Skip to main content.

Episode 085: PIE in the Sky


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Solaris' networking future is with OpenBSD

  • A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
  • It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
  • For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
  • What's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
  • This blog post goes through some of the backstory of the two firewalls
  • PF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
  • "Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security"
  • You're welcome, Oracle

BAFUG discussion videos

  • The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
  • Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
  • Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
  • Lastly, Kip Macy gave a talk titled "network stack changes, user-level FreeBSD"
  • The main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics
  • If you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime

More than just a makefile

  • If you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
  • This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
  • As it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all
  • The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
  • After that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community
  • This post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News)

Securing your home fences

  • Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
  • We hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now
  • In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
  • He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
  • The post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process
  • Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
  • If you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
  • We love super-detailed guides like this, so everyone should write more and send them to us immediately

Interview - Pascal Stumpf -

Static PIE in OpenBSD

News Roundup

LLVM's new libFuzzer

  • We've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
  • It looks like LLVM is going to have their own fuzzing tool too now
  • The Clang and LLVM guys are no strangers to this type of code testing, but decided to "close the loop" and start fuzzing parts of LLVM (including Clang) using LLVM itself
  • With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future

HardenedBSD upgrades secadm

  • The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
  • We covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)
  • Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now

RAID5 returns to OpenBSD

  • OpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while
  • However, it was exactly that - experimental - and required a recompile to enable
  • With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
  • Now it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces
  • The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the "do you want to enable DUIDs?" question entirely

pkgng 1.5.0 released

  • Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
  • The "provides" and "requires" support is finally in a regular release
  • A new "-r" switch will allow for direct installation to a chroot or alternate root directory
  • Memory usage should be much better now, and some general code speed-ups were added
  • This version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that
  • Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)

p2k15 hackathon reports

  • There was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work
  • As usual, the developers sent in reports of some of the things they got done at the event
  • Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
  • Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports
  • Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier


Mailing List Gold

  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • If you want to come on for an interview, or know someone else who might be interesting to hear from, let us know

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 276: ho, ho, ho - 12.0


Direct Download:MP3 AudioVideo Headlines FreeBSD 12.0 is available After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available. We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes > Userland: > Group permissions on /dev/acpi have been changed to allow users in...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....