29: P.E.F.S.

JT Pennington — Wed, 19 Mar 2014 08:00:00 -0400

We're back from AsiaBSDCon! This week we'll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we'll give you a step by step guide on how to actually use it. There's also the usual round of your questions and we've got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
There's the benefit of not needing a known_hosts file or authorized_users file anymore
The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication ***

Back to FreeBSD, a new series

Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
"So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
He's starting off with PCBSD since it's easy to get working with dual graphics
Should be a fun series to follow! ***

OpenBSD's recent experiments in package building

If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
This article goes through some of his findings and plans for future versions that increase performance
We'll be showing a tutorial of dpb on the show in a few weeks ***

Securing FreeBSD with 2FA

So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
This post walks us through the process of locking down an ssh server with 2FA
With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections ***

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

Registration is finally open!
The prices are available along with a full list of presentations
Tutorial sessions for various topics as well
You have to go ***

Big changes for OpenBSD 5.6

Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
They've also imported nginx into base a few years ago, but now have finally removed Apache
Sendmail is also no longer the default MTA, OpenSMTPD is the new default
Will BIND be removed next? Maybe so
They've also discontinued the hp300, mvme68k and mvme88k ports ***

Getting to know your portmgr lurkers

The "getting to know your portmgr" series makes its return
This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
Mentions why he's still heavily involved with the project and lots more ***

PCBSD weekly digest

Work has started to port Pulseaudio to PCBSD 10.0.1
There's a new "pc-mixer" utility being worked on for sound management as well
New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
PCBSD 10.0.1 was released too ***

Feedback/Questions

16: Cryptocrystalline

JT Pennington — Wed, 18 Dec 2013 08:00:00 -0500

This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Secure communications with OpenBSD and OpenVPN

Starting off today's theme of encryption...
A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)
Part 2 covers the initial setup of OpenVPN certificates and keys
Parts 3 and 4 are the OpenVPN server and client configuration
Part 5 is some updates and closing remarks ***

FreeBSD Foundation Newsletter

The December 2013 semi-annual newsletter was sent out from the foundation
In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
The president's letter alone is worth the read, really amazing
Really long, with lots of details and stories from the conferences and projects ***

Use of NetBSD with Marvell Kirkwood Processors

Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."
Really cool little NetBSD ARM project with lots of graphs, pictures and details ***

Experimenting with zero-copy network IO

Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD
Discusses the different OS' implementations and options
He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there
Tons of details, check the full post ***

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Tutorial

Full disk encryption in FreeBSD & OpenBSD

News Roundup

OpenZFS office hours

Our buddy George Wilson sat down to take some ZFS questions from the community
You can see more info about it here ***

License summaries in pkgng

A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow
Maybe we could get a "pkg licenses" command to display the license of all installed packages
Ok bapt, do it ***

The FreeBSD challenge continues

Checking in with our buddy from the Linux foundation...
The switching from Linux to FreeBSD blog series continues for his month-long trial
Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."
Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more ***

Ports gets a stable branch

For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch
This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes
All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 ***

BSD Now - Episodes Tagged with “Fde”

29: P.E.F.S.

This episode was brought to you by

Headlines

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

Tutorial

News Roundup

Feedback/Questions

16: Cryptocrystalline

This episode was brought to you by

Headlines

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Tutorial

News Roundup

Feedback/Questions