23: Time Signatures

JT Pennington — Wed, 05 Feb 2014 08:00:00 -0500

On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD foundation's 2013 fundraising results

The FreeBSD foundation finally counted all the money they made in 2013
$768,562 from 1659 donors
Nice little blog post from the team with a giant beastie picture
"We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon."
A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) ***

OpenSSH 6.5 released

We mentioned the CFT last week, and it's finally here!
New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it)
Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA
Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login lol~
New bcrypt private key type, 500,000,000 times harder to brute force
Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one
Portable version already in FreeBSD -CURRENT, and ports
Lots more bugfixes and features, see the full release note or our interview with Damien
Work has already started on 6.6, which can be used without OpenSSL! ***

Crazed Ferrets in a Berkeley Shower

In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: "It’s actually stood up fairly well to the test of time, but it’s fourteen years old now."
This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman
Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL
Check out the full post if you're one of those people that gets into license arguments
The takeaway is "BSD is about making the world a better place. For everyone." ***

OpenBSD on BeagleBone Black

Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi
A blog post about installing OpenBSD on a BBB from.. our guest for today!
He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black"
It goes through the whole process, details different storage options and some workarounds
Could be a really fun weekend project if you're interested in small or embedded devices ***

Interview - Ted Unangst - tedu@openbsd.org / @tedunangst

OpenBSD's signify infrastructure, ZFS on OpenBSD

Tutorial

Running an NTP server

News Roundup

Getting started with FreeBSD

A new video and blog series about starting out with FreeBSD
The author has been a fan since the 90s and has installed it on every server he's worked with
He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users
The first video is the installation, then he goes on to packages and other topics - 4 videos so far ***

More OpenBSD hackathon reports

As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience
He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work
This summary goes into detail about all the stuff he got done there ***

X11 in a jail

We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!
A new tunable option will let jails access /dev/kmem and similar device nodes
Along with a change to DRM, this allows full X11 in a jail
Be sure to check out our jail tutorial and jailed VNC tutorial for ideas ***

PCBSD weekly digest

10.0 "Joule Edition" finally released!
AMD graphics are now officially supported
GNOME3, MATE and Cinnamon desktops are available
Grub updates and fixes
PCBSD also got a mention in eweek ***

Feedback/Questions

16: Cryptocrystalline

JT Pennington — Wed, 18 Dec 2013 08:00:00 -0500

This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Secure communications with OpenBSD and OpenVPN

Starting off today's theme of encryption...
A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)
Part 2 covers the initial setup of OpenVPN certificates and keys
Parts 3 and 4 are the OpenVPN server and client configuration
Part 5 is some updates and closing remarks ***

FreeBSD Foundation Newsletter

The December 2013 semi-annual newsletter was sent out from the foundation
In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
The president's letter alone is worth the read, really amazing
Really long, with lots of details and stories from the conferences and projects ***

Use of NetBSD with Marvell Kirkwood Processors

Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."
Really cool little NetBSD ARM project with lots of graphs, pictures and details ***

Experimenting with zero-copy network IO

Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD
Discusses the different OS' implementations and options
He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there
Tons of details, check the full post ***

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Tutorial

Full disk encryption in FreeBSD & OpenBSD

News Roundup

OpenZFS office hours

Our buddy George Wilson sat down to take some ZFS questions from the community
You can see more info about it here ***

License summaries in pkgng

A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow
Maybe we could get a "pkg licenses" command to display the license of all installed packages
Ok bapt, do it ***

The FreeBSD challenge continues

Checking in with our buddy from the Linux foundation...
The switching from Linux to FreeBSD blog series continues for his month-long trial
Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."
Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more ***

Ports gets a stable branch

For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch
This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes
All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 ***

BSD Now - Episodes Tagged with “Ecc”

23: Time Signatures

This episode was brought to you by

Headlines

Interview - Ted Unangst - tedu@openbsd.org / @tedunangst

Tutorial

News Roundup

Feedback/Questions

16: Cryptocrystalline

This episode was brought to you by

Headlines

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Tutorial

News Roundup

Feedback/Questions