API tools faq
paste
Advertisement
Guest User

Thomas - Misc Questions

a guest
Apr 20th, 2016
470
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.78 KB | None | 0 0
raw download clone embed print report
  1. Hello
  2.  
  3. I’m a long time, let’s say ’advanced beginner’ Linux server guy. I get to do random web server and *nix things in my job as a content producer and writer at an advertising company but I have relatively limited knowledge of real system administration. I have a couple of questions for you guys, but I wanted to share my BSD story, since it may be of interest to, even though this got a bit long.
  4.  
  5. I’ve been curious about BSD for a while (main interests: zfs, dtrace and appliances like pfSense and FreeNAS). Certain talks and podcasts and my experience of BSD tools and man pages on the Mac have made me quite into the idea of using a non-Linux server OS. The interviews in publications like yours paint a picture of competent and tightly knit teams that produce well integrated operating systems. This is highly appealing to me.
  6.  
  7. As time goes on, I’m also increasingly amazed at the idea of putting up with the fiery hellscape that is dealing with the GPL license in a product development/business environment.
  8.  
  9. My personal BSD journey starts with the fact that I happen to run a few Tor ‘middle relays’, something I can wholeheartedly recommend as a fun project to any moderately security aware person who has a megabit or two of bandwidth to share. In free countries, running Tor middle relays doesn’t involve any of the constant risk of abuse from authorities that comes with running exit nodes.
  10.  
  11. Recently, I ran into the Tor Diversity Project and decided to migrate a few of my Tor relays to FreeBSD, in the name of the stated goals of the project: potential security improvements through diversity. I realised that my Tor relays are a perfect way to try out a new OS beyond my default reliance on Debian and Ubuntu, which really aren’t much fun when you get down to the details.
  12.  
  13. Compared to aimlessly messing around with an unfamiliar OS I really can’t use as a desktop or for production, running Tor relays has the motivational benefit of providing actual value to the world. As an example, it can be an interesting challenge to try to max out the allotted bandwidth with a relay with a VM with as little RAM and CPU as possible.
  14.  
  15.  
  16. Tor relays do actual computational work: on a Raspberry Pi 2 relay configured to occupy 5 use of bandwidth, Tor seems to keep a 1-2 cpu cores relatively busy continuously.
  17.  
  18.  
  19. So, Tor is a nice thing to run for the benefit of other people, but it’s not the end of the world for my productivity if a relay goes down for a if I mess up something. In a few few months, I'll probably feel confident enough to migrate my irc shell vm I share with friends to FreeBSD.
  20.  
  21.  
  22. I’ve come to a few realizations about computing: For starters, I don’t apparently hate networking, only the steaming cesspit that is the syntax for Linux’s iptables firewall. And although FreeBSD ports may require a few more extra steps to get working the system is built in a way that's actually kind of inviting to poke at.
  23.  
  24. I was also pleasantly surprised by how ‘freebsd-update’ now seems to provide a mostly seamless and reliable in-place upgrade path, in a way that kinda resembles why I chose Debian when I started out with Linux over ten years ago.
  25.  
  26. After all this, I have a bunch of questions:
  27.  
  28. 1. When do you think upgrades with ‘freebsd-update’ will work on Raspberry Pi images?
  29.  
  30. 2. Some ports seem to display important messages when they're done installing. I'm always kinda afraid i'll miss any of those if I use anything beyond the standard make commands. Any ideas of where to look for this documentation elsewhere?
  31.  
  32. 3. I’ve been using ports rather than binary packages for my Tor relays, since there to my understanding seems to be a delay of a few days for how soon FreeBSD packages are rebuilt. I'm not really at the point where I want a separate build machine...
  33.  
  34. With a Tor relay, you kinda take other people’s privacy, or even their physical security in your hands. So I feel a heavy responsibility to do things by the book and patch anything on the system immediately when updates are released.
  35.  
  36. To my admittedly limited understanding, the recent Linux glibc mess shows that you have to expect remotely exploitable vulnerabilities in any code used to provide network services. So my question is: would be possible for the FreeBSD security team to offer immediate package rebuilds of security updated ports? Or are they perhaps doing this already?
  37.  
  38. 4. I recently noticed that FreeBSD doesn’t have an OS security feature called Address Space Layout Randomization.
  39.  
  40. Oddly enough, one effort to do something about ASLR and certain other things in FreeBSD seems to have recently resulted in the HardenedBSD fork. ASLR seems like a weird omission for an operating system of FreeBSD’s stature. What’s up with that?
  41.  
  42. Thanks for the show and keep up the excellent work!
  43.  
  44.  
  45. Thomas
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!