53: It's HAMMER Time

JT Pennington — Wed, 03 Sep 2014 08:00:00 -0400

It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD foundation's new IPSEC project

The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code
With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance
This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD
The updated stack will also support AES-NI for hardware-based encryption speed ups
It's expected to be completed by the end of September, and will also be in pfSense 2.2 ***

NetBSD at Shimane Open Source Conference 2014

The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23
One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary
They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations
Some visitors said that NetBSD had the most chaotic booth at the conference ***

pfSense 2.1.5 released

A new version of the pfSense 2.1 branch is out
Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month)
It also includes many other bug fixes, check the blog post for the full list ***

Systems, Science and FreeBSD

Our friend George Neville-Neil gave a presentation at Microsoft Research
It's mainly about using FreeBSD as a platform for research, inside and outside of universities
The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more ***

Interview - Reyk Floeter - reyk@openbsd.org / @reykfloeter

OpenBSD's HTTP daemon

Tutorial

A crash course on HAMMER FS

News Roundup

OpenBSD's rcctl tool usage

OpenBSD recently got a new tool for managing /etc/rc.conf.local in -current
Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services
This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services
It won't make it to 5.6, but will be in 5.7 (next May) ***

pfSense mini-roundup

We found five interesting pfSense articles throughout the week and wanted to quickly mention them
The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service
The second post talks about setting ip IPv6, in particular if Comcast is your ISP
The third one features pfSense on Softpedia, a more mainstream tech site
The fourth post describes how to filter HTTPS traffic with Squid and pfSense
The last article describes setting up a VPN using the "tinc" daemon and pfSense
It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about
This pfSense HQ website seems to have lots of other cool pfSense items, check it out ***

OpenBSD's new buffer cache

OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems
Ted Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work
Initial tests show positive results in terms of cache responsiveness
Check the post for all the fine details ***

BSDTalk episode 244

Another new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment
They discuss the history of development, differences between it and other DEs, lots of topics
If you're more of a visual person, fear not, because...
We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications ***

Feedback/Questions

51: Engineering Nginx

JT Pennington — Wed, 20 Aug 2014 08:00:00 -0400

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Password gropers take spamtrap bait

Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
He seems to have discovered another new weird phenomenon in his pop3 logs
"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
Someone tried to log in to his service with an address that was known to be invalid
The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose ***

Inside the Atheros wifi chipset

Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
Very technical talk; some parts might go over your head if you're not a driver developer
The raw video file is also available to download on archive.org
Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things ***

Trip report and hackathon mini-roundup

A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
Bapt also has a BSDCan report detailing his work on ports and packages
Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure ***

DragonFly BSD 3.8.2 released

Although it was already branched, the release media is now available for DragonFly 3.8.2
This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
It also includes some various other small fixes ***

Interview - Eric Le Blan - info@xinuos.com

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. ***

Don't encrypt all the things

Another couple of interesting blog posts from Ted Unangst about encryption
It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
He also talks a bit about some PGP weaknesses and a possible future replacement
He also has another, similar post entitled "in defense of opportunistic encryption" ***

New automounter lands in FreeBSD

The work on the new automounter has just landed in 11-CURRENT
With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
Check the SVN viewer online to read over the man pages if you're not running -CURRENT
You can also read a bit about it in the recent newsletter ***

OpenSSH 6.7 CFT

It's been a little while since the last OpenSSH release, but 6.7 is almost ready
Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
This version also officially supports being built with LibreSSL now
Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system ***

BSD Now - Episodes Tagged with “Webserver”

53: It's HAMMER Time

This episode was brought to you by

Headlines

Interview - Reyk Floeter - reyk@openbsd.org / @reykfloeter

Tutorial

News Roundup

Feedback/Questions

51: Engineering Nginx

This episode was brought to you by

Headlines

Interview - Eric Le Blan - info@xinuos.com

Tutorial

News Roundup

Feedback/Questions