package builds
Feedback/Questions
- All the tutorials are posted in their entirety at bsdnow.tv
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
- If you've got something cool to talk about and want to come on for an interview, shoot us an email
- Also if you have any tutorial requests, we'd be glad to show whatever the viewers want to see
- Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
- Just a quick reminder: If you're running OpenSSL 1.0.1 through 1.0.1f please update it and regenerate, rotate and revoke your keys if you run a server with HTTPS, IMAPS, etc - huge security hole! (Also DES offers some insight on the FreeBSD security process)
- We're lucky it wasn't OpenSSH