Skip to main content.

Episode 061: IPSECond Wind


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


BSD panel at Phoenix LUG

  • The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD
  • It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience
  • They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy
  • It was a good "real world" example of things potential switchers are curious to know about
  • They closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea

Book of PF signed copy auction

  • Peter Hansteen (who we've had on the show) is auctioning off the first signed copy of the new Book of PF
  • All the profits from the sale will go to the OpenBSD Foundation
  • The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences)
  • If you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause
  • Michael Lucas has challenged Peter to raise more for the foundation than his last book selling - let's see who wins
  • Pause the episode, go bid on it and then come back!

FreeBSD Foundation goes to EuroBSDCon

  • Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report
  • They also sponsored four other developers to go
  • The foundation was there "to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD"
  • They also have a second report from Kamil Czekirda
  • A total of $2000 was raised at the conference

OpenBSD 5.6 released

  • Note: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this
  • Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6
  • It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features
  • 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it
  • You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)
  • ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed
  • This will serve as a "transitional" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound
  • Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions
  • As always, 5.6 comes with its own song and artwork - the theme this time was obviously LibreSSL
  • Be sure to check the full changelog (it's huge) and pick up a CD or tshirt to support their efforts
  • If you don't already have the public key releases are signed with, getting a physical CD is a good "out of bounds" way to obtain it safely
  • Here are some cool images of the set
  • After you do your installation or upgrade, don't forget to head over to the errata page and apply any patches listed there

Interview - John-Mark Gurney - / @encthenet

Updating FreeBSD's IPSEC stack

News Roundup

Clang in DragonFly BSD

  • As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64
  • Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly
  • We'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using

reallocarray(): integer overflow detection for free

  • One of the less obvious features in OpenBSD 5.6 is a new libc function: "reallocarray()"
  • It's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost
  • Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature
  • OpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too

Switching from Linux blog

  • A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux
  • After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)
  • So far, he's put up a few posts about his initial thoughts, some documentation he's going through and his experiments so far
  • It'll be an ongoing series, so we may check back in with him again later on

Owncloud in a FreeNAS jail

  • One of the most common emails we get is about running Owncloud in FreeNAS
  • Now, finally, someone made a video on how to do just that, and it's even jailed
  • A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend
  • If you're looking for an easy way to back up and sync your files, this might be worth a watch


Mailing List Gold

  • All the tutorials are posted in their entirety at
  • The OpenBSD router, dpb, PXE autoinstall and patched ISO building tutorials have all been updated for 5.6
  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to - tell us how we're doing or what you'd like to see in future episodes
  • You can usually watch live Wednesdays at 2:00PM Eastern (18:00 UTC), but...
  • We'll be in California at MeetBSD next week, so there will be a prerecorded episode
  • Speaking of conferences, the event has gotten a few more BSD speakers - check it out if you're in London on November 25th

Latest News

New announcement


Hi, Mr. Dexter. Also, we understand that Brad Davis thinks there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 225: The one true OS


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines TrueOS stable release 17.12 We are pleased to announce a new release of the 6-month STABLE version of TrueOS! This release cycle focused on lots of cleanup and stabilization of the distinguishing features of TrueOS: OpenRC, boot speed, removable-device...

Episode 224: The Bus Factor


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Life after death, for code YOU'VE PROBABLY NEVER heard of the late Jim Weirich or his software. But you've almost certainly used apps built on his work. Weirich helped create several key tools for Ruby, the popular programming language...

Episode 223: Compile once, debug twice


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Compile once, Debug twice: Picking a compiler for debuggability, part 1 of 3 An interesting look into why when you try to debug a crash, you can often find all of the useful information has been ‘optimized out’ Have you ever...

Episode 222: How Netflix works


Direct Download:HD VideoMP3 AudioTorrent> This episode was brought to you by Headlines Why is Oracle so two-faced over open source? Oracle loves open source. Except when the database giant hates open source. Which, according to its recent lobbying of the US federal government, seems to be "most of the time". Yes, Oracle...