51: Engineering Nginx

JT Pennington — Wed, 20 Aug 2014 08:00:00 -0400

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Password gropers take spamtrap bait

Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
He seems to have discovered another new weird phenomenon in his pop3 logs
"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
Someone tried to log in to his service with an address that was known to be invalid
The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose ***

Inside the Atheros wifi chipset

Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
Very technical talk; some parts might go over your head if you're not a driver developer
The raw video file is also available to download on archive.org
Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things ***

Trip report and hackathon mini-roundup

A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
Bapt also has a BSDCan report detailing his work on ports and packages
Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure ***

DragonFly BSD 3.8.2 released

Although it was already branched, the release media is now available for DragonFly 3.8.2
This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
It also includes some various other small fixes ***

Interview - Eric Le Blan - info@xinuos.com

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. ***

Don't encrypt all the things

Another couple of interesting blog posts from Ted Unangst about encryption
It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
He also talks a bit about some PGP weaknesses and a possible future replacement
He also has another, similar post entitled "in defense of opportunistic encryption" ***

New automounter lands in FreeBSD

The work on the new automounter has just landed in 11-CURRENT
With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
Check the SVN viewer online to read over the man pages if you're not running -CURRENT
You can also read a bit about it in the recent newsletter ***

OpenSSH 6.7 CFT

It's been a little while since the last OpenSSH release, but 6.7 is almost ready
Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
This version also officially supports being built with LibreSSL now
Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system ***

Feedback/Questions

27: BSD Now vs. BSDTalk

JT Pennington — Wed, 05 Mar 2014 08:00:00 -0500

The long-awaited meetup is finally happening on today's show. We're going to be interviewing the original BSD podcaster, Will Backman, to discuss what he's been up to and what the future of BSD advocacy looks like. After that, we'll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We've got answers to user-submitted questions and the latest news, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD and OpenBSD in GSOC2014

The Google Summer of Code is a way to encourage students to write code for open source projects and make some money
Both FreeBSD and OpenBSD were accepted, and we'd love for anyone listening to check out their GSOC pages
The FreeBSD wiki has a list of things that they'd be interested in someone helping out with
OpenBSD's want list was also posted
DragonflyBSD and NetBSD were sadly not accepted this year ***

Yes, you too can be an evil network overlord

A new blog post about monitoring your network using only free tools
OpenBSD is a great fit, and has all the stuff you need in the base system or via packages
It talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)
There's also details about flowd and nfsen, more great tools to make network monitoring easy
If you're listening, Peter... stop ignoring our emails and come on the show! We know you're watching! ***

BSDMag's February issue is out

The theme is "configuring basic services on OpenBSD 5.4"
There's also an interview with Peter Hansteen (oh hey...)
Topics also include locking down SSH, a GIMP lesson, user/group management, and...
Linux and Solaris articles? Why?? ***

Changes in bcrypt

Not specific to any OS, but the OpenBSD team is updating their bcrypt implementation
There is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has)
"The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor 'b'."
As long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward
Lots of specifics in the email, check the full thing ***

Interview - Will Backman - bitgeist@yahoo.com / @bsdtalk

The BSDTalk podcast, BSD advocacy, various topics

Tutorial

Tracking and cross-compiling -CURRENT (NetBSD)

News Roundup

X11 no longer needs root

Xorg has long since required root privileges to run the main server
With recent work from the OpenBSD team, now everything (even KMS) can run as a regular user
Now you can set the "machdep.allowaperture" sysctl to 0 and still use a GUI ***

OpenSSH 6.6 CFT

Shortly after the huge 6.5 release, we get a routine bugfix update
Test it out on as many systems as you can
Check the mailing list for the full bug list ***

Creating an OpenBSD USB drive

Since OpenBSD doesn't distribute any official USB images, here are some instructions on how to do it
Step by step guide on how you can make your very own
However, there's some recent emails that suggest official USB images may be coming soon... oh wait ***

PCBSD weekly digest

New PBI updates that allow separate ports from /usr/local
You need to rebuild pbi-manager if you want to try it out
Updates and changes to Life Preserver, App Cafe, PCDM ***

BSD Now - Episodes Tagged with “Spamd”

51: Engineering Nginx

This episode was brought to you by

Headlines

Interview - Eric Le Blan - info@xinuos.com

Tutorial

News Roundup

Feedback/Questions

27: BSD Now vs. BSDTalk

This episode was brought to you by

Headlines

Interview - Will Backman - bitgeist@yahoo.com / @bsdtalk

Tutorial

News Roundup

Feedback/Questions