Episode 289
Microkernel Failure
March 14th, 2019
1 hr 1 min 3 secs
Tags
About this Episode
A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more.
##Headlines
Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.
###CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter
Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris.
Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.
- Kristof Provost, who maintains the port of pf in FreeBSD added a test for the vulnerability in FreeBSD head.
##News Roundup
###How I’m still not using GUIs in 2019: A guide to the terminal
TL;DR: Here are my dotfiles. Use them and have fun.
GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.
IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.
In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.
- Don’t forget rule number one.
Whenever in doubt, read the manual.
###Using a Yubikey as smartcard for SSH public key authentication
SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.
You might have heard of Yubikeys.
These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.
In OpenBSD, you can use them for Login (with login_yubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.
###The 18 Part FreeBSD Desktop Series by Vermaden
- FreeBSD Desktop – Part 1 – Simplified Boot
- FreeBSD Desktop – Part 2 – Install (FreeBSD 11)
- FreeBSD Desktop – Part 2.1 – Install FreeBSD 12
- FreeBSD Desktop – Part 3 – X11 Window System
- FreeBSD Desktop – Part 4 – Key Components – Window Manager
- FreeBSD Desktop – Part 5 – Key Components – Status Bar
- FreeBSD Desktop – Part 6 – Key Components – Task Bar
- FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling
- FreeBSD Desktop – Part 8 – Key Components – Application Launcher
- FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts
- FreeBSD Desktop – Part 10 – Key Components – Locking Solution
- FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress
- FreeBSD Desktop – Part 12 – Configuration – Openbox
- FreeBSD Desktop – Part 13 – Configuration – Dzen2
- FreeBSD Desktop – Part 14 – Configuration – Tint2
- FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks
- FreeBSD Desktop – Part 16 – Configuration – Pause Any Application
- FreeBSD Desktop – Part 17 – Automount Removable Media
##Beastie Bits
- Drist with persistent SSH
- ARPANET: Celebrating 50 Years Since “LO”
- Termtris - a tetris game for ANSI/VT220 terminals
- Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape
- Why I use the IBM Model M keyboard that is older than me?
- A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon
- Google-free Android Setup
- BSD Users Stockholm Meetup #6
##Feedback/Questions
- Sijmen - Hi, and a Sunday afternoon toy project
- Clint - Tuning ZFS for NVME
- James - Show question
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv