Skip to main content.

Episode 085: PIE in the Sky


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Solaris' networking future is with OpenBSD

  • A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
  • It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
  • For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
  • What's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
  • This blog post goes through some of the backstory of the two firewalls
  • PF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
  • "Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security"
  • You're welcome, Oracle

BAFUG discussion videos

  • The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
  • Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
  • Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
  • Lastly, Kip Macy gave a talk titled "network stack changes, user-level FreeBSD"
  • The main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics
  • If you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime

More than just a makefile

  • If you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
  • This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
  • As it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all
  • The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
  • After that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community
  • This post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News)

Securing your home fences

  • Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
  • We hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now
  • In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
  • He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
  • The post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process
  • Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
  • If you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
  • We love super-detailed guides like this, so everyone should write more and send them to us immediately

Interview - Pascal Stumpf -

Static PIE in OpenBSD

News Roundup

LLVM's new libFuzzer

  • We've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
  • It looks like LLVM is going to have their own fuzzing tool too now
  • The Clang and LLVM guys are no strangers to this type of code testing, but decided to "close the loop" and start fuzzing parts of LLVM (including Clang) using LLVM itself
  • With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future

HardenedBSD upgrades secadm

  • The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
  • We covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)
  • Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now

RAID5 returns to OpenBSD

  • OpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while
  • However, it was exactly that - experimental - and required a recompile to enable
  • With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
  • Now it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces
  • The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the "do you want to enable DUIDs?" question entirely

pkgng 1.5.0 released

  • Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
  • The "provides" and "requires" support is finally in a regular release
  • A new "-r" switch will allow for direct installation to a chroot or alternate root directory
  • Memory usage should be much better now, and some general code speed-ups were added
  • This version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that
  • Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)

p2k15 hackathon reports

  • There was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work
  • As usual, the developers sent in reports of some of the things they got done at the event
  • Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
  • Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports
  • Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier


Mailing List Gold

  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • If you want to come on for an interview, or know someone else who might be interesting to hear from, let us know

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 267: Absolute FreeBSD


Direct Download:MP3 AudioVideo Headlines Interview - Michael W. Lucas - / @mwlauthor BR: [Welcome Back] AJ: What have you been doing since last we talked to you [ed, ssh, and af3e] BR: Tell us more about AF3e AJ: How did the first Absolute FreeBSD come about? BR: Do you have anything special planned for MeetBSD? AJ: What...

Episode 266: File type history


Direct Download:MP3 AudioVideo Headlines OpenBSD/NetBSD on FreeBSD using grub2-bhyve When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up...

Episode 265: Software Disenchantment


Direct Download:MP3 AudioVideo Headlines [FreeBSD DevSummit & EuroBSDcon 2018 in Romania] Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks. Although Benedict organized the devsummit in large...

Episode 264: Optimized-out


Direct Download:MP3 AudioVideo This episode was brought to you by Headlines FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD's Threadripper 2990WX, Benchmarks Against Linux The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows...