BSD Now - Episodes Tagged with “Cloud Computing”

51: Engineering Nginx

JT Pennington — Wed, 20 Aug 2014 08:00:00 -0400

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Password gropers take spamtrap bait

Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
He seems to have discovered another new weird phenomenon in his pop3 logs
"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
Someone tried to log in to his service with an address that was known to be invalid
The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose ***

Inside the Atheros wifi chipset

Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
Very technical talk; some parts might go over your head if you're not a driver developer
The raw video file is also available to download on archive.org
Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things ***

Trip report and hackathon mini-roundup

A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
Bapt also has a BSDCan report detailing his work on ports and packages
Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure ***

DragonFly BSD 3.8.2 released

Although it was already branched, the release media is now available for DragonFly 3.8.2
This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
It also includes some various other small fixes ***

Interview - Eric Le Blan - info@xinuos.com

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. ***

Don't encrypt all the things

Another couple of interesting blog posts from Ted Unangst about encryption
It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
He also talks a bit about some PGP weaknesses and a possible future replacement
He also has another, similar post entitled "in defense of opportunistic encryption" ***

New automounter lands in FreeBSD

The work on the new automounter has just landed in 11-CURRENT
With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
Check the SVN viewer online to read over the man pages if you're not running -CURRENT
You can also read a bit about it in the recent newsletter ***

OpenSSH 6.7 CFT

It's been a little while since the last OpenSSH release, but 6.7 is almost ready
Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
This version also officially supports being built with LibreSSL now
Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system ***

Feedback/Questions

43: Package Design

JT Pennington — Wed, 25 Jun 2014 08:00:00 -0400

It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times "how do I keep my BSD box up to date?" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and schedule

The talks and schedules for EuroBSDCon 2014 are finally revealed
The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh
Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
It looks like Theo even has a talk, but the title isn't on the page... how mysterious
There are also days dedicated to some really interesting tutorials
Register now, the conference is on September 25-28th in Bulgaria
If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen
Why aren't the videos up from last year yet? Will this year also not have any? ***

FreeNAS vs NAS4Free

More mainstream news covering BSD, this time with an article about different NAS solutions
In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
"One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? ***

Quality software costs money, heartbleed was free

PHK writes an article for ACM Queue about open source software projects' funding efforts
A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc
The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding
The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software"
Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive ***

Geoblock evasion with pf and OpenBSD rdomains

Geoblocking is a way for websites to block visitors based on the location of their IP
This is a blog post about how to get around it, using pf and rdomains
It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)
In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

OpenBSD's package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
Adam Langley has a blog post about it, why they did it and how they're going to maintain it
You can easily browse the source code
Theo de Raadt also weighs in with how this effort relates to LibReSSL
More eyes on the code is good, and patches will be shared between the two projects ***

More BSD Tor nodes wanted

Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.
The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
Check out our Tor tutorial and help out the network, and promote BSD at the same time! ***

FreeBSD 10 OpenStack images

OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution."
The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit"
The author of the article is a regular listener and emailer of the show, hey! ***

BSDday 2014 call for papers

BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
It was created in 2008 and is the only BSD conference around that area
The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk
Sysadmins, developers and regular users are, of course, all welcome to come to the event ***

Feedback/Questions

24: The Cluster & The Cloud

JT Pennington — Wed, 12 Feb 2014 08:00:00 -0500

This week on BSD Now... a wrap-up from NYCBSDCon! We'll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it's BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD 10 as a firewall

Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead
Now, with the release of 10.0, he's apparently changed his mind and switched back over
It mentions the SMP version of pf, general performance advantages and more modern features
The author is a regular listener of BSD Now, hi Joe! ***

Network Noise Reduction Using Free Tools

Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD
Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD's spamd and other security features to combat spam and malware
He goes through his experiences with content filtering and disappointment with a certain proprietary vendor
Not totally BSD-specific, lots of people can enjoy the article - lots of virus history as well ***

FreeBSD ASLR patches submitted

So far, FreeBSD hasn't had Address Space Layout Randomization
ASLR is a nice security feature, see wikipedia for more information
With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)
We might have Shawn on the show to talk about it, but he's also giving a presentation at BSDCan about his work with ASLR ***

Old-style pkg_ tools retired

At last the old pkg_add tools are being retired in FreeBSD
pkgng is a huge improvement, and now portmgr@ thinks it's time to cut the cord on the legacy toolset
Ports aren't going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go
All pkg_ tools will be considered unsupported on September 1, 2014 - even on older branches ***

Interview - Luke Marsden - luke@hybridcluster.com / @lmarsden

BSD at HybridCluster

Tutorial

Filesharing with chrooted SFTP

News Roundup

FreeBSD on OpenStack

OpenStack is a cloud computing project
It consists of "a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API."
Until now, there wasn't a good way to run a full BSD instance on OpenStack
With a project in the vein of Colin Percival's AWS startup scripts, now that's no longer the case! ***

FOSDEM BSD videos

This year's FOSDEM had seven BSD presentations
The videos are slowly being uploaded for your viewing pleasure
Not all of the BSD ones are up yet, but by the time you're watching this they might be!
Check this directory for most of 'em
The BSD dev room was full, lots of interest in what's going on from the other communities ***

The FreeBSD challenge finally returns!

Due to prodding from a certain guy of a certain podcast, the "FreeBSD Challenge" series has finally resumed
Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey
This time he outlines the upgrade process of going from 9 to 10, using freebsd-update
There's also some notes about different options for upgrading ports and some extra tips ***

PCBSD weekly digest

After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while
During their "fine tuning phase" users are encouraged to submit any and all bugs via the trac system
Warden got some fixes and the package manager got some updates as well
Huge size reduction in PBI format ***