Episode 187: Catching up to BSD
2017-03-29
Direct Download:
- Video
- HD Video
- MP3 Audio
- OGG Audio
- Torrent
- This update represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
Kernel
- compat_linux(8): Fully support schedsetaffinity and schedgetaffinity, fixing, e.g., the Intel Math Kernel Library.
DTrace:
- Avoid redefined symbol errors when loading the module.
- Fix module autoload.
IPFilter:
- Fix matching of ICMP queries when NAT'd through IPF.
- Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
- ipsec(4): Fix NAT-T issue with NetBSD being the host behind NAT.
Drivers
Security Fixes
- NetBSD-SA2017-001 Memory leak in the connect system call.
- NetBSD-SA2017-002 Several vulnerabilities in ARP.
ARM related
- Support for Raspberry Pi Zero.
- ODROID-C1 Ethernet now works.
What has been done in NetBSD
- Verified the full matrix of combinations of wait(2) and ptrace(2) in the following
- GNU libstdc++ std::call_once bug investigation test-cases
- Improving documentation and other minor system parts
- Documentation of ptrace(2) and explanation how debuggers work
- Introduction of new siginfo(2) codes for SIGTRAP
- New ptrace(2) interfaces
What has been done in LLDB
- Native Process NetBSD Plugin
- The MonitorCallback function
- Other LLDB code, out of the NativeProcessNetBSD Plugin
Automated LLDB Test Results Summary
Plan for the next milestone
- fix conflict with system-wide py-six
- add support for auxv read operation
- switch resolution of pid -> path to executable from /proc to sysctl(7)
- recognize Real-Time Signals (SIGRTMIN-SIGRTMAX)
- upstream !NetBSDProcessPlugin code
- switch std::callonce to llvm::callonce
- add new ptrace(2) interface to lock and unlock threads from execution
- switch the current PTWATCHPOINT interface to PTGETDBREGS and PT_SETDBREGS
- There have been a number of different projects that have proposed building a FreeBSD based smart phone
- This project is a bit different, and I think that gives it a better chance to make progress
- It uses off-the-shelf parts, so while not as neatly integrated as a regular smartphone device, it makes a much better prototype, and is more readily available.
- Hardware overview: X86-based, long-lasting (user-replaceable) battery, WWAN Modem (w/LTE), 4-5" LCD Touchscreen (Preferably w/720p resolution, IPS), upgradable storage.
- Currently targeting the UDOO Ultra platform. It features Intel Pentium N3710 (2.56GHz Quad-core, HD Graphics 405 [16 EUs @ 700MHz], VT-x, AES-NI), 2x4GB DDR3L RAM, 32GB eMMC storage built-in, further expansion w/M.2 SSD & MicroSD slot, lots of connectivity onboard.
- Software: FreeBSD Hypervisor (bhyve or Xen) to run atop the hardware, hosting two separate hosts.
- One will run an instance of pfSense, the "World's Most Popular Open Source Firewall" to handle the WWAN connection, routing, and Firewall (as well as Secure VPN if desired).
- The other instance will run a slimmed down installation of FreeBSD. The UI will be tweaked to work best in this form factor & resources tuned for this platform. There will be a strong reliance on Google Chromium & Google's services (like Google Voice).
- The project has a detailed log, and it looks like the hardware it is based on will ship in the next few weeks, so we expect to see more activity.
- DragonFlyBSD’s Matt Dillon has posted a rundown of the various M.2 NVMe devices he has tested
- SAMSUNG 951
- SAMSUNG 960 EVO
- TOSHIBA OCZ RD400
- INTEL 600P
- WD BLACK 256G
- MYDIGITALSSD
- PLEXTOR M8Pe
- It is interesting to see the relative performance of each device, but also how they handle the workload and manage their temperature (or don’t in a few cases)
- The link provides a lot of detail about different block sizes and overall performance
- "zrep", a robust yet easy to use ZFS based replication and failover solution. It can also serve as the conduit to create a simple backup hub.
- The tool was originally written for Solaris, and is written in ksh
- However, it seems people have used it on FreeBSD and even FreeNAS by installing the ksh93 port
- Has anyone used this? How does it compare to tools like zxfer?
- There is a FreeBSD port, but it is a few versions behind, someone should update it
- We would be interested in hearing some feedback
- TrueOS Security and Wikileaks revelations
- New Jail management utilities
- Ken Moore's talk about Sysadm from Linuxfest 2016
- The Basics of using ZFS with TrueOS
- OpenBSD 6.1 coming May 1
- OpenBSD Foundation 2016 Fundraising (goal: $250K actual: $573K)
- The OpenBSD Foundation 2017 Fundraising Campaign
- OpenBSD MitM attack against WPA1/WPA2
- OpenBSD vmm/vmd Update
- HardenedBSD News: Introducing CFI
- New version of Iocage (Python 3) on FreshPorts
- DragonFly BSD Network performance comparison as of today
- KnoxBUG recap
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv