Skip to main content.

Episode 102: May Contain ZFS


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


FreeBSD on Olimex RT5350F-OLinuXino

  • If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it)
  • It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM
  • This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment
  • In part two of the series, he talks about the GPIO and how you can configure it
  • Part three is still in the works, so check the site later on for further progress and info

The modern OpenBSD home router

  • In a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway for his home network
  • "It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst"
  • Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless
  • This guide also covers PPP and IPv6, in case you have those requirements
  • In a similar but unrelated series, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge
  • He also has a separate post for setting up an IPSEC VPN on the router

NetBSD at Open Source Conference 2015 Kansai

  • The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference
  • They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event
  • Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k
  • They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it
  • And what conference would be complete without an LED-powered towel

OpenSSH 7.0 released

  • The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code
  • SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled
  • The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now
  • If you're using an older configuration file, the "without-password" option still works, so no change is required
  • You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications
  • Various bug fixes and documentation improvements are also included
  • Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users
  • In the next release, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled

Interview - Peter Toth - / @pannonp

Containment with iocage

News Roundup

More c2k15 reports

  • A few more hackathon reports from c2k15 in Calgary are still slowly trickling in
  • Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things)
  • He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging
  • Renato Westphal sent in a report of his very first hackathon
  • He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network
  • Philip Guenther also wrote in, getting some very technical and low-level stuff done at the hackathon
  • His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff
  • There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well

FreeBSD jails, the hard way

  • As you learned from our interview this week, there's quite a selection of tools available to manage your jails
  • This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf
  • Unlike with iocage, ZFS isn't actually a requirement for this method
  • If you are using it, though, you can make use of snapshots for making template jails

OpenSSH hardware tokens

  • We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server?
  • This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model
  • It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd
  • Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too

LibreSSL 2.2.2 released

  • The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes
  • At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more
  • SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely
  • Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc
  • It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • BSD Now tshirts are now available to preorder, and will be shipping in September (you have until the end of August to place an order, then they're gone)
  • Next week's episode will be a shorter prerecorded one, since Allan's going to BSDCam

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 271: Automatic drive tests


Direct Download:MP3 AudioVideo Headlines MidnightBSD 1.0 now available I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is...

Episode 270: Ghostly releases


Direct Download:MP3 AudioVideo Headlines OpenBSD 6.4 released See a detailed log of changes between the 6.3 and 6.4 releases. See the information on the FTP page for a list of mirror machines. Have a look at the 6.4 errata page for a list of bugs and workarounds. signify(1) pubkeys for this release: base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97 pkg:...

Episode 269: Tiny daemon lib


Direct Download:MP3 AudioVideo Headlines FreeBSD Foundation Update, September 2018 MESSAGE FROM THE EXECUTIVE DIRECTOR Dear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to...

Episode 268: netcat demystified


Direct Download:MP3 AudioVideo Headlines Six Metrics for Measuring ZFS Pool Performance Part 1 The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS...