Skip to main content.

Episode 075: From the Foundation (Part 1)

2015-02-04

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

Key rotation in OpenSSH 6.8

  • Damien Miller posted a new blog entry about one of the features in the upcoming OpenSSH 6.8
  • Times changes, key types change, problems are found with old algorithms and we switch to new ones
  • In OpenSSH (and the SSH protocol) however, there hasn't been an easy way to rotate host keys... until now
  • With this change, when you connect to a server, it will log all the server's public keys in your known_hosts file, instead of just the first one used during the key exchange
  • Keys that are in your known_hosts file but not on the server will get automatically removed
  • This fixes the problem of old servers still authenticating with ancient DSA or small RSA keys, as well as providing a way for the server to rotate keys every so often
  • There are some instructions in the blog post for how you'll be able to rotate host keys and eventually phase out the older ones - it's really simple
  • There are a lot of big changes coming in OpenSSH 6.8, so we'll be sure to cover them all when it's released

NetBSD Banana Pi images

  • We've talked about the Banana Pi a bit before - it's a small ARM board that's comparable to the popular Raspberry Pi
  • Some NetBSD -current images were posted on the mailing list, so now you can get some BSD action on one of these little devices
  • There are even a set of prebuilt pkgsrc packages, so you won't have to compile everything initially
  • The email includes some steps to get everything working and an overview of what comes with the image
  • Also check the wiki page for some related boards and further instructions on getting set up
  • On a related note, NetBSD also recently got GPU acceleration working for the Raspberry Pi (which is a first for their ARM port)

LibreSSL shirts and other BSD goodies

  • If you've been keeping up with the LibreSSL saga and want a shirt to show your support, they're finally available to buy online
  • There are two versions, either "keep calm and use LibreSSL" or the slightly more snarky "keep calm and abandon OpenSSL"
  • While on the topic, we thought it would be good to make people aware of shirts for other BSD projects too
  • You can get some FreeBSD, PCBSD and FreeNAS stuff from the FreeBSD mall site
  • OpenBSD recently launched their new store, but the selection is still a bit limited right now
  • NetBSD has a couple places where you can buy shirts and other apparel with the flag logo on it
  • We couldn't find any DragonFlyBSD shirts unfortunately, which is a shame since their logo is pretty cool
  • Profits from the sale of the gear go back to the projects, so pick up some swag and support your BSD of choice (and of course wear them at any Linux events you happen to go to)

OPNsense 15.1.4 released

  • The OPNsense guys have been hard at work since we spoke to them, fixing lots of bugs and keeping everything up to date
  • A number of versions have come out since then, with 15.1.4 being the latest (assuming they haven't updated it again by the time this airs)
  • This version includes the latest round of FreeBSD kernel security patches, as well as minor SSL and GUI fixes
  • They're doing a great job of getting upstream fixes pushed out to users quickly, a very welcome change
  • A developer has also posted an interesting write-up titled "Development Workflow in OPNsense"
  • If any of our listeners are trying OPNsense as their gateway firewall, let us know how you like it

Interview - Ed Maste - board@freebsdfoundation.org

The FreeBSD foundation's activities


News Roundup

Rolling with OpenBSD snapshots

  • One of the cool things about the -current branch of OpenBSD is that it doesn't require any compiling
  • There are signed binary snapshots being continuously re-rolled and posted on the FTP sites for every architecture
  • This provides an easy method to get onboard with the latest features, and you can also easily upgrade between them without reformatting or rebuilding
  • This blog post will walk you through the process of using snapshots to stay on the bleeding edge of OpenBSD goodness
  • After using -current for seven weeks, the author comes to the conclusion that it's not as unstable as people might think
  • He's now helping test out patches and new ports since he's running the same code as the developers

Signing pkgsrc packages

  • As of the time this show airs, the official pkgsrc packages aren't cryptographically signed
  • Someone from Joyent has been working on that, since they'd like to sign their pkgsrc packages for SmartOS
  • Using GNUPG pulled in a lot of dependencies, and they're trying to keep the bootstrapping process minimal
  • Instead, they're using netpgpverify, a fork of NetBSD's netpgp utility
  • Maybe someday this will become the official way to sign packages in NetBSD?

FreeBSD support model changes

  • Starting with 11.0-RELEASE, which won't be for a few months probably, FreeBSD releases are going to have a different support model
  • The plan is to move "from a point release-based support model to a set of releases from a branch with a guaranteed support lifetime"
  • There will now be a five-year lifespan for each major release, regardless of how many minor point releases it gets
  • This new model should reduce the turnaround time for errata and security patches, since there will be a lot less work involved to build and verify them
  • Lots more detail can be found in the mailing list post, including some important changes to the -STABLE branch, so give it a read

OpenSMTPD, Dovecot and SpamAssassin

  • We've been talking about setting up your own BSD-based mail server on the last couple episodes
  • Here we have another post from a user setting up OpenSMTPD, including Dovecot for IMAP and SpamAssassin for spam filtering
  • A lot of people regularly ask the developers how to combine OpenSMTPD with spam filtering, and this post should finally reveal the dark secrets
  • In addition, it also covers SSL certificates, PKI and setting up MX records - some things that previous posts have lacked
  • Just be sure to replace those "apt-get" commands and "eth0" interface names with something a bit more sane…
  • In related news, OpenSMTPD has got some interesting new features coming soon
  • They're also planning to switch to LibreSSL by default for the portable version

FreeBSD 10 on the Thinkpad T400

  • BSD laptop articles are becoming popular it seems - this one is about FreeBSD on a T400
  • Like most of the ones we've mentioned before, it shows you how to get a BSD desktop set up with all the little tweaks you might not think to do
  • This one differs in that it takes a more minimal approach to graphics: instead of a full-featured environment like XFCE or KDE, it uses the i3 tiling window manager
  • If you're a commandline junkie that basically just uses X11 to run more than one terminal at once, this might be an ideal setup for you
  • The post also includes some bits about the DRM and KMS in the 10.x branch, as well as vt

PC-BSD 10.1.1 Released

  • Automatic background updater now in
  • Shiny new Qt5 utils
  • OVA files for VM’s
  • Full disk encryption with GELI v7

Feedback/Questions


Mailing List Gold


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv - if you're doing anything cool with BSD, either at work or just as a hobby, let us know about it
  • If you have someone specific you'd like to see interviewed, or a tutorial you'd like to see, we're just an email away
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 147: Release all the things!

2016-06-22

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines 2016 FreeBSD Community Survey We often get comments from our listeners, “I’m not a developer, how can I help out”? Well today is your chance to do something. The FreeBSD Foundation has its...

Episode 146: Music to Beastie’s ears

2016-06-16

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines BSDCan Recap and Live Stream Videos OpenBSD BSDCan 2016 papers now available Allan’s slides and Paper Michael W Lucas presents Allan with a gift “FreeBSD Mastery: Advanced ZedFS” Highlighted Tweets: Groff Arrives at BSDCan...

Episode 145: At the Core of it all

2016-06-08

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Interview - Benno Rice - benno@freebsd.org / @jeamland Manager, OS & Networking at EMC Isilon Emily Dunham: Community Automation iXsystems 1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply...

Episode 144: The PF life

2016-06-01

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines dotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge Video Slides Interested in Privilege Separation and security in general? If so, then you are in for a treat, we have both...