Issue 5
Published January 29, 2020

Using BSD to fight against recently found Cable Haunt is this week's topic. We also cover all the rest of BSD world with the latest news and tutorials.

Mitigating Cable Haunt

Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise.

If you have a router that has the ability to add firewall rules such as OPNsense, you can simply block access to the cable modem's spectrum analyzer port which hosts the web page that contains the Cable Haunt vulnerability!

Learn how to secure your network today.

Releases

GhostBSD 20.01 is now available with some improvements made to the installer, mainly improvements to the way the installer UI deals with custom partitions involving GTP and UEFI. Also, some system and software has been updated. For current installations there's no need to reinstall.

The release candidate of OPNsense 20.1 is available, the FreeBSD/HardenedBSD-based networking/firewall OS that forked from pfSense now a half-decade ago. The OPNsense 20.1 release has been working on a variety of security improvements, VXLAN device support, working on the transition to a fully plug-able device infrastructure, plug-in updates, and many other changes.

BSDSec

NetBSD Security Advisory 2020-001: Missing permissions checks for network ioctls. Three network interface related ioctls that should have been only allowed for privileged users were not adequately protected. An unprivileged user can set network interface descriptions, get and set diagnostic data from some atheros interfaces, and retrieve descriptor information from umb (usbmobile network device).

News

In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux). To get more insight into the future of their new project read this interview with Andre, co-founder of Hyperbola.

In order to make the process of translating FreeBSD's official articles and books more accessible to new contributors, the project is adopting Weblate as its web-based continuous localization platform.

SerenityOS is to be the second operating system to adopt the excellent pledge() and unveil() mechanisms from the OpenBSD project. This post describes the implementation and use of them in SerenityOS. In case you're wondering, SerenityOS is a graphical Unix-like operating system for x86 computers and it is licensed under a 2-clause BSD license.

The hosts of Choose Linux podcast serves up something very different in the form of desktop BSD, and we reveal how important freedom is to us all. They specifically discuss GhostBSD.

OpenSMTPD has had quite a few features implemented since its latest major release. As we get closer and closer to the next major release, work on new features will slow down to focus more on getting the release in shape. This report talks about libasr and libtls. Next report focuses on the reporting bits. The format is improving further and has extended to outgoing trafic reporting.

We already talked about FreeBSD MiniConf at LCA2020 Conference but there is now a new report: Though this was primarily a Linux conference, there had been a lot of productive conversations with other people in our industry. In addition, many of us FreeBSDers found quite a few talks that were informative and helpful in the work they do.

Distrowatch was on news lately because of switching their infrastructure to FreeBSD. In this week's "DistroWatch Weekly" they review FuryBSD, the most recent addition to the DistroWatch database that provides a live desktop operating system based on FreeBSD.

Fresh in from u2k20 is this report from Tracey Emery, who visited the hackathon in Uckermark, Germany after getting invited by Stefan Sperling (stsp@). He discusses GotWeb.

Here is the last FreeBSD quarterly status report for 2019. As you might remember from last report, they changed our timeline: now they collect reports the last month of each quarter and they edit and publish the full document the next month. Thus, they cover here the period October 2019 - December 2019.

Tutorials

This blog will explain how to set up Google Drive sync with FreeNAS 11.3, as well as provide a few caveats and workarounds when backing up Google Docs and other Google created content.

Building FreeBSD File Server? This article is describing the process of building a test environment while concentrating primarily on the details of the configuration (FreeBSD + SAMBA + AD). Author believes that their solution should be harmonic addition to the existing network configuration since it enables admins with the broad range of possibilities for access control

When installing Plex Media Server, FreeNAS 11.3 or newer is required. The plugin is included in the official FreeNAS plugin repository and can be easily installed from the FreeNAS web interface.

Have you ever wanted to run your own online music station? Want to broadcast your podcast direct from your own server? Or even want to access your music on any device from a central music server? Then this video will show you that FreeBSD can step up and serve your needs!

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-01-27 .

In Other BSDs for 2020/01/25 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week!