Skip to main content.

Episode 104: Beverly Hills 25519

2015-08-26

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

EdgeRouter Lite, meet OpenBSD

  • The ERL, much like the Raspberry Pi and a bunch of other cheap boards, is getting more and more popular as more things get ported to run on it
  • We've covered installing NetBSD and FreeBSD on them before, but OpenBSD has gotten a lot better support for them as well now (including the onboard storage in 5.8)
  • Ted Unangst got a hold of one recently and kindly wrote up some notes about installing and using OpenBSD on it
  • He covers doing a network install, getting the (slightly strange) bootloader working with u-boot and some final notes about the hardware
  • More discussion can be found on Hacker News and various other places
  • One thing to note about these devices: because of their MIPS64 processor, they'll have weaker ASLR than X86 CPUs (and no W^X at all)

Design and Implementation of the FreeBSD Operating System interview

  • For those who don't know, the "Design and Implementation of the FreeBSD Operating System" is a semi-recently-revived technical reference book for FreeBSD development
  • InfoQ has a review of the book up for anyone who might be interested, but they also have an interview the authors
  • "The book takes an approach to FreeBSD from inside out, starting with kernel services, then moving to process and memory management, I/O and devices, filesystems, IPC and network protocols, and finally system startup and shutdown. The book provides dense, technical information in a clear way, with lots of pseudo-code, diagrams, and tables to illustrate the main points."
  • Aside from detailing a few of the chapters, the interview covers who the book's target audience is, some history of the project, long-term support, some of the newer features and some general OS development topics

Path list parameter in OpenBSD tame

  • We've mentioned OpenBSD's relatively new "tame" subsystem a couple times before: it's an easy-to-implement "self-containment" framework, allowing programs to have a reduced feature set mode with even less privileges
  • One of the early concerns from users of other process containment tools was that tame was too broad in the way it separated disk access - you could either read/write files or not, nothing in between
  • Now there's the option to create a whitelist of specific files and directories that your binary is allowed to access, giving a much finer-grained set of controls to developers
  • The next step is to add tame restraints to the OpenBSD userland utilities, which should probably be done by 5.9
  • More discussion can be found on Reddit and Hacker News

FreeBSD & PC-BSD 10.2-RELEASE

  • The FreeBSD team has released the second minor version bump to the 10.x branch, including all the fixes from 10-STABLE since 10.1 came out
  • The Linux compatibility layer has been updated to support CentOS 6, rather than the much older Fedora Core base used previously, and the DRM graphics code has been updated to match Linux 3.8.13
  • New installations (and newly-upgraded systems) will use the quarterly binary package set, rather than the rolling release model that most people are used to
  • A VXLAN driver was added, allowing you to create virtual LANs by encapsulating the ethernet frame in a UDP packet
  • The bhyve codebase is much newer, enabling support for AMD CPUs with SVM and AMD-V extensions
  • ARM and ARM64 code saw some fixes and improvements, including SMP support on a few specific boards and support for a few new boards
  • The bootloader now supports entering your GELI passphrase before loading the kernel in full disk encryption setups
  • In addition to assorted userland fixes and driver improvements, various third party tools in the base system were updated: resolvconf, ISC NTPd, netcat, file, unbound, OpenSSL, sendmail
  • Check the full release notes for the rest of the details and changes
  • PC-BSD also followed with their 10.2-RELEASE, sporting a few more additional features

Interview - Damien Miller - djm@openbsd.org / @damienmiller

OpenSSH: phasing out broken crypto, default cipher changes


News Roundup

NetBSD at Open Source Conference Shimane

  • We weren't the only ones away at conferences last week - the Japanese NetBSD guys are always raiding one event or another
  • This time they had NetBSD running on some Sony NWS devices (MIPS-based)
  • JavaStations were also on display - something we haven't ever seen before (made between 1996-2000)

BAFUG videos

  • The Bay Area FreeBSD users group has been uploading some videos of their recent meetings
  • Devin Teske hosts the first one, discussing adding GELI support to the bootloader, including some video demonstrations of how it works
  • Shortly after beginning, Adrian Chadd takes over the conversation and they discuss various problems (and solutions) related to the bootloader - for example, how can we type encryption passwords with non-US keyboard layouts
  • In a second video, Jordan Hubbard and Kip Macy introduce "NeXTBSD aka FreeBSD X"
  • In it, they discuss their ideas of merging more Mac OS X features into FreeBSD (launchd to replace the init system, some APIs, etc)
  • People should record presentations at their BSD users groups and send them to us

L2TP over IPSEC on OpenBSD

  • If you've got an OpenBSD box and some Mac OS X clients that need secure communications, surprise: they can work together pretty well
  • Using only the base tools in both operating systems, you can build a nice IPSEC setup for tunneling all your traffic
  • This guide specifically covers L2TP, using npppd and pre-shared keys
  • Server setup, client setup, firewall configuration and routing-related settings are all covered in detail

Reliable bare metal with TrueOS

  • Imagine a server version of PC-BSD with some useful utilities preinstalled - that's basically TrueOS
  • This article walks you through setting up a FreeBSD -CURRENT server (using TrueOS) to create a pretty solid backup solution
  • Most importantly, he also covers how to keep everything redundant and deal with hard drives failing
  • The author chose to go with the -CURRENT branch because of the delay between regular releases, and newer features not making their way to users as fast as he'd like
  • Another factor is that there are no binary snapshots of FreeBSD -CURRENT that can be easily used for in-place upgrades, but with TrueOS (and some other BSDs) there are

Kernel W^X on i386

  • We mentioned some big W^X kernel changes in OpenBSD a while back, but the work was mainly for x86_64 CPU architecture (which makes sense; that's what most people run now)
  • Mike Larkin is back again, and isn't leaving the people with older hardware out, committing similar kernel work into the i386 platform now as well
  • Check out our interview with Mike for some more background info on memory protections like W^X

Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
  • BSD Now tshirts are now available, and will be shipping in September (you've only got about four days left to place an order, then they're gone)
  • Preorders for OpenBSD 5.8 CDs are now open, and the artwork is especially great for this special 20th anniversary release - you won't wanna miss it

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 143: One small step for DRM, one giant leap for BSD

2016-05-25

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines How the number of states affects pf’s performance of FreeBSD Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall...

Episode 142: Diving for BSD Perls

2016-05-18

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines The May issus of BSDMag is now out GhostBSD Reusing OpenBSD's arc4random in multi-threaded user space programs Securing VPN's with GRE / Strongswan Installing XFCE 4.12 on NetBSD 7 Interview with Fernando Rodriguez, the co-founder of KeepCoding A...

Episode 141: BSD Likes Ike!

2016-05-11

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines Regarding Embargoes Our buddy TedU has a great thought piece today on the idea of “embargoes” for security advisories. This all stemmed from a recent incident with LibreSSL patches from embargoed OpenSSL vulns,...

Episode 140: Tracing it back to BSD

2016-05-04

Tracing it back to BSD Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines FreeBSD Quarterly Report This quarterly status report starts with a rather interesting introduction by Warren Block ASLR Porting CEPH to FreeBSD RCTL I/O Rate Limiting The Graphics Stack on FreeBSD (Haswell is in,...