Skip to main content.

Episode 129: Synthesize all the Things!

2016-02-17

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

glibc and the BSDs

  • You have likely already heard about CVE-2015-7547
  • “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library.”
  • “Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”
  • More details from Google’s Online Security team blog
  • “Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”
  • “First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”
  • The same most likely applies to the other BSDs
  • “However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”
  • A patch to update emulation/linux_base-c6 has been prepared and should be committed soon
  • Running ‘pkg audit’ will list any known vulnerable packages installed on your system
  • “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”
  • “If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”
  • Dag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already

OpenBSD Foundation - 2016 Fundraising Campaign

  • The OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year.
  • While they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors.

‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to: Plan and support more developer events (hackathons), and allow for more developers to attend these events. Continue to improve the project infrastructure. Fund more dedicated developer time for targeted development of specific projects.‘

  • To give you an idea of how much OpenBSD technology is used around the world, they broke it down this way:

If $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal. If $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal. If a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.


Getting Started with ION-DTN 3.4.0 on FreeBSD

  • “The Interplanetary Overlay Network (ION) software distribution is an implementation of Delay-Tolerant Networking (DTN) architecture as described in Internet RFC 4838, suitable for use in spacecraft”
  • This tutorial covers setting up ION 3.4.0 on FreeBSD
  • The tutorial starts by downloading the ION software, and installing the relevant build tools
  • The instructions allow ION to be installed system-wide, or for a specific user
  • The each host is configured
  • Then pings are traded between the hosts to ensure everything works
  • Then a web page is served over the interplanetary network
  • Sadly I don’t have any hosts on other planets to test with.
  • The tutorial also includes a troubleshooting guide

Open Storage Issue – New BSD Mag is Out!

  • The next issue of BSDMag (The Open Storage Issue) just landed which features an interview with Matt Olander of iXsystems.
  • During the interview, Matt talks about the culture of support for open-source down at iX, not only FreeNAS and PC-BSD, but the FreeBSD foundation, Slackware and more.
  • He also gets to extol the virtues of the open-source development model itself, why it tends to lead to better code overall.
  • In addition to the lead interview with Matt, this issue also features some other great interviews with Open Source storage vendors, and even some ZFS howto’s about setting up your ZIL devive

Interview - John Marino - marino@freebsd.org


FreeNAS with FreeBSD as its base helped save taxpayers $36,000 for a small public school district


News Roundup

Getting Started With Tor Hidden Services on FreeBSD

  • Ever wondered how to setup and use a Tor hidden service? We have a walkthrough posted over on github.io which details how to do that on a FreeBSD -CURRENT system.
  • The basics are pretty simple, installing security/tor is the first step (although, he is using portmaster, you may wish to just ‘pkg install security/tor’)
  • The walkthrough provides an example server hosting just the date/time on port 8080, which you can use as an example and to verify it works, before serving anything real.
  • Once a local server is ready to serve something, the Tor setup is pretty quick, basically just two lines of config in torrc:

HiddenServiceDir /usr/home/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:8080

  • After starting the service, the walkthrough will show you how to get the new hostname for this hidden service and verify its functionality.

ZFS Remote Mirrors for Home Use

  • A recently updated tutorial on remotely mirroring your ZFS files
  • Using a spare old computer, or a SBC like a Raspberry Pi, and an (external) hard drive
  • It covers installing and configuring FreeBSD for both sides of the remote replication
  • The new appendix covers the creation of a Raspberry Pi image, although a prebuilt one is also provided
  • The setup uses GELI to ensure the data is encrypted at-rest
  • Updating and maintaining both systems is covered in detail
  • The article is very detailed, and covers pretty much every aspect of the setup, including suggestions on where to physically locate the remote system, and configuration tips to reduce the chance that local intervention will be required
  • Most importantly, it covers the disaster recovery steps. How to get your files back when bad things happen

Lumina Desktop 0.8.8 Released

  • PC-BSD’s very own Lumina desktop has issued a new release, 0.8.8
  • Notable in this release is support for NetBSD out of box, improvements to the start menu, and ability to change monitor resolutions in the X configuration tool. (Also the desktop font colors look better!)
  • 0.8.8 is now available in PC-BSD via pkg, and FreeBSD ports/pkg system as well.
  • Lumina Desktop aims for v1.0 in July 2016
  • We also have a blog post from Larry over at FossForce, highlighting that 1.0 of Lumina is still targeted for July(ish)

NetBSD on Google's Compute Engine

  • A NetBSD developer has gotten NetBSD running on Google Compute Engine, a service somewhat similar to Amazon’s EC2, and Microsoft’s Azure
  • Support is still being worked on, but I imagine it will land in NetBSD before too long
  • NetBSD on GCE dmesg
  • OpenBSD on GCE
  • FreeBSD on GCE

BeastieBits

htop 2.0 released - an interactive process viewer for Unix (including FreeBSD and OpenBSD)

Full set of binary packages for 7.0 released for ARM v6 and v7 (hf)

DragonFly 4.4.2 released

LibertyBSD 5.8 has been released

Broadwell systems may want to take advantage of the patch by Imre Vadasz

Finding the hard-to-spot bugs in FreeBSD


Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 147: Release all the things!

2016-06-22

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines 2016 FreeBSD Community Survey We often get comments from our listeners, “I’m not a developer, how can I help out”? Well today is your chance to do something. The FreeBSD Foundation has its...

Episode 146: Music to Beastie’s ears

2016-06-16

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines BSDCan Recap and Live Stream Videos OpenBSD BSDCan 2016 papers now available Allan’s slides and Paper Michael W Lucas presents Allan with a gift “FreeBSD Mastery: Advanced ZedFS” Highlighted Tweets: Groff Arrives at BSDCan...

Episode 145: At the Core of it all

2016-06-08

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Interview - Benno Rice - benno@freebsd.org / @jeamland Manager, OS & Networking at EMC Isilon Emily Dunham: Community Automation iXsystems 1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply...

Episode 144: The PF life

2016-06-01

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines dotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge Video Slides Interested in Privilege Separation and security in general? If so, then you are in for a treat, we have both...