114 min listen
399: Comparing Sandboxes
FromBSD Now
ratings:
Length:
57 minutes
Released:
Apr 22, 2021
Format:
Podcast episode
Description
Comparing sandboxing techniques, Statement on FreeBSD development processes, customizing FreeBSD ports and packages, the quest for a comfortable NetBSD desktop, Nginx as a TCP/UDP relay, HardenedBSD March 2021 Status Report, Detailed Behaviors of Unix Signal, and more
NOTES
This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
Headlines
Comparing sandboxing techniques (https://www.omarpolo.com/post/gmid-sandbox.html)
I had the opportunity to implement a sandbox and I'd like to write about the differences between the various sandboxing techniques available on three different operating systems: FreeBSD, Linux and OpenBSD.
Statement on FreeBSD development processes (https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057127.html)
In light of the recent commentary on FreeBSD's development practices, members of the Core team would like to issue the following statement.
Customizing FreeBSD Ports and Packages (https://klarasystems.com/articles/customizing-freebsd-ports-and-packages/)
A basic intro to building your own packages
News Roundup
FVWM(3) and the quest for a comfortable NetBSD desktop (https://www.unitedbsd.com/d/442-fvwm3-and-the-quest-for-a-comfortable-netbsd-desktop)
FVWM substantially allows one to build a fully-fledged lightweight desktop environment from scratch, with an almost unparalleled degree of freedom. Although using FVWM does not require any knowledge of programming languages, it is possible to extend it with M4, C, and Perl preprocessing.
Nginx as a TCP/UDP relay (https://dataswamp.org/~solene/2021-02-24-nginx-stream.html)
In this tutorial I will explain how to use Nginx as a TCP or UDP relay as an alternative to Haproxy or Relayd. This mean nginx will be able to accept requests on a port (TCP/UDP) and relay it to another backend without knowing about the content. It also permits to negociates a TLS session with the client and relay to a non-TLS backend. In this example I will explain how to configure Nginx to accept TLS requests to transmit it to my Gemini server Vger, Gemini protocol has TLS as a requirement.
HardenedBSD March 2021 Status Report (https://hardenedbsd.org/article/shawn-webb/2021-03-31/hardenedbsd-march-2021-status-report)
This month, I worked on finding and fixing the regression that caused kernel panics on our package builders. I think I found the issue: I made it so that the HARDENEDBSD amd64 kernel just included GENERIC so that we follow FreeBSD's toggling of features. Doing so added QUEUEMACRODEBUGTRASH to our kernel config. That option is the likely culprit. If the next package build (with the option removed) completes, I will commit the change that removes QUEUEMACRODEBUGTRASH from the HARDENEDBSD amd64 kernel.
Detailed Behaviors of Unix Signal (https://www.dyx.name/posts/essays/signal.html)
When Unix is mentioned in this document it means macOS or Linux as they are the mainly used Unix at this moment. When shell is mentioned it means Bash or Zsh. Most demos are written in C for macOS with Apple libc and Linux with glibc.
Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Feedback/Questions
andrew - flatpak (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/andrew%20-%20flatpak)
chris - mac and truenas (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/chris%20-%20mac%20and%20truenas)
robert - some questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/robert%20-%20some%20questions)
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
NOTES
This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow)
Headlines
Comparing sandboxing techniques (https://www.omarpolo.com/post/gmid-sandbox.html)
I had the opportunity to implement a sandbox and I'd like to write about the differences between the various sandboxing techniques available on three different operating systems: FreeBSD, Linux and OpenBSD.
Statement on FreeBSD development processes (https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057127.html)
In light of the recent commentary on FreeBSD's development practices, members of the Core team would like to issue the following statement.
Customizing FreeBSD Ports and Packages (https://klarasystems.com/articles/customizing-freebsd-ports-and-packages/)
A basic intro to building your own packages
News Roundup
FVWM(3) and the quest for a comfortable NetBSD desktop (https://www.unitedbsd.com/d/442-fvwm3-and-the-quest-for-a-comfortable-netbsd-desktop)
FVWM substantially allows one to build a fully-fledged lightweight desktop environment from scratch, with an almost unparalleled degree of freedom. Although using FVWM does not require any knowledge of programming languages, it is possible to extend it with M4, C, and Perl preprocessing.
Nginx as a TCP/UDP relay (https://dataswamp.org/~solene/2021-02-24-nginx-stream.html)
In this tutorial I will explain how to use Nginx as a TCP or UDP relay as an alternative to Haproxy or Relayd. This mean nginx will be able to accept requests on a port (TCP/UDP) and relay it to another backend without knowing about the content. It also permits to negociates a TLS session with the client and relay to a non-TLS backend. In this example I will explain how to configure Nginx to accept TLS requests to transmit it to my Gemini server Vger, Gemini protocol has TLS as a requirement.
HardenedBSD March 2021 Status Report (https://hardenedbsd.org/article/shawn-webb/2021-03-31/hardenedbsd-march-2021-status-report)
This month, I worked on finding and fixing the regression that caused kernel panics on our package builders. I think I found the issue: I made it so that the HARDENEDBSD amd64 kernel just included GENERIC so that we follow FreeBSD's toggling of features. Doing so added QUEUEMACRODEBUGTRASH to our kernel config. That option is the likely culprit. If the next package build (with the option removed) completes, I will commit the change that removes QUEUEMACRODEBUGTRASH from the HARDENEDBSD amd64 kernel.
Detailed Behaviors of Unix Signal (https://www.dyx.name/posts/essays/signal.html)
When Unix is mentioned in this document it means macOS or Linux as they are the mainly used Unix at this moment. When shell is mentioned it means Bash or Zsh. Most demos are written in C for macOS with Apple libc and Linux with glibc.
Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Feedback/Questions
andrew - flatpak (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/andrew%20-%20flatpak)
chris - mac and truenas (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/chris%20-%20mac%20and%20truenas)
robert - some questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/robert%20-%20some%20questions)
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
Released:
Apr 22, 2021
Format:
Podcast episode
Titles in the series (100)
1: BGP & BSD: We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists! by BSD Now