Skip to main content.

Episode 118: BSD is go for Launch

2015-12-02

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

iX Systems Mission Complete

  • Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!

Headlines

Interview with Renato Westphal

  • An interview with Brazilian OpenBSD developer Renato Westphal
  • He describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS.
  • He ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD
  • When asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don't administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I'm doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.”
  • They also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8)
  • What do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I'd like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general”

Let’s Encrypt on a FreeBSD NGINX reverse proxy

  • We have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy
  • Backstory: For those who don’t know, “Let’s Encrypt” (https://letsencrypt.org) is a new Certificate Authority, which will allow you to create free and automated certificates.
  • They have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow)
  • This guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running.
  • Most of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site.
  • With that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains
  • As a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at.

Mike Larkins OpenBSD vmm subsystem now in tree

  • An openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world
  • He mentions in the commit message that it still needs a lot of work, and as such is disabled by default.
  • However for the adventurous among you, it can be turned on and tested
  • Right now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD)
  • No big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started.

The story of how Yahoo switched to FreeBSD

  • Yahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests
  • “Having spend many frustrating hours trying to install other PC OS's, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.”
  • “If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.”
  • Just that easily, Yahoo might never have ended up on FreeBSD
  • “A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.”
  • From my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD
  • Related hackernews thread

iXsystems


Interview - Mark Heily - mark@heily.com / @MarkHeily


News Roundup

Inline Intrusion Prevision System is an upcoming OPNSense Feature

  • The next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system
  • Suricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!)
  • Enabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules.

Matthew Dillion working on Hardlinks in Hammer2

  • We have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links
  • The backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the common-parent-directory design for the inode target.”
  • The implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag
  • If no parent directory is marked “xlink”, it will fall-through instead to the root of the mount
  • They also modified their installworld to set “/” /usr/,/var/,/home/ as “xlink” flagged
  • This prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already.

Japan's NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference

  • It’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference.
  • This time around, we have pictures of the booth, as well as a variety of oddities such as:
  • ODroid-C1 / Sharp X68030
  • Sharp NetWalker
  • Sharp WZero3 (Cell phone)
  • Give them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!)

One of the three OpenBSD users Blog Post by Adam Wolk

  • An OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative)
  • The application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the three OpenBSD users feel strongly enough about this to propose a patch. :D”
  • Part of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on
  • Maybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary

BeastieBits


Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Latest News

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014

2014-09-18

As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...


Episode 160: EuroBSD-Dreamin

2016-09-21

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Performance Improvements for FreeBSD Kernel Debugging “We previously explored FreeBSD userspace coredumps. Backtrace’s debugging platform supports FreeBSD kernel coredumps too, and their traces share many features. They are constructed somewhat differently, and in the process of adding support for them, we...

Episode 159: Net Scaling Privacy (Flix Style)

2016-09-14

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Protecting Netflix Viewing Privacy at Scale, with FreeBSD This blog post from Netflix tells the story of how Netflix developed in-kernel TLS to speed up delivery of video via HTTPS Since the beginning of the Open Connect program we have...

Episode 158: Ham, Radio and Pie (oh my)

2016-09-07

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines PC-BSD is now TrueOS If you’ve been watching this show the past few months, I’ve been dropping little hints about the upcoming rename of PC-BSD -> TrueOS. We’ve made that more official finally, and are asking folks to test out the...

Episode 157: ZFS, The “Universal” File-system

2016-08-31

Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines Registration for MeetBSD 2016 is now Open “Beastie’s coming home!” This year, MeetBSD will be held at UC Berkeley’s Clark Kerr Campus November 11th and 12th, preceded by a two day FreeBSD Vendor/Dev Summit (Nov 9th and 10th) MeetBSD can...