Episode Details

Back to Episodes
144: The PF life

144: The PF life

Published 9 years, 9 months ago
Description

It’s only one-week away from BSDCan, both Allan and I are excited to meet some of you in person! However, the show keeps on

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

dotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge

  • Video
  • Slides
  • Interested in Privilege Separation and security in general? If so, then you are in for a treat, we have both the video and slides from Theo de Raadt at dotSecurity 2016.
  • Specifically the the talk starts off looking at Pledge (no copyright issues with the pictures I hope??) and how their NTP daemon uses it.
  • After going through some internals, Theo reveals that around 10% of programs “pledged” so far were found to be trying to do actions outside of their security scope.
  • On the future-work side, they mention going back and looking at OpenSSH privilege separation next, as well as working with other OS’s that may want pledge support. ***

bhyve now supports UEFI GOP

  • The log awaited UEFI GOP (Graphics Output Protocol) features has landed in bhyve
  • This provides emulated graphics via an internal VNC server, allowing users to have full graphical access to the guest OS
  • This allows installation of Windows guests without needing to create a modified ISO with an unattended installation script
  • The code has not actually landed in FreeBSD head yet, but has been committed to a project branch
  • Following a few simple commands, you can compile the new bhyve binary on your -CURRENT system and get started right away
  • This feature is expected to be included in the upcoming FreeBSD 11.0
  • This commit drop also brings with it:
    • XHCI -- an emulated usb tablet device that provides exact mouse positioning in supported OSs
    • PS2 mouse for fallback if the guest does not support XHCI (Windows 7)
    • PS2 keyboard
  • “The code has been tested with Windows 7/8/8.1/10 and Server 2k12/2k16, Ubuntu 15.10, and FreeBSD 10.3/11-CURRENT”
  • “For VNC clients, TightVNC, TigherVNC, and RealVNC (aka VNC Viewer) have been tested on various hosts. The OSX VNC client is known not to work.”
  • The VNC server supports an optional ‘wait’ parameter, that causes the VM to not actually boot until the VNC client connects, allowing you to interrupt the boot process if need be
  • Related user blog post
  • SVN commit ***

zfsd lands in FreeBSD HEAD, in time for 11.0-RELEASE

  • zfsd has been committed to FreeBSD -CURRENT in time to be included in FreeBSD 11.0
  • zfsd is the missing piece required to make ‘hot spares’ work properly in FreeBSD ZFS
  • “zfsd attempts to resolve ZFS faults that the kernel can't resolve by itself. It listens to devctl(
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us