Episode 1
BGP & BSD
September 4th, 2013
1 hr 53 mins 51 secs
Tags
About this Episode
We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists!
Headlines
Radeon KMS commited
- Committed by Jean-Sebastien Pedron
- Brings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)
- 10-STABLE is expected to be branched in October, to begin the process of stabilizing development
- Initial testing shows it works well
- May be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer
- Still suffers from the syscons / KMS switcher issues, same as Intel video
- More info: https://wiki.freebsd.org/AMD_GPU ***
VeriSign Embraces FreeBSD
- "BSD is quite literally at the very core foundation of what makes the Internet work"
- Using BSD and Linux together provides reliability and diversity
- Verisign gives back to the community, runs vBSDCon
- "You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD." ***
fetch/libfetch get a makeover
- Adds support for SSL certificate verification
- Requires root ca bundle (security/root_ca_nss)
- Still missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL) ***
FreeBSD Foundation Semi-Annual Newsletter
- The FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go
- The foundation sets out some basic goals that the project should strive towards:
- Unify User Experience
- “ensure that knowledge gained mastering one task translates to the next”
- “if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”
- Design for Human and Programmatic Use
- 200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore
- “the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”
- “The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”
- Embrace New Ways to Document FreeBSD
- More ‘Getting Started’ sections in documentation
- Link to external How-Tos and other documentation
- “upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”
- Unify User Experience
- Spring Fundraising Campaign, April 17 - May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals
- Funds donated to the FreeBSD Foundation have been used on these projects recently:
- Capsicum security-component framework
- Transparent superpages support of the FreeBSD/ARM architecture
- Expanded and faster IPv6
- Native in-kernel iSCSI stack
- Five New TCP Congestion Control Algorithms
- Direct mapped I/O to avoid extra memory copies
- Unified Extensible Firmware Interface (UEFI) boot environment
- Porting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)
- NAND Flash filesystem and storage stack
- Funds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits
- It is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors
- Donate Today ***
The place to B...SD
Ohio Linuxfest, Sept. 13-15, 2013
- Very BSD friendly
- Kirk McKusick giving the keynote
- BSD Certification on the 15th, all other stuff on the 14th
- Multiple BSD talks ***
LinuxCon, Sept. 16-18, 2013
- Dru Lavigne and Kris Moore will be manning a FreeBSD booth
- Number of talks of interest to BSD users, including ZFS coop
EuroBSDCon, Sept. 26-29, 2013
- Tutorials on the 26 & 27th (plus private FreeBSD DevSummit)
- 43 talks spread over 3 tracks on the 28 & 29th
- Keynote by Theo de Raadt
- Hosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre) ***
Interview - Peter Hessler - phessler@openbsd.org / @phessler
Using BGP to distribute spam blacklists and whitelists
Tutorial
Using stunnel to hide your traffic from Deep Packet Inspection
News Roundup
NetBSD 6.1.1 released
- First security/bug fix update of the NetBSD 6.1 release branch
- Fixes 4 security vulnerabilities
- Adds 4 new sysctls to avoid IPv6 DoS attacks
- Misc. other updates ***
Sudo Mastery
- MWL is a well-known author of many BSD books
- Also does SSH, networking, DNSSEC, etc.
- Next book is about sudo, which comes from OpenBSD (did you know that?)
- Available for preorder now at a discounted price ***
Documentation Infrastructure Enhancements
- Gábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project
- Will upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.
- DSSSL is an old and dead standard, which will not evolve any more.
- DocBook 5.0 tree added ***
FreeBSD FIBs get new features
- FIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)
- The FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails
- In r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using ***
FreeNAS 9.1.0 and 9.1.1 released
- Many improvements in nearly all areas, big upgrade
- Based on FreeBSD 9-STABLE, lots of new ZFS features
- Cherry picked some features from 10-CURRENT
- New volume manager and easy to use plugin management system
- 9.1.1 released shortly thereafter to fix a few UI and plugin bugs ***
BSD licensed "patch" becomes default
- bsdpatch has become mature, does what GNU patch can do, but has a much better license
- Approved by portmgr@ for use in ports
- Added WITH_GNU_PATCH build option for people who still need it ***