Skip to main content.

Episode 129: Synthesize all the Things!


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


glibc and the BSDs

  • You have likely already heard about CVE-2015-7547
  • “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library.”
  • “Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”
  • More details from Google’s Online Security team blog
  • “Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”
  • “First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”
  • The same most likely applies to the other BSDs
  • “However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”
  • A patch to update emulation/linux_base-c6 has been prepared and should be committed soon
  • Running ‘pkg audit’ will list any known vulnerable packages installed on your system
  • “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”
  • “If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”
  • Dag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already

OpenBSD Foundation - 2016 Fundraising Campaign

  • The OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year.
  • While they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors.

‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to: Plan and support more developer events (hackathons), and allow for more developers to attend these events. Continue to improve the project infrastructure. Fund more dedicated developer time for targeted development of specific projects.‘

  • To give you an idea of how much OpenBSD technology is used around the world, they broke it down this way:

If $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal. If $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal. If a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.

Getting Started with ION-DTN 3.4.0 on FreeBSD

  • “The Interplanetary Overlay Network (ION) software distribution is an implementation of Delay-Tolerant Networking (DTN) architecture as described in Internet RFC 4838, suitable for use in spacecraft”
  • This tutorial covers setting up ION 3.4.0 on FreeBSD
  • The tutorial starts by downloading the ION software, and installing the relevant build tools
  • The instructions allow ION to be installed system-wide, or for a specific user
  • The each host is configured
  • Then pings are traded between the hosts to ensure everything works
  • Then a web page is served over the interplanetary network
  • Sadly I don’t have any hosts on other planets to test with.
  • The tutorial also includes a troubleshooting guide

Open Storage Issue – New BSD Mag is Out!

  • The next issue of BSDMag (The Open Storage Issue) just landed which features an interview with Matt Olander of iXsystems.
  • During the interview, Matt talks about the culture of support for open-source down at iX, not only FreeNAS and PC-BSD, but the FreeBSD foundation, Slackware and more.
  • He also gets to extol the virtues of the open-source development model itself, why it tends to lead to better code overall.
  • In addition to the lead interview with Matt, this issue also features some other great interviews with Open Source storage vendors, and even some ZFS howto’s about setting up your ZIL devive

Interview - John Marino -

FreeNAS with FreeBSD as its base helped save taxpayers $36,000 for a small public school district

News Roundup

Getting Started With Tor Hidden Services on FreeBSD

  • Ever wondered how to setup and use a Tor hidden service? We have a walkthrough posted over on which details how to do that on a FreeBSD -CURRENT system.
  • The basics are pretty simple, installing security/tor is the first step (although, he is using portmaster, you may wish to just ‘pkg install security/tor’)
  • The walkthrough provides an example server hosting just the date/time on port 8080, which you can use as an example and to verify it works, before serving anything real.
  • Once a local server is ready to serve something, the Tor setup is pretty quick, basically just two lines of config in torrc:

HiddenServiceDir /usr/home/tor/hidden_service/

HiddenServicePort 80

  • After starting the service, the walkthrough will show you how to get the new hostname for this hidden service and verify its functionality.

ZFS Remote Mirrors for Home Use

  • A recently updated tutorial on remotely mirroring your ZFS files
  • Using a spare old computer, or a SBC like a Raspberry Pi, and an (external) hard drive
  • It covers installing and configuring FreeBSD for both sides of the remote replication
  • The new appendix covers the creation of a Raspberry Pi image, although a prebuilt one is also provided
  • The setup uses GELI to ensure the data is encrypted at-rest
  • Updating and maintaining both systems is covered in detail
  • The article is very detailed, and covers pretty much every aspect of the setup, including suggestions on where to physically locate the remote system, and configuration tips to reduce the chance that local intervention will be required
  • Most importantly, it covers the disaster recovery steps. How to get your files back when bad things happen

Lumina Desktop 0.8.8 Released

  • PC-BSD’s very own Lumina desktop has issued a new release, 0.8.8
  • Notable in this release is support for NetBSD out of box, improvements to the start menu, and ability to change monitor resolutions in the X configuration tool. (Also the desktop font colors look better!)
  • 0.8.8 is now available in PC-BSD via pkg, and FreeBSD ports/pkg system as well.
  • Lumina Desktop aims for v1.0 in July 2016
  • We also have a blog post from Larry over at FossForce, highlighting that 1.0 of Lumina is still targeted for July(ish)

NetBSD on Google's Compute Engine

  • A NetBSD developer has gotten NetBSD running on Google Compute Engine, a service somewhat similar to Amazon’s EC2, and Microsoft’s Azure
  • Support is still being worked on, but I imagine it will land in NetBSD before too long
  • NetBSD on GCE dmesg
  • OpenBSD on GCE
  • FreeBSD on GCE


htop 2.0 released - an interactive process viewer for Unix (including FreeBSD and OpenBSD)

Full set of binary packages for 7.0 released for ARM v6 and v7 (hf)

DragonFly 4.4.2 released

LibertyBSD 5.8 has been released

Broadwell systems may want to take advantage of the patch by Imre Vadasz

Finding the hard-to-spot bugs in FreeBSD


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 281: EPYC Server battle


Direct Download:MP3 AudioVideo Headlines scp client multiple vulnerabilities Overview SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation. Description Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and...

Episode 280: FOSS clothing


Direct Download:MP3 AudioVideo Headlines A EULA in FOSS clothing? There was a tremendous amount of reaction to and discussion about my blog entry on the midlife crisis in open source. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a detailed response — which...

Episode 279: Future of ZFS


Direct Download:MP3 AudioVideo Headlines The future of ZFS in FreeBSD The sources for FreeBSD's ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push...

Episode 278: The real McCoy


Direct Download:MP3 AudioVideo Interview - Kirk McKusick - 25 years of FreeBSD How Kirk got started in BSD, at the very beginning Predicting the Future How the code and community grew The leadership of the project, and how it changed over time UFS over the years (reading disks from 1982 in 2018) Conferences The rise and fall of...