We will hold our Nov/Dec combo meeting on Tuesday, December 18 at 6:30 at the Raba Office in Columbia, Maryland (the usual place). We'll hit either The Green Turtle or Nottingham's afterwards.
I will be giving a talk "Intro to Porting" mostly inspired by bernd@'s talk at OpenCON.
Due to unforeseen circumstances, we will not have a regular meeting this month and will just meet at Nottingham's for "Beer & BSD". We'll eat food, drink beer, maybe play pool and talk about BSD, if it comes up.
See you there at 6:30 PM EDT.
This month, we'll meet at the PROTEUS headquarters in Annapolis Junction (near Columbia, MD) [map] at 6:30 PM ET.
Jason Dixon will give his entertaining, popular "BSD is Dying" talk. Then, we'll break out our laptops and set up some ipsec tunnels with OpenBSD.
After the meeting, we'll head over to the Courtyard Cafe at the Couryard Marriott for beers.
This month's meeting was once again at Raba in Columbia. We had nine attendees, but with two presenters, that's not all that great! In a BSD Users Group, it's the Users that make the group great! I hope we have more participation next month.
To start us off, Johan Huldtgren gave a short talk about FreeBSD's GEOM ([PDF Slides]). He discussed the basics behind the software RAID framework and explained how he uses it.
To close the meeting, Bret Lambert (tbert) gave a talk about contributing code to the OpenBSD project ([HTML Slides]). He talked about learning C, finding a place to start, kernel hacking and being patient waiting for interest in your diffs.
Audio versions of the meeting are also available as part of MetaBUG: OGG and MP3. (Thanks to Newt0n for hosting the files)
Many thanks to Johan and Bret for their great talks!
We adjourned the meeting across the street at the Green Turtle.
Filed under: Meetings
As reported on The OpenBSD Journal, a Linux kernel developer removed the BSD License text from Reyk Floeter's Atheros wireless driver.
As Theo de Raadt wrote in a comment to The OpenBSD Journal article:
The other files in the driver, written by Reyk, are the replacement for the HAL. This basically is the hidden register access code which Sam (basically employeed by Atheros) refused to release. This code was placed by Reyk under an ISC license, something our project prefers to use since it is so simple that even a grade 5 student cannot misunderstand what it says. It translates to "You can do anything, but not delete the text".
Only Reyk could change that copyright notice, since he is the author.
At this time, Slashdot does not consider this news (even though a story has been submitted). This must be a too negative reflection of their beloved Linux.
Filed under: News
This month, we'll meet at the Raba office in Columbia again at 6:30 PM ET. We are considering moving the meetings to PROTEUS in the future, but this month the meeting is at "the usual place".
Johan will give a short talk on FreeBSD's GEOM. Bret will stop being a straphanger and give a short talk about contributing code/diffs to OpenBSD. After the talks, if we have time and interest, I can possibly do a demo on starting a port.
After the talks, we'll then head over to Nottingham's or The Green Turtle for a couple beers.
This month's meeting was once again at Raba in Columbia. We had ten attendees, so attendance was pretty good.
After a few technical hurdles (no DVI converter for Patrick's laptop and a seemingly broken VGA out on mine), the meeting got underway with Patrick Thomasson's presentation on OpenVPN (HTML or OpenVPN Presentation PDF). He gave an overview of how to setup OpenVPN and included several pitfalls one could face along with ways to avoid them.
After Patrick, I gave a short talk on Yaifo. Since most everyone was familiar with Yaifo, it was a very brief talk.
We closed the meeting next door at Nottingham's where the discussion never swayed from serious BSD-related issues. Or something.
Filed under: Meetings
This month, we'll meet at the Raba office in Columbia again at 6:30 PM ET. I will give a short talk on Yaifo. Barring anyone else having a topic to discuss, we'll then head over to Nottingham's for a couple beers.
Update: Prior to or following my Yaifo talk, Patrick will give a talk on OpenVPN.
This month, we're not having a meeting. We're just going to meet at Nottingham's in Columbia for Beer and BSD (stolen from PhxBUG) at 6:30 PM EDT (22:30 UTC).
Nottingham's Address:
8850 Stanford Blvd, Suite 1100
Columbia, MD 21045
See you there!
Our May CapBUG meeting will be May 29 at 6:30 PM (22:30 UTC).
This month, we'll have Marcus Ranum give his talk on dumb ideas in computer security. From his website:
"Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying 'trying to ignore reality.' Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation, but other times it's just a bunch of savvy entrepreneurs with a well-marketed piece of junk they're selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them."
This meeting will also be broadcast as part of MetaBUG.
We will again hold this month's meeting at Raba in Columbia, MD.
Fresh off his interview with Will Backman on bsdtalk, Jason will be giving a talk and demonstration on PF, CARP and pfsync. The demonstration will include using two Soekris embedded devices with OpenBSD configured as a redundant carp pair. Though highly dramatic, I doubt Jason will use the infamous "axe" technique to show failover. I guess it depends on how much caffeine he had that day.
Due to the availability of equipment, we will hold this month's meeting at Raba in Columbia, MD at 6:30 PM EDT. We will again broadcast this talk as part of MetaBUG.
As always, we'll get together for food and drinks afterwards.
John Ferrell wrote in to say:
For the past several years Tux.org, an umbrella organization supporting the efforts of users groups and developers, has had a booth at FOSE (Federal Office Systems Expo). Tux.org's goal at FOSE is to help promote the use of Linux and other open source software in government. This year CapBUG was invited to help out at the TUX.org booth and I was able to represent CapBUG.
In addition to all the Linux related materials on display at the booth we had two BSD related posters on display: an OpenBSD poster and an OpenSSH poster. For swag we had the current issue of Linux Journal and CDs including Fedora Core 6, Ubuntu and FreeSBIE, the live CD based on FreeBSD 6.2. Unfortunately I did not make enough of the FreeSBIE CDs; we ran out of them on Wednesday. I think the BSD posters caught other BSD folk's attention. Several people came up to the booth to say they were BSD users. There was at least one company at FOSE that was using FreeBSD in the products. They had built a rugged wireless access point to be used with satellite communications using a Soekris single board computer and FreeBSD. It was good to hear that people are using BSD.
Hopefully CapBUG will be invited to help out again next year. If so, we can start planning early on how best to represent CapBUG and the BSDs at FOSE. There is definitely an interest in open source software, and I think we could do a lot to help promote the use of BSD.
Filed under: News
This month's meeting was at SPARTA's office in Columbia and had 13 attendees.
Matt Fisher presented his talk entitled "Mistakes to Lure Hackers: Vulnerability 2.0". Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even "blind" SQL injection.
Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we'll examine some of the factors going into the "new web" that makes them so vulnerable to script attacks.
Jason's comment: "I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality."
As part of MetaBUG, Matt's talk is available an an MP4 download (95 MB) or via Google Video.
Thank you to Matt for donating his time to share his presentation with our BUG. Thank you to Jason for providing the live video and archive video for the meeting. We'll be planning next month's meeting soon, so stay tuned.
Filed under: Meetings
Filed under: News
Matt Fisher will be presenting his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at this month's CapBUG meeting. Matt is a Senior Security Engineer at SPI Dynamics and shares leadership of the Washington DC OWASP chapter.
Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we'll examine some of the factors going into the "new web" that makes them so vulnerable to script attacks.
I was in NYC for his talk at LinuxWorld Open Solutions Summit. Although the talk is not BSD-specific, it is very informative and should be of particular interest to BSD Systems Administrators who pride themselves on high security. Matt is a very engaging speaker and highly experienced with his subject matter. This will be the first presentation to be streamed live via the MetaBUG, but if you're in the DC area, you'll still want to come out and see it live! The meeting location is at SPARTA in Columbia, MD.
This month's meeting was at SPARTA's office in Columbia. There were 16 attendees this time so Columbia may be a more popular meeting place for us. For this meeting, we had Jason Dixon giving the main presentation on Secure Mail Servers with BSD. Afterwards, Patrick Thomasson gave a short talk about Pure-FTPd.
Jason opened the meeting by announcing the creation of MetaBUG: a Global BSD User Groups organization founded to promote local BSD user groups by helping to share ideas and experiences with other BUG organizations, in addition to possible collaboration and "virtual attendance" from anywhere in the world.
His presentation, Secure Mail Servers with BSD, covered mail delivery using Postfix, a drop-in sendmail replacement, configured for virtual mailboxes and domains, greylisting using OpenBSD's spamd, and content filtering with amavisd-new (ClamAV, SpamAssassin and Vipul's Razor). Mail retrieval duties focused on the Courier-IMAP service and RoundCube webmail. Presentation slides: HTML, PDF and zipped Keynote.
Filed under: Meetings
Our monthly CapBUG meeting takes place next week, February 27, 6:30pm at SPARTA in Columbia, MD. Jason Dixon will be doing a presentation on recommended technologies in a modern *BSD-based mailserver. The proposed setup includes Postfix, Cyrus-SASL, SSL/TLS, virtual user accounts, PostfixAdmin, OpenBSD spamd, Amavisd-new, SpamAssassin, Razor2, Courier-IMAP, and Courier authdaemond. Other technologies such as FuzzyOcrPlugin, RoundCube Webmail and server-side filtering with Courier maildrop will be touched on as well.
We're asking for volunteers to do a short demo of their favorite *BSD-related hardware or software product. Nothing formal is required, just a basic understanding of the item(s) and a willingness to be embarrassed in front of your peers. If it's really good, I might even buy the winner a free Guinness afterwards.
We're planning the February meeting for Tuesday, Feb. 27 in Columbia. It will tentatively be held at SPARTA. We're looking for talk ideas and a presenter. If you have an idea, please leave a comment or email misc@capbug.org (Note: You must be subscribed to post to misc@).
Filed under: News
While we're in discussion of changing our name to CapBUG, we're also working on a "better" logo. Please vote for your favorite:
Filed under: News
We all met at Epok's office in Bethesda, MD for our first official meeting last night. A total of eleven members were in attendance to hear Mike Erdely's presentation on the binpatch binary patching system for OpenBSD. It looks like nice way of maintaining patches for multiple systems, although I argued that the same could be done with a few shell commands. However, if some of the proposed features that Mike discussed (patch_add, patch_info, etc) become realized, some very interesting advancements could develop (commercial patch distribution, anyone?). Presentation slides: HTML or PDF.
There was time left, so I did a quick overview of FreeNAS running in a Parallels virtual system on my MacBook Pro. FreeNAS is a very simple way of getting a commodity NAS installed for any home or business. It supports software RAID, and the footprint clocks in at a miniscule 38MB.
In a general discussion, Mike talked briefly about using FuzzyOcr with SpamAssassin to more successfully catch image spam.
Around 8:30pm EST, we decided to grab some dinner over at the Daily Grill. It was a cold 4-block stroll over to the Hyatt Regency, but the Guinness was worth it. The bill was almost as painful as a weekend with SELinux, but the food and service made it worthwhile.
Thanks to everyone who came out for the first official get-together. I'm looking forward to meeting all of the other members who couldn't attend. The next meeting will be held at Todd C. Miller's office in Columbia, MD. More details to follow.
Filed under: Meetings
Filed under: News
RSS 1.0