POPULARITY
Drew and Allan were skeptical about SABSA, as it is a model one CISO friend described as being "only good for a graduate student writing a paper!" Another CISO pointed out that SABSA was designed long before modern engineering practices. Andrew Townley, a long-term SABSA consultant, on the other hand, gets straight to the practicality of it. There is indeed an academic and theoretical foundation behind SABSA, but it is most definitely leveraged for one purpose - to achieve desirable business outcomes. Drew and Allan ask: What is SABSA's purpose? Is Andrew's specific practically applied methodology a deviation from the official SABSA cannon? How can prove its effectiveness? What are the practical business outcomes? Both Allan and Drew walk away with enough curiosity to dig into SABSA more. Note that Andrew several times also cites the work of Russell Ackoff, another academician who enjoyed a rather brilliant career as a business consultant - grounding his systems theory into meaningful business practicality. More on Russell Ackoff here: https://en.wikipedia.org/wiki/Russell_L._Ackoff
Changing Your Outlook On Fitness From Chore To Passion Click Here for a FREE 15 min Zoom Consultation With Brad: Over 40 Fitness Hacks Facebook Group Allan Misner - 40+Fitness Podcast- www.40plusfitnesspodcast.com In this podcast episode of Over 40 Fitness, Brad Williams interviews Allan Misner from 40+ Fitness Podcast. They delve into the challenges and misconceptions surrounding fitness, especially among people over 40 who often dislike sweating, exercising, or going to the gym. Allan shares his transformative journey from being overweight and out of shape to regaining fitness by participating in a Tough Mudder with his daughter. This experience shifted his perspective on fitness from a chore to a joyful and purposeful activity. Allan emphasizes that fitness should be tailored to individual needs and goals, highlighting the importance of training for everyday tasks rather than extreme sports. He recounts the story of his grandfather, Glenn, who loved golf but had to give it up due to deteriorating balance and strength, illustrating the long-term consequences of neglecting fitness. Both Allan and Brad agree that maintaining fitness is essential for independence and quality of life as one ages. They discuss the concept of training for life tasks, such as carrying luggage or playing with grandchildren, rather than for aesthetic or competitive reasons. Brad shares his own experience with a back injury that shifted his focus to functional fitness. The conversation concludes with a reminder that fitness is crucial for preventing age-related decline, such as falls, and maintaining independence. Allan and Brad stress the importance of consistency and finding joy in fitness activities to sustain a healthy lifestyle If you're interested in online personal training or being a guest on my podcast, "Over 40 Fitness Hacks," you can reach me at brad@over40fitnesshacks.com or visit my website at: www.Over40FitnessHacks.com Additionally, check out my Yelp reviews for my local business, Evolve Gym in Huntington Beach, at https://bit.ly/3GCKRzV
"Death and life are bound together. Without life, there would be no death." This week's Survival of the Kindest podcast is a joint interview between Professor Allan Kellehear, Dr Libby Sallnow, Dr Richard Smith and myself. Richard was editor of the British Medical Journal for 25 years. Libby and Richard are lead authors in the Lancet Commission On The Value Of Death. Allan founded the field of public health palliative care back in the 1990s and has overseen the development over the last 25 years. Libby is a consultant in palliative care in London and a leader in the field of public health palliative care. Both Allan and Libby have featured on previous episodes of Survival of the Kindest. The story of dying in the 21st century is a story of paradox. COVID-19 has meant people have died the ultimate medicalised deaths, often alone in hospitals with little communication with their families. But in other settings, including in some lower income countries, many people remain undertreated, dying of preventable conditions and without access to basic pain relief. The unbalanced and contradictory picture of death and dying is the basis for the Lancet Commission on the Value of Death. Drawing on multidisciplinary perspectives from around the globe, the Commissioners argue that death and life are bound together: without death there would be no life. The Commission proposes a new vision for death and dying, with greater community involvement alongside health and social care services, and increased bereavement support. Follow Survival of the Kindest on Twitter, Instagram and subscribe on Apple, Spotify or wherever you like to listen to get our episodes as they are released. Email us on sotk@compassionate-communitiesuk.co.uk
On May 2nd, the comic industry lost one of their own. John Paul Leon, artist of such books as Static, The Winter Men, Earth-X, and much more; lost his life to cancer after a 14 year battle. Both Allan and I wanted to take a moment to talk about the man, so our first episode for our hiatus is about him.Please donate to his GoFundMe page in an effort to assist his family during this painful time.https://www.gofundme.com/f/john-paul-leon-family-memorial?utm_campaign=m_pd+share-sheet&utm_medium=copy_link_all&utm_source=customerSources:https://bleedingcool.com/comics/john-paul-leon-family-statement-fundraiser-memory/https://www.dccomics.com/talent/john-paul-leonhttp://stupid.guru/comics/comic-book-legend-john-paul-leon-has-passed-away-at-the-age-of-49/https://www.marvel.com/articles/comics/marvel-comics-remembers-john-paul-leonhttps://sktchd.com/art-feature/the-art-of-the-cover-john-paul-leon-on-his-craft-and-career/https://www.gamesradar.com/john-paul-leon-opens-up-on-his-cancer-battle-and-his-batman-creature-of-the-night-work/https://www.syfy.com/syfywire/comics-world-tribute-artist-john-paul-leon-dead-at-49https://en.wikipedia.org/wiki/John_Paul_Leonhttps://web.archive.org/web/20210418150046/https://www.gamesradar.com/selina-kyles-origin-retconned-for-batmancatwoman-special-by-king-and-leon/https://sktchd.libsyn.com/off-panel-73-the-art-connection-with-john-paul-leonhttps://livefromthedmz-blog.tumblr.com/post/15567192172/john-paul-leon-interviewPlease rate and review! Share our podcast with people you know! Let us know how to get better!Follow the podcast on Twitter: @HypertimePod or send us an email at hypertime2podcast@gmail.comFollow Josh on Twitter: @jmille99Follow Allan on Twitter: @TheAllanMuirAlso check us out on https://vgu.tv/ where we post show notes and our Twitter @VGU_TV. If you're into video games, we also have a couple video game podcasts worth checking out in Players Club Podcast and WIN.Intro and Outro Music: "RetroFuture Clean" by Kevin MacLeodRetroFuture Clean Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 3.0 Licensehttp://creativecommons.org/licenses/by/3.0/
This week’s episode begins with a focus on recent events in Australia’s defence policy space, which both Allan and Darren see as trending towards the formation of a balancing coalition in the region. Australia will join the US, Japan and India in next month’s Malabar exercises, which was announced while Defence Minister Linda Reynolds was in Tokyo to meet with her counterpart. Meanwhile, Australia will no longer send a naval ship to the Middle East – signalling the conclusion of a decades-long focus on that region. The conversation then turns to a controversial hearing in the Senate, during which Senator Eric Abetz asked three witnesses, all Australians of Chinese heritage, to denounce the Chinese Communist Party unconditionally. Both Allan and Darren explain why they were deeply troubled by this line of questioning, and Darren describes his recent co-authored piece that argues Abetz’s actions actually harmed Australia’s national security. The episode also raises interesting and thorny questions regarding whether and how every Australian should intervene in public debates. Finally, given that Ministerial visits, like those to Japan recently made by the Foreign and Defence Ministers, currently come at the cost of 14-days quarantine upon returning home, what does this say about the future of diplomacy? We thank AIIA intern Mitchell McIntosh for his help with research and audio editing and Rory Stenning for composing our theme music. Relevant Links Senator Linda Reynolds and Senator Marise Payne, “Australia to participate in Exercise Malabar 2020”, Media Release: 19 October 2020: https://www.minister.defence.gov.au/minister/lreynolds/media-releases/australia-participate-exercise-malabar-2020 “2020 Japan-Australia Defense Ministers Kishi/Reynolds Joint Statement on Advancing Defence Cooperation”, 19 October 2020: https://www.minister.defence.gov.au/minister/lreynolds/statements/2020-japan-australia-defense-ministers-kishireynolds-joint-statement Senator Linda Reynolds, “Changes to the ADF's naval presence in the Middle East”, Media Release, 23 October 2020: https://www.minister.defence.gov.au/minister/lreynolds/media-releases/changes-adfs-naval-presence-middle-east Stephen Dziedzic and Andrew Greene, “Australia no longer sending Navy to the Middle East, shifts focus to Asia-Pacific, China”, ABC News, 23 October 2020: https://mobile.abc.net.au/news/2020-10-23/australia-will-stop-sending-navy-to-middle-east-to-shift-focus/12808118 Osmond Chiu, “I was born in Australia. Why do I need to renounce the Chinese Communist Party?”, Sydney Morning Herald, 14 October 2020: https://www.smh.com.au/national/i-was-born-in-australia-why-do-i-need-to-renounce-the-chinese-communist-party-20201014-p5655j.html Yun Jiang, “Senator Abetz’s loyalty test”, Inside Story, 20 October 2020: https://insidestory.org.au/senator-abetzs-loyalty-test/ Natasha Kassam and Darren Lim, “Loyalty tests make Australia weaker, not stronger” Lowy Interpreter, 21 October 2020: https://www.lowyinstitute.org/the-interpreter/loyalty-tests-make-australia-weaker-not-stronger Australian Institute of International Affairs, “The World in 2021: Allan Gyngell and Dennis Richardson in Conversation”, 22 October 2020: https://www.internationalaffairs.org.au/australian-outlook/?filter[]=video (forthcoming) Graeme Dobell, “What’s worth 14 days’ quarantine for Australia’s foreign minister?” The Strategist, Australian Strategic Policy Institute, 19 October 2020: https://www.aspistrategist.org.au/whats-worth-14-days-quarantine-for-australias-foreign-minister/ Australian Institute of International Affairs, contact details: https://www.internationalaffairs.org.au/contact-us/ Anne Applebaum, Twilight of Democracy: The Failure of Politics and the Parting of Friends (Goodreads page): https://www.goodreads.com/book/show/55772332-twilight-of-democracy Francis Fukuyama, “Liberalism and its discontents: The challenges from the left and the right”, American Purpose, 5 October 2020: https://www.americanpurpose.com/articles/liberalism-and-its-discontent/ David Brooks, “America is having a moral convulsion”, The Atlantic, 5 October 2020: https://www.theatlantic.com/ideas/archive/2020/10/collapsing-levels-trust-are-devastating-america/616581/
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bad-best-practices/) All professionals like to glom onto "best practices." But in security, "best" practices may be bad out of the gate, become useless over time, or they're not necessarily appropriate for all situations. Stay tuned, we're about to expose some of the worst "best" practices. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Yaron Levi (@0xL3v1), CISO, Blue Cross/Blue Shield of Kansas City. Thanks to this week’s podcast sponsor, Endgame Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com. On this episode of Defense in Depth, you'll learn: The response of "This is how we've always done it", is not a reason to continue a "best" practice. One of the most universally bad "best" practices is counting the number of people who fall for a phishing test. Both Allan and Yaron told stories of phishing test reports that could swing wildly based on the type of email sent. CISOs argue that a better metric to track is the number of people who report the phishing email. Let employees know that you're going to test them. If you don't it can be seen as a means to discipline them, which you're not. Cybersecurity best practices don't stand the test of time. If a best practice seems off, challenge it by simply asking, "Why?" Awareness training should be measured by testing afterwards, not by the number of people who actually took it.
FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more. ##Headlines ###AsiaBSDcon 2019 recap Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials. Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit. On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests. On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks. Benedict attended Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel Vadot powerpc64 architecture support in FreeBSD ports by Piotr Kubaj Managing System Images with ZFS by Allan Jude FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz Security Fantasies and Realities for the BSDs by George V. Neville-Neil ZRouter: Remote update of firmware by Hiroki Mori Improving security of the FreeBSD boot process by Marcin Wojtas Allan attended Adventures in DRMland by Emmanuel Vadot Intel HAXM by Kamil Rytarowski BSD Solutions in Australian NGOs Container Migration on FreeBSD by Yuhei Takagawa Security Fantasies and Realities for the BSDs by George Neville-Neil ZRouter: Remote update of firmware by Hiroki Mori Improving security of the FreeBSD boot process by Marcin Wojtas When not in talks, time was spent in the hallway track and conversations would often continue over dinner. Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan. ###FreeBSD Quarterly Status Report - Fourth Quarter 2018 Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered: i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves. Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group. We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having. ###GhostBSD: A Solid Linux-Like Open Source Alternative The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms. GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface. I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest. In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux. GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes. Keep reading to find out what piqued my excitement about Linux-like GhostBSD. ##News Roundup SPARCbook 3000ST - The coolest 90s laptop A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s). Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s. ###OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems. https://twitter.com/damienmiller/status/1111416334737244160 Better Security Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it: “The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.” Interesting new features ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you. ###Project Trident : 18.12-U8 Available Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available. To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release ##Beastie Bits BSD Router Project - Release 1.92 EuroBSDcon - New Proposals Funny UNIX shirt (René Magritte art parody) 51NB’s Thinkpad X210 DragonFly: No more gcc50 “FreeBSD Mastery: Jails” ebook escaping! FreeBSD talk at the Augsburger Linux Info Days (german) ##Feedback/Questions DJ - FuguIta Feedback Mike - Another Good Show Alex - GhostBSD and wifi Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.
This episode we enter the world of "Ready Player One". While a great throwback and nostalgia-laced journey, much like the book, the film's ending doesn't really tackle the issues the plot raises. One could argue if anything, it makes the world a worse place to live in. Most of the characters are boring with little depth and are easily forgotten. Both Allan and Patrick feel that Speilberg has lost his ability to tell a story and just relies on stunning visuals to captivate the audience.
Both Allan (@uuallan) and Tim (@TimJGallo) are in the Unite States. This makes starting a BSides in France challenging and intriguing. Both organizers love wine and saw an opportunity to put France on the BSides map. BSides Bordeaux (@BsidesBDX) is October 21, 2017, in Bordeaux France. The venue is Mama Shelter (which has a wicked video). Tickets are limited so be sure to grab one soon.
This week on BSDNow, we are going to be talking to Pawel about how his This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Note the recent passing of 2 members of the BSD community Juergen Lock / Nox (https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/contrib-develinmemoriam.html) Benjamin Perrault / creepingfur (https://twitter.com/michaeldexter/status/676290499389485057) Memories from Michael Dexter (http://pastebin.com/4BQ5uVsT) Additional Memories (http://www.filis.org/rip_ben.txt) Benjamin and Allan at Ben's local bar (http://www.allanjude.com/bsd/bp/IMG_20151101_161727-auto.jpg) Benjamin treated Allan and Michael Dexter to their first ever Bermese food (http://www.allanjude.com/bsd/bp/IMG_20151101_191344-auto.jpg) Benjamin enjoying the hallway track at EuroBSDCon 2015 (http://www.allanjude.com/bsd/bp/IMG_20151003_105457-auto.jpg) *** NGINX as Reverse Proxy for Apache on FreeBSD 10.2 (http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/) A tutorial on setting up NGINX as a reverse proxy for Apache Sometimes your users or application require some feature of Apache, that cannot be easily replicated in NGINX, like .htaccess files or a custom apache module In addition, because the default worker model in Apache does not accept new work until it is finished sending the request, a user with a slow connection can tie down that worker for a long time With NGINX as a reverse proxy, it will receive the data from the Apache worker over localhost, freeing that worker to answer the next request, while NGINX takes care of sending the data to the user The tutorial walks through the setup, which is very easy on modern FreeBSD One could also add mod_rpaf2 to the Apache, to securely pass through the users' real IP address for use by Apache's logging and the PHP scripts *** FreeBSD and FreeNAS in Business by Randy Westlund (http://bsdmag.org/freebsd_freenas/) The story of how a Tent & Awning company switched from managing orders with paper, to a computerized system backed by a FreeNAS “At first, I looked at off-the-shelf solutions. I found a number of cloud services that were like Dropbox, but with some generic management stuff layered on top. Not only did these all feel like a poor solution, they were very expensive. If the provider were to go out of business, what would happen to my dad's company?” “Fortunately, sourcing the hardware and setting up the OS was the easiest part; I talked to iXsystems. I ordered a FreeNAS Mini and a nice workstation tower” “I have r2d2 (the tower, which hosts the database) replicating ZFS snapshots to c3po (the FreeNAS mini), and the data is backed up off-site regularly. This data is absolutely mission-critical, so I can't take any risks. I'm glad I have ZFS on my side.” “I replaced Dropbox with Samba on c3po, and the Windows machines in the office now store important data on the NAS, rather than their local drives.” “I also replaced their router with an APU board running pfSense and replaced their PPTP VPN with OpenVPN and certificate authorization.” “FreeBSD (in three different incarnations) helped me focus on improving the company's workflow without spending much time on the OS. And now there's an awning company that is, in a very real sense, powered by FreeBSD.” *** Tutorial, Windows running under bhyve (http://pr1ntf.xyz/windowsunderbhyve.html) With the recent passing of the world's foremost expert on running Windows under bhyve on FreeBSD, this tutorial will help you get up to speed “The secret sauce to getting Windows running under bhyve is the new UEFI support. This is pretty great news, because when you utilize UEFI in bhyve, you don't have to load the operating system in bhyveload or grub-bhyve first.” The author works on iohyve, and wanted to migrate away from VirtualBox, the only thing stopping that was support for Windows Guests iohyve now has support for managing Windows VMs The tutorial uses a script to extract the Windows Server 2008 ISO and set up AutoUnattend.xml to handle the installation of Windows, including setting the default administrator password, this is required because there is no graphical console yet The AutoUnattended setup also includes setting the IP address, laying out the partitions, and configuring the serial console A second script is then used to make a new ISO with the modifications The user is directed to fetch the UEFI firmware and some other bits Then iohyve is used to create the Windows VM The first boot uses the newly created ISO to install Windows Server 2008 Subsequent boots start Windows directly from the virtual disk Remote Desktop is enabled, so the user can manage the Windows Server graphically, using FreeRDP or a Windows client iohyve can then be used to take snapshots of the machine, and clone it *** BSD Router Project has released 1.58 (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.58/) The BSD Router project has announced the release of version 1.58 with some notable new features Update to FreeBSD 10.2-RELEASE-p8 Disabled some Chelsio Nic features not used by a router Added new easy installation helper option, use with “system install ” Added the debugging symbols for userland Includes the iperf package, and flashrom package, which allows updating system BIOS on supported boxes IMPORTANT: Corrects an important UFS label bug introduced on 1.57. If you are running 1.57, you will need to fetch their fixlabel.sh script before upgrading to 1.58 *** OPNsense 15.7.22 Released (https://opnsense.org/opnsense-15-7-22-released/) An update to OPNsense has landed this week which includes the important updates to OpenSSL 1.0.2e and LibreSSL 2.2.5 A long-standing annoying bug with filter reload timeouts has finally been identified and sorted out as well, allowing the functionality to run quickly and “glitch free” again. Some newer ports for curl (7.46), squid (3.5.12) and lighttpd (1.4.38) have also been thrown in for good measure Some other minor UI fixes have also been included as well With the holidays coming up, if you are still running a consumer router, this may be a good time to convert over to a OPNsense or PFsense box and get yourself ready for the new year. *** iXsystems iXSystems releases vCenter Web Client Plug-in for TrueNAS (https://www.ixsystems.com/whats-new/2015/12/vcenter-web-client-plug-in-for-truenas-now-available/) Interview - Pawel Jakub Dawidek - pjd@FreeBSD.org (mailto:pjd@FreeBSD.org) News Roundup Developer claims the PS4 has been jail-broken (http://www.networkworld.com/article/3014714/security/developer-claims-ps4-officially-jailbroken.html) While not exactly a well-kept secret, the PS4's proprietary “OrbOS” is FreeBSD based. Using this knowledge and a Kernel exploit, developer CTurt (https://twitter.com/CTurtE/) claims he was able jailbreak a WebKit process and gain access to the system. He has posted a small tease to GitHub, detailing some of the information gleaned from the exploit, such as PID list and root FS dump As such with these kinds of jailbreaks, he already requested that users stop sending him requests about game piracy, but the ability to hack on / run homebrew apps on the PS4 seems intriguing *** Sepherosa Ziehau is looking for testers if you have a em(4), emx(4), or igb(4) Intel device (http://lists.dragonflybsd.org/pipermail/users/2015-December/228461.html) DragonFly Testers wanted! Sephe has posted a request for users of the em(4), emx(4) and igb(4) intel drivers to test his latest branch and report back results He mentions that he has tested the models 82571, 82574 and 82573 (em/emx); 82575, 82576, 82580 and i350 specifically, so if you have something different, I'm sure he would be much appreciative of the help. It looks like the em(4) driver has been updated to 7.5.2, and igb(4) 2.4.3, and adds support for the I219-LM and I219-V NICS. *** OpenBSD Xen Support (https://marc.info/?l=openbsd-tech&m=144933933119525&w=2) Filed under the “Ohh, look what's coming soon” section, it appears that patches are starting to surface for OpenBSD Xen DOMU support. For those who aren't up on their Xen terminology, DomU is the unprivileged domain (I.E. Guest mode) Right now the patch exists at the link above, and adds a new (commented out) device to the GENERIC kernel, but this gives Xen users something new to watch for updates to. *** Thinkpad Backlit Keyboard support being worked on (http://freshbsd.org/commit/openbsd/b355449caa22e7bb6c460f7a647874836ef604f0) Another reason why Lenovo / ThinkPads are some of the best laptops currently to use with BSD, the kettenis over at the OpenBSD project has committed a patch to enable support for the “ThinkLight” For those who don't know, this is the little light that helps illuminate the laptop's keyboard under low-light situations. While the initial patch only supports the “real-deal” ThinkLight, he does mention that support will be added soon for the others on ThinkPads No sysctl's to fiddle with, this works directly with the ACPI / keyboard function keys directly, nice! *** Deadline is approaching for Submissions of Tutorial Proposals for AsiaBSDCon 2016 (https://2016.asiabsdcon.org/cfp.html) Call for Papers for BSDCAN 2016 now open (http://www.bsdcan.org/2016/papers.php) + The next two major BSD conferences both have their CFP up right now. First up is AsiaBSDCon in Tokyo from March 10th-13th, followed by BSDCan in Ottawa, June 8th-11th. + If you are working on anything interesting in the BSD community, this is a good way to get the word out about your project, plus the conference pays for Hotel / Travel. + If you can make it to both, DO SO, you won't regret it. Both Allan and Kris will be attending and we would look forward to meeting you. iohyve lands in ports (https://github.com/pr1ntf/iohyve) (http://www.freshports.org/sysutils/iohyve/) + Something we've mentioned in passing has taken its first steps in becoming reality for users! “iohyve” has now landed in the FreeBSD ports tree + While it shares a similar name to “iocage” its not directly related, different developers and such. However it does share a very similar syntax and some principles of ZFS usage + The current version is 0.7, but it already has a rather large feature set + Among the current features are ISO Management, resource management, snapshot support (via ZFS), and support for OpenBSD, NetBSD and Linux (Using grub-bhyve port) BeastieBits hammer mount is forced noatime by default (http://lists.dragonflybsd.org/pipermail/users/2015-November/228445.html) Show your support for FreeBSD (http://freebsdfoundation.blogspot.com/2015/12/show-your-support-for-freebsd.html) OpenBSD running in an Amazon EC2 t2.micro (https://gist.github.com/reyk/e23fde95354d4bc35a40) NetBSD's 2015Q4 Package freeze is coming (http://mail-index.netbsd.org/tech-pkg/2015/12/05/msg016059.html) ‘Screenshots from Developers' that we covered previously from 2002, updated for 2015 (https://anders.unix.se/2015/12/10/screenshots-from-developers--2002-vs.-2015/) Feedback/Questions (slexy was down when I made these, I only did 3, since the last is really long, save rest for next week) Mark - BSD laptops (http://pastebin.com/g0DnFG95) Jamie - zxfer (http://pastebin.com/BNCmDgTe) Anonymous - Long Story (http://pastebin.com/iw0dXZ9P) ***
This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2015 schedule (https://www.bsdcan.org/2015/schedule/) The list of presentations for the upcoming BSDCan conference has been posted, and the time schedule should be up shortly as well Just a reminder: it's going to be held on June 12th and 13th at the University of Ottawa in Canada This year's conference will have a massive fifty talks, split up between four tracks instead of three (but unfortunately a person can only be in one place at a time) Both Allan and Kris had at least one presentation accepted, and Allan will also be leading a few "birds of a feather" gatherings In total, there will be three NetBSD talks, five OpenBSD talks, eight BSD-neutral talks, thirty-five FreeBSD talks and no DragonFly talks That's not the ideal balance (https://twitter.com/bsdcan/status/570394627158773760) we'd hope for, but BSDCan says (https://twitter.com/bsdcan/status/570398181864972288) they'll try to improve that next year Those numbers are based on the speaker's background, or any past presentations, for the few whose actual topic wasn't made obvious from the title (so there may be a small margin of error) Michael Lucas (who's on the BSDCan board) wrote up a blog post (http://blather.michaelwlucas.com/archives/2325) about the proposals and rejections this year If you can't make it this year, don't worry, we'll be sure to announce the recordings when they're made available We also interviewed Dan Langille (http://www.bsdnow.tv/episodes/2014_12_31-daemons_in_the_north) about the conference and what to expect this year, so check that out too *** SSL interception with relayd (http://www.reykfloeter.com/post/41814177050/relayd-ssl-interception) There was a lot of commotion recently about superfish (http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/), a way that Lenovo was intercepting HTTPS traffic and injecting advertisements If you're running relayd (http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8), you can mimic this evil setup on your own networks (just for testing of course…) Reyk Floeter (http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time), the guy who wrote relayd, came up a blog post about how to do just that (https://gist.github.com/reyk/4b42858d1eab3825f9bc#file-relayd-superfish-conf) It starts off with some backstory and some of the things relayd is capable of relayd can run as an SSL server to terminate SSL connections and forward them as plain TCP and, conversely, run as an SSL client to terminal plain TCP connections and tunnel them through SSL When you combine these two, you end up with possibilities to filter between SSL connections, effectively creating a MITM scenario The post is very long, with lots of details (https://www.marc.info/?l=openbsd-tech&m=135887624714548&w=2) and some sample config files - the whole nine yards *** OPNsense 15.1.6.1 released (https://forum.opnsense.org/index.php?topic=77.0) The OPNsense team has released yet another version in rapid succession, but this one has some big changes It's now based on FreeBSD 10.1, with all the latest security patches and driver updates (as well as some in-house patches) This version also features a new tool for easily upgrading between versions, simply called "opnsense-update" (similar to freebsd-update) It also includes security fixes for BIND (https://kb.isc.org/article/AA-01235) and PHP (http://php.net/ChangeLog-5.php#5.6.6), as well as some other assorted bug fixes The installation images have been laid out in a clean way: standard CD and USB images that default to VGA, as well as USB images that default to a console output (for things like Soekris and PCEngines APU boards that only have serial ports) With the news of m0n0wall shutting down last week, they've also released bare minimum hardware specifications required to run OPNsense on embedded devices Encouraged by last week's mention of PCBSD trying to cut ties with OpenSSL, OPNsense is also now providing experimental images built against LibreSSL (https://forum.opnsense.org/index.php?topic=78.0) for testing (and have instructions on how to switch over without reinstalling) *** OpenBSD on a Minnowboard Max (http://www.countersiege.com/2015/02/22/minnowboard_max_openbsd.html) What would our show be without at least one story about someone installing BSD on a weird device For once, it's actually not NetBSD… This article is about the minnowboard max (http://www.minnowboard.org/meet-minnowboard-max/), a very small X86-based motherboard that looks vaguely similar to a Raspberry Pi It's using an Atom CPU instead of ARM, so overall application compatibility should be a bit better (and it even has AES-NI, so crypto performance will be much better than a normal Atom) The author describes his entirely solid-state setup, noting that there's virtually no noise, no concern about hard drives dying and very reasonable power usage You'll find instructions on how to get OpenBSD installed and going throughout the rest of the article Have a look at the spec sheet if you're interested, they make for cool little BSD boxes *** Netmap for 40gbit NICs in FreeBSD (https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054717.html) Luigi Rizzo posted an announcement to the -current mailing list, detailing some of the work he's just committed The ixl(4) driver, that's one for the X1710 40-gigabit card, now has netmap support It's currently in 11-CURRENT, but he says it works in 10-STABLE and will be committed there too This should make for some serious packet-pushing power If you have any network hardware like this, he would appreciate testing for the new code *** Interview - Ken Westerback - directors@openbsdfoundation.org (mailto:directors@openbsdfoundation.org) The OpenBSD foundation (http://www.openbsdfoundation.org/donations.html)'s activities News Roundup s2k15 hackathon report: dhclient/dhcpd/fdisk (http://undeadly.org/cgi?action=article&sid=20150221222235) The second trip report from the recent OpenBSD hackathon has been published, from the very same guy we just talked to Ken was also busy, getting a few networking-related things fixed and improved in the base system He wrote a few new small additions for dhclient and beefed up the privsep security, as well as some fixes for tcpdump and dhcpd The fdisk tool also got worked on a bit, enabling OpenBSD to properly wipe GPT tables on a previously-formatted disk so you can do a normal install on it There's apparently plans for "dhclientng" - presumably a big improvement (rewrite?) of dhclient *** FreeBSD beginner video series (https://www.youtube.com/user/bsdtutorial/videos) A new series of videos has started on YouTube, aimed at helping total beginners learn about FreeBSD We usually assume that people who watch the show are already familiar with basic concepts, but they'd be a great introduction to any of your friends that are looking to get started with BSD and need a helping hand So far, he's covered how to get FreeBSD (https://www.youtube.com/watch?v=D26rOHkI-iE), an introduction to installing in VirtualBox (https://www.youtube.com/watch?v=PCyYW19bPDU), a simple installation (https://www.youtube.com/watch?v=HCE89kObutA) or a more in-depth manual installation (https://www.youtube.com/watch?v=OwqCjz9Fgao), navigating the filesystem (https://www.youtube.com/watch?v=6YJhdOGjN50), basic ssh use (https://www.youtube.com/watch?v=Yl5Bg2qz21I), managing users and groups (https://www.youtube.com/watch?v=ioB73i7QUjI) and finally some basic editing (https://www.youtube.com/watch?v=VxxbO-gt9FA) with vi (https://www.youtube.com/watch?v=16FNtCj-uS4) and a few other topics Everyone's gotta start somewhere and, with a little bit of initial direction, today's newbies could be tomorrow's developers It should be an ongoing series with more topics to come *** NetBSD tests: zero unexpected failures (https://blog.netbsd.org/tnf/entry/regular_test_runs_down_to) The NetBSD guys have a new blog post up about their testing suite (http://wiki.netbsd.org/tutorials/atf/) for all the CPU architectures They've finally gotten the number of "expected" failures down to zero on a few select architectures Results are published (http://releng.netbsd.org/test-results.html) on a special release engineering page, so you can have a look if you're interested The rest of the post links to the "top performers" (ones with less than ten failure) in the -current branch *** PCBSD switches to IPFW (https://github.com/pcbsd/pcbsd/commit/b80f78d8a5d002396c28ac0e5fd6f69699beaace) The PCBSD crew continues their recent series of switching between major competing features This time, they've switched the default firewall away from PF to FreeBSD's native IPFW firewall Look forward to Kris wearing a "keep calm and use IPFW" shir- wait *** Feedback/Questions Sean writes in (http://slexy.org/view/s21U6Ln6wC) Dan writes in (http://slexy.org/view/s2Kp0xdfIb) Florian writes in (http://slexy.org/view/s216DcA8DP) Sean writes in (http://slexy.org/view/s271iJjqtQ) Chris writes in (http://slexy.org/view/s21zerHI9P) *** Mailing List Gold VCS flamebait (https://www.marc.info/?l=openbsd-misc&m=142454205416445&w=2) Hidden agenda (https://lists.freebsd.org/pipermail/freebsd-gnome/2015-February/031561.html) ***