Episode 46

Network Iodometry

Download Subscribe
00:00:00
/
01:45:52
RSS Feed Download (72.7 MB) Link with Timestamp

July 16th, 2014

1 hr 45 mins 52 secs

Link with Timestamp

Download MP3 (72.7 MB)

Your Hosts
Tags
9.3 freenas two factor authentication talks presentations multithreaded 2014 eurobsdcon smp pf pkgsrc pkgsrccon firewall bypassing pkgng portmgr detection bypass ids vpn encryption ssh tunnel dns iodine interview bsd guide howto tutorial pc-bsd dragonfly bsd netbsd openbsd freebsd

About this Episode

We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

EuroBSDCon 2014 registration open

  • September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year
  • Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
  • Tutorials, sessions, dev summits and everything else all have their own pricing as well
  • Registering between August 18th - September 12th will cost more for everything
  • You can register online here and check hotels in the area
  • The FreeBSD foundation is also accepting applications for travel grants ***

OpenBSD SMP PF update

  • A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
  • With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
  • In a recent mailing list thread, Henning Brauer addresses some of the concerns
  • The short version is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless
  • He also says PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through
  • There's also been even more recent concern about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches
  • We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us ***

Introduction to NetBSD pkgsrc

  • An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
  • The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
  • It also lists all the different bmake targets and their functions in relation to the porting process
  • Finally, the post details the whole process of creating a new port ***

FreeBSD 9.3-RELEASE

  • After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
  • The full list of changes is available, but it's mostly a smaller maintenance release
  • Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more
  • If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon
  • Good news, this will be the first release with PGP-signed checksums on the FTP mirrors - a very welcome change
  • With that out of the way, the 10.1-RELEASE schedule was posted ***

Interview - Bryan Drewery - bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

  • We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
  • This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
  • Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally
  • It's a really, really simple process once you have the port installed - full details on the page ***

Ditch tape backup in favor of FreeNAS

  • The author of this post shares some of his horrible experiences with tape backups for a client
  • Having constant, daily errors and failed backups, he needed to find another solution
  • With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)
  • The rest of the article details his experiences with it and tells about his setup ***

NetBSD vs FreeBSD, desktop experiences

  • A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
  • Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver
  • "Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga."
  • He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system ***

PCBSD not-so-weekly digest

  • Speaking of choices for a desktop system, it's the return of the PCBSD digest!
  • Warden and PBI_add have gotten some interesting new features
  • You can now create jails "on the fly" when adding a new PBI to your application library
  • Bulk jail creation is also possible now, and it's really easy
  • New Jenkins integration, with public access to poudriere logs as well
  • PkgNG 1.3.0.rc2 testing for EDGE users ***

Feedback/Questions