Skip to main content.

Episode 133: The Tokyo Debrief


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


AsiaBSDCon 2016 - Wrap-up

FreeBSD gets Haswell graphics support in time for 11.0-RELEASE

  • The moment that many have been waiting for has finally arrived, support for Haswell graphics has been committed to FreeBSD -CURRENT
  • The brings the DRM/i915 code up to date with Linux kernel 3.8.13
  • Work has already started on updating to Linux kernel 3.9
  • It is hoped that subsequent updates will be much easier, and much faster
  • It does not appear to require setting the i915.preliminaryhwsupport loader tunable

OpenBSD vmm/vmd Update

  • For the third year running, bhyvecon was held last week, during the lead up to AsiaBSDCon
  • Bhyvecon has expanded, and now covers all virtualization on BSDs
  • There were presentations on bhyve, Xen Dom0 on FreeBSD, Xen DomU for OpenBSD, and OpenBSD’s vmm
  • OpenBSD vmm started at the Brisbane 2015 hackathon in Australia
  • Work continued through the summer and fall thanks to funding by the OpenBSD Foundation
  • The presentation answered some outstanding questions, such as, why not just port bhyve?
  • Initial focus is OpenBSD on OpenBSD
  • Loader currently supports FreeBSD and NetBSD as well
  • After the initial commits, other developers joined in to help with the work
  • Reyk reworked the vmd and vmctl commands, to provide a better user interface
  • Future plans:
    • Nested VMX
    • i386 support
    • AMD SVM support
    • Filesystem passthru
    • Live migration (with ZFS like command syntax)
  • Other developers are working on related projects:
    • qemu interface: Allow qemu to be accelerated by the vmm backend, while providing emulated hardware, for legacy systems
    • KVM interface: Make vmm look like KVM, so existing tools like openstack “just work”

Interview - Brad Davis - / @so14k

  • Packaging Base

News Roundup

Packaging the base system with pkg(8)

  • The official call for testing for FreeBSD’s pkg(8)’d base is out
  • Users are requested to checkout the release-pkg branch, and build it as normal (buildworld, buildkernel)
  • Instead of installworld, run: make packages
  • This will produce a pkg repo in the /usr/obj directory
  • The post to the mailing list includes an example pkg repo config file to point to those packages
  • Run: pkg update -r FreeBSD-base
  • This will read the metadata from the new repository
  • Then run: pkg install -g 'FreeBSD-*'
  • This will find all packages that start with ‘FreeBSD-’ and install them
  • In the future, there will be meta packages, so you can just install FreeBSD-base and it will pull in other packages are dependencies
  • Currently, there are a large number of packages (over 700), because each shared library is packaged separately, and almost all optional features are in a separate package
  • The number of packages is also increased because there are separate -debug, -profiling, etc versions of each package
  • New features are being added to pkg(8) to mark important system components, like libc, as ‘vital’, so they cannot be deleted accidently
  • However, in the case of using pkg(8)’d base to create a jail, the administrator should be able to delete the entire base system
  • Classic conundrum: “UNIX does not stop you doing something stupid, as that would also stop you doing something clever”
  • Work is still ongoing
  • At AsiaBSDCon, after the interview was recorded, bapt@ and brd@ had a whiteboarding session and have come up with how they expect to handle the kernel package, to ensure there is a /boot/kernel.old for you to fall back to incase the newly installer kernel does not work correctly.

FreeBSD 10.3-RC2 Now Available

  • The second release candidate for FreeBSD 10.3 is now available for testing
  • Notable changes include:
    • Import an upstream fix for ‘zfs send -i’ to avoid data corruption in specific instances
    • Boot loaders and kernel have been taught to handle ELF sections of type SHTAMD64UNWIND. This does not really apply to FreeBSD 10.3, but is required for 11.0, so will make upgrades easier
    • Various mkdb commands (/etc/services, /etc/login.conf, etc) commands now use fsync() instead of opening the files as O_SYNC, greatly increasing the speed of the database generation
  • From the earlier BETA3, the VFS improvements that were causing ZFS hangs, and the new ‘tryforward’ routing code, have been reverted
  • Work is ongoing to fix these issues for FreeBSD 11.0
  • There are two open issues:
    • A fix for OpenSSH CVE-2016-3115 has not be included yet
    • the re-addition of AES-CBC ciphers to the default server proposal list. AES-CBC was removed as part of the update to OpenSSH version 7.1p2, but the plan is to re-add it, specifically for lightweight clients who rely on hardware crypto offload to have acceptable SSH performance
  • Please go out and test

OPNsense 16.1.6 released

  • A new point-release of OPNsense has dropped, and apart from the usual security updates, some new features have been included
  • firmware: bootstrap utility can now directly install e.g. the development version
  • dhcp: all GUI pages have been reworked for a polished look and feel
  • proxy: added category-based remote file support if compressed file contains multiple files
  • proxy: added ICAP support (contributed by Fabian Franz)
  • proxy: hook up the transparent FTP proxy
  • proxy: add intercept on IPv6 for FTP and HTTP proxy options
  • logging: syslog facilities, like services, are now fully pluggable
  • vpn: stripped an invalid PPTP server configuration from the standard configuration
  • vpn: converted to pluggable syslog, menu and ACL
  • dyndns: all GUI pages have been reworked for a polished look and feel
  • dyndns: widget now shows IPv6 entries too
  • dns forwarder: all GUI pages have been reworked for a polished look and feel
  • dns resolver: all GUI pages have been reworked for a polished look and feel
  • dns resolver: rewrote the dhcp lease registration hooks
  • dns resolver: allow parallel operation on non-standard port when dns forwarder is running as well
  • firewall: hide outbound nat rule input for "interface address" option and toggle bitmask correctly
  • interfaces: fix problem when VLAN tags weren't generated properly
  • interfaces: improve interface capability reconfigure
  • ipsec: fix service restart behaviour from GUI
  • captive portal: add missing chain in certificate generation
  • configd: improve recovery and reload behaviour
  • load balancer: reordered menu entries for clarity
  • ntp: reordered menu entries for clarity
  • traffic shaper: fix mismatch for direction + dual interfaces setup
  • languages: updated German and French

Call for testing - ASLR patch

  • A patch that provides a first pass implementation of basic ASLR (Address Space Layout Randomization) for FreeBSD has been posted to the mailing list
  • “Stack gap, W^X, shared page randomization, KASLR and other techniques are explicitly out of scope of this work.”
  • “ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs. I expect to test and enable ASLR for armv6 and arm64 as well, later”
  • “Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD. Although this work is not based on theirs, it was inspired by their efforts.”


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 276: ho, ho, ho - 12.0


Direct Download:MP3 AudioVideo Headlines FreeBSD 12.0 is available After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available. We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes > Userland: > Group permissions on /dev/acpi have been changed to allow users in...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....