Episode 33

Certified Package Delivery

Download Subscribe
00:00:00
/
01:20:19
RSS Feed Download (55.2 MB) Link with Timestamp

April 16th, 2014

1 hr 20 mins 19 secs

Link with Timestamp

Download MP3 (55.2 MB)

Your Hosts
Tags
cve journal foundation ixsystems mitigation tarsnap netflix recording conference talks presentations nycbsdcon bsdcan zero day 0day hole theo de raadt openssh heartbeat tls ssl exploit heartbleed openssl test exam bsd certification bsdcertification jim brown package builds poudriere marc espie distributed ports builder dpb interview bsd guide howto tutorial pcbsd dragonflybsd netbsd openbsd freebsd

About this Episode

This week, we sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we'll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There's a boatload of news and we've got answers to your questions, coming up on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise Servers and Storage For Open Source

Headlines

BSDCan schedule, speakers and talks

  • This year's BSDCan will kick off on May 14th in Ottawa
  • The list of speakers is also out
  • And finally the talks everyone's looking forward to
  • Lots of great tutorials and talks, spanning a wide range of topics of interest
  • Be sure to come by so you can and meet Allan and Kris in person and get BSDCan shirts ***

NYCBSDCon talks uploaded

  • The BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon
  • Jeff Rizzo's talk, "Releasing NetBSD: So Many Targets, So Little Time"
  • Dru Lavigne's talk, "ZFS Management Tools in FreeNAS and PC-BSD"
  • Scott Long's talk, "Serving one third of the Internet via FreeBSD"
  • Michael W. Lucas' talk, "BSD Breaking Barriers" ***

FreeBSD Journal, issue 2

  • The bi-monthly FreeBSD journal's second issue is out
  • Topics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates
  • In less than two months, they've already gotten over 1000 subscribers! It's available on Google Play, iTunes, Amazon, etc
  • "We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD"
  • Check our interview with GNN for more information about the journal ***

OpenSSL, more like OpenSS-Hell

  • We mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy
  • There's been a pretty vicious response from security experts all across the internet and in all of the BSD projects - and rightfully so
  • We finally have a timeline of events
  • Reactions from ISC, PCBSD, Tarsnap, the Tor project, FreeBSD, NetBSD, oss-sec, PHK, Varnish and Akamai
  • pfSense released a new version to fix it
  • OpenBSD disabled heartbeat entirely and is very unforgiving of the IETF
  • Ted Unangst has two good write-ups about the issue and how horrible the OpenSSL codebase is
  • A nice quote from one of the OpenBSD lists: "Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL's bug tracker is only used to park bugs, not fix them"
  • Sounds like someone else was having fun with the bug for a while too
  • There's also another OpenSSL bug that OpenBSD patched - it allows an attacker to inject data from one connection into another
  • OpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out - we're seeing a fork in real time ***

Interview - Jim Brown - info@bsdcertification.org

The BSD Certification exams

Tutorial

Building OpenBSD binary packages in bulk

News Roundup

Portable signify

  • Back in episode 23 we talked with Ted Unangst about the new "signify" tool in OpenBSD
  • Now there's a (completely unofficial) portable version of it on github
  • If you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it
  • Maybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems ***

Foundation goals and updates

  • The OpenBSD foundation has reached their 2014 goal of $150,000
  • You can check their activities and goals to see where the money is going
  • Remember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data
  • The FreeBSD foundation has kicked off their spring fundraising campaign
  • There's also a list of their activities and goals available to read through
  • Be sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet ***

PCBSD weekly digest

  • New PBI runtime that fixes stability issues and decreases load times
  • "Update Center" is getting a lot of development and improvements
  • Lots of misc. bug fixes and updates ***

Feedback/Questions