Skip to main content.

Episode 143: One small step for DRM, one giant leap for BSD


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


How the number of states affects pf’s performance of FreeBSD

  • Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall that can handle upwards of 4 million state table entries.
  • He begins in the article with benchmarking the defaults, since without that we don’t have a framework to compare the later results. All done on his Netgate RCC-VE 4860 (4 cores ATOM C2558, 8GB RAM) under FreeBSD 10.3.
  • “We notice a little performance impact when we reach the default 10K state table limit: From 413Kpps with 128 states in-used, it lower to 372Kpps.”
  • With the initial benchmarks done and graphed, he then starts the tuning process by adjusting the “”sysctl, and then playing with the number of states for the firewall to keep.
  • “For the next bench, the number of flow will be fixed for generating 9800 pf state entries, but I will try different value of pf.states_hashsize until the maximum allowed on my 8GB RAM server (still with the default max states of 10k):”
  • Then he cranks it up to 4 million states
  • “There is only 12% performance penalty between pf 128 pf states and 4 million pf states.”
  • “With 10M state, pf performance lower to 362Kpps: Still only 12% lower performance than with only 128 states”
  • He then looks at what this does of pfsync, the protocol to sync the state table between two redundant pf firewalls
  • Conclusions:

There need to be a linear relationship between the pf hard-limit of states and the pf.stateshashsize; RAM needed for pf.stateshashsize = pf.stateshashsize * 80 Byte and pf.stateshashsize should be a power of 2 (from the manual page); Even small hardware can manage large number of sessions (it's a matter of RAM), but under too lot's of pressure pfsync will suffer.

Introducing the BCHS Stack = BSD, C, httpd, SQLite

  • Pronounced Beaches
  • “It's a hipster-free, open source software stack for web applications”
  • “Don't just write C. Write portable and secure C.”
  • “Get to know your security tools. OpenBSD has systrace(4) and pledge(2). FreeBSD has capsicum(4).”
  • “Statically scan your binary with LLVM” and “Run your application under valgrind”
  • “Don't forget: BSD is a community of professionals. Go to conferences (EuroBSDCon, AsiaBSDCon, BSDCan, etc.)”
  • This seems like a really interesting project, we’ll have to get Kristaps Dzonsons back on the show to talk about it

Installing OpenBSD's httpd server, MariaDB, PHP 5.6 on OpenBSD 5.9

  • Looking to deploy your next web-stack on OpenBSD 5.9? If so this next article from is for you.
  • Specifically it will walk you through the process of getting OpenBSD’s own httpd server up and running, followed by MariaDB and PHP 5.6.
  • Most of the setup is pretty straight-forward, the httpd syntax may be different to you, if this is your first time trying it out.
  • Once the various packages are installed / configured, the rest of the tutorial will be easy, walking you through the standard hello world PHP script, and enabling the services to run at reboot.
  • A good article for those wanting to start hosting PHP/DB content (wordpress anyone?) on your OpenBSD system.

The infrastructure behind Varnish

  • Dogfooding. It’s a term you hear often in the software community, which essentially means to “Run your own stuff”. Today we have an article by PKH over at varnish-cache, talking about what that means to them.
  • Specifically, they recently went through a website upgrade, which will enable them to run more of their own stuff.
  • He has a great quote on what OS they use:“So, dogfood: Obviously FreeBSD. Apart from the obvious reason that I wrote a lot of FreeBSD and can get world-class support by bugging my buddies about it, there are two equally serious reasons for the Varnish Project to run on FreeBSD: Dogfood and jails.Varnish Cache is not “software for Linux”, it is software for any competent UNIX-like operating system, and FreeBSD is our primary “keep us honest about this” platform.“
  • He then goes through the process of explaining how they would setup a new Varnish-cache website, or upgrade it.
  • All together a great read, and if you are one of the admin-types, you really should pay attention to how they build from the ground up. Some valuable knowledge here which every admin should try to replicate.
  • I can not reiterate the value of having your config files in a private source control repo strongly enough
  • The biggest take-away is: “And by doing it this way, I know it will work next time also.”

Interview - Matt Macy - mmacy@nextbsd.orgGraphics Stack Update

News Roundup

Followup on packaging base with pkg(8)

  • In spite of the heroic last minute effort by a team of contributors, pkg’d base will not be ready in time for FreeBSD 11.0
  • There are just too many issues that were discovered during testing
  • The plan is to continue using freebsd-update in the meantime, and introduce a pkg based upgrade mechanism in FreeBSD 11.1
  • With the new support model for the FreeBSD 11 branch, 11.1 may come sooner than with previous major releases

FreeBSD Core Election

  • It is time once again for the FreeBSD Core Election
  • Application period begins: Wednesday, 18 May 2016 at 18:00:00 UTC
  • Application period ends: Wednesday, 25 May 2016 at 18:00:00 UTC
  • Voting begins: Wednesday, 25 May 2016 at 18:00:00 UTC
  • Voting ends: Wednesday, 22 June 2016 at 18:00:00 UTC
  • Results announced Wednesday, 29 June 2016
  • New core team takes office: Wednesday, 6 July 2016
  • As of the time I was writing these notes, 3 hours before the application deadline, the candidates are:
  • Allan Jude: Filling in the potholes
  • Marcelo Araujo: We are not vampires, but we need new blood.
  • Baptiste Daroussin (incumbent): Keep on improving
  • Benedict Reuschling: Learn and Teach
  • Benno Rice: Revitalising The Community
  • Devin Teske: Here to help
  • Ed Maste (incumbent): FreeBSD is people
  • George V. Neville-Neil (incumbent): There is much to do…
  • Hiroki Sato (incumbent): Keep up with our good community and technical strength
  • John Baldwin: Ready to work
  • Juli Mallett: Caring for community.
  • Kris Moore: User-Focused
  • Mathieu Arnold: Someone ask for fresh blood ?
  • Ollivier Robert: Caring for the project and you, its developers
  • The deadline for applications is around the time we finish recording the live show
  • We welcome any of the candidates to schedule an interview in the next few weeks. We will make an attempt to hunt many of them down at BSDCan as well.

Wayland/Weston with XWayland works on DragonFly

  • We haven’t talked a lot about Wayland on BSD recently (or much at all), but today we have a post from Peter to the dragonfly mailing list, detailing his experience with it.
  • Specifically he talks about getting XWayland working, which provides the compat bits for native X applications to run on WayLand displays.
  • So far on the working list of apps: “gtk3:
    • gedit
    • nautilus
    • evince

xfce4: - xfce4-terminal - atril

  • firefox
  • spyder
  • scilab”

  • A pretty impressive list, although he said “chrome” failed with a seg-fault

  • This is something I’m personally interested in. Now with the newer DRM bits landing in FreeBSD, perhaps it’s time for some further looking into Wayland.

Broadcom WiFi driver update

  • In this blog post Adrian Chadd talks about his recent work on the bwn(4) driver for Broadcom WiFi chips
  • This work has added support for a number of older 802.11g chips, including the one from 2009-era Macbooks
  • Work is ongoing, and the hope is to add 802.11n and 5ghz support as well
  • Adrian is mentoring a number of developers working on embedded or wifi related things, to try to increase the projects bandwidth in those areas
  • If you are interested in driver development, or wifi internals, the blog post has lots of interesting details and covers the story of Adrian’s recent adventures in bringing the drivers up

Beastie Bits

The Design of the NetBSD I/O Subsystems (2002)

ZFS, BTRFS, XFS, EXT4 and LVM with KVM – a storage performance comparison

Swift added to FreeBSD Ports

misc@openbsd: 'NSA addition to ifconfig'

Papers We Love: Memory by the Slab: The Tale of Bonwick's Slab Allocator


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 276: ho, ho, ho - 12.0


Direct Download:MP3 AudioVideo Headlines FreeBSD 12.0 is available After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available. We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes > Userland: > Group permissions on /dev/acpi have been changed to allow users in...

Episode 275: OpenBSD in stereo


Direct Download:MP3 AudioVideo Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits...

Episode 274: Language: Assembly


Direct Download:MP3 AudioVideo Headlines Assembly language on OpenBSD amd64+arm64 This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder....

Episode 273: A thoughtful episode


Direct Download:MP3 AudioVideo Headlines Some thoughts on NetBSD 8.0 NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system's clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations....