puffy suits up · enterprise openbsd gnome closing. latinoware 2013 page 3 of 43 introduction....
TRANSCRIPT
Puffy Suits UpOpenBSD in the corporate environment
Jasper Lievisse Adriaanse
Engineering team, m:tier
Latinoware 2013, Foz do Iguaçu
Oct. 16 – Oct. 18, 2013
Latinoware 2013 Page 2 of 43
Agenda
● Introduction● m:tier● OpenBSD● Enterprise OpenBSD● GNOME● Closing
Latinoware 2013 Page 3 of 43
Introduction
Latinoware 2013 Page 4 of 43
Because security is not an afterthought
What?
Latinoware 2013 Page 5 of 43
The internet is a hostile environment
Why?
Latinoware 2013 Page 6 of 43
Latinoware 2013 Page 7 of 43
Who?
● Who am I?● Jasper Lievisse Adriaanse
– OpenBSD– GNOME– Puppet
● Involved in m:tier since it's founding in 2008
Latinoware 2013 Page 8 of 43
m:tier
Latinoware 2013 Page 9 of 43
m:tier
● Who are we?● OpenBSD developers● Breathe open source● Secure system architects
Latinoware 2013 Page 10 of 43
m:tier
● What do we do?● OpenBSD● Puppet● Zabbix● Bacula● Open Source Software consultancy /
implementation
Latinoware 2013 Page 11 of 43
m:tier
● But also● OpenBSD Long Term Support● Thin Client● Binary patches● GNOME for OpenBSD● GNOME automounter for BSD
– opensource.mtier.org
Latinoware 2013 Page 12 of 43
m:tier
● “Talk is cheap, show me the code”● Intel KMS support● Radeon KMS support● Linux emulation improvements● Signed packages
Latinoware 2013 Page 13 of 43
State of the world
Latinoware 2013 Page 14 of 43
State of the World
Governments and companies are snooping...
...on a massive scale!
Latinoware 2013 Page 15 of 43
State of the World
● Can you still trust closed source US software?● Cisco PIX● Checkpoint● Dropbox● iCloud● ...
Latinoware 2013 Page 16 of 43
State of the World
● No, and why should you?● Because the US can be trusted.● Because the NSA would never spy on you.● Because we can trust the NSA will be held
accountable
That's a good joke!
Latinoware 2013 Page 17 of 43
What can we trust
Latinoware 2013 Page 18 of 43
OpenBSD
Latinoware 2013 Page 19 of 43
OpenBSD!
● OpenBSD?● Unix-like, multi-platform operating system.● Derived from 4.4BSD, NetBSD fork.● Kernel + userland + documentation maintained
together.● 3rd party applications available via the ports system● Anoncvs, OpenSSH, OpenBGPD,
strlcpy(3)/strlcat(3), etc● Most importantly...
Latinoware 2013 Page 20 of 43
...it is secure.
OpenBSD
Latinoware 2013 Page 21 of 43
OpenBSD
● Secure and correct● Complexity introduces bugs● Security and stability over features
– Does not mean stagnation● No Americans allowed to work on crypto● No blobs
Latinoware 2013 Page 22 of 43
OpenBSD
● “NSA-proof”● Everyone (capable and trusted) allowed to work on
crypto– except Americans, sorry..
● Continuous auditing of all sources● FBI + IPsec rumour
– Publicly auditing the stack
resulted in two unrelated
bug fixes
Latinoware 2013 Page 23 of 43
OpenBSD
● Who would use OpenBSD? (I)● Anyone who needs a super secure system.● Anyone who doesn't want to worry about exploits.
Latinoware 2013 Page 24 of 43
OpenBSD
● Who would use OpenBSD? (II)● Home users● Small/medium businesses● Large corporations (Adobe, etc)● Power/gas/water companies● Research centers (NASA, etc)● Internet Exchanges● Secret services..
Latinoware 2013 Page 25 of 43
Enterprise OpenBSD
Latinoware 2013 Page 26 of 43
Enterprise OpenBSD
● Enterprise setting● Constraints
– Budgets– Deadlines
● Protecting company assets– Business/trade secrets– Customer data
Latinoware 2013 Page 27 of 43
Enterprise OpenBSD
● What can OpenBSD offer?● Firewall● Routing● VPN● Mail● Desktop● ...much, much, more!
Latinoware 2013 Page 28 of 43
Enterprise OpenBSD
● Firewall● PF● Tightly coupled with anti-spam/greylisting● ramdisk
Latinoware 2013 Page 29 of 43
Enterprise OpenBSD
● Routing● OpenBGPD● OpenOSPFD● MPLS● DVMRP
Latinoware 2013 Page 30 of 43
Enterprise OpenBSD
● VPN● IPsec● OpenIKED● isakmpd● “Government problems”
Latinoware 2013 Page 31 of 43
Enterprise OpenBSD
● Mail (I)● OpenSMPTD
– Started as sub-project– 15 Postfix server → 1 OpenSMTPD server
Latinoware 2013 Page 32 of 43
Enterprise OpenBSD
● Mail (II)● spamd
– greylisting– tarpitting
Latinoware 2013 Page 33 of 43
Enterprise OpenBSD
● Mail (III)● Zarafa
– groupware● calendar● addressbook● mail!
Latinoware 2013 Page 34 of 43
Enterprise OpenBSD
● Desktop (I)● Thin client
– NX– VNC– SPICE– Puppet
Latinoware 2013 Page 35 of 43
m:tier
Latinoware 2013 Page 36 of 43
Enterprise OpenBSD
● Desktop (II)● Immune to virus infections● Own ACPI implementation● KMS for Intel and Radeon
Latinoware 2013 Page 37 of 43
Enterprise OpenBSD
● Desktop (III)● Free, but comes at a cost
– no Flash– no minesweeper.exe
Latinoware 2013 Page 38 of 43
m:tier
Latinoware 2013 Page 39 of 43
Puppet
● Puppet● One master● Three continents● OpenBSD everywhere
Latinoware 2013 Page 40 of 43
GNOME
Latinoware 2013 Page 41 of 43
GNOME
● GNOME on OpenBSD● co-maintainer with ajacoutot@● Tremendous challenge● Tremendous progress
Latinoware 2013 Page 42 of 43
GNOME
● Current status● OpenBSD lacks udev/systemd● GNOME 3.10 on OpenBSD [video]
Latinoware 2013 Page 43 of 43
Thank you!
mail: [email protected] / [email protected]
www: www.mtier.org
twitter: @jasper_la / @mtierltd