BSDStammtisch Wien 0x0d 2019-05-15

No meeting 🗓

Wednesday, 2019-05-15 19:00 (CEST)

Location 🗺

Sorry, we don't have a location to meet, so we have to cancel today's meeting.

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

Please present your topic!

Show and Tell

Shownotes

We do have a Pad for collaborative note taking

BSDStammtisch Wien 0x0c 2019-04-17

Past meeting 🗓

Wednesday, 2019-04-1719:00 (CEST)

Location 🗺

Thanks to Validad for hosting us!

Karmeliterplatz 1/3, 1020 Wien

  • Public transport
    • U2 and Tram 2, Taborstraße and 5 minutes walk
    • Bus A5 to Karmeliterplatz directly in front of the house
  • Bycicle Parking and Citybike about 50m down the road (Kleine Sperlgasse).

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • FreeBSD 12 is out
    • “Fun” with upgrades to 12
    • Many packages were not ready at release
    • VIMAGE Jails now default
  • FreeBSD Mastery: Jails is a recommended book for learning about FreeBSD jails. (Prerequisites: Network and ZFS knowledge)
  • FOSDEM19 happened
  • Grazer Linuxtage upcoming
  • [Wiener Linuxwochen|(https://linuxwochen.at/) upcoming
  • Linuxwochen Eisenstadt upcoming
  • Ansible on FreeBSD with new energy! - BSD Community Pinboard
  • The FreeBSD Handbook is getting more an d more outdated. How can we help to improve that? Especially with getting newcomers to a better start.
  • FreeBSD finally starts with (incomplete) ASR patch.
  • nVidia buys Mellanox
  • F5 buys nginx
  • Running netbox on FreeBSD, package is lacking an rc.script, but works fine with uwsgi
  • Starting an effort to getting packaged Python modules on FreeBSD updated quicker?
  • Matrix/Synapse and the road to 1.0
  • We're taking part in the Upcoming FreeBSD security Workshop in Vienna.

  • Please present your topic!

  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards (on location)

Show and Tell

Sascha is showing VNET Jails in FreeBSD 12 with NAT64.

BSDStammtisch Wien 0x0B 2019-02-12

Past meeting 🗓

Tuesday, 2019-02-12 19:00 (CET)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • FreeBSD 12 is out
    • Fun with upgrades to 12
    • VIMAGE Jails now default
  • FOSDEM19 happened
  • Grazer Linuxtage upcoming
  • Wiener Linuxwochen upcoming or so
  • Ansible on FreeBSD with new energy! - BSD Community Pinboard
  • FreeBSD finally starts with (incomplete) ASR patch.

  • Please present your topic!

  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards (on location)

Shownotes 📝

Due to a problem with the location we ended up just having a chat and drinks in a nearby pub. Sadly the noise level there was beyond what makes discussion viable and we were impacted by severe lack of internet access as well. We had a nice evening, but didn't get very far talking about our topics, so no mentionable shownotes for this meeting sadly. We'll put them up again in our March meeting.

BSDStammtisch Wien 0x0A 2018-12-11

Next meeting 🗓

Tuesday, 2018-12-11, 19:00 (CET)

Location 🗺

Caution, not our usual location at TU-Wien! SBA Research Favoritenstraße 16, 1st floor

Reachable via public transport: U1, N66, Taubstummengasse and 3 minutes walk. (Directly at exit Taubstummengasse/Floragasse)

Thanks to SBA Research for hosting us!

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • Current CPU vulnerabilites
    • You may have heard of Spectre and Meltdown, and maybe others as well.
  • Got a topic you'd like to present on? Please do!

  • Please present your topic!

  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards (on location)

Shownotes 📝

Please help with keeping minutes during the meeting! They help others to read up afterwards.
Pad for collaborative note taking

BSDStammtisch Wien 0x09 2018-11-13

Past meeting 🗓

Tuesday, 2018-11-13, 20:00 (CET) - Caution, an hour later than usual due to limitations in room availability!

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • FreeBSD 10.4 EOL
  • FreeBSD 12 upcoming
  • Book: Absolute FreeBSD, 3rd edition, by Michael W. Lucas
  • BSD powered high-availability gummibaerlampchen talking to hardware using BSD and one-wire and some random hacks
  • Got a topic you'd like to present on? Please do!

  • [FreeBSD 10.4-RELEASE] reached End of Life Status on 2018-10-31.

  • FreeBSD 12 is coming (At BETA 4 at the time of this writing.)
  • Book: Absolute FreeBSD, 3rd edition (No Starch Press), by [Michael W. Lucas](https://www.tiltedwindmillpress.com
  • BSD powered high-availability gummibärlämpchen talking to hardware using BSD and one-wire and some random hacks OneWire is a serial like protocol that requires two wires and is designed for up to three wires. With a USB to OneWire Adapter you can control the relays which turn on and off the bears. Goal is to run RTEMS on a GRiSP Board which is used to run Erlang applications on a realtime operating system. The GRiSP board sports a FreeBSD network stack, so networking is stable and performant.

There's also Jenkins integration for the “Red Bear alert”.

  • Geek and Poke Webcomic on Best of both worlds regarding statically typed languages. In General Geek and Poke is recommended reading for any sysadmin or developer.

Build your own Gummibear Server!

Inspired? Have a look at more Blinkenlights projects!

BSDStammtisch Wien 0x08 2018-10-09

Past meeting 🗓

Tuesday, 2018-10-09, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • DNS
  • DNS hosters
  • Problems with modern DNS resource records

Shownotes 📝

Reports and News

  • What has happened since the last BSDStammtisch?

Sascha:

Lost in Name Resolution

Desire for a little more independence. Already running your own web- and mail servers, why not run your own resolver?

Observation: People know DNS, but they don't run their own DNS infrastructure.

Want to run your own Webserver? There's a million tutorials and a few even have moderately sane defaults.

Easy beginnings: Run a public resolver! (Uhm, maybe better not!)

Unbound

dns/unbound because, why not usually works fairly well usually sane by default Supports DNS-over-TLS It's made for that, except when it's not.

As usual, running unbound in a FreeBSD/HardenedBSD jail. Sane for services that are reachable from the internet.

Set sane defaults: Do not allow to query Adresses in your internal jail range. Port 853/udp+tcp is used for DNS-over-TLS. (Port not known by /etc/services in FreeBSD 11.2.)

Anchor file, contains DNSSec root public key files, so unbound can verify DNSSec answers.

On small DNS instances, with only a few users you'll already get 20-30% cache hits. The more users you have, the better that cache rate gets.

Using DNS-over-TLS is a mixed bag. Nobody expects DNS queries or any udp traffic on port 853. It's blocked on many networks, especially Cafés and hotels, even by many ISPs.

Many networks even don't allow or expect TCP traffic on port 53, even though that is mandatory by RFC and even absolutely necessary for some query types. Even fewer allow port 853.

TCP connections are often limited per timeframe. (For exampe UPC WiFree sends you RSTs when you exceed their limit.)

TCP queries requires you to use a forwarder because your system stub resolver can't speak TCP.

unbound is completely retarded as a forwarder and opens a new tcp connection for every query in the resolving process. (#WTFMoments)

  • We still need a UDP resolver as fallback.
  • We need smarter intermediates that handle failover for upstream DNS servers more geacefully and sane.
Traffic amplification attacks:

DNS amplification attacks are the only ones that DNSSec aware EDNS0 queries you'll see on udp. DNSSec signed queries are larger after all.

That's not the fault of DNS. Some ISPs allow udp packets with faked source addresses.

Not unique to DNS. Turning off UDP is not really an option. Smart rate-limiting of DNS queries would be great. unbound is not smart

Possible solution: - DNSdist is available in FreeBSD ports: dns/dnsdist/

Open Questions: how to properly handle certificate verification fr DNS-over-TLS in an on-demand manner? Which resolver actually does any of this?

How to get ISPs, and public WiFi to support DNS-over-TLS in their local caching resolvers and allow port 853 queries?

what about bttorrent? https://freedom-to-tinker.com/2016/09/29/the-effect-of-dns-on-tors-anonymity/

Optimal DNS Slave server: dns/nsd

A brief overview of DNSSEC:

Signing zones in DNSSEC requires a KSK (Key-Signing-Key), which should be held offline as well as a ZSK (Zone-Signing-Key), which is used to sign your zone. The public key parts of both Keys are present in the DNSKEY records of a signed zone. Both of these keys can be generated with the help of the ldns-utils package, which also provides commands for zone signing. So it's easy to sign your zone. But: Many DNS providers don't support DS (Delegation signer) records, which need to be present in the (signed) parent zone and contain a hash of the public KSK part.

unbound ]guide for DNS and DNS-over TLS](https://calomel.org/unbound_dns.html) with config samples

BSDStammtisch Wien 0x07 2018-09-11

Past meeting 🗓

Tuesday, 2018-09-11, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Shownotes

Reports and News

  • What has happened since the last BSDStammtisch?

Topics

  • NAT64/DNS64
  • OpenZFS Developer Summit 2018 Re-Live
  • MRMCD 2018 happend
  • EuroBSDcon coming up
  • BalcCon coming up
  • Running SPF:Sender Rewriting Scheme on your MTA?
  • Recommended DNS Providers that support CAA, TLSA and DNSSec? Are there any in Austria?
  • Hetzner Cloud bietet nun OpenBSD und FreeBSD Installations.ISOs für VMs an.

  • DMARC Analyse Tools und Services

  • https://domainaware.github.io/parsedmarc/
  • https://www.dmarcanalyzer.com/
  • https://www.fraudmarc.com/
  • https://dmarcian.com/

Show and Tell

NAT64/DNS64

Mixing Jails with RFC1918 addresses and public IPs is kind of painful. Jail source IP selection seems to be broken in FreeBSD, so why not skip the binat config for pf(8) for external IPs and skip legacy IP for jails completely? Internal jail communication will be done via IPv6 only.

Damit wird dann 6-to-4 Adressmapping gemacht und das geht mit DNS64. Existierende IPv6 Adressen funktionieren wie gewohnt, wenn nur ein A record für einen Hostnamen existiert, werden die 32bit der IPv4 Adresse in die letzen 32bit des eigenen IPv6 Prefixes hineingeschrieben.

FreeBSD Jails die nur noch IPv6 haben, sind durchaus problematisch. Sendmail und unbound starten ohne IPv4 nicht da sie zwar auf loopback binden, aber nur 127.0.0.1, also das IPv4 loopback. Wenn bei beiden Daemons auch ein listen auf ::1 (IPv6 loopback) konfiguriert wird, funktioniert es auch.

NAT64 erlaubt uns dann Routing von gemappten IPv4 über IPv6 zu konfigurieren. In ipfw (leider nicht in pf(8)) kann NAT64 konfiguriert werden.

Drinks and Food afterwards

Chit chat, food and drinks afterwards.

BSDStammtisch Wien 0x06 2018-07-10

Past meeting 🗓

Tuesday, 2018-07-10, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • ZFS boot-environments and beadm(8)
  • #oneWeekOneTool collective self-paced learning
  • tmux(1), a terminal multiplexer
  • Enough rope to shoot yourself in the foot with ZFS compression and freebsd-update(8)
  • Spectre and Meltdown mitigations with microcode deployments
  • Please present your topic!
  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards

Shownotes

Reports and News

  • What has happened since the last BSDStammtisch?

Mixed Topics:

ZFS boot-environments and beadm(8)

Install the package sysutils/beadm to use ZFS boot environments. You can then easily create, list and switch among your boot environments.
beadm list shows you a list of the currently available environments you could boot from. The currently active system you're booted from is marked with N. The one you will be using after a reboot is marked R.

http://callfortesting.org/bhyve-boot-environments/

  • name: freebsd-update | push /root/freebsd-update.sh script

/root/freebsd-update.sh

#!/bin/sh -e
# ansible managed
/bin/freebsd-version -ku
export PAGER="/bin/cat -bu"
cd /etc
test -d .git || git init .
git add -A
git commit --allow-empty -am `freebsd-version -ku | sort -r |head -1`-update
zfs snapshot -r zroot@`date -u +%Y%m%d-%H%M`:`freebsd-version -ku | sort -r |head -1`-update
beadm create `freebsd-version -ku | sort -r |head -1`-update
/usr/sbin/freebsd-update --not-running-from-cron fetch install || /usr/bin/true
echo OK freebsd-update complete
echo OK List Boot Environments
beadm list
echo now run "pkg update" and confirm that the changes/reinstall/updates
echo are as expected. Once that has completed, sacrifice a goat and reboot.
#oneWeekOneTool collective self-paced learning
tmux(1), a terminal multiplexer

After one week playing with tmux I dared to publish my tmux config

Enough rope to shoot yourself in the foot with ZFS compression and freebsd-update(8)

Don't try to set your zroot ZFS pool to gzip-9 compression and the try to trick your freebsd-update to update a 11.1-STABLE to 11.1-RELEASE. BSD Loader will fail to load the kernel from the gzip-9 compress zpool.

  • Spectre and Meltdown mitigations with microcode deployments

Show and Tell

  • #oneWeekOneTool - An effort to encourage self-paced learning of the tools, applications and services you use a lot.
  • IPMI, Lights out Management, Out of band management
    • Supermicro iKVM, has severe problems with keyboard input, independent of your keyboard locale, even with the on-screen HTML keyboard. You may help yourself to enter a - by using the number-block, or starting any path with ..<tab to trigger autocompletion.
  • There actually is an iOS App for SUPERMICRO IPMI which works surprisingly good. Typing is uncomfortable, but reliable.
  • HP ILO exposes a semi-secret URL which you can use to connect with some VNC clients. host:port and Display must be set to 2.
  • Spectre and Meltdown mitigations, does have a performance hit, turning off Hyperthreading may actually improve your performance since there\'s less cache to invalidate
  • ZFS snapshot management and replication tools
  • sysutils/znapzend

Short introductions to tools you like, or that solve a problem for you. This can be anything from GUI, CLI to Webservices, a book, a podcast or conference recording you'd like to recommend or a recipe for chocolate chip cookies. Mmmhhmmmm Cookies! 🍪 No need phor a phanphy prphentaishn.

Drinks and Food afterwards

Chit chat and drinks at Fachschaft Informatik fterwards.

BSDStammtisch Wien 0x05 2018-06-12

Next meeting 🗓

Tuesday, 2018-06-12, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • Please present your topic!
  • pkg(8) and ports best practices, tips and tricks
  • how to package software for OpenBSD and FreeBSD
  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards

Shownotes

Reports and News

  • What has happened since the last BSDStammtisch?

Main Topic:

  • packages, ports, tips and tricks and what to avoid

  • https://hackmd.io/s/HkwIhv6x7 via dch@

  • A minimal port example

  • Interesting things to put into your /etc/make.conf

    • Autoaccept these licenses: LICENSES_ACCEPTED+= MIT BSD3CLAUS APACHe20 LGPLV3 BSD2CLAUSE MPL
    • Never build Kerberos support (for example in ftp/curl) OPTIONS_UNSET = GSSAPI_BASE
  • EuroBSDCon 2018-09-22..23 in Bucureşti – România

Show and Tell

Short introductions to tools you like, or that solve a problem for you. This can be anything from GUI, CLI to Webservices, a book, a podcast or conference recording you'd like to recommend or a recipe for chocolate chip cookies. Mmmhhmmmm Cookies! 🍪 No need phor a phanphy prphentaishn.

FreeNAS
  • Handy utility to identify and mark drives in a chassis. (Like blink the RED LED on them to mark a dead drive to be swapped out for a new one.)
    • For LSI/Avago HBAs or RAID controllers:
    • SAS2 controllers: /usr/local/bin/sas2ircu
    • SAS3 controllers: /usr/local/bin/sas3ircu

Books

  • A philospohy of software design (John Ousterhout) ISBN13: 9781732102200

Drinks and Food afterwards

Chit chat, food and drinks afterwards.

BSDStammtisch Wien 0x04 2018-05-08

Past meeting 🗓

Tuesday, 2018-05-08, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Main Topic: pf(4) routing domains

  • pf(4) and routing domains in OpenBSD
OpenBSD, pf and routing

This will apply to OpenBSD pf(4), if you want to do the same on FreeBSD, you'll likely have to chang the syntax somewhat since FreeBSD uses an older version of pf which has a different syntax.

pf is available on OpenBSD, FreeBSD, macOS, NetBSD. It's the standard packet filter, which controls packets.

Rulesets are always evaluated from top to bottom. The last rule that matches that designates the packet's destiny.

OpenBSD by default blocks the _pbuild user used to compile ports from accessing the network to ensure that ports always build even when there is no network available. Violations to that rule are always logged.

scrubbing means that fragmented packets are reassembled and TTL is enforced. It should be on at all times, though it's not required on endpoints, opposed to firewalls and routers.

Port numbers can be taken as a name as long as it exists in /etc/services and protocols as well as long as they exist in /etc/protocols.

Unlike other packet filters pf ist stateful by default. pf by default doesn't care about the IP version. When restricting a rule with an explicit IPv4 address, pf is smart enough to know that this rule can not apply to IPv6 and vice-versa.

With block or pass only the last rule is used. When using a match rule, the action is always taken, for example log. A match rule gives a packet a marker, it doesn't yet decide if the packet itself is accepted or rejected by a later rule.

quick changes the way how rules are evaluated. When a quick rule matches, it's executed immediately and no more rules get evaluated.

Rules may be restricted to ingress (in) or egress (out) traffic.

Ports can be specified as ranges, though the syntax is sometimes a little awkward.

Interfaces are transparently replaced by their current IP address. You can also dynamically reference the :network, :broadcast or :peer (point-to-point). When using dynamic IPs you can enclose the interface namen in braces like (em0) and the IP of the interface is evaluated at runtime when the rule is evaluated. Otherwise it's IP is replaced when loading he ruleset. This comes in handy with laptops that roam networks.

Lists

{tcp, udp} {http, https} Lists get expanded to a separate rules for each list item, in that order.

Macros

(aka variables) Macros allow abstraction of physical interfaces to %names. Saves a lot of headache when things change and reduces the risk of typos. Makes rules a lot more readable.

Options

skip, skips filtering on an interface (usually used on lo0) set syncookies always|never|adaptive set optimization (optimizes state timeouts) set ruleset-optimization (removes rules that never match)

Inspecting the active ruleset pfctl -s rules Evaluating a ruleset without activating it (syntax checking): pcftl -f /etc/pf.conf -n

NAT und redirection

nat-to for source nat rdr-to for incoming nat binat-to expands to nat-to and rdr-to makes 1:1 mappings. af-to for translation between different addrss families (NAT64) (only on OpenBSD, not available on FreeBSD)

Further topics
  • scrubbing
  • tables (can change during runtime, like lists of IPs, networks, etc. Daemons can build these, like spamd)
  • anchors (apply rulesets under certain conditions)
  • logging (pf logs the rule number that caused the logging)
pf, routing and rdomains

failover and load balancing Two WAN interfaces, one local network. Either for load balancing traffic or failover when one WAN goes down.

Routes and priorities failover is realized with routes of different -priority

multipath Needs to have -mpath option set.

failover typically relies on ifstated to monitor interfaces.

pf can do routing, but doesn't really want to.

routing domains

Routing domains are similar to networking namepsaces in Linux. A routing domains hat is own routes and interfaces assigned to it. By default all interfaces share a single routing domain, the default rdomain r0.

processes can be put into a rdomain and only see its routes, but not any other available routes.

A routing domain is implicitly created by assigning an interface to it. You cannot delete rdomains.

This is reflected in the output of ifconfig.

network config in /etc/hostname.<if> can be made permanent.

/etc/hostname.em1 rdomain 1 dhcp …

pair(4) devices in different rdomains. They're used to connect rdomains to one another. pair interfaces get patched to connect them. ifconfig pair1 patch pair10 ifconfig pair2 patch pair20

It's recommended to always create a loopback adresses inside the rdomains: ifconfig lo1 127.0.0.1 255.0.0.0 rdomain 1 up ifconfig lo2 127.0.0.1 255.0.0.0 rdomain 2 up

The loopback interfaces must have separate names, but each loopback does indeed have its own 127.0.0.1 address. (Unlike FreeBSD jails.)

Pair interfaces are quite new (added in OpenBSD 5.9). Before you had to route these with pf, but pf doesn't want to do routing.

rc.d daemon scripts have rtable/rdomain support via the daemon_rtable caribale. This way you can e.g. start sshd in various rdomains at startup or have specific daemins in certain rdomains.

Show and Tell

Short introductions to tools you like, or that solve a problem for you. This can be anything from GUI, CLI to Webservices, a sbook, a podcast or conference recording you'd like to recommend or a recipe for chocolate chip cookies. Mmmhhmmmm Cookies! 🍪 No need phor a phanphy prphentaishn.

Better Crypto - Applied Crypto Hardening

We're working on updates! BSD testing of settings is welcome! Better Crypto

Grazer Linuxtage

Videos are available online Media CCC

LibreSSL

LibreSSL portable breaks a bunch of ports.
- postfix - mysql 5.7

BSD Hardware monitor

https://github.com/koitsu/bsdhwmon FreeBSD pkg is very outdated. Building from source is easy, just do make. Hardware support is very limited. Basically a bunch of older Supermicro motherboards is supported. (X6-X8, nothing newer.) None of the hardware I have under my control is supported. Maybe in the future.

Drinks and Food afterwards

Chit chat, food and drinks afterwards.