Issue 8
Published February 19, 2020

This week take a look at Unix Toolbox, a Linux/BSD commands and tasks collection. As always, we cover all the rest of BSD world with the latest news and tutorials.

Unix Toolbox

Unix Toolbox is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users. This is a practical guide with concise explanations, however the reader is supposed to know what s/he is doing. It covers mostly Linux and FreeBSD.

Topics include Hardware, Statistics, Users, Limits, Runlevels, root password, Compile kernel, Repair grub and more.

There are also more versions available, such as PDF etc.

Releases

NetBSD 9.0 Debuts As The "Best NetBSD Release Ever". The NetBSD 9.0 release is a big one with finally supporting Arm AArch64 (64-bit ARMv8) and as part of that Arm ServerReady SBBR+SBSA system support. NetBSD 9.0 also improves its existing ARMv7 32-bit support, ships with updated Intel DRM GPU drivers, improves its virtualization support and introduces NVMM virtualization, adds Kernel ASLR support, supports various compiler sanitizers, updates the ZFS file-system support, finally supports NCQ with SATA, and various other hardware improvements along with performance and security benefits.

DragonFlyBSD 5.8-RC1 is ready with many changes from DSynth to performance optimizations. DragonFlyBSD 5.8 is the next version of this long ago forked FreeBSD. DragonFlyBSD 5.8 is bringing big improvements to its TMPFS support, updated Intel graphics driver code, updated AMD Radeon graphics driver code, FSCK support for its HAMMER2 file-system, DSynth has been taking shape, AMD Zen 2 improvements, various code brought in from FreeBSD, and plenty of other work.

OPNsense 20.1.1 has been released. This release is a tiny update with few fixes and updates. Check the post for specific issues fixed.

BSDSec

OpenBSD Errata: February 17th, 2020 (vmm_pvclock). Errata patches for vmm have been released for OpenBSD 6.6: A missing range check in the vmm pvclock allows a guest to write to host memory. Binary updates for the amd64 platform are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

FreeBSD 12.0 end-of-life. As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible. Please refer to https://security.freebsd.org/ for an up-to-date list of supported releases and the latest security advisories.

It's always worth following BSDSec.

News

The last fundraising drive for NetBSD was back in 2009 and they have lived off it until now. NetBSD would like to ask for your donations again. They are trying to raise $50,000 in 2020, to support ongoing development and new upcoming contracts - helping to make NetBSD 10 happen this year and be the best NetBSD ever. The NetBSD Foundation is a non-profit organization as per section 501(c)(3) of the Internal Revenue Code.

DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance: DragonFlyBSD lead developer Matthew Dillon landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap. Of several interesting commits merged, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."

OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new feature, support for FIDO/U2F hardware authenticators. Other changes in this release include further defenestrating SSH-RSA for certificate signatures, a new "Include" keyword for including additional sshd configuration files, various portability improvements, and a number of bug fixes.

Due to a number of factors, there will not be a bhyvecon Tokyo 2020. Above all, zero communication from the host event organizers seems to be the reason.

pkg-provides is pkgng plugin for querying which package will provide you a particular file. v0.7.0 adds option to restrict results to specific repository. pkg-provides can be installed from FreeBSD and DragonFlyBSD packages.

Sunny Valley Networks is a startup company that has partnered with Deciso, the creators of OPNsense, to create a plugin called Sensei which adds deep packet inspection and more to OPNsense. These features add greater visibility into your network. Sensei also has built-in cloud threat intelligence that can be used to block web/application access and to prevent known malware attacks. This post will focus on the features of Sensei and the differences between the Free Edition and the Home Edition.

Tutorials

In the third of the series Building an OpenBSD WireGuard VPN server, the author is extending the existing configuration to include some basic block lists for known ad and tracking servers – Unbound DNS filtering.

This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. It describes a simple method to check the logs of the central log host with a shell script.

Easy FreeBSD Jail Management with Bastille: In this blog post a FreeBSD user distills the Bastille getting started guide into minimal steps to get going with ZFS backed containers.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD's idealistic future, and more.

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-02-17.

In Other BSDs for 2020/02/15 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week!