NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

FreeBSD Foundation Statement on the European Union Cyber Resiliency Act

DragonFly BSD on a Thinkpad T480s

News Roundup

Ampere in the Wild: How FreeBSD Employs Ampere Arm64 Servers in the Data Center

FreeBSD Yubikey authentication

That time I almost added Tetris to htop

Beastie Bits

Mail Software Projects for You
At long last: the MWL Title Index
FreeBSD on a RPi

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

The Design and Implementation of the NetBSD rc.d system

How I would sell OpenBSD as a salesperson

News Roundup

Speeding up autoconf with caching

Allowing non-root execution of a jailed application

Configure login(1) and sshd(8) for YubiKey on OpenBSD

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Glen - Thanks Todd

• Karl - Memory Question

• alejandro - Tom's laptop

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

yubikey-agent on FreeBSD

Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)

---

Manage Kubernetes clusters from OpenBSD

This should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release
Update 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.

---

News Roundup

History of FreeBSD Part 1: Unix and BSD

FreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.

---

Running Jitsi-Meet in a FreeBSD Jail

Due to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.
That way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.

• Grafana for Jitsi-Meet ***

Command Line Bug Hunting in FreeBSD

FreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.

---

Beastie Bits

• Game of Github
• + Wireguard official merged into OpenBSD ***

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Florian : Lua for $HOME
• Kevin : FreeBSD Source Question

• Tom : HomeLabs

  ---

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

  ---

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
• They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
• There's the benefit of not needing a known_hosts file or authorized_users file anymore
• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication ***

Back to FreeBSD, a new series

• Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
• "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
• He's starting off with PCBSD since it's easy to get working with dual graphics
• Should be a fun series to follow! ***

OpenBSD's recent experiments in package building

• If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
• This article goes through some of his findings and plans for future versions that increase performance
• We'll be showing a tutorial of dpb on the show in a few weeks ***

Securing FreeBSD with 2FA

• So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
• This post walks us through the process of locking down an ssh server with 2FA
• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections ***

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!
• The prices are available along with a full list of presentations
• Tutorial sessions for various topics as well
• You have to go ***

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
• They've also imported nginx into base a few years ago, but now have finally removed Apache
• Sendmail is also no longer the default MTA, OpenSMTPD is the new default
• Will BIND be removed next? Maybe so
• They've also discontinued the hp300, mvme68k and mvme88k ports ***

Getting to know your portmgr lurkers

• The "getting to know your portmgr" series makes its return
• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
• How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
• Mentions why he's still heavily involved with the project and lots more ***

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.0.1
• There's a new "pc-mixer" utility being worked on for sound management as well
• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
• PCBSD 10.0.1 was released too ***

Feedback/Questions

• Alex writes in
• Ben writes in
• Nick writes in
• Sami writes in
• Christopher writes in ***