Issue 13
Published April 01, 2020

Should OpenBSD be rethinking it’s security model? Find inside and then read on because as always we cover all the rest of BSD world with the latest news and tutorials.

Rethinking OpenBSD security

OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad.

The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. It’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.

Read on to see what the author concludes…

Releases

pfSense software version 2.4.5 brings security patches, several new features, support for new Netgate hardware models, and stability fixes for issues present in previous pfSense 2.4.x branch releases.

OPNsense 20.1.3 released is a quick reliability release for all of you out there doing the impossible providing VPN for road warriors and what not. Keep it up!

A collection of prebuilt BSD cloud images: These unofficial images are tested on OpenStack and NoCloud (with Virt-Lightning). Since, they integrate Cloud-init, should support all the main Cloud providers.

BSDSec

No SA this week, but it’s always worth following BSDSec. RSS feeds and Twitter account available.

News

Bob Beck Interview from EuroBSDCon 2018: asking Bob some questions about the OpenBSD Project, its approaches and some of his favourite aspects of the Operating System and its projects.

Jails on DragonFly can now route to loopback addresses (i.e. 127.0.0.1). Because of this, they can work like shared IPs and the jail can connect to the host.

Developer Otto Moerbeek (otto@) has been working on support to boot OpenBSD from FFS2. He writes in with the article, to give us a little insight into the challenges he faced while working on this.

For the third year in a row, Anne Dickison from FreeBSD Foundation attended FOSDEM, an amazing open source conference in Brussels, Belgium. Taking place, February 1-2, the event is a totally volunteer run conference geared towards promoting the widespread use of free and open source software. The Foundation has sponsored and organized a FreeBSD table there for a few years now.

Flame graphs are a way to see what code paths are most used in a stack trace. DragonFly now has a flame_graph utility.

It’s been on life support for a while but to much sadness, TrueOS indeed is no longer being maintained as the once very promising downstream of FreeBSD that for a while offered arguably the best out-of-the-box BSD desktop experience. TrueOS, formerly known as PC-BSD, is dead. Kris Moore, the VP of Engineering at iXsystems, confirmed earlier this month on their forums that work has ceased on the operating system.

The sysctl() system call can get or set the state of the system, the FreeBSD kernel exposes the parameters for sysctl() as objects of a Management information Base (MIB). sysctlview is a graphical sysctl MIB explorer, it shows the properties and the value of an object, the new version 2 allows to set its value, too.

This coming Wednesday at 18:00 UTC we will hold the first ”FreeBSD Office Hours”, an interactive online event where users, contributors, and developers can ask questions and get advice. The first iteration will be an open Google Meet: https://meet.google.com/yak-ydnk-rnc. That will also be recorded and posted to Youtube later in the day.

Full history of DragonFly, documented: Aaron LI managed to graft FreeBSD code history onto the DragonFly BSD git repository, and he’s documented how he did it. So, you can follow DragonFly code all the way back to 2003.

Tutorials

The NetBSD rump kernel has been developed for some years now, allowing NetBSD kernel drivers to be used unmodified in many environments, for example as userspace code. However it is only since last year that it has become possible to easily run unmodified applications on the rump kernel, initially with the rump kernel on Xen port, and then with the rumprun tools to run them in userspace on Linux, FreeBSD and NetBSD. This talk will look at how this is achieved, and look at use cases, including kernel driver development, and lightweight process virtualization.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.

The Valuable News weekly series is dedicated to providing summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-03-30.

In Other BSDs for 2020/03/28 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.