Episode 3

MX with TTX

Download Subscribe
00:00:00
/
01:01:16
RSS Feed Download (42.1 MB) Link with Timestamp

September 18th, 2013

1 hr 1 min 16 secs

Link with Timestamp

Download MP3 (42.1 MB)

Your Hosts

About this Episode

We follow up last week's poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD.

Headlines

pfSense 2.1-RELEASE is out

  • Now based on FreeBSD 8.3
  • Lots of IPv6 features added
  • Security updates, bug fixes, driver updates
  • PBI package support
  • Way too many updates to list, see the full list ***

New kernel based iSCSI stack comes to FreeBSD

  • Brief explanation of iSCSI
  • This work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator
  • Target layer consists of:
  • ctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase
  • iSCSI frontend to CAM Target Layer, which handles Full Feature phase.
  • The work is being sponsored by FreeBSD Foundation
  • Commit here ***

MTier creates openup utility for OpenBSD

  • MTier provides a number of things for the OpenBSD community
  • For example, regularly updated (for security) stable packages from their custom repo
  • openup is a utility to easily check for security updates in both base and packages
  • It uses the regular pkg tools, nothing custom-made
  • Can be run from cron, but only emails the admin instead of automatically updating ***

OpenSSH in FreeBSD -CURRENT supports DNSSEC

  • OpenSSH in base is now compiled with DNSSEC support
  • In this case the default setting for ‘VerifyHostKeyDNS' is yes
  • OpenSSH will silently trust DNSSEC-signed SSHFP records
  • It is the secteam's opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key ***

Interview - Gilles Chehade & Eric Faurot - gilles@poolp.org / @poolpOrg & eric@openbsd.org / @opensmtpd

OpenSMTPD

Tutorial

Binary packages with pkgng

News Roundup

New progress with Newcons

  • Newcons is a replacement console driver for FreeBSD
  • Supports unicode, better graphics modes and bigger fonts
  • Progress is being made, but it's not finished yet ***

relayd gets PFS support

  • relayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7
  • Currently being ported to FreeBSD. There is a WIP port
  • Works by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it ***

OpenZFS Launches

  • Slides from LinuxCon
  • Will feature ‘Office Hours' (Ask an Expert)
  • Goal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code ***

FreeBSD 10-CURRENT becomes 10.0-ALPHA

  • Glen Barber tagged the -CURRENT branch as 10.0-ALPHA
  • In preparation for 10.0-RELEASE, ALPHA2 as of 9/16
  • Everyone was rushing to get their big commits in before 10-STABLE, which will be branched soon
  • 10 is gonna be HUGE ***

September issue of BSD Mag

  • BSD Mag is a monthly online magazine about the BSDs
  • This month's issue has some content written by Kris
  • Topics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS ***

The FreeBSD IRC channel is official

  • For many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix
  • Finally it has freenode's blessing and looks like a normal channel!
  • The old one will forward to the new one, so your IRC clients don't need updating ***

OpenSSH 6.3 released

  • After a big delay, Damien Miller announced the release of 6.3
  • Mostly a bugfix release, with a few new features
  • Of note, SFTP now supports resuming failed downloads via -a ***

Feedback/Questions