Agenda
- New Website Launch
- Review, Search for Bugs, etc.
- Launch of https://people.ipfire.org
- New Blog! Let's Blog
- Release Schedule Core Update 125, https://blog.ipfire.org/post/ipfire-2-21-core-update-125-is-available-for-testing
- Wikipedia page has been created
- #11917
- Infrastructure Projects
- Moving everything to single-service VMs is stalled because of #XXX
- Suricata & IDS/IPS
- Hardware: Port Smash (CVE-2018-5407)
Attendees
- Peter
- Michael
- Arne
- Stefan
- Timo
Log
New Website launched
- Released, but little feedback so far
- Many new features and content clean-up
- All developers are invited to write blog posts
- Only RSS feed available (browser support dimishing)
Financial situation & Public Relations
people.ipfire.org
- Developer portal with password and key management
- Some minor bugs
English Wikipedia article
Core Update 125
- Smaller changes
- Massive WiFi improvements
- Some patches are still pending
DNSSEC
- Privacy (DoT) != security (DNSSEC)
- DNS is somewhat buggy and there are a lot of misunderstandings
- Huge namservers should be avoided
- Should we disable DNSSEC anyway (or provide a solution to do so)?
- Is local recursor mode an alternative?
- Everything is very ugly...
Suricata IDS&IPS
- Testing image available at https://people.ipfire.org/~stevee/suricata/
- Configuration file cleanup required
- To be released in January 2019
Infrastructure
- Forum is still on the old server, no migration idea at the moment
- Web services have been migrated to new infrastrucutre
- Hardware security for SSH private keys?
Hardware security issues
- Today's special: HyperThreading
- Many hardware vulnerabilities seen, huge performance impact
- Driver issues (e1000) are a threat, too
- OpenBSD disabled HT recently
- Blog Post: https://blog.ipfire.org/post/more-on-intel-s-hardware-bugs