Podcast Episode Details

Back to Podcast Episodes
63: A Man's man(1)

63: A Man's man(1)

This time on the show, we've got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week's news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9 ***

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it ***

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures Published on 11 years, 1 month ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait