Skip to main content.

Episode 063: A Man's man(1)


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
  • Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

  • While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
  • The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
  • Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
  • They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
  • Through the comments, we also find out that QuakeCon runs OpenBSD on their network
  • Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already

Interview - Kristaps Džonsons -

Mandoc, historical man pages, various topics


Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

  • Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
  • From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
  • As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

  • The lovable "getting to know your portmgr" series makes its triumphant return
  • This time around, they interview Alex, one of the portmgr lurkers that joined just this month
  • "How would you describe yourself?" "Too lazy."
  • Another post includes a short interview with Emanuel, another new lurker
  • We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD's ARM port gets SMP

  • The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
  • This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
  • NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
  • There are also a few nice pictures in the article

A high performance mid-range NAS

  • This blog post is about FreeNAS and optimizing iSCSI performance
  • It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
  • There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
  • They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload"


Mailing List Gold

  • All the tutorials are posted in their entirety at
  • The OpenBSD router tutorial now has a new section on bandwidth throttling
  • We'll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
  • Speaking of that, Peter Hansteen's Book of PF auction raised a total of $3,050 for the OpenBSD foundation
  • As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to - we do the show for you guys, so let us know if there's something specific you'd like to see covered (especially new tutorial ideas)
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014


As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...

Episode 164: Virtualized COW / PI?


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines vmm enabled VMM, the OpenBSD hypervisor, has been imported into current It has similar hardware requirements to bhyve, a Intel Nehalem or newer CPU with the hardware virtualization features enabled in the BIOS AMD support has not been started yet OpenBSD is the...

Episode 163: Return of the Cantrill


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines FreeBSD 11.0-RELEASE Now Available FreeBSD 11.0-RELEASE is now officially out. A last minute reroll to pickup OpenSSL updates and a number of other security fixes meant the release was a little behind schedule, and shipped as 11.0-RELEASE-p1, but the release is better...

Episode 162: The Foundation of NetBSD


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines What is new on EC2 for FreeBSD 11.0-RELEASE “FreeBSD 11.0-RELEASE is just around the corner, and it will be bringing a long list of new features and improvements — far too many for me to list here. I think there are...

Episode 161: The BSD Bromance


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines EuroBSDCon 2016 Wrapup Ollivier Robert’s Photos from EuroBSDCon Get your BSDNow die-cut stickers NetBSD for newbies - Develop your own Power PC We don’t get to feature too many stories on NetBSD being deployed as a Power PC (Not PowerPC, you...