Skip to main content.

Episode 118: BSD is go for Launch


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

iX Systems Mission Complete

  • Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!


Interview with Renato Westphal

  • An interview with Brazilian OpenBSD developer Renato Westphal
  • He describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS.
  • He ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD
  • When asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don't administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I'm doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.”
  • They also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8)
  • What do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I'd like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general”

Let’s Encrypt on a FreeBSD NGINX reverse proxy

  • We have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy
  • Backstory: For those who don’t know, “Let’s Encrypt” ( is a new Certificate Authority, which will allow you to create free and automated certificates.
  • They have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow)
  • This guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running.
  • Most of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site.
  • With that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains
  • As a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at.

Mike Larkins OpenBSD vmm subsystem now in tree

  • An openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world
  • He mentions in the commit message that it still needs a lot of work, and as such is disabled by default.
  • However for the adventurous among you, it can be turned on and tested
  • Right now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD)
  • No big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started.

The story of how Yahoo switched to FreeBSD

  • Yahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests
  • “Having spend many frustrating hours trying to install other PC OS's, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.”
  • “If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.”
  • Just that easily, Yahoo might never have ended up on FreeBSD
  • “A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.”
  • From my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD
  • Related hackernews thread


Interview - Mark Heily - / @MarkHeily

News Roundup

Inline Intrusion Prevision System is an upcoming OPNSense Feature

  • The next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system
  • Suricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!)
  • Enabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules.

Matthew Dillion working on Hardlinks in Hammer2

  • We have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links
  • The backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the common-parent-directory design for the inode target.”
  • The implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag
  • If no parent directory is marked “xlink”, it will fall-through instead to the root of the mount
  • They also modified their installworld to set “/” /usr/,/var/,/home/ as “xlink” flagged
  • This prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already.

Japan's NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference

  • It’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference.
  • This time around, we have pictures of the booth, as well as a variety of oddities such as:
  • ODroid-C1 / Sharp X68030
  • Sharp NetWalker
  • Sharp WZero3 (Cell phone)
  • Give them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!)

One of the three OpenBSD users Blog Post by Adam Wolk

  • An OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative)
  • The application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the three OpenBSD users feel strongly enough about this to propose a patch. :D”
  • Part of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on
  • Maybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary



  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 281: EPYC Server battle


Direct Download:MP3 AudioVideo Headlines scp client multiple vulnerabilities Overview SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation. Description Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and...

Episode 280: FOSS clothing


Direct Download:MP3 AudioVideo Headlines A EULA in FOSS clothing? There was a tremendous amount of reaction to and discussion about my blog entry on the midlife crisis in open source. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a detailed response — which...

Episode 279: Future of ZFS


Direct Download:MP3 AudioVideo Headlines The future of ZFS in FreeBSD The sources for FreeBSD's ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push...

Episode 278: The real McCoy


Direct Download:MP3 AudioVideo Interview - Kirk McKusick - 25 years of FreeBSD How Kirk got started in BSD, at the very beginning Predicting the Future How the code and community grew The leadership of the project, and how it changed over time UFS over the years (reading disks from 1982 in 2018) Conferences The rise and fall of...