Skip to main content.

Episode 133: The Tokyo Debrief

2016-03-16

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Headlines

AsiaBSDCon 2016 - Wrap-up

FreeBSD gets Haswell graphics support in time for 11.0-RELEASE

  • The moment that many have been waiting for has finally arrived, support for Haswell graphics has been committed to FreeBSD -CURRENT
  • The brings the DRM/i915 code up to date with Linux kernel 3.8.13
  • Work has already started on updating to Linux kernel 3.9
  • It is hoped that subsequent updates will be much easier, and much faster
  • It does not appear to require setting the i915.preliminaryhwsupport loader tunable

OpenBSD vmm/vmd Update

  • For the third year running, bhyvecon was held last week, during the lead up to AsiaBSDCon
  • Bhyvecon has expanded, and now covers all virtualization on BSDs
  • There were presentations on bhyve, Xen Dom0 on FreeBSD, Xen DomU for OpenBSD, and OpenBSD’s vmm
  • OpenBSD vmm started at the Brisbane 2015 hackathon in Australia
  • Work continued through the summer and fall thanks to funding by the OpenBSD Foundation
  • The presentation answered some outstanding questions, such as, why not just port bhyve?
  • Initial focus is OpenBSD on OpenBSD
  • Loader currently supports FreeBSD and NetBSD as well
  • After the initial commits, other developers joined in to help with the work
  • Reyk reworked the vmd and vmctl commands, to provide a better user interface
  • Future plans:
    • Nested VMX
    • i386 support
    • AMD SVM support
    • Filesystem passthru
    • Live migration (with ZFS like command syntax)
  • Other developers are working on related projects:
    • qemu interface: Allow qemu to be accelerated by the vmm backend, while providing emulated hardware, for legacy systems
    • KVM interface: Make vmm look like KVM, so existing tools like openstack “just work”

Interview - Brad Davis - brd@freebsd.org / @so14k

  • Packaging Base

News Roundup

Packaging the base system with pkg(8)

  • The official call for testing for FreeBSD’s pkg(8)’d base is out
  • Users are requested to checkout the release-pkg branch, and build it as normal (buildworld, buildkernel)
  • Instead of installworld, run: make packages
  • This will produce a pkg repo in the /usr/obj directory
  • The post to the mailing list includes an example pkg repo config file to point to those packages
  • Run: pkg update -r FreeBSD-base
  • This will read the metadata from the new repository
  • Then run: pkg install -g 'FreeBSD-*'
  • This will find all packages that start with ‘FreeBSD-’ and install them
  • In the future, there will be meta packages, so you can just install FreeBSD-base and it will pull in other packages are dependencies
  • Currently, there are a large number of packages (over 700), because each shared library is packaged separately, and almost all optional features are in a separate package
  • The number of packages is also increased because there are separate -debug, -profiling, etc versions of each package
  • New features are being added to pkg(8) to mark important system components, like libc, as ‘vital’, so they cannot be deleted accidently
  • However, in the case of using pkg(8)’d base to create a jail, the administrator should be able to delete the entire base system
  • Classic conundrum: “UNIX does not stop you doing something stupid, as that would also stop you doing something clever”
  • Work is still ongoing
  • At AsiaBSDCon, after the interview was recorded, bapt@ and brd@ had a whiteboarding session and have come up with how they expect to handle the kernel package, to ensure there is a /boot/kernel.old for you to fall back to incase the newly installer kernel does not work correctly.

FreeBSD 10.3-RC2 Now Available

  • The second release candidate for FreeBSD 10.3 is now available for testing
  • Notable changes include:
    • Import an upstream fix for ‘zfs send -i’ to avoid data corruption in specific instances
    • Boot loaders and kernel have been taught to handle ELF sections of type SHTAMD64UNWIND. This does not really apply to FreeBSD 10.3, but is required for 11.0, so will make upgrades easier
    • Various mkdb commands (/etc/services, /etc/login.conf, etc) commands now use fsync() instead of opening the files as O_SYNC, greatly increasing the speed of the database generation
  • From the earlier BETA3, the VFS improvements that were causing ZFS hangs, and the new ‘tryforward’ routing code, have been reverted
  • Work is ongoing to fix these issues for FreeBSD 11.0
  • There are two open issues:
    • A fix for OpenSSH CVE-2016-3115 has not be included yet
    • the re-addition of AES-CBC ciphers to the default server proposal list. AES-CBC was removed as part of the update to OpenSSH version 7.1p2, but the plan is to re-add it, specifically for lightweight clients who rely on hardware crypto offload to have acceptable SSH performance
  • Please go out and test

OPNsense 16.1.6 released

  • A new point-release of OPNsense has dropped, and apart from the usual security updates, some new features have been included
  • firmware: bootstrap utility can now directly install e.g. the development version
  • dhcp: all GUI pages have been reworked for a polished look and feel
  • proxy: added category-based remote file support if compressed file contains multiple files
  • proxy: added ICAP support (contributed by Fabian Franz)
  • proxy: hook up the transparent FTP proxy
  • proxy: add intercept on IPv6 for FTP and HTTP proxy options
  • logging: syslog facilities, like services, are now fully pluggable
  • vpn: stripped an invalid PPTP server configuration from the standard configuration
  • vpn: converted to pluggable syslog, menu and ACL
  • dyndns: all GUI pages have been reworked for a polished look and feel
  • dyndns: widget now shows IPv6 entries too
  • dns forwarder: all GUI pages have been reworked for a polished look and feel
  • dns resolver: all GUI pages have been reworked for a polished look and feel
  • dns resolver: rewrote the dhcp lease registration hooks
  • dns resolver: allow parallel operation on non-standard port when dns forwarder is running as well
  • firewall: hide outbound nat rule input for "interface address" option and toggle bitmask correctly
  • interfaces: fix problem when VLAN tags weren't generated properly
  • interfaces: improve interface capability reconfigure
  • ipsec: fix service restart behaviour from GUI
  • captive portal: add missing chain in certificate generation
  • configd: improve recovery and reload behaviour
  • load balancer: reordered menu entries for clarity
  • ntp: reordered menu entries for clarity
  • traffic shaper: fix mismatch for direction + dual interfaces setup
  • languages: updated German and French

Call for testing - ASLR patch

  • A patch that provides a first pass implementation of basic ASLR (Address Space Layout Randomization) for FreeBSD has been posted to the mailing list
  • “Stack gap, W^X, shared page randomization, KASLR and other techniques are explicitly out of scope of this work.”
  • “ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs. I expect to test and enable ASLR for armv6 and arm64 as well, later”
  • “Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD. Although this work is not based on theirs, it was inspired by their efforts.”

Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Latest News

New announcement

2017-05-25

Hi, Mr. Dexter. Also, we understand that Brad Davis thinks there should be more real news....

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...


Episode 232: FOSDEM 2018

2018-02-07

Direct Download:HD VideoMP3 AudioTorrent> This episode was brought to you by Headlines [FOSDEM Trip report] Your BSDNow hosts were both at FOSDEM in Brussels, Belgium over the weekend. On the friday before FOSDEM, we held a FreeBSD devsummit (3rd consecutive year), sponsored by the FreeBSD Foundation and organized by Benedict (with the help from Kristof...

Episode 231: Unix Architecture Evolution

2018-01-24

Direct Download:HD VideoMP3 AudioTorrent This episode was brought to you by Headlines Unix Architecture Evolution from the 1970 PDP-7 to the 2017 FreeBSD Q: Could you briefly introduce yourself? I’m a professor of software engineering, a programmer at heart, and a technology author. Currently I’m also the editor in chief of the IEEE...

Episode 230: Your questions, Part III

2018-01-24

Direct Download:HD VideoMP3 AudioTorrent> This episode was brought to you by Headlines KPTI patch lands in FreeBSD -current After a heroic effort by Konstantin Belousov kib@FreeBSD.org, the first meltdown patch has landed in FreeBSD This creates separate page tables for the Kernel and userland, and switches between them when executions enters the kernel, and when...

Episode 229: The Meltdown of Spectre

2018-01-17

Direct Download:HD VideoMP3 AudioTorrent> This episode was brought to you by Headlines More Meltdown Much has been happened this week, but before we get into a status update of the various mitigations on the other BSDs, some important updates: Intel has recalled the microcode update they issued on January 8th. It turns out this update...