44: Base ISO 100

JT Pennington — Wed, 02 Jul 2014 08:00:00 -0400

This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

pfSense 2.1.4 released

The pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release
Included within are eight security fixes, most of which are pfSense-specific
OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
It also includes a large number of various other bug fixes
Update all your routers! ***

DragonflyBSD's pf gets SMP

While we're on the topic of pf...
Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas
Stemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware
Altering your configuration's ruleset can also help speed things up, he found
When will OpenBSD, the source of pf, finally do the same? ***

ChaCha usage and deployment

A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
Unfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm ***

BSDMag June 2014 issue

The monthly online BSD magazine releases their newest issue
This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities
The free pdf file is available for download as always ***

Interview - Craig Rodrigues - rodrigc@freebsd.org

FreeBSD's continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns
With signify, now everything is fully downloaded and verified before tar is even invoked
The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post
Be sure to also read the original post from Adam, lots of good information ***

FreeBSD 9.3-RC2 is out

As the -RELEASE inches closer, release candidate 2 is out and ready for testing
Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
The updated bsdconfig will use pkgng style packages now too
A lesser known fact: there are also premade virtual machine images you can use too ***

pkgsrcCon 2014 wrap-up

In what may be the first real pkgsrcCon article we've ever had!
Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
Unfortunately no recordings to be found... ***

PostgreSQL FreeBSD performance and scalability

FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
Lots of technical details if you're interested in getting the best performance out of your hardware
It also includes specific kernel options he used and the rest of the configuration
If you don't want to open the pdf file, you can use this link too ***

Feedback/Questions

43: Package Design

JT Pennington — Wed, 25 Jun 2014 08:00:00 -0400

It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times "how do I keep my BSD box up to date?" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and schedule

The talks and schedules for EuroBSDCon 2014 are finally revealed
The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh
Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
It looks like Theo even has a talk, but the title isn't on the page... how mysterious
There are also days dedicated to some really interesting tutorials
Register now, the conference is on September 25-28th in Bulgaria
If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen
Why aren't the videos up from last year yet? Will this year also not have any? ***

FreeNAS vs NAS4Free

More mainstream news covering BSD, this time with an article about different NAS solutions
In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
"One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? ***

Quality software costs money, heartbleed was free

PHK writes an article for ACM Queue about open source software projects' funding efforts
A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc
The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding
The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software"
Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive ***

Geoblock evasion with pf and OpenBSD rdomains

Geoblocking is a way for websites to block visitors based on the location of their IP
This is a blog post about how to get around it, using pf and rdomains
It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)
In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

OpenBSD's package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
Adam Langley has a blog post about it, why they did it and how they're going to maintain it
You can easily browse the source code
Theo de Raadt also weighs in with how this effort relates to LibReSSL
More eyes on the code is good, and patches will be shared between the two projects ***

More BSD Tor nodes wanted

Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.
The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
Check out our Tor tutorial and help out the network, and promote BSD at the same time! ***

FreeBSD 10 OpenStack images

OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution."
The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit"
The author of the article is a regular listener and emailer of the show, hey! ***

BSDday 2014 call for papers

BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
It was created in 2008 and is the only BSD conference around that area
The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk
Sysadmins, developers and regular users are, of course, all welcome to come to the event ***

BSD Now - Episodes Tagged with “Boringssl”

44: Base ISO 100

This episode was brought to you by

Headlines

Interview - Craig Rodrigues - rodrigc@freebsd.org

Tutorial

News Roundup

Feedback/Questions

43: Package Design

This episode was brought to you by

Headlines

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

Tutorial

News Roundup

Feedback/Questions