50: VPN, My Dear Watson

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

MeetBSD 2014 is approaching

• The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California


• MeetBSD has an "unconference" format, which means there will be both planned talks and community events


• All the extra details will be on their site soon


• It also has hotels and various other bits of useful information - hopefully with more info on the talks to come


• Of course, EuroBSDCon is coming up before then
  ***

First experiences with OpenBSD

• A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"


• The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try


• He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"


• From there, it talks about how he used the OpenBSD USB image and got a fully-working system


• He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration


• Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user!
  ***

NetBSD rump kernels on bare metal (and Kansai OSC report)

• When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right


• However, NetBSD's rump kernels - a very unique concept - make this process a lot easier


• This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week


• Also have a look back at episode 8 for our interview about rump kernels and what exactly they do


• While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight
  ***

OpenSSL and LibreSSL updates

• OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)


• Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more


• LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them


• Whichever version of whatever SSL you use, make sure it's patched for these issues


• DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)
  ***

Interview - Robert Watson - [email protected]

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

• If you use git (like a certain host of this show) then you've probably considered setting up your own server


• This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend


• It even shows you how to set up multiple repos with key-based user separation and other cool things


• The author of the post is also a listener of the show, thanks for sending it in!
  ***

Backup devices for small businesses

• In this article, different methods of data storage and backup are compared


• After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer


• He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers


• It also goes over some of the hardware specifics in the FreeNAS Mini
  ***

A new Xenocara interview

• As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara


• If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches


• In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing


• Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there
  ***

Building a high performance FreeBSD samba server

• If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?


• FreeBSD, ZFS and Samba obviously!


• The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients


• This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)


• It doesn't even require the newest or best hardware with the right changes, pretty cool
  ***

Feedback/Questions

• An interesting Reddit thread (or two)


• PB writes in


• Sean writes in


• Steve writes in


• Lachlan writes in


• Justin writes in
  ***