Skip to main content.

Episode 068: Just the Essentials


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid


More BSD conference videos

OpenBSD vs FreeBSD security features

  • From the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security
  • The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
  • It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
  • This is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework
  • If you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing
  • There are also some good comments on DaemonForums and that you may want to read

The password? You changed it, right?

  • Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently
  • He apparently reads his auth logs when he gets bored at an airport
  • This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
  • More than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords
  • Lots more details, including the lists of passwords and IPs, can be found in the full article
  • If you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a "d-link" user anyway)

Get started with FreeBSD, an intro for Linux users

  • Another new BSD article on a mainstream technology news site - seems we're getting popular
  • This article is written for Linux users who may be considering switching over to BSD and wondering what it's all about
  • It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
  • "Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other *BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like"

Interview - Michael W. Lucas - / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

  • The OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately
  • As of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
  • Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with
  • There's also another post that goes into detail on their upcoming filtering API - a feature many have requested
  • The API is still being developed, but you can test it out now if you know what you're doing - full details in the article
  • OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out

OpenCrypto changes in FreeBSD

  • A little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC
  • Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
  • The ICM and GCM modes of AES were added, and both include support for AESNI
  • There's a new port - "nist-kat" - that can be used to test the new modes of operation
  • Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
  • Code was also borrowed from both OpenBSD and NetBSD to make this possible

First thoughts on OpenBSD's httpd

  • Here we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6
  • The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
  • He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
  • Be sure to check our interview with Reyk about the new httpd if you're curious on how it got started
  • Also, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7

Steam on PCBSD

  • One of the most common questions people who want to use BSD as a desktop ask us is "can I run games?" or "can I use steam?"
  • Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE
  • This video shows how to get Steam set up on PCBSD using the Windows version
  • There are also some instructions in the video description to look over
  • A second video details getting streaming set up


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to - if it's anything related to BSD, we wanna hear about it
  • Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
  • Next week will be the prerecorded holiday episode where we read all the stories of how you got into BSD, should be pretty fun

Latest News

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014


As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...

Episode 191: I Know 64 & A Bunch More


HD VideoMP3 AudioTorrent This episode was brought to you by Headlines vBSDCon CFP closed April 29th EuroBSDCon CFP closes April 30th Developer Commentary: Philosophy, Evolution of TrueOS/Lumina, and Other Thoughts. Philosophy of Development No project is an island. Every single project needs or uses some other external utility, library, communications format, standards compliance, and more in order...

Episode 190: The Moore You Know


VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by OpenBSD 6.1 RELEASED Mailing list post We are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release. New/extended platforms: New arm64 platform, using clang(1) as the base system compiler. The loongson platform now supports systems with Loongson 3A CPU and RS780E...

Episode 189 Codified Summer


VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Google summer of code for BSDs FreeBSD FreeBSD's existing list of GSoC Ideas for potential students FreeBSD/Xen: import the grant-table bus_dma(9) handlers from OpenBSD Add support for usbdump file-format to wireshark and vusb-analyzer Write a new boot environment manager Basic smoke test of all base utilities Port...

Episode 188: And then the murders began


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines DragonFly BSD 4.8 is released Improved kernel performance This release further localizes cache lines and reduces/removes cache ping-ponging on globals. For bulk builds on many-cores or multi-socket systems, we have around a 5% improvement, and certain subsystems such as namecache lookups and...