Skip to main content.

Episode 048: Liberating SSL

2014-07-30

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Headlines

FreeBSD quarterly status report

  • FreeBSD has gotten quite a lot done this quarter
  • Changes in the way release branches are supported - major releases will get at least five years over their lifespan
  • A new automounter is in the works, hoping to replace amd (which has some issues)
  • The CAM target layer and RPC stack have gotten some major optimization and speed boosts
  • Work on ZFSGuru continues, with a large status report specifically for that
  • The report also mentioned some new committers, both source and ports
  • It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
  • "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period"

A new OpenBSD HTTPD is born

  • Work has begun on a new HTTP daemon in the OpenBSD base system
  • A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
  • Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
  • It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
  • This has the added benefit of the usual, easy-to-understand syntax and privilege separation
  • There's a very brief man page online already
  • It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
  • Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)

pkgng 1.3 announced

  • The newest version of FreeBSD's second generation package management system has been released, with lots of new features
  • It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
  • Lots of the code has been sandboxed for extra security
  • You'll probably notice some new changes to the UI too, making things more user friendly
  • A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday

FreeBSD after-install security tasks

  • A number of people have written in to ask us "how do I secure my BSD box after I install it?"
  • With this blog post, hopefully most of their questions will finally be answered in detail
  • It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
  • Not only does it just list things to do, but the post also does a good job of explaining why you should do them
  • Maybe we'll see some more posts in this series in the future

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development


News Roundup

FreeBSD Mastery - Storage Essentials

  • MWL's new book about the FreeBSD storage subsystems now has an early draft available
  • Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
  • Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
  • You'll get access to the completed (e)book when it's done if you buy the early draft
  • The suggested price is $8

Why BSD and not Linux?

  • Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
  • Lots of good responses from users of the various BSDs
  • Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
  • And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
  • Some other users share their switching experiences - worth a read

More g2k14 hackathon reports

  • Following up from last week's huge list of hackathon reports, we have a few more
  • Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
  • Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
  • Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
  • Luckily we didn't have to cover 20 new ones this time!

BSDTalk episode 243

  • The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
  • The main topic of discussion is mandoc, which some users might not be familiar with
  • mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
  • We'll catch up to you soon, Will!

Feedback/Questions


  • All the tutorials are posted in their entirety at bsdnow.tv
  • Just can't get enough LibreSSL? Brent also did a text-only interview for Undeadly, which we also have a link to there
  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
  • Want to come on for an interview or have a tutorial you'd like to see? Let us know
  • If you're a big PCBSD fan, or have been curious about what it has to offer over regular FreeBSD, you'll like next week's episode
  • Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

Latest News

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...

BSDCan 2014

2014-04-30

We just wrapped up episode 35 after having some horrible audio issues. Sorry about the quality being lower than usual, we did the best we could given the circumstances. Next week we've got a normal episode, but the following week Allan and Kris will be at BSDCan. That week will...


Episode 074: That Sly MINIX

2015-01-28

This episode was brought to you by Headlines The missing EuroBSDCon videos Some of the missing videos from EuroBSDCon 2014 we mentioned before have mysteriously appeared Jordan Hubbard, FreeBSD, looking forward to another 10 years Lourival Viera Neto, NFS scripting with Lua Kris Moore, Snapshots, replication and boot environments Andy Tanenbaum, A reimplementation of NetBSD based on...

Episode 073: Pipe Dreams

2015-01-21

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines FreeBSD quarterly status report The FreeBSD team has posted an updated on some of their activities between October and December of 2014 They put a big focus on compatibility with other systems: the Linux...

Episode 072: Common *Sense Approach

2015-01-14

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines Be your own VPN provider with OpenBSD We've covered how to build a BSD-based gateway that tunnels all your traffic through a VPN in the past - but what if you don't trust...

Episode 071: System Disaster

2015-01-07

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines Introducing OPNsense, a pfSense fork OPNsense is a new BSD-based firewall project that was recently started, forked from the pfSense codebase Even though it's just been announced, they already have a formal release based...