38: A BUG's Life

We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year...


• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE


• Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support


• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more


• There's also some notes from the devsummit virtualization session, mostly talking about bhyve


• Lastly, he also provides some notes about ports and packages and where they're going
  ***

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?


• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD


• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely


• You can use this to get new 0day exploits or find weaknesses in your systems


• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications
  ***

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report


• It's a very "no nonsense" page, pretty much only the hard numbers


• In 2013, they got $26,000 of income in donations


• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else


• Be sure to donate to whichever BSDs you like and use!
  ***

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing


• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind


• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected


• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too


• There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up!
  ***

Interview - Brian Callahan & Aaron Bieber - [email protected] & [email protected]

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email


• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them


• From bad SSH logins to Zabbix alerts, it all adds up quickly


• It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers
  ***

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!


• He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project


• This is where OpenBSD routing domains and pf come in to save the day


• The blog post goes through the process with all the network details you could ever dream of


• He even named his networking equipment... after us
  ***

LibreSSL, the good and the bad

• We're all probably familiar with OpenBSD's fork of OpenSSL at this point


• However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk"


• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project


• You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled


• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility
  ***

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned


• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update


• In the more recent post, there's some further explanation of the PBI system and the reason for the transition


• It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
  ***

Feedback/Questions

• Antonio writes in


• Daniel writes in


• Sean writes in


• tsyn writes in


• Chris writes in
  ***