This episode was brought to you by

Headlines

Enabling FreeBSD on AArch64

• One of the things the FreeBSD foundation has been dumping money into lately is ARM64 support, but we haven't heard too much about it - this article should change that
• Since it's on a mainstream ARM site, the article begins with a bit of FreeBSD history, leading up to the current work on ARM64
• There's also a summary of some of the ARM work done at this year's BSDCan, including details about running it on the Cavium ThunderX platform (which has 48 cores)
• As of just a couple months ago, dtrace is even working on this new architecture
• Come 11.0-RELEASE, the plan is for ARM64 to get the same "tier 1" treatment as X86, which would imply binary updates for base and ports - something Raspberry Pi users often complain about not having ***

OpenBSD's tcpdump detailed

• Most people are probably familiar with tcpdump, a very useful packet sniffing and capturing utility that's included in all the main BSD base systems
• This video guide is specifically about the version in OpenBSD, which has gone through some major changes (it's pretty much a fork with no version number anymore)
• Unlike on the other platforms, OpenBSD's tcpdump will always run in a chroot as an unprivileged user - this has saved it from a number of high-profile exploits
• It also has support for the "pf.os" system, allowing you to filter out operating system fingerprints in the packet captures
• There's also PF (and pflog) integration, letting you see which line in your ruleset triggered a specific match
• Being able to run tcpdump directly on your router is pretty awesome for troubleshooting ***

More FreeBSD foundation at BSDCan

• The FreeBSD foundation has another round of trip reports from this year's BSDCan
• First up is Kamil Czekirda, who gives a good summary of some of the devsummit, FreeBSD-related presentations, some tutorials, getting freebsd-update bugs fixed and of course eating cake
• A second post from Christian Brueffer, who cleverly planned ahead to avoid jetlag, details how he got some things done during the FreeBSD devsummit
• Their third report is from our buddy Warren Block, who (unsurprisingly) worked on a lot of documentation-related things, including getting more people involved with writing them
• In true doc team style, his report is the most well-written of the bunch, including lots of links and a clear separation of topics (doc lounge, contributing to the wiki, presentations...)
• Finally, the fourth one comes to us from Shonali Balakrishna, who also gives an outline of some of the talks
• "Not only does a BSD conference have way too many very smart people in one room, but also some of the nicest." ***

DragonFly on the Chromebook C720

• If you've got one of the Chromebook laptops and weren't happy with the included OS, DragonFlyBSD might be worth a go
• This article is a "mini-report" on how DragonFly functions on the device as a desktop, and
• While the 2GB of RAM proved to be a bit limiting, most of the hardware is well-supported
• DragonFly's wiki has a full guide on getting set up on one of these devices as well ***

Interview - David Meyer - info@xinuos.com / @xinuos

Xinuos, BSD license model vs. others, community interaction

News Roundup

Introducing LiteBSD

• We definitely don't talk about 4.4BSD a lot on the show
• LiteBSD is "a variant of [the] 4.4BSD operating system adapted for microcontrollers"
• If you've got really, really old hardware (or are working in the embedded space) then this might be an interesting hobby project to look info ***

HardenedBSD announces ASLR completion

• HardenedBSD, now officially a full-on fork of FreeBSD, has declared their ASLR patchset to be complete
• The latest and last addition to the work was VDSO (Virtual Dynamic Shared Object) randomization, which is now configurable with a sysctl
• This post gives a summary of the six main features they've added since the beginning
• Only a few small things are left to do - man page cleanups, possibly shared object load order improvements ***

Unlock the reaper

• In the ongoing quest to make more of OpenBSD SMP-friendly, a new patch was posted that unlocks the reaper in the kernel
• When there's a zombie process causing a resource leak, it's the reaper's job to deallocate their resources (and yes we're still talking about computers, not horror movies)
• Initial testing has yielded positive results and no regressions
• They're looking for testers, so you can install a -current snapshot and get it automatically
• An updated version of the patch is coming soon too
• A hackathon is going on right now, so you can expect more SMP improvements in the near future ***

The importance of mentoring

• Adrian Chadd has a blog post up about mentoring new users, and it tells the story of how he originally got into FreeBSD
• He tells the story of, at age 11, meeting someone else who knew about making crystal sets that became his role model
• Eventually we get to his first FreeBSD 1.1 installation (which he temporarily abandoned for Linux, since it didn't have a color "ls" command) and how he started using the OS
• Nowadays, there's a formal mentoring system in FreeBSD
• While he talks about FreeBSD in the post, a lot of the concepts apply to all the BSDs (or even just life in general) ***

Feedback/Questions

• Sean writes in
• Herminio writes in
• Stuart writes in
• Richard writes in ***

This episode was brought to you by

Headlines

Password gropers take spamtrap bait

• Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
• He seems to have discovered another new weird phenomenon in his pop3 logs
• "yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
• Someone tried to log in to his service with an address that was known to be invalid
• The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose ***

Inside the Atheros wifi chipset

• Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
• He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
• There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
• Very technical talk; some parts might go over your head if you're not a driver developer
• The raw video file is also available to download on archive.org
• Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things ***

Trip report and hackathon mini-roundup

• A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
• Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
• Bapt also has a BSDCan report detailing his work on ports and packages
• Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
• Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
• Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure ***

DragonFly BSD 3.8.2 released

• Although it was already branched, the release media is now available for DragonFly 3.8.2
• This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
• It also includes some various other small fixes ***

Interview - Eric Le Blan - info@xinuos.com

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

• Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
• This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
• He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
• The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. ***

Don't encrypt all the things

• Another couple of interesting blog posts from Ted Unangst about encryption
• It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
• After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
• He also talks a bit about some PGP weaknesses and a possible future replacement
• He also has another, similar post entitled "in defense of opportunistic encryption" ***

New automounter lands in FreeBSD

• The work on the new automounter has just landed in 11-CURRENT
• With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
• Check the SVN viewer online to read over the man pages if you're not running -CURRENT
• You can also read a bit about it in the recent newsletter ***

OpenSSH 6.7 CFT

• It's been a little while since the last OpenSSH release, but 6.7 is almost ready
• Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
• It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
• This version also officially supports being built with LibreSSL now
• Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system ***

Feedback/Questions

• David writes in
• Lachlan writes in
• Francis writes in
• Frank writes in
• Sean writes in ***