Episode 284



February 7th, 2019

59 mins 26 secs

Your Hosts

About this Episode

We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.


FOSDEM 2019 Recap

  • Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.
  • On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the notes on the wiki page.
  • Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch BSDNow.tv every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day BSD devroom, with a variety of talks that were well attended.
  • In the main conference track, Allan held a talk explaining how the ZFS ARC works. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about Netflix and FreeBSD.
  • Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.
  • Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.

FreeBSD Foundation Update, January 2019

Dear FreeBSD Community Member,
Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.
Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!
Happy reading!!

OPNsense 19.1 released

For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.

  • These are the most prominent changes since version 18.7:

  • fully functional firewall alias API

  • PIE firewall shaper support

  • firewall NAT rule logging support

  • 2FA via LDAP-TOTP combination

  • WPAD / PAC and parent proxy support in the web proxy

  • P12 certificate export with custom passwords

  • Dpinger is now the default gateway monitor

  • ET Pro Telemetry edition plugin[2]

  • extended IPv6 DUID support

  • Dnsmasq DNSSEC support

  • OpenVPN client export API

  • Realtek NIC driver version 1.95

  • HardenedBSD 11.2, LibreSSL 2.7

  • Unbound 1.8, Suricata 4.1

  • Phalcon 3.4, Perl 5.28

  • firmware health check extended to cover all OS files, HTTPS mirror default

  • updates are browser cache-safe regarding CSS and JavaScript assets

  • collapsible side bar menu in the default theme

  • language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian

  • API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins

  • Here are the full changes against version 19.1-RC2:

  • ipsec: add firewall interface as soon as phase 1 is enabled

  • ipsec: phase 1 selection GUI JavaScript compatibility fix

  • monit: widget improvements and bug fix (contributed by Frank Brendel)

  • ui: fix regression in single host or network subnet select in static pages

  • plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)

  • plugins: os-telegraf 1.7.4 fixes packet filter input

  • plugins: os-theme-rebellion 1.8.2 adds image colour invert

  • plugins: os-vnstat 1.1[3]

  • plugins: os-zabbix-agent now uses Zabbix version 4.0

  • src: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support

  • src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]

  • src: import tzdata 2018h, 2018i[5]

  • src: avoid unsynchronized updates to kn_status[6]

  • ports: ca_root_nss 3.42

  • ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)

  • ports: sudo patch to fix listpw=never[7]

News Roundup

The hardware-assisted virtualization challenge

Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).
Today, I am here to report: Mission Accomplished!
It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.

ZFS and GPL terror: How much freedom is there in Linux?

  • ZFS – the undesirable guest

ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.
For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.
There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:
The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.

ClonOS 19.01-RELEASE

ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.
ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.

  • Features:

  • easy management via web UI interface

  • live Bhyve migration [coming soon, roadmap]

  • Bhyve management (create, delete VM)

  • Xen management (create, delete VM) [coming soon, roadmap]

  • connection to the “physical” guest console via VNC from the browser or directly

  • Real time system monitoring

  • access to load statistics through SQLite3 and beanstalkd

  • support for ZFS features (cloning, snapshots)

  • import/export of virtual environments

  • public repository with virtual machine templates

  • puppet-based helpers for configuring popular services

  • ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:

  • FreeBSD OS as hoster platform

  • bhyve(8) as hypervisor engine

  • Xen as hypervisor engine

  • vale(4) as Virtual Ethernet Switch

  • jail(8) as container engine

  • CBSD Project as management tools

  • Puppet as configuration management

Beastie Bits


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv