Episode 51

Engineering Nginx

Download Subscribe
00:00:00
/
01:27:27
RSS Feed Download (60.1 MB) Link with Timestamp

August 20th, 2014

1 hr 27 mins 27 secs

Link with Timestamp

Download MP3 (60.1 MB)

Your Hosts
Tags
openssh ssl tls https automounter autofs hackathon bsdcan wireless defcon kismet aircrack-ng wifi atheros spamd httpd webserver nginx hosting solution cloud computing xinuos interview bsd guide howto tutorial pcbsd dragonflybsd netbsd openbsd freebsd

About this Episode

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

Password gropers take spamtrap bait

  • Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
  • He seems to have discovered another new weird phenomenon in his pop3 logs
  • "yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
  • Someone tried to log in to his service with an address that was known to be invalid
  • The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose ***

Inside the Atheros wifi chipset

  • Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
  • He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
  • There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
  • Very technical talk; some parts might go over your head if you're not a driver developer
  • The raw video file is also available to download on archive.org
  • Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things ***

Trip report and hackathon mini-roundup

  • A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
  • Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
  • Bapt also has a BSDCan report detailing his work on ports and packages
  • Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
  • Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
  • Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure ***

DragonFly BSD 3.8.2 released

  • Although it was already branched, the release media is now available for DragonFly 3.8.2
  • This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
  • It also includes some various other small fixes ***

Interview - Eric Le Blan - info@xinuos.com

Xinuos' recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

  • Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
  • This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
  • He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
  • The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. ***

Don't encrypt all the things

  • Another couple of interesting blog posts from Ted Unangst about encryption
  • It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
  • After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
  • He also talks a bit about some PGP weaknesses and a possible future replacement
  • He also has another, similar post entitled "in defense of opportunistic encryption" ***

New automounter lands in FreeBSD

  • The work on the new automounter has just landed in 11-CURRENT
  • With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
  • Check the SVN viewer online to read over the man pages if you're not running -CURRENT
  • You can also read a bit about it in the recent newsletter ***

OpenSSH 6.7 CFT

  • It's been a little while since the last OpenSSH release, but 6.7 is almost ready
  • Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
  • It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
  • This version also officially supports being built with LibreSSL now
  • Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system ***

Feedback/Questions