Skip to main content.

Episode 097: Big Network, SmallWall

2015-07-08

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

BSDCan and pkgsrcCon videos


OPNsense 15.7 released

  • The OPNsense team has released version 15.7, almost exactly six months after their initial debut
  • In addition to pulling in the latest security fixes from upstream FreeBSD, 15.7 also includes new integration of an intrusion detection system (and new GUI for it) as well as new blacklisting options for the proxy server
  • Taking a note from upstream PF's playbook, ALTQ traffic shaping support has finally been retired as of this release (it was deprecated from OpenBSD a few years ago, and the code was completely removed just over a year ago)
  • The LibreSSL flavor has been promoted to production-ready, and users can easily migrate over from OpenSSL via the GUI - switching between the two is simple; no commitment needed
  • Various third party ports have also been bumped up to their latest versions to keep things fresh, and there's the usual round of bug fixes included
  • Shortly afterwards, 15.7.1 was released with a few more small fixes

NetBSD at Open Source Conference 2015 Okinawa

  • If you liked last week's episode then you'll probably know what to expect with this one
  • The NetBSD users group of Japan hit another open source conference, this time in Okinawa
  • This time, they had a few interesting NetBSD machines on display that we didn't get to see in the interview last week
  • We'd love to see something like this in North America or Europe too - anyone up for installing BSD on some interesting devices and showing them off at a Linux con?

OpenBSD BGP and VRFs

  • "VRFs, or in OpenBSD rdomains, are a simple, yet powerful (and sometimes confusing) topic"
  • This article aims to explain both BGP and rdomains, using network diagrams, for some network isolation goodness
  • With multiple rdomains, it's also possible to have two upstream internet connections, but lock different groups of your internal network to just one of them
  • The idea of a "guest network" can greatly benefit from this separation as well, even allowing for the same IP ranges to be used without issues
  • Combining rdomains with the BGP protocol allows for some very selective and precise blocking/passing of traffic between networks, which is also covered in detail here
  • The BSDCan talk on rdomains expands on the subject a bit more if you haven't seen it, as well as a few related posts

Interview - Lee Sharp - lee@smallwall.org

SmallWall, a continuation of m0n0wall


News Roundup

Solaris adopts more BSD goodies

  • We mentioned a while back that Oracle developers have begun porting a current version of OpenBSD's PF firewall to their next version, even contributing back patches for SMP and other bug fixes
  • They recently published an article about PF, talking about what's different about it on their platform compared to others - not especially useful for BSD users, but interesting to read if you like firewalls
  • Darren Moffat, who was part of originally getting an SSH implementation into Solaris, has a second blog post up about their "SunSSH" fork
  • Going forward, their next version is going to offer a completely vanilla OpenSSH option as well, with the plan being to phase out SunSSH after that
  • The article talks a bit about the history of getting SSH into the OS, forking the code and also lists some of the differences between the two
  • In a third blog post, they talk about a new system call they're borrowing from OpenBSD, getentropy(2), as well as the addition of arc4random to their libc
  • With an up-to-date and SMP-capable PF, ZFS with native encryption, jail-like Zones, unaltered OpenSSH and secure entropy calls… is Solaris becoming better than us?
  • Look forward to the upcoming "Solaris Now" podcast (not really)

EuroBSDCon 2015 talks and tutorials

  • This year's EuroBSDCon is set to be held in Sweden at the beginning of October, and the preliminary list of accepted presentations has been published
  • The list looks pretty well-balanced between the different BSDs, something Paul would be happy to see if he was still with us
  • It even includes an interesting DragonFly talk and a couple talks from NetBSD developers, in addition to plenty of FreeBSD and OpenBSD of course
  • There are also a few tutorials planned for the event, some you've probably seen already and some you haven't
  • Registration for the event will be opening very soon (likely this week or next)

Using ZFS replication to improve offsite backups

  • If you take backups seriously, you're probably using ZFS and probably keeping an offsite copy of the data
  • This article covers doing just that, but with a focus on making use of the replication capability
  • It'll walk you through taking a snapshot of your pool and then replicating it to another remote system, using "zfs send" and SSH - this has the benefit of only transferring the files that have changed since the last time you did it
  • Steps are also taken to allow a regular user to take and manage snapshots, so you don't need to be root for the SSH transfer
  • Data integrity is a long process - filesystem-level checksums, resistance to hardware failure, ECC memory, multiple copies in different locations... they all play a role in keeping your files secure; don't skip out on any of them
  • One thing the author didn't mention in his post: having an offline copy of the data, ideally sealed in a safe place, is also important

Block encryption in OpenBSD

  • We've covered ways to do fully-encrypted installations of OpenBSD (and FreeBSD) before, but that requires dedicating a whole drive or partition to the sensitive data
  • This blog post takes you through the process of creating encrypted containers in OpenBSD, à la TrueCrypt - that is, a file-backed virtual device with an encrypted filesystem
  • It goes through creating a file that looks like random data, pointing vnconfig at it, setting up the crypto and finally using it as a fake storage device
  • The encrypted container method offers the advantage of being a bit more portable across installations than other ways

Docker hits FreeBSD ports

  • The inevitable has happened, and an early FreeBSD port of docker is finally here
  • Some details and directions are available to read if you'd like to give it a try, as well as a list of which features work and which don't
  • There was also some Hacker News discussion on the topic

Microsoft donates to OpenSSH

  • We've talked about big businesses using BSD and contributing back before, even mentioning a few other large public donations - now it's Microsoft's turn
  • With their recent decision to integrate OpenSSH into an upcoming Windows release, Microsoft has donated a large sum of money to the OpenBSD foundation, making them a gold-level sponsor
  • They've also posted some contract work offers on the OpenSSH mailing list, and say that their changes will be upstreamed if appropriate - we're always glad to see this

Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
  • We're always looking for interviews - get in touch if you're doing anything cool with BSD that you'd like to talk about (or want to suggest someone else)
  • The FreeNAS community recently lost one of their most active members, Marbus90, who has been a big help to them for a long time - rest in peace and thanks for all your work

Latest News

New announcement

2017-05-25

Hi, Mr. Dexter...

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...


Episode 210: Your questions, part I

2017-09-06

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines A Reimplementation Of Netbsd Using a Microkernel Minix author Andy Tanenbaum writes in Part 1 of a-reimplementation-of-netbsd-using-a-microkernel Based on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc,...

Episode 209: Signals: gotta catch ‘em all

2017-08-30

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Trip Report: FreeBSD in China at COPU and LinuxCon This trip report is from Deb Goodkin, the Executive Director of the FreeBSD Foundation. She travelled to China in May 2017 to promote FreeBSD, meet with companies, and participate in discussions around Open...

Episode 208: Faces of Open Source

2017-08-23

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines LLVM, Clang and compiler-rt support enhancements In the last month I started with upstream of the code for sanitizers: the common layer and ubsan. I worked also on the elimination of unexpected failures in LLVM and Clang. I've managed to...

Episode 207: Bridge over the river Cam

2017-08-16

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines BSDCam recap The 2017 Cambridge DevSummit took place from 2-4 August 2017. The event took place over three days including a formal dinner at St John's College, and was attended by 55 registered developers and guests. Prior to the start of...