Skip to main content.

Episode 071: System Disaster

2015-01-07

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Headlines

Introducing OPNsense, a pfSense fork

  • OPNsense is a new BSD-based firewall project that was recently started, forked from the pfSense codebase
  • Even though it's just been announced, they already have a formal release based on FreeBSD 10 (pfSense's latest stable release is based on 8.3)
  • The core team includes a well-known DragonFlyBSD developer
  • You can check out their code on Github now, or download an image and try it out - let us know if you do and what you think about it
  • They also have a nice wiki and some instructions on getting started for new users
  • We plan on having them on the show next week to learn a bit more about how the project got started and why you might want to use it - stay tuned

Code rot and why I chose OpenBSD

  • Here we have a blog post about rotting codebases - a core banking system in this example
  • The author tells the story of how his last days spent at the job were mostly removing old, dead code from a giant project
  • He goes on to compare it to OpenSSL and the hearbleed disaster, from which LibreSSL was born
  • Instead of just bikeshedding like the rest of the internet, OpenBSD "silently started putting the beast into shape" as he puts it
  • The article continues on to mention OpenBSD's code review process, and how it catches any bugs so we don't have more heartbleeds
  • "In OpenBSD you are encouraged to run current and the whole team tries its best to make current as stable as it can. You know why? They eat their own dog food. That's so simple yet so amazing that it blows my mind. Developers actually run OpenBSD on their machines daily."
  • It's a very long and detailed story about how the author has gotten more involved with BSD, learned from the mailing lists and even started contributing back - he says "In summary, I'm learning more than ever - computing is fun again"
  • Look for the phrase "Getting Started" in the blog post for a nice little gem

ZFS vs HAMMER FS

  • One of the topics we've seen come up from time to time is how FreeBSD's ZFS and DragonFly's HAMMER FS compare to each other
  • They both have a lot of features that traditional filesystems lack
  • A forum thread was opened for discussion about them both and what they're typically used for
  • It compares resource requirements, ideal hardware and pros/cons of each
  • Hopefully someone will do another new comparison when HAMMER 2 is finished
  • This is not to be confused with the other "hammer" filesystem

Portable OpenNTPD revived

  • With ISC's NTPd having so many security vulnerabilities recently, people need an alternative NTP daemon
  • OpenBSD has developed OpenNTPD since 2004, but the portable version for other operating systems hasn't been actively maintained in a few years
  • The older version still works fine, and is in FreeBSD ports and NetBSD pkgsrc, but it would be nice to have some of the newer features and fixes from the native version
  • Brent Cook, who we've had on the show before to talk about LibreSSL, decided it was time to fix this
  • While looking through the code, he also found some fixes for the native version as well
  • You can grab it from Github now, or just wait for the updated release to hit the repos of your OS of choice

Interview - Ian Sutton - ian@kremlin.cc

BSD replacements for systemd dependencies


News Roundup

pkgng adds OS X support

  • FreeBSD's next-gen package manager has just added support for Mac OS X
  • Why would you want that? Well.. we don't really know, but it's cool
  • The author of the patch may have some insight about what his goal is though
  • This could open up the door for a cross-platform pkgng solution, similar to NetBSD's pkgsrc
  • There's also the possibility of pkgng being used as a packaging format for MacPorts in the future
  • While we're on the topic of pkgng, you can also watch bapt's latest presentation about it from ruBSD 2014 - "four years of pkg"

Secure secure shell

  • Almost everyone watching BSD Now probably uses OpenSSH and has set up a server at one point or another
  • This guide provides a list of best practices beyond the typical "disable root login and use keys" advice you'll often hear
  • It specifically goes in-depth with server and client configuration with the best key types, KEX methods and encryption ciphers to use
  • There are also good explanations for all the choices, based both on history and probability
  • Minimal backwards compatibility is kept, but most of the old and insecure stuff gets disabled
  • We've also got a handy chart to show which SSH implementations support which ciphers, in case you need to support Windows users or people who use weird clients

Dissecting OpenBSD's divert(4)

  • PF has a cool feature that not a lot of people seem to know about: divert
  • It lets you send packets to userspace, allowing you to inspect them a lot easier
  • This blog post, the first in a series, details all the cool things you can do with divert and how to use it
  • A very common example is with intrusion detection systems like Snort

Screen recording on FreeBSD

  • This is a neat article about a topic we don't cover very often: making video content on BSD
  • In the post, you'll learn how to make screencasts with FreeBSD, using kdenlive and ffmpeg
  • There are also notes about getting a USB microphone working, so you can do commentary on whatever you're showing
  • It also includes lots of details and helpful screenshots throughout the process
  • You should make cool screencasts and send them to us

Feedback/Questions


Mailing List Gold


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv - we've highlighted some pretty cool BSD blog posts recently, but you need to tell us if you write one!
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 147: Release all the things!

2016-06-22

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines 2016 FreeBSD Community Survey We often get comments from our listeners, “I’m not a developer, how can I help out”? Well today is your chance to do something. The FreeBSD Foundation has its...

Episode 146: Music to Beastie’s ears

2016-06-16

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines BSDCan Recap and Live Stream Videos OpenBSD BSDCan 2016 papers now available Allan’s slides and Paper Michael W Lucas presents Allan with a gift “FreeBSD Mastery: Advanced ZedFS” Highlighted Tweets: Groff Arrives at BSDCan...

Episode 145: At the Core of it all

2016-06-08

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Interview - Benno Rice - benno@freebsd.org / @jeamland Manager, OS & Networking at EMC Isilon Emily Dunham: Community Automation iXsystems 1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply...

Episode 144: The PF life

2016-06-01

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines dotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge Video Slides Interested in Privilege Separation and security in general? If so, then you are in for a treat, we have both...