Episode 79

Just Add QEMU

Download Subscribe
00:00:00
/
01:24:29
RSS Feed Download (58 MB) Link with Timestamp

March 4th, 2015

1 hr 24 mins 29 secs

Link with Timestamp

Download MP3 (58 MB)

Your Hosts
Tags
exploit browser w^m tails tor asiabsdcon 2015 scale13x packages poudriere arm mips qemu interview bsd guide howto tutorial pcbsd dragonflybsd netbsd openbsd freebsd

About this Episode

Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

AsiaBSDCon 2015 schedule

  • Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up
  • This year's conference will be between 12-15 March at the Tokyo University of Science in Japan
  • The first and second days are for tutorials, as well as the developer summit and vendor summit
  • Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again
  • Not counting the ones that have yet to be revealed (as of the day we're recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD
  • Summaries of all the presentations are on the timetable page if you scroll down a bit ***

FreeBSD foundation updates and more

  • The FreeBSD foundation has posted a number of things this week, the first of which is their February 2015 status update
  • It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform
  • There's a FOSDEM recap and another update of their fundraising goal for 2015
  • They also have two new blog posts: a trip report from SCALE13x and a featured "FreeBSD in the trenches" article about how a small typo caused a lot of ZFS chaos in the cluster
  • "Then panic ensued. The machine didn't panic -- I did." ***

OpenBSD improves browser security

  • No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser
  • Ted Unangst writes in to the OpenBSD misc list to introduce a new project he's working on, simply titled "improving browser security"
  • He gives some background on the WX memory protection in the base system, but also mentions that some applications in ports don't adhere to it
  • For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT engine) needs to be fixed to use it
  • "A system that is 'all WX except where it's not' is the same as a system that's not WX. We've worked hard to provide a secure foundation for programs; we'd like to see them take advantage of it."
  • The work is being supported by the OpenBSD foundation, and we'll keep you updated on this undertaking as more news about it is released
  • There's also some discussion on Hacker News and Undeadly about it ***

NetBSD at Open Source Conference 2015 Tokyo

  • The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo
  • There's even a spreadsheet of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)
  • If you just can't get enough strange devices running BSD, check the mailing list post for lots of pictures
  • Their next target is, as you might guess, AsiaBSDCon 2015 - maybe we'll run into them ***

Interview - Sean Bruno - sbruno@freebsd.org / @franknbeans

Cross-compiling packages with poudriere and QEMU

News Roundup

The Crypto Bone

  • The Crypto Bone is a new device that's aimed at making encryption and secure communications easier and more accessible
  • Under the hood, it's actually just a Beaglebone board, running stock OpenBSD with a few extra packages
  • It includes a web interface for configuring keys and secure tunnels
  • The source code is freely available for anyone interested in hacking on it (or auditing the crypto), and there's a technical overview of how everything works on their site
  • If you don't want to teach your mom how to use PGP, buy her one of these(?) ***

BSD in the 2015 Google Summer of Code

  • For those who don't know, GSoC is a way for students to get paid to work on a coding project for an open source organization
  • Good news: both FreeBSD and OpenBSD were accepted for the 2015 event
  • FreeBSD has a wiki page of ideas for people to work on
  • OpenBSD also has an ideas page where you can see some of the initial things that might be interesting
  • If you're a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it
  • Who knows, you may even end up on the show if you work on a cool project
  • GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you'd like to hack on ***

pfSense 2.3 roadmap

  • The pfSense team has posted a new blog entry, detailing some of their plans for future versions
  • PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions
  • PBIs are scheduled to be replaced with native pkgng packages
  • Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely
  • Their ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution ***

PCBSD 10.1.2 security features

  • PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post
  • A new "personacrypt" utility is introduced, which allows for easy encryption and management of external drives for your home directory
  • Going along with this, it also has a "stealth mode" that allows for one-time temporary home directories (but it doesn't self-destruct, don't worry)
  • The LibreSSL integration also continues, and now packages will be built with it by default
  • If you're using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update
  • They've also been working on introducing some new options to enable tunneling your traffic through Tor
  • There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week
  • A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity
  • Look forward to Kris wearing a Tor shirt in future episodes ***

Feedback/Questions

Mailing List Gold