Skip to main content.

Episode 119: There be Dragons, BSD Dragons anyway


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

iX Systems Mission Complete

  • Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!


n2k15 hackathon reports

  • tedu@ worked on rebound, malloc hardening, removing legacy code
  • “I don't usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.”
  • “IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory”
  • “I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It's only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes”
  • Ifconfig txpower got similar treatment, as no modern WiFi driver supports it
  • Support for Ethernet Trailers, RFC 893, enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place
  • Alexandr Nedvedicky (sashan@) worked on MP-Safe PF
  • “I'd like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let's switch to PF hacking.”
  • “mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It's called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pftest() function. The pftest() function parts will be gradually unlocked as the work will progress.
  • To make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pftest(). The pftest() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ipsend() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pfroute() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked. There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.”

ACM Queue: Challenges of Memory Management on Modern NUMA System

  • “Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node's local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).”
  • So, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around
  • There are a number of different NUMA strategies, including:
  • Fixed, memory is always allocated from a specific bank of memory
  • First Touch, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally
  • Round Robin or Interleave, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access
  • AutoNUMA, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing).
  • The paper also introduces a new strategy:
  • Carrefour is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower
  • Carrefour uses three primary techniques:
  • Memory collocation, Moving memory to a different node so that accesses will likely be local.
  • Replication, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data).
  • Interleaving, Moving memory such that it is distributed evenly among all nodes.
  • FreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin.
  • For more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT

Is that Linux? No it is PC-BSD

  • Larry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it’s Linux.
  • The blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background.
  • He mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I’m burning rubber in all four gears.”
  • The only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I’ll have to add a knob back for that)

Dual booting OS X and OpenBSD with full disk encryption

  • New GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs
  • This tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X
  • First the HFS+ partition is shrunk to make room for a new OpenBSD partition
  • Then the OpenBSD installer is run, and the available free space is setup as an encrypted softraid
  • The OpenBSD installer will add itself to the EFI partition
  • Rename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X

Interview - Paul Goyette -

  • NetBSD Testing and Modularity


News Roundup

HOWTO: L2TP/IPSec with OpenBSD

  • *BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN
  • This first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it
  • The previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now
  • The tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec
  • L2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed

DragonFly 4.4 Released

  • DragonFly BSD has made its 4.4 release official this week!
  • A lot of big changes, but some of the highlights
    • Radeon / i915 DRM support for up to Linux Kernel 3.18
    • Proper collation support for named locales, shared back to FreeBSD 11-CURRENT
    • Regex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn't there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it's a nice addition to this release.”
    • Other noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3)
  • An interesting tidbit is switching to the Gold linker

Guide to install Ajenti on Nginx with SSL on FreeBSD 10.2

  • Looking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system.
  • The walkthrough is mostly straightforward, you’ll need a FreeBSD box with root, and will need to install several packages / ports initially.
  • Because there is no native package (yet), it guides you through using python’s PIP installer to fetch and get Ajenti running.
  • The author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD.
  • Ajenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks.

BSDCan 2016 CFP is up!

  • BSDCan is the biggest North American BSD conference, and my personal favourite
  • The call for papers is now out, and I would like to see more first-time submitters this year
  • If you do anything interesting with or on a BSD, please write a proposal
  • Are the machines you run BSD on bigger or smaller than what most people have? Tell us about it
  • Are you running a big farm that does something interesting?
  • Is your university research using BSD?
  • Do you have an idea for a great new subsystem or utility?
  • Have you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us.
  • Did you build a radar that runs NetBSD? A telescope controlled by FreeBSD?
  • Have you run an ISP at the north pole using Jails?
  • Do you run a usergroup and have tips to share?
  • Have you combined the features and tools of a BSD in a new and interesting way?
  • Don’t have a talk to give? Teach a tutorial!
  • The conference will arrange your air travel and hotel, and you’ll get to spend a few great days with the best community on earth
  • Michael W. Lucas’s post about the 2015 proposals and rejections

Beastie Bits


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


Hi, Mr. Dexter. Also, we understand that Brad Davis thinks there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 225: The one true OS


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines TrueOS stable release 17.12 We are pleased to announce a new release of the 6-month STABLE version of TrueOS! This release cycle focused on lots of cleanup and stabilization of the distinguishing features of TrueOS: OpenRC, boot speed, removable-device...

Episode 224: The Bus Factor


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Life after death, for code YOU'VE PROBABLY NEVER heard of the late Jim Weirich or his software. But you've almost certainly used apps built on his work. Weirich helped create several key tools for Ruby, the popular programming language...

Episode 223: Compile once, debug twice


Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Compile once, Debug twice: Picking a compiler for debuggability, part 1 of 3 An interesting look into why when you try to debug a crash, you can often find all of the useful information has been ‘optimized out’ Have you ever...

Episode 222: How Netflix works


Direct Download:HD VideoMP3 AudioTorrent> This episode was brought to you by Headlines Why is Oracle so two-faced over open source? Oracle loves open source. Except when the database giant hates open source. Which, according to its recent lobbying of the US federal government, seems to be "most of the time". Yes, Oracle...