Skip to main content.

Episode 063: A Man's man(1)

2014-11-12

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Headlines

Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
  • Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

  • While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
  • The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
  • Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
  • They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
  • Through the comments, we also find out that QuakeCon runs OpenBSD on their network
  • Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already

Interview - Kristaps Džonsons - kristaps@bsd.lv

Mandoc, historical man pages, various topics


Tutorial

Throttling bandwidth with PF


News Roundup

NetBSD at Kansai Open Forum 2014

  • Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
  • From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
  • As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

  • The lovable "getting to know your portmgr" series makes its triumphant return
  • This time around, they interview Alex, one of the portmgr lurkers that joined just this month
  • "How would you describe yourself?" "Too lazy."
  • Another post includes a short interview with Emanuel, another new lurker
  • We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD's ARM port gets SMP

  • The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
  • This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
  • NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
  • There are also a few nice pictures in the article

A high performance mid-range NAS

  • This blog post is about FreeNAS and optimizing iSCSI performance
  • It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
  • There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
  • They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload"

Feedback/Questions


Mailing List Gold


  • All the tutorials are posted in their entirety at bsdnow.tv
  • The OpenBSD router tutorial now has a new section on bandwidth throttling
  • We'll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
  • Speaking of that, Peter Hansteen's Book of PF auction raised a total of $3,050 for the OpenBSD foundation
  • As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv - we do the show for you guys, so let us know if there's something specific you'd like to see covered (especially new tutorial ideas)
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 160: EuroBSD-Dreamin

2016-09-21

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Performance Improvements for FreeBSD Kernel Debugging “We previously explored FreeBSD userspace coredumps. Backtrace’s debugging platform supports FreeBSD kernel coredumps too, and their traces share many features. They are constructed somewhat differently, and in the process of adding support for them, we...

Episode 159: Net Scaling Privacy (Flix Style)

2016-09-14

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Protecting Netflix Viewing Privacy at Scale, with FreeBSD This blog post from Netflix tells the story of how Netflix developed in-kernel TLS to speed up delivery of video via HTTPS Since the beginning of the Open Connect program we have...

Episode 158: Ham, Radio and Pie (oh my)

2016-09-07

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines PC-BSD is now TrueOS If you’ve been watching this show the past few months, I’ve been dropping little hints about the upcoming rename of PC-BSD -> TrueOS. We’ve made that more official finally, and are asking folks to test out the...

Episode 157: ZFS, The “Universal” File-system

2016-08-31

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Registration for MeetBSD 2016 is now Open “Beastie’s coming home!” This year, MeetBSD will be held at UC Berkeley’s Clark Kerr Campus November 11th and 12th, preceded by a two day FreeBSD Vendor/Dev Summit (Nov 9th and 10th) MeetBSD can...