SSL in the Wild | BSD Now 82

SSL in the Wild | BSD Now 82

We’ll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He’s been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now – the place to B.. SD.

Thanks to:




Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –


EuroBSDCon 2015 call for papers

  • The call for papers has been announced for the next EuroBSDCon, which is set to be held in Sweden this year
  • According to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April
  • If giving a full talk isn’t your thing, there’s also a call for tutorials – if you’re comfortable teaching other people about something BSD-related, this could be a great thing too
  • You’re not limited to one proposal – several speakers gave multiple in 2014 – so don’t hesitate if you’ve got more than one thing you’d like to talk about
  • We’d like to see a more balanced conference schedule than BSDCan’s having this year, but that requires effort on both sides – if you’re doing anything cool with any BSD, we’d encourage you submit a proposal (or two)
  • Check the announcement for all the specific details and requirements
  • If your talk gets accepted, the conference even pays for your travel expenses

Making security sausage

  • Ted Unangst has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD
  • “Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!”
  • The post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review
  • It also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug
  • Following that, it leads to the topic of FreeType – and a much more complicated problem with backporting patches between versions
  • The recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them
  • Just 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release – it had to be redone at the last minute
  • It was because of this that FreeBSD actually had to release a security update to their security update
  • He concludes with “My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note ‘oh, and some security too’ creates downstream mayhem.”

Running FreeBSD on the server, a sysadmin speaks

  • More BSD content is appearing on mainstream technology sites, and, more importantly, BSD Now is being mentioned
  • ITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)
  • They discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor
  • It also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers
  • If you’ve been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you

NetBSD ported to Hardkernel ODROID-C1

  • In their never-ending quest to run on every new board that comes out, NetBSD has been ported to the Hardkernel ODROID-C1
  • This one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet… all for just $35
  • There’s a special kernel config file for this board’s hardware, available in both -current and the upcoming 7.0
  • More info can be found on their wiki page
  • After this was written, basic framebuffer console support was also committed, allowing a developer to run XFCE on the device

Interview – Bernard Spil – / @sp1l

LibreSSL adoption in FreeBSD ports and the wider software ecosystem

News Roundup

Monitoring pf logs with Gource

  • If you’re using pf on any of the BSDs, maybe you’ve gotten bored of grepping logs and want to do something more fancy
  • This article will show you how to get set up with Gource for a cinematic-like experience
  • If you’ve never heard of Gource, it’s “an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories”
  • When you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic
  • One of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend’s phone had been compromised – graphical representations of traffic could be useful for detecting suspicious network activity

pkgng 1.5.0 alpha1 released

  • The development version of pkgng was updated to, or 1.5.0 alpha1
  • This update introduces support for provides/requires, something that we’ve been wanting for a long time
  • It will also now print which package is the reason for direct dependency change
  • Another interesting addition is the “pkg -r” switch, allowing cross installation of packages
  • Remember this isn’t the stable version, so maybe don’t upgrade to it just yet on any production systems
  • DragonFly will also likely pick up this update once it’s marked stable

Welcome to OpenBSD

  • We mentioned last week that our listener Brian was giving a talk in the Troy, New York area
  • The slides from that talk are now online, and they’ve been generating quite a bit of discussion online
  • It’s simply titled “Welcome to OpenBSD” and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)
  • Topics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved
  • As you may know, NetBSD has almost 60 supported platforms and their slogan is “of course it runs NetBSD” – Brian says, with 17 platforms over 13 CPU architectures, “it probably runs OpenBSD”
  • No matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet
  • Try to guess which font he used…

BSDTalk episode 252

  • And somehow Brian has snuck himself into another news item this week
  • He makes an appearance in the latest episode of BSD Talk, where he chats with Will about running a BSD-based shell provider
  • If that sounds familiar, it’s probably because we did the same thing, albeit with a different member of their team
  • In this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people
  • They also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself


Mailing List Gold

  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to – don’t be afraid to write about your experiences and send them to us, we’d love to read about what you guys are doing with BSD
  • If you’re interested in OpenZFS discussion, they’re looking to start up the office hours series again on April 2nd (with Justin Gibbs)
  • There’s a new BSD users group starting up in the Vancouver, British Columbia area – VanBUG will be holding an event on April 8th

Question? Comments? Contact us here!