Skip to main content.

Episode 047: DES Challenge IV


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


g2k14 hackathon reports

  • Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
  • Lots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree
  • Some of the developers wrote in to document what they were up to at the event
  • Bob Beck planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that
  • Miod Vallat also tells about his LibreSSL experiences
  • Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!)
  • Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
  • Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
  • Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
  • Martin Pelikan integrated read-only ext4 support
  • Vadim Zhukov did lots of ports work, including working on KDE4
  • Theo de Raadt created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts
  • Paul Irofti worked on the USB stack, specifically for the Octeon platform
  • Sebastian Benoit worked on relayd filters and IPv6 code
  • Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
  • Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
  • Stefan Sperling fixed a lot of issues with wireless drivers
  • Florian Obser did many things related to IPv6
  • Ingo Schwarze worked on mandoc, as usual, and also rewrote the man.cgi interface
  • Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
  • Matthieu Herrb worked on updating and modernizing parts of xenocara

FreeBSD pf discussion takes off

  • Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
  • Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]"
  • Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
  • FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating
  • There's also the issue of importing patches from pfSense, but most of those still haven't been done either
  • Lots of disagreement among developers vs. users...
  • Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested
  • Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions
  • Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks)
  • Gleb had to abandon his work on FreeBSD's pf because funding ran out

LibreSSL progress update

  • LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago
  • Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
  • However, there has already been some drama... with Linux users
  • There was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
  • This "problem" doesn't affect OpenBSD's native implementation, only the portable version
  • The developers decide to weigh in to calm the misinformation and rage
  • A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys
  • Ted Unangst has a really good post about the whole situation, definitely check it out
  • As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it

Preparation for NetBSD 7

  • The release process for NetBSD 7.0 is finally underway
  • The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
  • If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
  • They're also looking for some help updating documentation and fixing any bugs that get reported
  • Another formal announcement will be made when the beta binaries are up

Interview - Dag-Erling Smørgrav - / @RealEvilDES

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

BSDCan ports and packages WG

  • Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
  • Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
  • There's also some detail about the signing infrastructure and different mirrors
  • Ports people and source people need to talk more often about ABI breakage
  • The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!)

Cross-compiling ports with QEMU and poudriere

  • With recent QEMU features, you can basically chroot into a completely different architecture
  • This article goes through the process of building ARMv6 packages on a normal X86 box
  • Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
  • The poudriere-devel port now has a "qemu user" option that will pull in all the requirements
  • Hopefully this will pave the way for official pkgng packages on those lesser-used architectures

Cloning FreeBSD with ZFS send

  • For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
  • This post shows his entire process in creating a mirror machine, using ZFS for everything
  • The "zfs send" and "zfs snapshot" commands really come in handy for this
  • He does the whole thing from a live CD, pretty impressive

FreeBSD Overview series

  • A new blog series we stumbled upon about a Linux user switching to BSD
  • In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10
  • He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
  • Most of what he was used to on Linux was already in the default FreeBSD (except bash...)
  • Part two documents his experiences with pkgng and ports


  • All the tutorials are posted in their entirety at
  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • If you want to come on for an interview or have a tutorial you'd like to see, let us know - we want to do what the viewers want to see
  • Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....

Episode 272: Detain the bhyve


Direct Download:MP3 AudioVideo Headlines The byproducts of reading OpenBSD netcat code When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the...