Episode 038: A BUG's Life
This episode was brought to you by
- Something that actually happened at BSDCan this year...
- During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
- Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
- A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
- There's also some notes from the devsummit virtualization session, mostly talking about bhyve
- Lastly, he also provides some notes about ports and packages and where they're going
- Everyone loves messing with script kiddies, right?
- This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
- It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
- You can use this to get new 0day exploits or find weaknesses in your systems
- OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications
- The NetBSD foundation has posted their 2013 financial report
- It's a very "no nonsense" page, pretty much only the hard numbers
- In 2013, they got $26,000 of income in donations
- The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
- Be sure to donate to whichever BSDs you like and use!
- Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing
- This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
- The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected
- The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too
- There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up!
Interview - Brian Callahan & Aaron Bieber - firstname.lastname@example.org & email@example.com
Forming a local BSD Users Group
- If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email
- This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
- From bad SSH logins to Zabbix alerts, it all adds up quickly
- It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers
- A blog post from our viewer and regular emailer, Kjell-Aleksander!
- He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project
- This is where OpenBSD routing domains and pf come in to save the day
- The blog post goes through the process with all the network details you could ever dream of
- He even named his networking equipment... after us
- We're all probably familiar with OpenBSD's fork of OpenSSL at this point
- However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk"
- This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
- You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled
- It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility
- Lots going on in PCBSD land this week, AppCafe has been redesigned
- The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
- In the more recent post, there's some further explanation of the PBI system and the reason for the transition
- It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
- All the tutorials are posted in their entirety at bsdnow.tv
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to firstname.lastname@example.org
- If you've got something cool to talk about and want to come on for an interview, shoot us an email
- Michael Lucas will be giving a live presentation next Tuesday, "Beyond Security: Getting to Know OpenBSD’s Real Purpose" so be sure to catch that
- Preorders for the book of PF's third edition are up
- Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
- We got a picture of a bunch of old FreeBSD CDs!