Skip to main content.

Episode 063: A Man's man(1)

2014-11-12

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Headlines

Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
  • Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

  • While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
  • The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
  • Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
  • They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
  • Through the comments, we also find out that QuakeCon runs OpenBSD on their network
  • Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already

Interview - Kristaps Džonsons - kristaps@bsd.lv

Mandoc, historical man pages, various topics


Tutorial

Throttling bandwidth with PF


News Roundup

NetBSD at Kansai Open Forum 2014

  • Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
  • From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
  • As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

  • The lovable "getting to know your portmgr" series makes its triumphant return
  • This time around, they interview Alex, one of the portmgr lurkers that joined just this month
  • "How would you describe yourself?" "Too lazy."
  • Another post includes a short interview with Emanuel, another new lurker
  • We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD's ARM port gets SMP

  • The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
  • This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
  • NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
  • There are also a few nice pictures in the article

A high performance mid-range NAS

  • This blog post is about FreeNAS and optimizing iSCSI performance
  • It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
  • There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
  • They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload"

Feedback/Questions


Mailing List Gold


  • All the tutorials are posted in their entirety at bsdnow.tv
  • The OpenBSD router tutorial now has a new section on bandwidth throttling
  • We'll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
  • Speaking of that, Peter Hansteen's Book of PF auction raised a total of $3,050 for the OpenBSD foundation
  • As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv - we do the show for you guys, so let us know if there's something specific you'd like to see covered (especially new tutorial ideas)
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 147: Release all the things!

2016-06-22

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines 2016 FreeBSD Community Survey We often get comments from our listeners, “I’m not a developer, how can I help out”? Well today is your chance to do something. The FreeBSD Foundation has its...

Episode 146: Music to Beastie’s ears

2016-06-16

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines BSDCan Recap and Live Stream Videos OpenBSD BSDCan 2016 papers now available Allan’s slides and Paper Michael W Lucas presents Allan with a gift “FreeBSD Mastery: Advanced ZedFS” Highlighted Tweets: Groff Arrives at BSDCan...

Episode 145: At the Core of it all

2016-06-08

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Interview - Benno Rice - benno@freebsd.org / @jeamland Manager, OS & Networking at EMC Isilon Emily Dunham: Community Automation iXsystems 1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply...

Episode 144: The PF life

2016-06-01

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines dotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge Video Slides Interested in Privilege Separation and security in general? If so, then you are in for a treat, we have both...