Skip to main content.

Episode 104: Beverly Hills 25519


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


EdgeRouter Lite, meet OpenBSD

  • The ERL, much like the Raspberry Pi and a bunch of other cheap boards, is getting more and more popular as more things get ported to run on it
  • We've covered installing NetBSD and FreeBSD on them before, but OpenBSD has gotten a lot better support for them as well now (including the onboard storage in 5.8)
  • Ted Unangst got a hold of one recently and kindly wrote up some notes about installing and using OpenBSD on it
  • He covers doing a network install, getting the (slightly strange) bootloader working with u-boot and some final notes about the hardware
  • More discussion can be found on Hacker News and various other places
  • One thing to note about these devices: because of their MIPS64 processor, they'll have weaker ASLR than X86 CPUs (and no W^X at all)

Design and Implementation of the FreeBSD Operating System interview

  • For those who don't know, the "Design and Implementation of the FreeBSD Operating System" is a semi-recently-revived technical reference book for FreeBSD development
  • InfoQ has a review of the book up for anyone who might be interested, but they also have an interview the authors
  • "The book takes an approach to FreeBSD from inside out, starting with kernel services, then moving to process and memory management, I/O and devices, filesystems, IPC and network protocols, and finally system startup and shutdown. The book provides dense, technical information in a clear way, with lots of pseudo-code, diagrams, and tables to illustrate the main points."
  • Aside from detailing a few of the chapters, the interview covers who the book's target audience is, some history of the project, long-term support, some of the newer features and some general OS development topics

Path list parameter in OpenBSD tame

  • We've mentioned OpenBSD's relatively new "tame" subsystem a couple times before: it's an easy-to-implement "self-containment" framework, allowing programs to have a reduced feature set mode with even less privileges
  • One of the early concerns from users of other process containment tools was that tame was too broad in the way it separated disk access - you could either read/write files or not, nothing in between
  • Now there's the option to create a whitelist of specific files and directories that your binary is allowed to access, giving a much finer-grained set of controls to developers
  • The next step is to add tame restraints to the OpenBSD userland utilities, which should probably be done by 5.9
  • More discussion can be found on Reddit and Hacker News


  • The FreeBSD team has released the second minor version bump to the 10.x branch, including all the fixes from 10-STABLE since 10.1 came out
  • The Linux compatibility layer has been updated to support CentOS 6, rather than the much older Fedora Core base used previously, and the DRM graphics code has been updated to match Linux 3.8.13
  • New installations (and newly-upgraded systems) will use the quarterly binary package set, rather than the rolling release model that most people are used to
  • A VXLAN driver was added, allowing you to create virtual LANs by encapsulating the ethernet frame in a UDP packet
  • The bhyve codebase is much newer, enabling support for AMD CPUs with SVM and AMD-V extensions
  • ARM and ARM64 code saw some fixes and improvements, including SMP support on a few specific boards and support for a few new boards
  • The bootloader now supports entering your GELI passphrase before loading the kernel in full disk encryption setups
  • In addition to assorted userland fixes and driver improvements, various third party tools in the base system were updated: resolvconf, ISC NTPd, netcat, file, unbound, OpenSSL, sendmail
  • Check the full release notes for the rest of the details and changes
  • PC-BSD also followed with their 10.2-RELEASE, sporting a few more additional features

Interview - Damien Miller - / @damienmiller

OpenSSH: phasing out broken crypto, default cipher changes

News Roundup

NetBSD at Open Source Conference Shimane

  • We weren't the only ones away at conferences last week - the Japanese NetBSD guys are always raiding one event or another
  • This time they had NetBSD running on some Sony NWS devices (MIPS-based)
  • JavaStations were also on display - something we haven't ever seen before (made between 1996-2000)

BAFUG videos

  • The Bay Area FreeBSD users group has been uploading some videos of their recent meetings
  • Devin Teske hosts the first one, discussing adding GELI support to the bootloader, including some video demonstrations of how it works
  • Shortly after beginning, Adrian Chadd takes over the conversation and they discuss various problems (and solutions) related to the bootloader - for example, how can we type encryption passwords with non-US keyboard layouts
  • In a second video, Jordan Hubbard and Kip Macy introduce "NeXTBSD aka FreeBSD X"
  • In it, they discuss their ideas of merging more Mac OS X features into FreeBSD (launchd to replace the init system, some APIs, etc)
  • People should record presentations at their BSD users groups and send them to us

L2TP over IPSEC on OpenBSD

  • If you've got an OpenBSD box and some Mac OS X clients that need secure communications, surprise: they can work together pretty well
  • Using only the base tools in both operating systems, you can build a nice IPSEC setup for tunneling all your traffic
  • This guide specifically covers L2TP, using npppd and pre-shared keys
  • Server setup, client setup, firewall configuration and routing-related settings are all covered in detail

Reliable bare metal with TrueOS

  • Imagine a server version of PC-BSD with some useful utilities preinstalled - that's basically TrueOS
  • This article walks you through setting up a FreeBSD -CURRENT server (using TrueOS) to create a pretty solid backup solution
  • Most importantly, he also covers how to keep everything redundant and deal with hard drives failing
  • The author chose to go with the -CURRENT branch because of the delay between regular releases, and newer features not making their way to users as fast as he'd like
  • Another factor is that there are no binary snapshots of FreeBSD -CURRENT that can be easily used for in-place upgrades, but with TrueOS (and some other BSDs) there are

Kernel W^X on i386

  • We mentioned some big W^X kernel changes in OpenBSD a while back, but the work was mainly for x86_64 CPU architecture (which makes sense; that's what most people run now)
  • Mike Larkin is back again, and isn't leaving the people with older hardware out, committing similar kernel work into the i386 platform now as well
  • Check out our interview with Mike for some more background info on memory protections like W^X


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • BSD Now tshirts are now available, and will be shipping in September (you've only got about four days left to place an order, then they're gone)
  • Preorders for OpenBSD 5.8 CDs are now open, and the artwork is especially great for this special 20th anniversary release - you won't wanna miss it

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 276: ho, ho, ho - 12.0


Direct Download:MP3 AudioVideo Headlines FreeBSD 12.0 is available After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available. We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes > Userland: > Group permissions on /dev/acpi have been changed to allow users in...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....