Skip to main content.

Episode 063: A Man's man(1)


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


Updates to FreeBSD's random(4)

  • FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
  • The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
  • Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
  • Pluggable modules can now be written to add more sources of entropy
  • These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9

OpenBSD Tor relays and network diversity

  • We've talked about getting more BSD-based Tor nodes a few times in previous episodes
  • The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
  • With the security features and attention to detail, it makes for an excellent dedicated Tor box
  • More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
  • A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
  • Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
  • The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it

SSP now default for FreeBSD ports

  • SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
  • It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
  • This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
  • If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
  • NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
  • Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed

Building an OpenBSD firewall and router

  • While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
  • The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
  • Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
  • They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
  • Through the comments, we also find out that QuakeCon runs OpenBSD on their network
  • Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already

Interview - Kristaps Džonsons -

Mandoc, historical man pages, various topics


Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

  • Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
  • From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
  • As always, you can find lots of pictures in the trip report

Getting to know your portmgr lurkers

  • The lovable "getting to know your portmgr" series makes its triumphant return
  • This time around, they interview Alex, one of the portmgr lurkers that joined just this month
  • "How would you describe yourself?" "Too lazy."
  • Another post includes a short interview with Emanuel, another new lurker
  • We discussed the portmgr lurkers initiative with Steve Wills a while back

NetBSD's ARM port gets SMP

  • The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
  • This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
  • NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
  • There are also a few nice pictures in the article

A high performance mid-range NAS

  • This blog post is about FreeNAS and optimizing iSCSI performance
  • It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
  • There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
  • They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload"


Mailing List Gold

  • All the tutorials are posted in their entirety at
  • The OpenBSD router tutorial now has a new section on bandwidth throttling
  • We'll also have links on the site to a MeetBSD recap post, definitely worth reading, as well as a review of the new Book of PF
  • Speaking of that, Peter Hansteen's Book of PF auction raised a total of $3,050 for the OpenBSD foundation
  • As usual, send questions, comments, show ideas/topics, or stories you want mentioned on the show to - we do the show for you guys, so let us know if there's something specific you'd like to see covered (especially new tutorial ideas)
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

Latest News

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014


As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...

Episode 191: I Know 64 & A Bunch More


HD VideoMP3 AudioTorrent This episode was brought to you by Headlines vBSDCon CFP closed April 29th EuroBSDCon CFP closes April 30th Developer Commentary: Philosophy, Evolution of TrueOS/Lumina, and Other Thoughts. Philosophy of Development No project is an island. Every single project needs or uses some other external utility, library, communications format, standards compliance, and more in order...

Episode 190: The Moore You Know


VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by OpenBSD 6.1 RELEASED Mailing list post We are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release. New/extended platforms: New arm64 platform, using clang(1) as the base system compiler. The loongson platform now supports systems with Loongson 3A CPU and RS780E...

Episode 189 Codified Summer


VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Google summer of code for BSDs FreeBSD FreeBSD's existing list of GSoC Ideas for potential students FreeBSD/Xen: import the grant-table bus_dma(9) handlers from OpenBSD Add support for usbdump file-format to wireshark and vusb-analyzer Write a new boot environment manager Basic smoke test of all base utilities Port...

Episode 188: And then the murders began


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines DragonFly BSD 4.8 is released Improved kernel performance This release further localizes cache lines and reduces/removes cache ping-ponging on globals. For bulk builds on many-cores or multi-socket systems, we have around a 5% improvement, and certain subsystems such as namecache lookups and...