68: Just the Essentials

Coming up this week, we'll be talking with Michael Lucas about his newest BSD book, "FreeBSD Mastery: Storage Essentials." It's got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We've also got the usual round of news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines More BSD conference videos We mentioned it a few times, but the "New Directions in Operating Systems" conference was held in November in the UK The presentations videos are now online, with a few BSD-related talks of interest Antti Kantee, Rump kernels and why / how we got here Franco Fichtner, An introduction to userland networking Robert Watson, New ideas about old OS security Lots of other interesting, but non-BSD-related, talks were also presented, so check the full list if you're interested in operating systems in general The 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never) Kirk McKusick, An Overview of Security in the FreeBSD Kernel Matthew Ahrens, OpenZFS ensures the continued excellence of ZFS Eric Allman, Bambi Meets Godzilla: They Elope - Open Source Meets the Commercial World Scott Long, Modifying the FreeBSD kernel Netflix streaming servers Dru Lavigne, ZFS for the Masses Kris Moore, Snapshots, Replication, and Boot Environments David Chisnall, The Future of LLVM in the FreeBSD Toolchain Luba Tang, Bold, fast optimizing linker for BSD John Hixson, Introduction to FreeNAS development Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM Michael Dexter, Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite Peter Grehan, Nested Paging in Bhyve Martin Matuška, Deploying FreeBSD systems with Foreman and mfsBSD James Brown, Analysys of BSD Associate Exam Results Mindaugas Rasiukevicius, NPF - progress and perspective Luigi Rizzo, Netmap as a core networking technology Michael W. Lucas, Sudo: You're Doing it Wrong (not from a BSD conference, but still good) They should make for some great material to watch during the holidays *** OpenBSD vs FreeBSD security features From the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more This is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework If you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing There are also some good comments on DaemonForums and lobste.rs that you may want to read *** The password? You changed it, right? Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently He apparently reads his auth logs when he gets bored at an airport This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use More than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords Lots more details, including the lists of passwords and IPs, can be found in the full article If you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a "d-link" user anyway) *** Get started with FreeBSD, an intro for Linux users Another new BSD article on a mainstream technology news site - seems we're getting popular This article is written for Linux users who may be considering switching over to BSD and wondering what it's all about It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way "Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like" ** Interview - Michael W. Lucas - [email protected] / @mwlauthor FreeBSD Mastery: Storage Essentials News Roundup OpenSMTPD status update The OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately As of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7 Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with There's also another post that goes into detail on their upcoming filtering API - a feature many have requested The API is still being developed, but you can test it out now if you know what you're doing - full details in the article OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out *** OpenCrypto changes in FreeBSD A little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details The ICM and GCM modes of AES were added, and both include support for AESNI There's a new port - "nist-kat" - that can be used to test the new modes of operation Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages Code was also borrowed from both OpenBSD and NetBSD to make this possible *** First thoughts on OpenBSD's httpd Here we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6 The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up Be sure to check our interview with Reyk about the new httpd if you're curious on how it got started Also, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7 *** Steam on PCBSD One of the most common questions people who want to use BSD as a desktop ask us is "can I run games?" or "can I use steam?" Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE This video shows how to get Steam set up on PCBSD using the Windows version There are also some instructions in the video description to look over A second video details getting streaming set up *** Feedback/Questions Charlie writes in Sean writes in Predrag writes in ***