BSD Now - Episodes Tagged with “Freebsd Mastery”

68: Just the Essentials

JT Pennington — Wed, 17 Dec 2014 08:00:00 -0500

Coming up this week, we'll be talking with Michael Lucas about his newest BSD book, "FreeBSD Mastery: Storage Essentials." It's got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We've also got the usual round of news and answers to your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

OpenBSD vs FreeBSD security features

From the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security
The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
This is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework
If you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing
There are also some good comments on DaemonForums and lobste.rs that you may want to read ***

The password? You changed it, right?

Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently
He apparently reads his auth logs when he gets bored at an airport
This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
More than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords
Lots more details, including the lists of passwords and IPs, can be found in the full article
If you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a "d-link" user anyway) ***

Get started with FreeBSD, an intro for Linux users

Another new BSD article on a mainstream technology news site - seems we're getting popular
This article is written for Linux users who may be considering switching over to BSD and wondering what it's all about
It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
"Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like" **

Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

The OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately
As of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with
There's also another post that goes into detail on their upcoming filtering API - a feature many have requested
The API is still being developed, but you can test it out now if you know what you're doing - full details in the article
OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out ***

OpenCrypto changes in FreeBSD

A little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC
Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
The ICM and GCM modes of AES were added, and both include support for AESNI
There's a new port - "nist-kat" - that can be used to test the new modes of operation
Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
Code was also borrowed from both OpenBSD and NetBSD to make this possible ***

First thoughts on OpenBSD's httpd

Here we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6
The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
Be sure to check our interview with Reyk about the new httpd if you're curious on how it got started
Also, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7 ***

Steam on PCBSD

One of the most common questions people who want to use BSD as a desktop ask us is "can I run games?" or "can I use steam?"
Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE
This video shows how to get Steam set up on PCBSD using the Windows version
There are also some instructions in the video description to look over
A second video details getting streaming set up ***

Feedback/Questions

48: Liberating SSL

JT Pennington — Wed, 30 Jul 2014 08:00:00 -0400

Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD quarterly status report

FreeBSD has gotten quite a lot done this quarter
Changes in the way release branches are supported - major releases will get at least five years over their lifespan
A new automounter is in the works, hoping to replace amd (which has some issues)
The CAM target layer and RPC stack have gotten some major optimization and speed boosts
Work on ZFSGuru continues, with a large status report specifically for that
The report also mentioned some new committers, both source and ports
It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
"Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

Work has begun on a new HTTP daemon in the OpenBSD base system
A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
This has the added benefit of the usual, easy-to-understand syntax and privilege separation
There's a very brief man page online already
It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

The newest version of FreeBSD's second generation package management system has been released, with lots of new features
It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
Lots of the code has been sandboxed for extra security
You'll probably notice some new changes to the UI too, making things more user friendly
A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

A number of people have written in to ask us "how do I secure my BSD box after I install it?"
With this blog post, hopefully most of their questions will finally be answered in detail
It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
Not only does it just list things to do, but the post also does a good job of explaining why you should do them
Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

MWL's new book about the FreeBSD storage subsystems now has an early draft available
Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
You'll get access to the completed (e)book when it's done if you buy the early draft
The suggested price is $8 ***

Why BSD and not Linux?

Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
Lots of good responses from users of the various BSDs
Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

Following up from last week's huge list of hackathon reports, we have a few more
Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
The main topic of discussion is mandoc, which some users might not be familiar with
mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
We'll catch up to you soon, Will! ***

Feedback/Questions

Thomas writes in
Stephen writes in
Sha'ul writes in
Florian writes in
Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***