October 14, 2018

Lazy Reading for 2018/10/14DragonFly BSD Digest

A good, oddball week.

Your unrelated comics link of the week: Draculagate, a book funded by Kickstarter.  Watch the video.

 

What should longtime Linux users know about DragonFly?Discovering the Way of the BSD

What should longtime Linux users know about DragonFly? Also, how is the project organized and what are the rules for contribution?

slantDiscovering the Way of the BSD

slant is a remote system monitor. For the time being, it only works with OpenBSD hosts. All sources use the ISC (like OpenBSD) license.

October 13, 2018

Valuable News – 2018-10-13Discovering the Way of the BSD

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here so someone else can

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

In Other BSDs for 2018/10/13DragonFly BSD Digest

Still playing catchup with links.

 

Laptop recommendations for DragonFlyDiscovering the Way of the BSD

In case it’s useful to you, here’s several laptop recommendations for DragonFly.

The byproducts of reading OpenBSD netcat codeNan Xiao
When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that … Continue reading The byproducts of reading OpenBSD netcat code

October 12, 2018

MidnightBSD 1.0Discovering the Way of the BSD

MidnightBSD is happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.

Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.

FreeBSD Desktop – Part 17 – Automount Removable MediaDiscovering the Way of the BSD

In this article in the FreeBSD Desktop series author will introduce various methods to automatically (or not) mount external/removable devices such as USB or eSATA disks/pendrives or SD/microSD flash cards.

Porting Keybase to NetBSDDiscovering the Way of the BSD

Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it's also hooked up to the network of all other Keybase users, so you don't have to work very hard to maintain big keychains. Pretty cool! So, this evening, I tried to get it to all work on NetBSD.

New cl-yag versionSolène Rapenne (solene@)

My website/gopherhole static generator cl-yag has been updated today, and see its first release!

New feature added today is that the gopher output now supports an index menu of tags, and a menu for each tags displaying articles tagged by that tag. The gopher output was a bit of a second class citizen before this, only listing articles.

New release v1.00 can be downloaded here (sha512 sum 53839dfb52544c3ac0a3ca78d12161fee9bff628036d8e8d3f54c11e479b3a8c5effe17dd3f21cf6ae4249c61bfbc8585b1aa5b928581a6b257b268f66630819). Code can be cloned with git: git://bitreich.org/cl-yag

October 11, 2018

An another backup script with versioningVincent's Blog

I'm spending lot of energy to apply best practices on my servers.

But, maybe like several persons, my desktops and laptops are just a big mess of different softwares, lot of different config files, ...

And when comes the question of the backup, most of the elements must not be take into account. So, in my mind it's not necessary to take a backup. (my important documents are synchronised in an automatic way via rsync on my NAS).

Nevertheless, some files and directories requires lot of attentions and must be correctly backuped like ~/.config for example.

This blog is about an another locale backup script which allow to precisely select which files to backup.

Moreover it allow a versioning. Some OSX's users call it "time machine".

OpenBSD's unveil()Discovering the Way of the BSD

One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.

BSDNow 267: Absolute FreeBSDDragonFly BSD Digest

BSDNow 267 is posted a bit early this week, with an interview of Michael W. Lucas, about his upcoming Absolute FreeBSD 3rd edition and local BUG.

Committer-signed “Absolute FreeBSD 3rd Ed” auctionDiscovering the Way of the BSD

This post is for bids on the brand new third edition of “Absolute FreeBSD” that I’m going to have signed by every developer I can catch at MeetBSD. Proceeds go to the FreeBSD Foundation.

Rules are on the announcement page, but in short: the auction ends on 20 October 2018, at the close of MeetBSD. Each bid must be at least $5 more than the prior bid. I’ll hand over or mail the copy upon getting a copy of the receipt for the FreeBSD Foundation.

The auction takes place entirely on the page. Folks at MeetBSD get no special advantage.

New FreeBSD snapshots available: head (20181009 r339271)Discovering the Way of the BSD

New FreeBSD development branch installation ISOs and virtual machine disk images have been uploaded to the FreeBSD Project mirrors.

As with any development branch, the installation snapshots are not intended for use on production systems. We do, however, encourage testing on non-production systems as much as possible.

Please also consider installing the sysutils/panicmail port, which can help in providing FreeBSD developers the necessary information regarding system crashes.

BSD PL meetup tonightDiscovering the Way of the BSD

When: October 11, 2018, 18:15 - 21:15

Where: Warsaw University of Technology, Faculty of Electrical Engineering, ul. Koszykowa 75, Warsaw

What:

BSD-PL 0.5. Usergroup Half-birthday. Krzysztof Szczepański

A Brief History of Time in FreeBSD. Miłosz Kaniewski

What are containers anyway? Maciej Pasternacki

Project Cardigan - Deep Learning Based Image Retrieval Mariusz Wołoszyn

Absolute FreeBSD - BSD Now 267Discovering the Way of the BSD

Long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.

Tor part 2: hidden serviceSolène Rapenne (solene@)

In this second Tor article, I will present an interesting Tor feature named hidden service. The principle of this hidden service is to make available a network service from anywhere, with only prerequisites that the computer must be powered on, tor not blocked and it has network access.

This service will be available through an address not disclosing anything about the server internet provider or its IP, instead, a hostname ending by .onion will be provided by tor for connecting. This hidden service will be only accessible through Tor.

There are a few advantages of using hidden services:

  • privacy, hostname doesn’t contain any hint
  • security, secure access to a remote service not using SSL/TLS
  • no need for running some kind of dynamic dns updater

The drawback is that it’s quite slow and it only work for TCP services.

From here, we assume that Tor is installed and working.

Running an hidden service require to modify the Tor daemon configuration file, located in /etc/tor/torrc on OpenBSD.

Add the following lines in the configuration file to enable a hidden service for SSH:

HiddenServiceDir /var/tor/ssh_service
HiddenServicePort 22 127.0.0.1:22

The directory /var/tor/ssh_service will be be created. The directory /var/tor is owned by user _tor and not readable by other users. The hidden service directory can be named as you want, but it should be owned by user _tor with restricted permissions. Tor daemon will take care at creating the directory with correct permissions once you reload it.

Now you can reload the tor daemon to make the hidden service available.

$ doas rcctl reload tor

In the /var/tor/ssh_service directory, two files are created. What we want is the content of the file hostname which contains the hostname to reach our hidden service.

$ doas cat /var/tor/ssh_service/hostname
piosdnzecmbijclc.onion

Now, we can use the following command to connect to the hidden service from anywhere.

$ torsocks ssh piosdnzecmbijclc.onion

In Tor network, this feature doesn’t use an exit node. Hidden services can be used for various services like http, imap, ssh, gopher etc…

Using hidden service isn’t illegal nor it makes the computer to relay tor network, as previously, just check if you can use Tor on your network.

Note: it is possible to have a version 3 .onion address which will prevent hostname collapsing, but this produce very long hostnames. This can be done like in the following example:

HiddenServiceDir /var/tor/ssh_service
HiddenServicePort 22 127.0.0.1:22
HiddenServiceVersion 3

This will produce a really long filename like tgoyfyp023zikceql5njds65ryzvwei5xvzyeubu2i6am5r5uzxfscad.onion

If you want to have the short and long hostnames, you need to specify twice the hidden service, with differents folders.

October 10, 2018

Developer-signed “Relayd & Httpd Mastery” hardcoverMichael Lucas
This post is for bids on the brand new first-ever hardcover edition of Relayd & Httpd Mastery that I’m going to have signed by every developer I can catch at MeetBSD. Proceeds go to the OpenBSD Foundation. Rules are on the announcement page, but in short: the auction ends on 20 October 2018, at the …
FreeBSD & OpenBSD fundraisersMichael Lucas
TLDR: FreeBSD auction here, OpenBSD auction here. Bids on this page will be ignored. The brand-new third edition of Absolute FreeBSD is in one of my greasy mitts right now. As is customary, I’m using this to persuade other people to give money to the FreeBSD Foundation. In unrelated news, I’ve just come up with …
Committer-signed “Absolute FreeBSD 3rd Ed” auctionMichael Lucas
This post is for bids on the brand new third edition of “Absolute FreeBSD” that I’m going to have signed by every developer I can catch at MeetBSD. Proceeds go to the FreeBSD Foundation. Rules are on the announcement page, but in short: the auction ends on 20 October 2018, at the close of MeetBSD. …
Polish BSD User Group meeting tomorrowDragonFly BSD Digest

I’m posting a day early cause of time zone difference: there’s a meeting of the Polish BSD User Group tomorrow.