Skip to main content.

Episode 129: Synthesize all the Things!


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


glibc and the BSDs

  • You have likely already heard about CVE-2015-7547
  • “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library.”
  • “Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”
  • More details from Google’s Online Security team blog
  • “Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”
  • “First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”
  • The same most likely applies to the other BSDs
  • “However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”
  • A patch to update emulation/linux_base-c6 has been prepared and should be committed soon
  • Running ‘pkg audit’ will list any known vulnerable packages installed on your system
  • “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”
  • “If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”
  • Dag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already

OpenBSD Foundation - 2016 Fundraising Campaign

  • The OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year.
  • While they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors.

‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to: Plan and support more developer events (hackathons), and allow for more developers to attend these events. Continue to improve the project infrastructure. Fund more dedicated developer time for targeted development of specific projects.‘

  • To give you an idea of how much OpenBSD technology is used around the world, they broke it down this way:

If $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal. If $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal. If a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.

Getting Started with ION-DTN 3.4.0 on FreeBSD

  • “The Interplanetary Overlay Network (ION) software distribution is an implementation of Delay-Tolerant Networking (DTN) architecture as described in Internet RFC 4838, suitable for use in spacecraft”
  • This tutorial covers setting up ION 3.4.0 on FreeBSD
  • The tutorial starts by downloading the ION software, and installing the relevant build tools
  • The instructions allow ION to be installed system-wide, or for a specific user
  • The each host is configured
  • Then pings are traded between the hosts to ensure everything works
  • Then a web page is served over the interplanetary network
  • Sadly I don’t have any hosts on other planets to test with.
  • The tutorial also includes a troubleshooting guide

Open Storage Issue – New BSD Mag is Out!

  • The next issue of BSDMag (The Open Storage Issue) just landed which features an interview with Matt Olander of iXsystems.
  • During the interview, Matt talks about the culture of support for open-source down at iX, not only FreeNAS and PC-BSD, but the FreeBSD foundation, Slackware and more.
  • He also gets to extol the virtues of the open-source development model itself, why it tends to lead to better code overall.
  • In addition to the lead interview with Matt, this issue also features some other great interviews with Open Source storage vendors, and even some ZFS howto’s about setting up your ZIL devive

Interview - John Marino -

FreeNAS with FreeBSD as its base helped save taxpayers $36,000 for a small public school district

News Roundup

Getting Started With Tor Hidden Services on FreeBSD

  • Ever wondered how to setup and use a Tor hidden service? We have a walkthrough posted over on which details how to do that on a FreeBSD -CURRENT system.
  • The basics are pretty simple, installing security/tor is the first step (although, he is using portmaster, you may wish to just ‘pkg install security/tor’)
  • The walkthrough provides an example server hosting just the date/time on port 8080, which you can use as an example and to verify it works, before serving anything real.
  • Once a local server is ready to serve something, the Tor setup is pretty quick, basically just two lines of config in torrc:

HiddenServiceDir /usr/home/tor/hidden_service/

HiddenServicePort 80

  • After starting the service, the walkthrough will show you how to get the new hostname for this hidden service and verify its functionality.

ZFS Remote Mirrors for Home Use

  • A recently updated tutorial on remotely mirroring your ZFS files
  • Using a spare old computer, or a SBC like a Raspberry Pi, and an (external) hard drive
  • It covers installing and configuring FreeBSD for both sides of the remote replication
  • The new appendix covers the creation of a Raspberry Pi image, although a prebuilt one is also provided
  • The setup uses GELI to ensure the data is encrypted at-rest
  • Updating and maintaining both systems is covered in detail
  • The article is very detailed, and covers pretty much every aspect of the setup, including suggestions on where to physically locate the remote system, and configuration tips to reduce the chance that local intervention will be required
  • Most importantly, it covers the disaster recovery steps. How to get your files back when bad things happen

Lumina Desktop 0.8.8 Released

  • PC-BSD’s very own Lumina desktop has issued a new release, 0.8.8
  • Notable in this release is support for NetBSD out of box, improvements to the start menu, and ability to change monitor resolutions in the X configuration tool. (Also the desktop font colors look better!)
  • 0.8.8 is now available in PC-BSD via pkg, and FreeBSD ports/pkg system as well.
  • Lumina Desktop aims for v1.0 in July 2016
  • We also have a blog post from Larry over at FossForce, highlighting that 1.0 of Lumina is still targeted for July(ish)

NetBSD on Google's Compute Engine

  • A NetBSD developer has gotten NetBSD running on Google Compute Engine, a service somewhat similar to Amazon’s EC2, and Microsoft’s Azure
  • Support is still being worked on, but I imagine it will land in NetBSD before too long
  • NetBSD on GCE dmesg
  • OpenBSD on GCE
  • FreeBSD on GCE


htop 2.0 released - an interactive process viewer for Unix (including FreeBSD and OpenBSD)

Full set of binary packages for 7.0 released for ARM v6 and v7 (hf)

DragonFly 4.4.2 released

LibertyBSD 5.8 has been released

Broadwell systems may want to take advantage of the patch by Imre Vadasz

Finding the hard-to-spot bugs in FreeBSD


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

EuroBSDCon 2014


As you might expect, both Allan and Kris will be at EuroBSDCon this year. They'll be busy hunting down various BSD developers and forcing them to do interviews, but don't hesitate to say hi if you're a listener!...

Episode 164: Virtualized COW / PI?


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines vmm enabled VMM, the OpenBSD hypervisor, has been imported into current It has similar hardware requirements to bhyve, a Intel Nehalem or newer CPU with the hardware virtualization features enabled in the BIOS AMD support has not been started yet OpenBSD is the...

Episode 163: Return of the Cantrill


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines FreeBSD 11.0-RELEASE Now Available FreeBSD 11.0-RELEASE is now officially out. A last minute reroll to pickup OpenSSL updates and a number of other security fixes meant the release was a little behind schedule, and shipped as 11.0-RELEASE-p1, but the release is better...

Episode 162: The Foundation of NetBSD


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines What is new on EC2 for FreeBSD 11.0-RELEASE “FreeBSD 11.0-RELEASE is just around the corner, and it will be bringing a long list of new features and improvements — far too many for me to list here. I think there are...

Episode 161: The BSD Bromance


Direct Download:VideoHD VideoMP3 AudioOGG AudioTorrent This episode was brought to you by Headlines EuroBSDCon 2016 Wrapup Ollivier Robert’s Photos from EuroBSDCon Get your BSDNow die-cut stickers NetBSD for newbies - Develop your own Power PC We don’t get to feature too many stories on NetBSD being deployed as a Power PC (Not PowerPC, you...