29: P.E.F.S.

We're back from AsiaBSDCon! This week we'll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we'll give you a step by step guide on how to actually use it. There's also the usual round of your questions and we've got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using


• They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that


• There's the benefit of not needing a known_hosts file or authorized_users file anymore


• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication
  ***

Back to FreeBSD, a new series

• Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey


• "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"


• He's starting off with PCBSD since it's easy to get working with dual graphics


• Should be a fun series to follow!
  ***

OpenBSD's recent experiments in package building

• If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb


• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware


• This article goes through some of his findings and plans for future versions that increase performance


• We'll be showing a tutorial of dpb on the show in a few weeks
  ***

Securing FreeBSD with 2FA

• So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?


• This post walks us through the process of locking down an ssh server with 2FA


• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections
  ***

Interview - Gleb Kurtsou - [email protected]

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!


• The prices are available along with a full list of presentations


• Tutorial sessions for various topics as well


• You have to go
  ***

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising


• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3


• They've also imported nginx into base a few years ago, but now have finally removed Apache


• Sendmail is also no longer the default MTA, OpenSMTPD is the new default


• Will BIND be removed next? Maybe so


• They've also discontinued the hp300, mvme68k and mvme88k ports
  ***

Getting to know your portmgr lurkers

• The "getting to know your portmgr" series makes its return


• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)


• How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"


• Mentions why he's still heavily involved with the project and lots more
  ***

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.0.1


• There's a new "pc-mixer" utility being worked on for sound management as well


• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more


• PCBSD 10.0.1 was released too
  ***

Feedback/Questions

• Alex writes in


• Ben writes in


• Nick writes in


• Sami writes in


• Christopher writes in
  ***