BGP & BSD | BSD Now 1

BGP & BSD | BSD Now 1

We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists!

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

- Show Notes: -

Headlines

Radeon KMS commited

  • Committed by Jean-Sebastien Pedron
  • Brings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)
  • 10-STABLE is expected to be branched in October, to begin the process of stabilizing development
  • Initial testing shows it works well
  • May be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer
  • Still suffers from the syscons / KMS switcher issues, same as Intel video
  • More info: https://wiki.freebsd.org/AMD_GPU

VeriSign Embraces FreeBSD

  • “BSD is quite literally at the very core foundation of what makes the Internet work”
  • Using BSD and Linux together provides reliability and diversity
  • Verisign gives back to the community, runs vBSDCon
  • “You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD.”

fetch/libfetch get a makeover

  • Adds support for SSL certificate verification
  • Requires root ca bundle (security/root_ca_nss)
  • Still missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL)

FreeBSD Foundation Semi-Annual Newsletter

  • The FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go
  • The foundation sets out some basic goals that the project should strive towards:
    • Unify User Experience
      • “ensure that knowledge gained mastering one task translates to the next”
      • “if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”
    • Design for Human and Programmatic Use
      • 200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore
      • “the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”
      • “The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”
    • Embrace New Ways to Document FreeBSD
      • More ‘Getting Started’ sections in documentation
      • Link to external How-Tos and other documentation
      • “upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”
  • Spring Fundraising Campaign, April 17 – May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals
  • Funds donated to the FreeBSD Foundation have been used on these projects recently:
  • Capsicum security-component framework
  • Transparent superpages support of the FreeBSD/ARM architecture
  • Expanded and faster IPv6
  • Native in-kernel iSCSI stack
  • Five New TCP Congestion Control Algorithms
  • Direct mapped I/O to avoid extra memory copies
  • Unified Extensible Firmware Interface (UEFI) boot environment
  • Porting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)
  • NAND Flash filesystem and storage stack
  • Funds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits
  • It is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors
  • Donate Today

The place to B…SD

Ohio Linuxfest, Sept. 13-15, 2013

  • Very BSD friendly
  • Kirk McKusick giving the keynote
  • BSD Certification on the 15th, all other stuff on the 14th
  • Multiple BSD talks

LinuxCon, Sept. 16-18, 2013

  • Dru Lavigne and Kris Moore will be manning a FreeBSD booth
  • Number of talks of interest to BSD users, including ZFS coop

EuroBSDCon, Sept. 26-29, 2013

  • Tutorials on the 26 & 27th (plus private FreeBSD DevSummit)
  • 43 talks spread over 3 tracks on the 28 & 29th
  • Keynote by Theo de Raadt
  • Hosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre)

Interview – Peter Hessler – phessler@openbsd.org / @phessler

Using BGP to distribute spam blacklists and whitelists

  • Q: Tell us about yourself and your previous contributions to OpenBSD
  • Q: What is BGP spamd
  • Q: What made you start the project?
  • Q: Why use BGP? What are the pros/cons versus the standard DNS distribution model?
  • Q: (How) can others make use of the project?
  • Q: How can other contribute to the project?
  • Q: What else are you working on?

Tutorial

Using stunnel to hide your traffic from Deep Packet Inspection

  • Live demo between two hosts
  • Tunnel any insecure traffic over SSL/TLS
  • Allows you to bypass Intrusion Detection Systems

News Roundup

NetBSD 6.1.1 released

  • First security/bug fix update of the NetBSD 6.1 release branch
  • Fixes 4 security vulnerabilities
  • Adds 4 new sysctls to avoid IPv6 DoS attacks
  • Misc. other updates

Sudo Mastery

  • MWL is a well-known author of many BSD books
  • Also does SSH, networking, DNSSEC, etc.
  • Next book is about sudo, which comes from OpenBSD (did you know that?)
  • Available for preorder now at a discounted price

Documentation Infrastructure Enhancements

  • Gábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project
  • Will upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.
  • DSSSL is an old and dead standard, which will not evolve any more.
  • DocBook 5.0 tree added

FreeBSD FIBs get new features

  • FIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)
  • The FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails
  • In r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using

FreeNAS 9.1.0 and 9.1.1 released

  • Many improvements in nearly all areas, big upgrade
  • Based on FreeBSD 9-STABLE, lots of new ZFS features
  • Cherry picked some features from 10-CURRENT
  • New volume manager and easy to use plugin management system
  • 9.1.1 released shortly thereafter to fix a few UI and plugin bugs

BSD licensed “patch” becomes default

  • bsdpatch has become mature, does what GNU patch can do, but has a much better license
  • Approved by portmgr@ for use in ports
  • Added WITH_GNU_PATCH build option for people who still need it

  • All the tutorials are posted in their entirety at bsdnow.tv
  • Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
  • Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

Question? Comments? Contact us here!