Episode Details

Back to Episodes
182: Bloaty McBloatface

182: Bloaty McBloatface

Published 9 years, 1 month ago
Description

This week on the show, we’ve got FreeBSD quarterly Status reports to discuss, OpenBSD changes to the installer, EC2 and IPv6 and more. Stay

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

OpenBSD changes of note 6

  • OpenBSD can now be cross built with clang. Work on this continues

Build ld.so with -fno-builtin because otherwise clang would optimize the local versions of functions like _dl_memset into a call to memset, which doesn’t exist.
Add connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.
Complete https support for the installer.

  • I wonder how they handle certificate verification. I need to look into this as I’d like to switch the FreeBSD installer to this as well

New ocspcheck utility to validate a certificate against its ocsp responder.
net lock here, net lock there, net lock not quite everywhere but more than before.
More per cpu counters in networking code as well.
Disable and lock Silicon Debug feature on modern Intel CPUs.
Prevent wireless frame injection attack described at 33C3 in the talk titled “Predicting and Abusing WPA2/802.11 Group Keys” by Mathy Vanhoef.
Add support for multiple transmit ifqueues per network interface. Supported drivers include bge, bnx, em, myx, ix, hvn, xnf.
pledge now tracks when a file as opened and uses this to permit or deny ioctl.
Reimplement httpd’s support for byte ranges. Fixes a memory DOS.

FreeBSD 2016Q4 Status Report

  • An overview of some of the work that happened in October - December 2016
  • The ports tree saw many updates and surpassed 27,000 ports
  • The core team was busy as usual, and the foundation attended and/or sponsored a record 24 events in 2016.
  • CEPH on FreeBSD seems to be coming along nicely. For those that do not know, CEPH is a distributed filesystem that can sit on top of another filesystem. That is, you can use it to create a clustered filesystem out of a bunch of ZFS servers. Would love to have some viewers give it a try and report back.
  • OpenBSM, the FreeBSD audit framework, got some updates
  • Ed Schouten committed a front end to export sysctl data in a format usable by Prometheus, the open source monitoring system. This is useful for other monitoring software too.
  • Lots of updates for various ARM boards
  • There is an update on Reproducible Builds in FreeBSD, “ It is now possible to build the FreeBSD base system (kernel and userland) completely reproducibly, although it currently requires a few non-default settings”, and the ports tree is at 80% reproducible
  • Lots of toolchain updates (gcc, lld, gdb)
  • Various updates from major ports teams ***

Amazon rolls out IPv6 support on EC2

A few hours ago Amazon announced that they had rolled out IPv6 support in EC2 to 15 regions — everywhere except the Beijing region, apparently. This seems as good a time as any to write about using IPv6 in EC2 on FreeBSD instances.
First, the good news: Future FreeBSD releases will support IPv6 "out of

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us