78: From the Foundation (Part 2)

This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2015 schedule The list of presentations for the upcoming BSDCan conference has been posted, and the time schedule should be up shortly as well Just a reminder: it's going to be held on June 12th and 13th at the University of Ottawa in Canada This year's conference will have a massive fifty talks, split up between four tracks instead of three (but unfortunately a person can only be in one place at a time) Both Allan and Kris had at least one presentation accepted, and Allan will also be leading a few "birds of a feather" gatherings In total, there will be three NetBSD talks, five OpenBSD talks, eight BSD-neutral talks, thirty-five FreeBSD talks and no DragonFly talks That's not the ideal balance we'd hope for, but BSDCan says they'll try to improve that next year Those numbers are based on the speaker's background, or any past presentations, for the few whose actual topic wasn't made obvious from the title (so there may be a small margin of error) Michael Lucas (who's on the BSDCan board) wrote up a blog post about the proposals and rejections this year If you can't make it this year, don't worry, we'll be sure to announce the recordings when they're made available We also interviewed Dan Langille about the conference and what to expect this year, so check that out too *** SSL interception with relayd There was a lot of commotion recently about superfish, a way that Lenovo was intercepting HTTPS traffic and injecting advertisements If you're running relayd, you can mimic this evil setup on your own networks (just for testing of course…) Reyk Floeter, the guy who wrote relayd, came up a blog post about how to do just that It starts off with some backstory and some of the things relayd is capable of relayd can run as an SSL server to terminate SSL connections and forward them as plain TCP and, conversely, run as an SSL client to terminal plain TCP connections and tunnel them through SSL When you combine these two, you end up with possibilities to filter between SSL connections, effectively creating a MITM scenario The post is very long, with lots of details and some sample config files - the whole nine yards *** OPNsense 15.1.6.1 released The OPNsense team has released yet another version in rapid succession, but this one has some big changes It's now based on FreeBSD 10.1, with all the latest security patches and driver updates (as well as some in-house patches) This version also features a new tool for easily upgrading between versions, simply called "opnsense-update" (similar to freebsd-update) It also includes security fixes for BIND and PHP, as well as some other assorted bug fixes The installation images have been laid out in a clean way: standard CD and USB images that default to VGA, as well as USB images that default to a console output (for things like Soekris and PCEngines APU boards that only have serial ports) With the news of m0n0wall shutting down last week, they've also released bare minimum hardware specifications required to run OPNsense on embedded devices Encouraged by last week's mention of PCBSD trying to cut ties with OpenSSL, OPNsense is also now providing experimental images built against LibreSSL for testing (and have instructions on how to switch over without reinstalling) *** OpenBSD on a Minnowboard Max What would our show be without at least one story about someone installing BSD on a weird device For once, it's actually not NetBSD… This article is about the minnowboard max, a very small X86-based motherboard that looks vaguely similar to a Raspberry Pi It's using an Atom CPU instead of ARM, so overall application compatibility should be a bit better (and it even has AES-NI, so crypto performance will be much better than a normal Atom) The author describes his entirely solid-state setup, noting that there's virtually no noise, no concern about hard drives dying and very reasonable power usage You'll find instructions on how to get OpenBSD installed and going throughout the rest of the article Have a look at the spec sheet if you're interested, they make for cool little BSD boxes *** Netmap for 40gbit NICs in FreeBSD Luigi Rizzo posted an announcement to the -current mailing list, detailing some of the work he's just committed The ixl(4) driver, that's one for the X1710 40-gigabit card, now has netmap support It's currently in 11-CURRENT, but he says it works in 10-STABLE and will be committed there too This should make for some serious packet-pushing power If you have any network hardware like this, he would appreciate testing for the new code *** Interview - Ken Westerback - [email protected] The OpenBSD foundation's activities News Roundup s2k15 hackathon report: dhclient/dhcpd/fdisk The second trip report from the recent OpenBSD hackathon has been published, from the very same guy we just talked to Ken was also busy, getting a few networking-related things fixed and improved in the base system He wrote a few new small additions for dhclient and beefed up the privsep security, as well as some fixes for tcpdump and dhcpd The fdisk tool also got worked on a bit, enabling OpenBSD to properly wipe GPT tables on a previously-formatted disk so you can do a normal install on it There's apparently plans for "dhclientng" - presumably a big improvement (rewrite?) of dhclient *** FreeBSD beginner video series A new series of videos has started on YouTube, aimed at helping total beginners learn about FreeBSD We usually assume that people who watch the show are already familiar with basic concepts, but they'd be a great introduction to any of your friends that are looking to get started with BSD and need a helping hand So far, he's covered how to get FreeBSD, an introduction to installing in VirtualBox, a simple installation or a more in-depth manual installation, navigating the filesystem, basic ssh use, managing users and groups and finally some basic editing with vi and a few other topics Everyone's gotta start somewhere and, with a little bit of initial direction, today's newbies could be tomorrow's developers It should be an ongoing series with more topics to come *** NetBSD tests: zero unexpected failures The NetBSD guys have a new blog post up about their testing suite for all the CPU architectures They've finally gotten the number of "expected" failures down to zero on a few select architectures Results are published on a special release engineering page, so you can have a look if you're interested The rest of the post links to the "top performers" (ones with less than ten failure) in the -current branch *** PCBSD switches to IPFW The PCBSD crew continues their recent series of switching between major competing features This time, they've switched the default firewall away from PF to FreeBSD's native IPFW firewall Look forward to Kris wearing a "keep calm and use IPFW" shir- wait *** Feedback/Questions Sean writes in Dan writes in Florian writes in Sean writes in Chris writes in *** Mailing List Gold VCS flamebait Hidden agenda ***