Skip to main content.

Episode 143: One small step for DRM, one giant leap for BSD


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid


How the number of states affects pf’s performance of FreeBSD

  • Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall that can handle upwards of 4 million state table entries.
  • He begins in the article with benchmarking the defaults, since without that we don’t have a framework to compare the later results. All done on his Netgate RCC-VE 4860 (4 cores ATOM C2558, 8GB RAM) under FreeBSD 10.3.
  • “We notice a little performance impact when we reach the default 10K state table limit: From 413Kpps with 128 states in-used, it lower to 372Kpps.”
  • With the initial benchmarks done and graphed, he then starts the tuning process by adjusting the “”sysctl, and then playing with the number of states for the firewall to keep.
  • “For the next bench, the number of flow will be fixed for generating 9800 pf state entries, but I will try different value of pf.states_hashsize until the maximum allowed on my 8GB RAM server (still with the default max states of 10k):”
  • Then he cranks it up to 4 million states
  • “There is only 12% performance penalty between pf 128 pf states and 4 million pf states.”
  • “With 10M state, pf performance lower to 362Kpps: Still only 12% lower performance than with only 128 states”
  • He then looks at what this does of pfsync, the protocol to sync the state table between two redundant pf firewalls
  • Conclusions:

There need to be a linear relationship between the pf hard-limit of states and the pf.stateshashsize; RAM needed for pf.stateshashsize = pf.stateshashsize * 80 Byte and pf.stateshashsize should be a power of 2 (from the manual page); Even small hardware can manage large number of sessions (it's a matter of RAM), but under too lot's of pressure pfsync will suffer.

Introducing the BCHS Stack = BSD, C, httpd, SQLite

  • Pronounced Beaches
  • “It's a hipster-free, open source software stack for web applications”
  • “Don't just write C. Write portable and secure C.”
  • “Get to know your security tools. OpenBSD has systrace(4) and pledge(2). FreeBSD has capsicum(4).”
  • “Statically scan your binary with LLVM” and “Run your application under valgrind”
  • “Don't forget: BSD is a community of professionals. Go to conferences (EuroBSDCon, AsiaBSDCon, BSDCan, etc.)”
  • This seems like a really interesting project, we’ll have to get Kristaps Dzonsons back on the show to talk about it

Installing OpenBSD's httpd server, MariaDB, PHP 5.6 on OpenBSD 5.9

  • Looking to deploy your next web-stack on OpenBSD 5.9? If so this next article from is for you.
  • Specifically it will walk you through the process of getting OpenBSD’s own httpd server up and running, followed by MariaDB and PHP 5.6.
  • Most of the setup is pretty straight-forward, the httpd syntax may be different to you, if this is your first time trying it out.
  • Once the various packages are installed / configured, the rest of the tutorial will be easy, walking you through the standard hello world PHP script, and enabling the services to run at reboot.
  • A good article for those wanting to start hosting PHP/DB content (wordpress anyone?) on your OpenBSD system.

The infrastructure behind Varnish

  • Dogfooding. It’s a term you hear often in the software community, which essentially means to “Run your own stuff”. Today we have an article by PKH over at varnish-cache, talking about what that means to them.
  • Specifically, they recently went through a website upgrade, which will enable them to run more of their own stuff.
  • He has a great quote on what OS they use:“So, dogfood: Obviously FreeBSD. Apart from the obvious reason that I wrote a lot of FreeBSD and can get world-class support by bugging my buddies about it, there are two equally serious reasons for the Varnish Project to run on FreeBSD: Dogfood and jails.Varnish Cache is not “software for Linux”, it is software for any competent UNIX-like operating system, and FreeBSD is our primary “keep us honest about this” platform.“
  • He then goes through the process of explaining how they would setup a new Varnish-cache website, or upgrade it.
  • All together a great read, and if you are one of the admin-types, you really should pay attention to how they build from the ground up. Some valuable knowledge here which every admin should try to replicate.
  • I can not reiterate the value of having your config files in a private source control repo strongly enough
  • The biggest take-away is: “And by doing it this way, I know it will work next time also.”

Interview - Matt Macy - mmacy@nextbsd.orgGraphics Stack Update

News Roundup

Followup on packaging base with pkg(8)

  • In spite of the heroic last minute effort by a team of contributors, pkg’d base will not be ready in time for FreeBSD 11.0
  • There are just too many issues that were discovered during testing
  • The plan is to continue using freebsd-update in the meantime, and introduce a pkg based upgrade mechanism in FreeBSD 11.1
  • With the new support model for the FreeBSD 11 branch, 11.1 may come sooner than with previous major releases

FreeBSD Core Election

  • It is time once again for the FreeBSD Core Election
  • Application period begins: Wednesday, 18 May 2016 at 18:00:00 UTC
  • Application period ends: Wednesday, 25 May 2016 at 18:00:00 UTC
  • Voting begins: Wednesday, 25 May 2016 at 18:00:00 UTC
  • Voting ends: Wednesday, 22 June 2016 at 18:00:00 UTC
  • Results announced Wednesday, 29 June 2016
  • New core team takes office: Wednesday, 6 July 2016
  • As of the time I was writing these notes, 3 hours before the application deadline, the candidates are:
  • Allan Jude: Filling in the potholes
  • Marcelo Araujo: We are not vampires, but we need new blood.
  • Baptiste Daroussin (incumbent): Keep on improving
  • Benedict Reuschling: Learn and Teach
  • Benno Rice: Revitalising The Community
  • Devin Teske: Here to help
  • Ed Maste (incumbent): FreeBSD is people
  • George V. Neville-Neil (incumbent): There is much to do…
  • Hiroki Sato (incumbent): Keep up with our good community and technical strength
  • John Baldwin: Ready to work
  • Juli Mallett: Caring for community.
  • Kris Moore: User-Focused
  • Mathieu Arnold: Someone ask for fresh blood ?
  • Ollivier Robert: Caring for the project and you, its developers
  • The deadline for applications is around the time we finish recording the live show
  • We welcome any of the candidates to schedule an interview in the next few weeks. We will make an attempt to hunt many of them down at BSDCan as well.

Wayland/Weston with XWayland works on DragonFly

  • We haven’t talked a lot about Wayland on BSD recently (or much at all), but today we have a post from Peter to the dragonfly mailing list, detailing his experience with it.
  • Specifically he talks about getting XWayland working, which provides the compat bits for native X applications to run on WayLand displays.
  • So far on the working list of apps: “gtk3:
    • gedit
    • nautilus
    • evince

xfce4: - xfce4-terminal - atril

  • firefox
  • spyder
  • scilab”

  • A pretty impressive list, although he said “chrome” failed with a seg-fault

  • This is something I’m personally interested in. Now with the newer DRM bits landing in FreeBSD, perhaps it’s time for some further looking into Wayland.

Broadcom WiFi driver update

  • In this blog post Adrian Chadd talks about his recent work on the bwn(4) driver for Broadcom WiFi chips
  • This work has added support for a number of older 802.11g chips, including the one from 2009-era Macbooks
  • Work is ongoing, and the hope is to add 802.11n and 5ghz support as well
  • Adrian is mentoring a number of developers working on embedded or wifi related things, to try to increase the projects bandwidth in those areas
  • If you are interested in driver development, or wifi internals, the blog post has lots of interesting details and covers the story of Adrian’s recent adventures in bringing the drivers up

Beastie Bits

The Design of the NetBSD I/O Subsystems (2002)

ZFS, BTRFS, XFS, EXT4 and LVM with KVM – a storage performance comparison

Swift added to FreeBSD Ports

misc@openbsd: 'NSA addition to ifconfig'

Papers We Love: Memory by the Slab: The Tale of Bonwick's Slab Allocator


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Latest News

New announcement


We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary


We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment


We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?


We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...

Episode 267: Absolute FreeBSD


Direct Download:MP3 AudioVideo Headlines Interview - Michael W. Lucas - / @mwlauthor BR: [Welcome Back] AJ: What have you been doing since last we talked to you [ed, ssh, and af3e] BR: Tell us more about AF3e AJ: How did the first Absolute FreeBSD come about? BR: Do you have anything special planned for MeetBSD? AJ: What...

Episode 266: File type history


Direct Download:MP3 AudioVideo Headlines OpenBSD/NetBSD on FreeBSD using grub2-bhyve When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up...

Episode 265: Software Disenchantment


Direct Download:MP3 AudioVideo Headlines [FreeBSD DevSummit & EuroBSDcon 2018 in Romania] Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks. Although Benedict organized the devsummit in large...

Episode 264: Optimized-out


Direct Download:MP3 AudioVideo This episode was brought to you by Headlines FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD's Threadripper 2990WX, Benchmarks Against Linux The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows...