1. EachPod

73: Pipe Dreams

Author
JT Pennington
Published
Wed 21 Jan 2015
Episode Link
https://www.bsdnow.tv/73

This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.

This episode was brought to you by


Headlines

FreeBSD quarterly status report


  • The FreeBSD team has posted an updated on some of their activities between October and December of 2014

  • They put a big focus on compatibility with other systems: the Linux emulation layer, bhyve, WINE and Xen all got some nice improvements

  • As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure

  • The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs

  • FreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)

  • Git was promoted from beta to an officially-supported version control system (Kris is happy)

  • The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints

  • Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more "cloud" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements

  • Check out the full report for all the details that we didn't cover
    ***

OpenBSD package signature audit


  • "Linux Audit" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes

  • They recently did an article about OpenBSD, specifically their ports and package system and signing infrastructure

  • The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed

  • Package signature formats and public key distribution methods are also touched on

  • After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future

  • If you haven't seen our episode about signify with Ted Unangst, that would be a great one to check out after reading this
    ***

Replacing a Linux router with BSD


  • There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one

  • The poster begins with "I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs."

  • A lot of people were quick to recommend OPNsense and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)

  • Other commenters suggested a more hands-on approach, setting one up yourself with FreeBSD or OpenBSD

  • If you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through

  • Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information
    ***

LibreSSL in FreeBSD and OPNsense


  • A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)

  • The reasoning being that updates in base tend to lag behind, whereas the port can be updated for security very quickly

  • OPNsense developers are looking into switching away from OpenSSL to LibreSSL's portable version, for both their ports and base system, which would be a pretty huge differentiator for their project

  • Some ports still need fixing to be compatible though, particularly a few python-related ones

  • If you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs

  • A lot of the work has already been done in OpenBSD's ports tree - some patches just need to be adopted

  • More and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it
    ***

Interview - David Maxwell - [email protected] / @david_w_maxwell

Pipecut, text processing, commandline wizardry


News Roundup

Jetpack, a new jail container system


  • A new project was launched to adapt FreeBSD jails to the "app container specification"

  • While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker

  • It's a similar project to iocage or bsdploy, which we haven't talked a whole lot about

  • There was also some discussion about it on Hacker News
    ***

Separating base and package binaries


  • All of the main BSDs make a strong separation between the base system and third party software

  • This is in contrast to Linux where there's no real concept of a "base system" - more recently, some distros have even merged all the binaries into a single directory

  • A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies

  • Read the comments for the full explanation, but having things separated really helps keep things organized
    ***

Updated i915kms driver for FreeBSD


  • This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward

  • It doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added
    ***

Year of the OpenBSD desktop


  • Here we have an article about using OpenBSD as a daily driver for regular desktop usage

  • The author says he "ran fifty thousand different distributions, never being satisfied"

  • After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook

  • He also used FreeBSD between versions 7 and 9, finding a "a mostly harmonious environment," but regressions lead him to give up on desktop *nix once again

  • Starting with 2015, he's back and is using OpenBSD on a Thinkpad x201

  • The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup

  • He apparently used our desktop tutorial - thanks for watching!
    ***

Unattended FreeBSD installation


  • A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE

  • His goal was to have a setup similar to Redhat's "kickstart" or OpenBSD's autoinstall

  • The article shows you how to set up DHCP and TFTP, with no NFS share setup required

  • He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you
    ***

Feedback/Questions

Mailing List Gold

Share to: