BSDStammtisch Wien 0x03 2018-04-10

Past meeting 🗓

Tuesday, 2018-04-10, 19:00 (CEST)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • Backups (occasionally…) - A beta version of a talk, and a discussion on how to keep your data safe and secure.
  • Please present your topic!
  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards

Shownotes 📝

Reports and News

What has happened since the last BSDStammtisch?

We can haz automated Website builds now!

Thanks to @fredl we now have automated testing and deployment builds for our website. The source is pushed to GitHub. To add content or improve the website, or create a more fancy theme, either fork and send a pull request or hand your public SSH (-t ed25519) key to fredl or MacLemon so you can directly push to our webserver.

Stickers anyone?

Yes, people would like stickers. MacLemon will take care of getting them. You're welcome to donate a few € to the cause.

Main Topic: Backups (occasionally)

A beta version of a talk about how to keep your data save and secure or how to verifiably lose it all. Lessons learned the hard way.
Many bad jokes, old floppies and things to think about when trying to backup data that can actually be restored as well. (Slides will follow after they've been reworked. If they haven't been published by the May meeting, please poke @MacLemon!)

Show and Tell

Short introductions to tools you like, or that solve a problem for you. This can be anything from GUI, CLI to Webservices, a book, a podcast or conference recording you'd like to recommend or a recipe for chocolate chip cookies. Mmmhhmmmm Cookies! 🍪 No need phor a phanphy prphentaishn.

NAS4Free on QNAP

Adi brought a small NAS/home-server (QNAP TS251+). OS is NAS4Free, which is FreeBSD based.
Problems I have:
1. Fan speed control is always at maximum which is very annoying. 2. Server and/or HDDs should hibernate when not in use and only power on when server is accessed. 3. Related to today's topic a backup strategy under ZFS for a 2-bay server is needed. One HDD should be able to rollback file versions for 6 months and sychronize itself once per week with the primary disk - rsync.

Mixed backup tools for FreeBSD used by people

Did we miss any tool you like or would recommend? Please add it to the list and talk about it at one of our next meetings in Show and Tell or give a full fledged presentation if you like! Thanks for contributing!

Other things we talked about

Drinks and Food afterwards

Thanks to Fachschaft Informatik for hosting us and providing cold beverages. Thanks for supporting the BSDStammtisch in Wien!

BSDStammtisch Wien 0x02 2018-03-13

Past meeting 🗓

Tuesday, 2018-03-13, 19:00 (CET)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien
Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance)
Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • FreeBSD Jails, jails.conf and jail networking
  • Please present your topic!
  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI, web services, that chocolate chip cookie recipe, a book or conference recording, anything goes. No need to prepare anything.
  • Chit chat, food and drinks afterwards

Shownotes 📝

Agenda

Reports

  • What has happened since the last BSDStammtisch?
    • We can haz new Logo, already in use on Twitter and Mastodon
    • MacLemon didn't manage to get the website styled in time, sorry for that. It's on the plan for our April meeting.
  • We now have a standard .ics calendar you can subscribe to, so you never miss a meeting! Calendar subscription for BSDStammtisch Wien There are no alerts or reminders in that calendar, we respect the privilege granted by being in your calendar.

Main Topic: Jails, jails.conf and jails networking

Thanks to karu and dch for the huge influx of jail related info in their talks! Thanks to everbody for sharing big and small tips for Show and Tell!

Slides will be made available!

FreeBSD Jails in the Handbook

Jails related commands and files

Focusing on the Jails and networking part that is covered with the base system.

A brief history of Jails:

jails are just chroot on steroids. As they are basically an extension of the chroot function they feel a bit weird at times today.

jails are used as system containers today despite their original use case as single app containers. jails normally should have the securelevel=3 (strongest), except you have a good reason to choose another level. The not-so-sane default is securelevel=-1.

Info on how FreeBSD handles Securelevels

Jail integration for userland tools

Many command line tools are integrated and know about jails. - top(1) - htop(1) - zfs(8) - ps(1) - pkg(8)

Security considerations for networking

A jail picks its first IPv4|IPv6 address to map the loopback IP 127.0.0.1 (or more specifially 127/8) and ::1/128. So the sane way to assign IPs to jails is to first assign a loopback IP on a cloned interface like lo1 and as a secondary IP you assign the public or local (HOST-side-IPv4-LAN) address and IPv6 addresses. That way you make sure to not expose any daemons that bind their management interface to the loopback believing that this interface is not exposed to the public internet.

If you do not set skip on lo1 you can finely control which jail is allowed to talk to which other jail and on which ports.

Managing Jails with zjail(8)

Even easier than ezjail, zjail lays bare the very fabric of FreeBSD jails.
DIY-Jails by dch.

Show and Tell

Short introductions to tools you like, or that solve a problem for you. This can be anything from GUI, CLI to Webservices, a book, a podcast or conference recording you'd like to recommend or a recipe for chocolate chip cookies. Mmmhhmmmm Cookies! 🍪 No need phor a phanphy prphentaishn.

Security Testing of Websites:
  • Firefox extension for playing with Content-Security-Policy
  • Chromium|Chrome Extensions for playing with Content-Security-Policy
  • SSLLabs to test the HTTPS of your site and find bugs. For example the BSDStammtisch.at site
  • Check HTTP Security Headers to instruct browsers to activate certain security features. BSDStammtisch Security Headers
  • Generate a good Content Security Policy for your site with the CSP Generator
    • The browser console is your friend to find compatibility problems with different browsers since the do not support all the fancy stuff each.
  • Maintain Wordpress installations from the command line with WP-CLI (not available in ports, but reasonable to install and maintain.)
  • To test your Wordpress site for known vulnerabilities you can use WPScan which is built in Ruby.
Security Testing of XMPP/Jabber Servers (S2S, C2S)
CLI tools
Video recommendations
ZFS
Jail security

Upcoming events (in chronological order)

Past events

Drinks and Food afterwards

Thanks to Fachschaft Informatik for hosting us and providing cold beverages. Thanks for supporting the BSDStammtisch in Wien!

BSDStammtisch Wien 0x01 2018-02-13

Past meeting 🗓

Tuesday, 2018-02-13, 19:00 (CET)

Location 🗺

Seminarraum Technische Informatik, Operngasse 9, 1040 Wien
Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • Automation with Ansible
  • Show and Tell
    • Show us your quick tips and tricks, the tools you use or recently discovered, be it CLI, GUI or web services
  • Chit chat and drinks afterwards

Shownotes 📝

Taken by all the awesome people who attended BSDStammtisch.

Agenda

Main Talk

  • Ansible for freeBSD (Luto)
  • we failed hard: https://github.com/criecm/ansible-iocage because the iocage Plugin for Ansible is in need of some attention.
  • Luto is the ansible guy, MacLemon the BSD guy, so they combined their efforts to get stuff (almost) working
  • Time ran away from Luto, so he shows us ansible basics

Ansible basics:

  • Get Ansible Information
  • Read Ansible Documentation
  • Read Ansible on BSD
  • To install Ansible on your FreeBSD controller system you can use the port sysutils/ansible First install Ansible on the machine that pushes the update, the machine to be installed doesn't need anything. Create a file called "inventory" in the directory you want to configure the ansible connection (which basically opens a ssh connection and does awesome stuff with that).

Controller machine needs python (preferably 2, 3 should be also supported by now) Controlled machine also needs some kind of python (versions don't need to match)

FreeBSD has no python installed by default, so you need to install this yourself on the controlled machine and tell ansible where to find it there (as ansible comes from the Linux world and BSD puts python in another place).

Ansible configuration files are written in YAML

There is an Ansible module for ZFS which you can use to create datasets, change ZFS properties.

Food and Drinks afterwards:

  • We ended up at Fachschaft Informatik who serve Mate and Kozel (beer) and ordered Pizza together. Many thanks to Astra for hosting us and organizing a room so we could meet!

BSDStammtisch Wien 0x00 2018-01-09

Past meeting 🗓

Tuesday, 2018-01-00, 19:00 (CET)

Location 🗺

Lernraum Technische Informatik, Paniglgasse / Argentinierstraße, 1040 Wien
Public Transport: U1, U2, U4 Karlsplatz, Bus 59A Bärenmühldurchgang, Nightline N60, N62, N66, N71, Tram 2 (within reasonable walking distance) Bicycle parking: Just around the corner

Attendance 🎟

Free for all people interested in learning or discussing about all things BSD! You are welcome!

Topics

  • Founding efforts for a monthly meeting of BSD enthusiasts, beginners and experts
  • Chit chat and drinks afterwards

Shownotes 📝

  • Emphasis on inclusion, diversity, respect: Be excellent to each other!
  • Find a name (We recycle the dormant BSDStammtisch)
  • New A pointers to host a new website.
  • Bridge existing Matrix channels and IRC channels.
  • Find a matching Twitter/Mastodon (Mastodon: @bsdstammtisch@bsd.network, Twitter: @BSDStammtisch) handle
  • Find a matching Github handle and make it an organisation BSDStammtisch
  • Get to know people
  • Collect ideas, suggest topics
  • Find volonteers to help with organisation and prepare topics
  • Find a person to design a nice logo (Columbia19)
  • Calendar of the meetings one can subscribe to.
  • Do we need a mailinglist and if so, where could that be hosted?

Food and Drinks afterwards