Skip to main content.

Episode 086: Business as Usual

2015-04-22

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

Optimizing TLS for high bandwidth applications

  • Netflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD
  • TLS has traditionally had too much overhead for the levels of bandwidth they're using, so this pdf outlines some of their strategy in optimizing it
  • The sendfile() syscall (which nginx uses) isn't available when data is encrypted in userland
  • To get around this, Netflix is proposing to add TLS support to the FreeBSD kernel
  • Having encrypted movie streams would be pretty neat

Crypto in unexpected places

  • OpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)
  • One place you might not expect crypto to be used (or even needed) is in the "ping" utility, right? Well, think again
  • David Gwynne recently committed a change that adds MAC to the ping timestamp payload
  • By default, it'll be filled with a ChaCha stream instead of an unvarying payload, and David says "this lets us have some confidence that the timestamp hasn't been damaged or tampered with in transit"
  • Not only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward
  • Maybe we can look forward to a cryptographically secure "echo" command next...

Broadwell in DragonFly

  • The DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status
  • Matt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn't work
  • The two main show-stoppers right now are the graphics and wireless, but they have someone who's already making progress with the GPU support
  • Wireless support will likely have to wait until FreeBSD gets it, then they'll port it back over
  • None of the BSDs currently have full Broadwell support, so stay tuned for further updates

DIY NAS software roundup

  • In this blog post, the author compares a few different software solutions for a network attached storage device
  • He puts FreeNAS, one of our favorites, up against a number of opponents - both BSD and Linux-based
  • NAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface
  • If you've been thinking about putting together a NAS, but aren't quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names
  • Some competition is always good, gotta keep those guys on their toes

Interview - Antoine Jacoutot - ajacoutot@openbsd.org / @ajacoutot

OpenBSD at M:Tier, business adoption of BSD, various topics


News Roundup

OpenBSD on DigitalOcean

  • When DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction - we hoped that all the other BSDs would soon follow
  • This is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS
  • Using a -current snapshot and some swapfile trickery, it's possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk
  • After doing so, you just boot from their web UI-based console and can perform a standard installation
  • You will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step

Initial ARM64 support lands in FreeBSD

  • The ARM64 architecture, sometimes called ARMv8 or AArch64, is a new generation of CPUs that will mostly be in embedded devices
  • FreeBSD has just gotten support for this platform in the -CURRENT branch
  • Previously, it was only the beginnings of the kernel and enough bits to boot in QEMU - now a full build is possible
  • Work should now start happening in the main source code tree, and hopefully they'll have full support in a branch soon

Scripting with least privilege

  • A new scripting language with a focus on privilege separation and running with only what's absolutely needed has been popular in the headlines lately
  • Shell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.
  • Shill aims to answer the questions "how do we limit the authority of scripts" and "how do we determine what authority is necessary" by including a declarative security policy that's checked and enforced by the language runtime
  • If used on FreeBSD, Shill will use Capsicum for sandboxing
  • You can find some more of the technical information in their documentation pdf or watch their USENIX presentation video
  • Hacker News also had some discussion on the topic

OpenBSD first impressions

  • A brand new BSD user has started documenting his experience through a series of blog posts
  • Formerly a Linux guy, he's tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop
  • The first post goes into why he chose BSD at all, why he's switching away from Linux, how the initial transition has been, what you'll need to relearn and what he's got planned going forward
  • He's only been using OpenBSD for a few days as of the time this was written - we don't usually get to hear from people this early in on their BSD journey, so it offers a unique perspective

PCBSD and 4K oh my!

  • Yesterday, Kris got ahold of some 4K monitor hardware to test PC-BSD out
  • The short of it - It works great!
  • Minor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box
  • This particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly

Feedback/Questions


Discussion

Comparison of BSD release cycles


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
  • We're still looking for some new interviews, so let us know if you're interested in coming on the show (or have someone you'd like us to approach)
  • If we have any listeners in Poland, there's a new Polish BSD users group that's just started up
  • If you're closer to Germany, there's a local BSD installfest happening on May 15th in the Landshut area
  • If neither of those locations are close to you, but India is, there's the brand new New Delhi BSD users group as well
  • Lastly, the EuroBSDCon 2015 call for papers has been extended due to the massive amount of last-minute submissions, so now you've got until May 22nd to send in your ideas
    sorry for all the audio/video problems in this episode

Latest News

New announcement

2017-05-25

Hi, Mr. Dexter. Also, we understand that Brad Davis thinks there should be more real news....

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...


Episode 220: Opening ZFS in 2017

2017-11-15

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines The First PS4 Kernel Exploit: Adieu The First PS4 Kernel Exploit: Adieu Plenty of time has passed since we first demonstrated Linux running on the PS4. Now we will step back a bit and explain how we managed to jump...

Episode 219: We love the ARC

2017-11-08

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Papers We Love: ARC: A Self-Tuning, Low Overhead Replacement Cache Ever wondered how the ZFS ARC (Adaptive Replacement Cache) works? How about if Bryan Cantrill presented the original paper on its design? Today is that day. Slides It starts by looking back at a fundamental paper...

Episode 218: A KRACK in the WiFi

2017-11-01

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines FreeBSD 10.4-RELEASE Available FreeBSD 10.4-RELEASE is out. The FreeBSD Project dedicates the FreeBSD 10.4-RELEASE to the memory of Andrey A. Chernov. Some of the highlights: 10.4-RELEASE is the first FreeBSD release to feature full support for eMMC storage, including eMMC partitions, TRIM...

Episode 217: Your questions, part II

2017-10-25

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines OpenBSD 6.2 Released OpenBSD continues their six month release cadence with the release of 6.2, the 44th release On a disappointing note, the song for 6.2 will not be released until December Highlights: Improved hardware support on modern platforms including ARM64/ARMv7 and octeon,...