Skip to main content.

Episode 063: A Man's man(1)

2014-11-12

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Headlines

Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
  • Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

  • While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
  • The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
  • Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
  • They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
  • Through the comments, we also find out that QuakeCon runs OpenBSD on their network
  • Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already

Interview - Kristaps Džonsons - kristaps@bsd.lv

Mandoc, historical man pages, various topics


Tutorial

Throttling bandwidth with PF


News Roundup

NetBSD at Kansai Open Forum 2014

  • Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
  • From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
  • As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

  • The lovable "getting to know your portmgr" series makes its triumphant return
  • This time around, they interview Alex, one of the portmgr lurkers that joined just this month
  • "How would you describe yourself?" "Too lazy."
  • Another post includes a short interview with Emanuel, another new lurker
  • We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD's ARM port gets SMP

  • The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
  • This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
  • NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
  • There are also a few nice pictures in the article

A high performance mid-range NAS

  • This blog post is about FreeNAS and optimizing iSCSI performance
  • It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
  • There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
  • They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload"

Feedback/Questions


Mailing List Gold


  • All the tutorials are posted in their entirety at bsdnow.tv
  • The OpenBSD router tutorial now has a new section on bandwidth throttling
  • We'll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
  • Speaking of that, Peter Hansteen's Book of PF auction raised a total of $3,050 for the OpenBSD foundation
  • As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv - we do the show for you guys, so let us know if there's something specific you'd like to see covered (especially new tutorial ideas)
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 170: Sandboxing Cohabitation

2016-11-30

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines EuroBSDcon 2016 Presentation Slides Due to circumstances beyond the control of the organizers of EuroBSDCon, there were not recordings of the talks given at the event. However, they have collected the slide decks from each of the speakers and assembled them on...

Episode 169: Scheduling your NetBSD

2016-11-23

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Production ready Ted Unangst brings us a piece on what it means to be Production Ready He tells the story of a project he worked on that picked a framework that was “production ready” They tested time zones, and it all seemed to...

Episode 168: The Post Show Show

2016-11-16

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Build a FreeBSD 11.0-release Openstack Image with bsd-cloudinit We are going to prepare a FreeBSD image for Openstack deployment. We do this by creating a FreeBSD 11.0-RELEASE instance, installing it and converting it using bsd-cloudinit. We'll use the CloudVPS...

Episode 167: Playing the Long Game

2016-11-09

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Interview - Scott Long - scottl@freebsd.org FreeBSD & Netflix Feedback/Questions Zack - USB Config Jens - VMs, Jails and Containers Ranko - Tarsnap Keys Alex - OpenBSD in Hyper-V Curt - Discussion Segment Send questions, comments, show ideas/topics, or stories you want mentioned...