Skip to main content.

Episode 139: Cheri-picking BSD


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


Unix's file durability problem

  • Another article by Chris Siebenmann from the University of Toronto
  • This time, the issue was a lost comment on his Python based blog which uses files on disk rather than a database
  • After an unexpected restart of the system, a recently posted comment no longer existed
  • The post goes on to investigate what the ‘right way’ to ensure file durability is
  • The answer, as you might expect, is “it depends…”
  • Normally, fsync() should work, but it seems with ext4 and some other file systems, you must also fsync() the directory where the file was created, or it might not be possible to find the file after a crash
  • Do you need to fsync() the parent of that directory too? Then what is fdatasync() for? What about just calling sync()?
  • “One issue is that unlike many other Unix API issues, it's impossible to test to see if you got it all correct and complete. If your steps are incomplete, you don't get any errors; your data is just silently sometimes at risk. Even with a test setup to create system crashes or abrupt power loss (which VMs make much easier), you need uncommon instrumentation to know things like if your OS actually issued disk flushes or just did normal buffered writes. And straightforward testing can't tell you if what you're doing will work all the time, because what is required varies by Unix, kernel version, and the specific filesystem involved.”
  • Second post by author: How I'm trying to do durable disk writes
  • Additional Discussion on Hacker News
  • The discussion on HN also gets into AIO and other more complicated facilities, but even those seem to be vague about when your data is actually safe
  • At least ZFS ensures you never get half of your new data, and half of your old data.

Build a FreeBSD 10.3-release Openstack Image with bsd-cloudinit

  • Are you using FreeBSD and OpenStack or would you like to be? We next have a great tutorial which explains the ins-and-outs of doing exactly that.
  • Remy van Elst brings us a great walkthrough on his site on how to get started, and hint it involves just a few ‘pip’ commands.
  • After getting the initial Python tools bootstrapped, next he shows us how to save our OpenStack settings in a sourceable shell command, which comes in handy before doing admin on a instance.
  • Next the ‘glance’ and ‘cinder’ tools are used to upload the target OS ISO file and then create a volume for it to install onto.
  • Next the VM is started and some specific steps are outlined on getting FreeBSD 10.3 installed into the instance. It includes some helpful hints as how to fix a mountroot error, if you installed to ada0, but need to mount via vtdb0 instead now.
  • After the installation is finished, the prep for ‘cloudinit’ is done, and the resulting image is compressed and made ready for deployment.
  • We’ve kinda stepped through some of the more gory steps here, but if OpenStack is something you work with, this tutorial should be at the top of your “must read” list.

Undeadly and HTTPS

  • Undeadly, the OpenBSD journal, is thinking of moving to HTTPS only
  • In order to do this, they would like some help rewriting part of the site
  • Currently, when you login to post comments, this is done over HTTPS, but to an stunnel instance running a custom script that gives you a cookie, and sends you back to the non-HTTPS site
  • They would like to better integrate the authentication system, and otherwise improve the code for the site
  • There is some pushback as well, questioning whether it makes sense to block users who are unable to use HTTPS for one reason or another
  • I think it makes sense to have the site default to HTTPS, but, maybe HTTPS only doesn’t make sense. There is nothing private on the site, other than the authentication system which is optional, not required to post a comment.
  • There is also some discussion about the code for the site, including the fact that when the code was released, the salt for the password database was included
  • This is not actually a security problem, but the discussion may be interesting to some viewers

FreeBSD Journal March/April Edition

  • The next issue of the FreeBSD Journal is here, and this time it is about Teaching with Operating Systems
  • In addition to the usual columns, including: svn update, the ports report, a conference report from FOSDEM, a meetup report from PortsCamp Taipei, A book review of "The Algorithm Design Manual", and the Events Calendar; there are a set of feature articles about teaching
  • Teaching with FreeBSD through Tracing, Analysis, and Experimentation
  • CHERI: Building a foundation for secure, trusted computing bases
  • A brief history of Fast Filesystems
  • There is also an interview with Gleb Smirnoff, a member of the Core team, release engineering, and the deputy security officer, as well as a senior software developer at Netflix
  • Get the latest issue from your favourite mobile store, or the “Desktop Edition” directly in your browser from the FreeBSD Foundation’s website

Interview - Brooks Davis - / @brooksdavis

  • CHERI and Capabilities

TrueNAS Three-Peats!!!

News Roundup

UbuntuBSD Is Looking To Become An Official Ubuntu Flavor

  • You may recall a few weeks back that we were a bit surprised by the UbuntuBSD project and its longevity / goals.
  • However the project seems to be pushing forward, with news on that they are now seeking to become an ‘official’ Ubuntu Flavor.
  • They’ve already released a forth beta, so it seems the project currently has some developers pushing it forward:

"I would like to contribute all my work to Ubuntu Community and, if you think it is worthy, make ubuntuBSD an official Ubuntu project like Xubuntu or Edubuntu," said Jon Boden. "If you're interested, please let me know how would you like me to proceed."

It's Just Bits

  • We have next an interesting blog post talking about the idea that “It’s just all bits!”
  • The author then takes us down the idea of no matter how old or mysterious the code may be, in the end it is ending up as bits arranged a certain way.
  • Then the article transitions and takes us through the idea that old bits, and bits that have grown too large should often be good candidates for replacement by “simpler” bits, using OpenBSD as an example.

“The OpenBSD community exemplifies this in many ways by taking existing solutions and simplifying them. Processing man pages is as old as Unix, and even in the 21st century OpenBSD has taken the time to rewrite the existing solution to be simpler and safer. It's just bits that need to be turned into other bits. Similarly, OpenBSD has introduced doas as an alternative to sudo. While not replacing sudo entirely, doas makes the 99.99% case of what people use sudo for easier and safer. They are just bits that need to be authenticated. “

  • All in all, a good read, and it reinforces the point that nothing is really truly “finished”. As computing advances and new technologies / practices are made available, sometimes it makes a lot of sense to go back and re-write things in order to simplify the complexity that has snuck in over time.

Disk IO limiting is coming to FreeBSD

  • A much requested feature for both Jails and VM’s on FreeBSD has just landed with experimental support in -HEAD, Disk IO limiting!

  • The Commit message states as follows:

“Add four new RCTL resources - readbps, readiops, writebps and writeiops, for limiting disk (actually filesystem) IO.

Note that in some cases these limits are not quite precise. It's ok, as long as it's within some reasonable bounds.

Testing - and review of the code, in particular the VFS and VM parts - is very welcome.”

  • Well, what are you waiting for? This is a fantastic new feature which I’m sure will get incorporated into other tools for controlling jails and VM’s down the road.
  • If you give it a spin, be sure to report back bugs so they can get quashed in time for 11.



  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....

Episode 272: Detain the bhyve


Direct Download:MP3 AudioVideo Headlines The byproducts of reading OpenBSD netcat code When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the...